The Importance of Transparency and Willingness to Share Personal Information

This study investigates the extent to which individuals are willing to share their sensitive personal information with companies. The study examines whether skepticism can influence willingness to share information. Additionally, it seeks to determine whether transparency can moderate the relationship between skepticism and willingness to share and whether 1) companies perceived motives, 2) individual’s prior privacy violations, 3) individuals’ propensity to take risks, and 4) individuals self-efficacy act as antecedents of skepticism. Partial Least Squares (PLS) regression is used to examine the relationships between all the factors. The findings indicate that skepticism does have a negative impact on willingness to share personal information and that transparency can reduce skepticis

Towards a model of factors affecting resistance to using multi-method authentication systems in higher-education environments

Over the course of history, different means of object as well as person identification and verification have evolved for user authentication. In recent years, a new concern has emerged regarding the accuracy of authentication and of protection of personal identifying information (PII), because previous information systems (IS) misuses have resulted in significant financial loss. Such losses have escalated more noticeably because of identity-theft incidents due to breaches of PII within multiple public-access environments, such asinstitutions of higher-education. Although the use of various biometric and radio frequency identification (RFID) technologies is expanding, resistance to using these technologies remains an issue. As such, in this research-in-progress paper, we outline a predictive study to assess the contribution of campus students’ perceptions of the importance of protecting their PII, noted as Perceived Value of Organizational Protection of PII (PVOP), authentication complexity (AC), and invasion of privacy (IOP) on their resistance to using multi-method authentication systems (RMS) in higher-education environments. In this work-in-progress study, we seek to better understand the theoretical foundations for the effect of students’ perceptions on their resistance to using multi-method authentication systems (RMS) in higher-education environments and uncover key constructs that may significantly contribute to such resistance. A quasiexperiment is proposed including clearly identified procedures and data analyses

How They Do It: Examining Teachers’ Understandings And Appropriations Of Instructional Tools And Strategies Learned In Writing Methods Coursework

This formative experiment design study sought to understand the factors that appear to enhance and inhibit teachers’ understandings and appropriations of the instructional tools and strategies learned in a graduate level course for informational writing methods. Using activity theory framework (Grossman, Smagorinsky, & Valencia, 1999), this study sought to identify the different levels at which teachers understand and appropriate instructional tools and strategies such as modeling, use of mentor texts, and scaffolding learned in the graduate course. The study explored specific features of the intervention implemented in the graduate course that benefitted or hindered the teachers’ understandings and appropriations of informational writing methods learned in the course. Results indicated that the teachers understood and appropriated modeling, use of mentor texts and scaffolding methods for informational writing instruction at varying levels of sophistication. A retrospective cross-case analysis showed that several key factors enhanced and/or inhibited the teachers’ understandings and appropriations. The major findings of this study validated and extended past research (Grossman, Smagorinksy, & Valencia, 1999; Rogoff, 1990; Schön, 1987; Wertsch, 1985), showing that teacher educators can design educational settings for pre-service and in-service teachers that produce deeper and more sophisticated understandings and appropriations of course content and methods

Cross-VM network attacks & their countermeasures within cloud computing environments

