Detecting Malicious Applications from the cloud by using user feedback method

As in recent period of computers and internets, mobiles devices, Smartphone’s plays a vital role in human day to day activities. Also now a days Smartphone’s & tablets are becoming very popular especially android based Smartphone’s are gaining much more popularity as compared to Apple’s iOS. These Smartphone’s having lot of applications and features based on only internet but these new emerging features of these devices give opportunity to new malwares & threats. Android is comparatively new OS hence its makes very hard to detect and prevent these viruses and malwares attacks by using some basic traditional mechanisms. So security of these Smartphone’s is now becoming very popular issue of researchers. The lack of standard security mechanism in Android applications is very useful to hackers. So to overcome these various pitfalls we use cloud services as a security weapon for providing decent security system for Android applications

Evaluating Security in Cryptocurrency Wallets

The number of users who are interested in trading Cryptocurrency is tremendously increasing, however, some users of cryptocurrency wallets do not know how to protect themselves or how to use a wallet with high protection. The objective of this paper is to propose a framework to enable users to evaluate the security and privacy of cryptocurrencies wallets. This framework will provide users with a list of attributes that define the degree of user protection in cryptocurrency wallets. This work aims to improve security and privacy in cryptocurrency wallets and enable users of these platforms to interact safely

Management and Security of IoT systems using Microservices

Devices that assist the user with some task or help them to make an informed decision are called smart devices. A network of such devices connected to internet are collectively called as Internet of Things (IoT). The applications of IoT are expanding exponentially and are becoming a part of our day to day lives. The rise of IoT led to new security and management issues. In this project, we propose a solution for some major problems faced by the IoT devices, including the problem of complexity due to heterogeneous platforms and the lack of IoT device monitoring for security and fault tolerance. We aim to solve the above issues in a microservice architecture. We build a data pipeline for IoT devices to send data through a messaging platform Kafka and monitor the devices using the collected data by making real time dashboards and a machine learning model to give better insights of the data. For proof of concept, we test the proposed solution on a heterogeneous cluster, including Raspberry Pi’s and IoT devices from different vendors. We validate our design by presenting some simple experimental results

A service composition platform in cloud computing using mobile devices for smart shopping

The development of the Next Generation Networks (NGN) such as LTE, WiMax and 5G networks has resulted in the development of more diverse mobile services. Many voice and video services have been developed (e.g. Viber, Skype and WhatsApp). Social networking sites have also been developed (e.g. Facebook, Instagram and Twitter). Users of these services are increasingly expecting and demanding more complex services which have more capabilities that can improve their day to day business. Users want services that are reliable, fast and easy to use. To effectively design and implement services, Service Oriented Architecture (SOA) principles are useful and some of the advantages of designing services using SOA principles are: • Improved interoperability; • Cross platform and cross application integration; • Reusability; • Service composition. Service composition has the advantage that customized services with more features can be developed by combining two or more basic services. In this research, SOA principles are used to design a cloud based Mobile Smart Shopping Service Platform. Canal Walk Shopping Mall, which is located in Cape Town, South Africa is used as a case study. Various mobile services are composed in order to solve the problem of getting information about the services provided by the shopping mall and also to show the available parking bays, which has become a major concern due to the rapid growth of the surrounding residential and business areas. Performance measurements for the Smart Shopping service are then conducted to test its power consumption, memory usage, bandwidth usage and application timeline. Conclusions are drawn and recommendations for possible future development are then provided

Marketing plan of Cuatroochenta

Treball Final de Grau en Administració d'Empreses. Codi: AE1049. Curs 2022/202

Information security behaviour of smartphone users: An empirical study on the students of University of Dhaka, Bangladesh.

Smartphone is the most popular electronic device in the present world. Along with the use of internet, smartphone has made revolution in the information communication technology sector. The current operating systems of smartphones allow to download mobile applications providing diverse types of features and functions. At the present days, the use of smartphone increases to a large extent that it is impossible to think a single day without using the smartphones. The widespread use of smartphones has introduced new types of information security threats, risks and vulnerabilities. The risky user behaviours, non-implementation of security counter measures and storage, and transmission of the vast amount of sensitive information in the smartphones are causing massive information security problems. Security of information is greatly depending on the information security behaviour of the users. Moreover, Information security behaviour has a direct impact to secure the information in the use of smartphone. In this study, the information security behaviour of the students of university of Dhaka, Bangladesh in the use of smartphone has been explored. This study will help to raise information security awareness among the students and encourage the authority to adopt appropriate strategy, policy and develop necessary training program to resolve information security risks in the use of smartphones. However, further research can be conducted by inclusion of a large sample size out of the students of other universities also

Factors that shape cybercrime victimisation and use of prevention measures in England and Wales

Cyberspace in general, and cybercrime in particular, are relatively new phenomena. As technological progress continues, the internet develops with it. In today’s society, the majority of people are exposed to the cyberspace in the form of the internet and, subsequently, are potential victims of cybercrime. With this prevalence of the internet in people’s everyday life, the issue of cybercrime should be acknowledged, addressed and explored more than ever. The aim of this study is to explore current trends of cyberspace and crime committed within the internet environment. In particular, this research project aims to explore factors that shape victimisation and the use of prevention measures in cyberspace, with specific reference to extent to which people become victims of cybercrime and, moreover, use prevention measures to prevent such crimes in a cyber environment. The issue described above is explored by conducting quantitative research analysing the general crime survey ‘Crime Survey for England and Wales’ (CSEW) on the matter of the internet and cybercrime. Exploratory analyses begin with descriptive statistics in order to review the current situation in cyberspace, followed by t-tests and regression analyses with the purpose to explore factors that might have an effect on cybercrime victimisation and the use of prevention measures in cyberspace. The results show that age is a relevant and significant factor when exploring both victimisation and the use of prevention measures in cyberspace. On these grounds, it is recommended to consider age groups when developing cybercrime prevention strategies as well as for a further research project studying cybercrime victimisation rates. Additionally, it would be beneficial to explore how factors such as: the level of cybercrime ‘worry’; cybercrime awareness and its relation to a number of prevention measures used; how often the internet is used; and income level; relate to victimisation and the use of prevention measures in cyberspace

Cyber Security: Basics in Fighting Computer Attacks and Crimes

It is clear that computers and information systems are central in daily business operations in both public and private sectors. E-commerce and eGovernance have gained international attention as substitutes for the human riddled snail pace management systems. However, computers and ICTs do not only replace the human inefficiencies but also assume human attacks and sicknesses known as cyber attacks and computer crimes. They range from hacker’s activities to malwares. This paper explored the occurrences and efforts in mitigating them through thorough literature review and desk research. Keywords: Cyber Security, Computer Crimes, Data Breache

Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras tecnologias, aplicações móveis continuam a ser vulneráveis. Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação médica (tais como documentos de saúde eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domínio da saúde. Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde. Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis, que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é constituída também por servidores web que tratam da gestão de dados, controlo de acesso e autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado, com transparência, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com um certificado digital. A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática, dinâmica e testes com ferramentas de segurança. Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do sistema proposto, através da recolha de opiniões de utilizadores no mundo real