Cloud computing is a contemporary model in which the computing resources are dynamically scaled-up and scaled-down to customers, hosted within large-scale multi-tenant systems. These resources are delivered as improved, cost-effective and available upon request to customers. As one of the main trends of IT industry in modern ages, cloud computing has extended momentum and started to transform the mode enterprises build and offer IT solutions. The primary motivation in using cloud computing model is cost-effectiveness. These motivations can compel Information and Communication Technologies (ICT) organizations to shift their sensitive data and critical infrastructure on cloud environments. Because of the complex nature of underlying cloud infrastructure, the cloud environments are facing a large number of challenges of misconfigurations, cyber-attacks, root-kits, malware instances etc which manifest themselves as a serious threat to cloud environments. These threats noticeably decline the general trustworthiness, reliability and accessibility of the cloud. Security is the primary concern of a cloud service model. However, a number of significant challenges revealed that cloud environments are not as much secure as one would expect. There is also a limited understanding regarding the offering of secure services in a cloud model that can counter such challenges. This indicates the significance of the fact that what establishes the threat in cloud model. One of the main threats in a cloud model is of cost-effectiveness, normally cloud providers reduce cost by sharing infrastructure between multiple un-trusted VMs. This sharing has also led to several problems including co-location attacks. Cloud providers mitigate co-location attacks by introducing the concept of isolation. Due to this, a guest VM cannot interfere with its host machine, and with other guest VMs running on the same system. Such isolation is one of the prime foundations of cloud security for major public providers. However, such logical boundaries are not impenetrable. A myriad of previous studies have demonstrated how co-resident VMs could be vulnerable to attacks through shared file systems, cache side-channels, or through compromising of hypervisor layer using rootkits. Thus, the threat of cross-VM attacks is still possible because an attacker uses one VM to control or access other VMs on the same hypervisor. Hence, multiple methods are devised for strategic VM placement in order to exploit co-residency. Despite the clear potential for co-location attacks for abusing shared memory and disk, fine grained cross-VM network-channel attacks have not yet been demonstrated. Current network based attacks exploit existing vulnerabilities in networking technologies, such as ARP spoofing and DNS poisoning, which are difficult to use for VM-targeted attacks. The most commonly discussed network-based challenges focus on the fact that cloud providers place more layers of isolation between co-resided VMs than in non-virtualized settings because the attacker and victim are often assigned to separate segmentation of virtual networks. However, it has been demonstrated that this is not necessarily sufficient to prevent manipulation of a victim VM’s traffic. This thesis presents a comprehensive method and empirical analysis on the advancement of co-location attacks in which a malicious VM can negatively affect the security and privacy of other co-located VMs as it breaches the security perimeter of the cloud model. In such a scenario, it is imperative for a cloud provider to be able to appropriately secure access to the data such that it reaches to the appropriate destination. The primary contribution of the work presented in this thesis is to introduce two innovative attack models in leading cloud models, impersonation and privilege escalation, that successfully breach the security perimeter of cloud models and also propose countermeasures that block such types of attacks. The attack model revealed in this thesis, is a combination of impersonation and mirroring. This experimental setting can exploit the network channel of cloud model and successfully redirects the network traffic of other co-located VMs. The main contribution of this attack model is to find a gap in the contemporary network cloud architecture that an attacker can exploit. Prior research has also exploited the network channel using ARP poisoning, spoofing but all such attack schemes have been countered as modern cloud providers place more layers of security features than in preceding settings. Impersonation relies on the already existing regular network devices in order to mislead the security perimeter of the cloud model. The other contribution presented of this thesis is ‘privilege escalation’ attack in which a non-root user can escalate a privilege level by using RoP technique on the network channel and control the management domain through which attacker can manage to control the other co-located VMs which they are not authorized to do so. Finally, a countermeasure solution has been proposed by directly modifying the open source code of cloud model that can inhibit all such attacks

Spartan Daily, November 13, 2001

Volume 117, Issue 53https://scholarworks.sjsu.edu/spartandaily/9758/thumbnail.jp

Medical Identity Theft – Not Feeling Like Yourself?

Hospital and general practice healthcare providers today rely heavily on the information and communication technologies they employ to provide access to patient and associated data. The continuing migration to wireless means of data transfer has afforded system users more convenient and timely access to information via the use of 802.11 based wireless network capable devices. Through the increased digital connectivity of these internet and wireless based networks, new avenues of criminal activity such as medical identity theft have been steadily increasing as malicious individuals and organisations seek to abuse the digital ubiquity of the electronic medical record. The increased need for vigilance, protective measures and tightened security policy surrounding patient data practices concerning the use of wireless devices has never been greater. This paper discusses the potential patient and organisational ramifications of medical identity theft through wireless networks and other means as well as suggesting possible risk mitigation strategies to counteract such unauthorised information access