Collective Learning for Developing Cyber Defense Consciousness: An Activity System Analysis

This paper explores the perceptions of undergraduate students experiencing an educational intervention in a cybersecurity course. The intervention was developed using activity theory. Laboratory activities were designed to ‘protect’ and ‘poke around’ systems and networks in a sandbox cloud environment. These activities provided dynamic opportunities to tackle cyber challenges through teamwork. Transcripts of interviews with students (working as system administrators) were analyzed to describe the development of their cyber defense consciousness. Activity system node analysis reveals the transformative development of cybersecurity consciousness over time that involves the internalization of skills and knowledge; reliance on community for support, information, and acculturation; working with others through the division of labor; as well as their struggle with the demands of cybersecurity work. The cyber defense activity model further unveils the potential of collective learning in teams as depicted by four mediated relationships. The study contributes by building a foundation for a pedagogical approach that transforms the cyber defense consciousness through the collective learning activity model

Secure portable execution and storage environments: A capability to improve security for remote working

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’

The InfoSec Handbook

Computer scienc

The effects of security protocols on cybercrime at Ahmadu Bello University, Zaria, Nigeria.

Masters Degree. University of KwaZulu-Natal, Durban.The use of Information Communication Technology (ICT) within the educational sector is increasing rapidly. University systems are becoming increasingly dependent on computerized information systems (CIS) in order to carry out their daily routine. Moreover, CIS no longer process staff records and financial data only, as they once did. Nowadays, universities use CIS to assist in automating the overall system. This automation includes the use of multiple databases, data detail periodicity (i.e. gender, race/ethnicity, enrollment, degrees granted, and program major), record identification (e.g. social security number ‘SSN’), linking to other databases (i.e. linking unit record data with external databases such as university and employment data). The increasing demand and exposure to Internet resources and infrastructure by individuals and universities have made IT infrastructure easy targets for cybercriminals who employ sophisticated attacks such as Advanced Persistent Threats, Distributed Denial of Service attacks and Botnets in order to steal confidential data, identities of individuals and money. Hence, in order to stay in business, universities realise that it is imperative to secure vital Information Systems from easily being exploited by emerging and existing forms of cybercrimes. This study was conducted to determine and evaluate the various forms of cybercrimes and their consequences on the university network at Ahmadu Bello University, Zaria. The study was also aimed at proposing means of mitigating cybercrimes and their effects on the university network. Hence, an exploratory research design supported by qualitative research approach was used in this study. Staff of the Institute of Computing, Information and Communication technology (ICICT) were interviewed. The findings of the study present different security measures, and security tools that can be used to effectively mitigate cybercrimes. It was found that social engineering, denial of service attacks, website defacement were among the types of cybercrimes occurring on the university network. It is therefore recommended that behavioural approach in a form of motivation of staff behaviour, salary increases, and cash incentive to reduce cybercrime perpetrated by these staff

The InfoSec Handbook

Computer scienc

Managing Risk and Information Security: Protect to Enable (Second Edition)

Computer scienc

Secure Access Control Architectures for Multi-Tenancy Cloud Environments

RÉSUMÉ L'Infonuagique est un paradigme de système informatique distribué qui offre la possibilité aux usagers (clients) d’accéder à des services et ressources partagés hébergés chez des fournisseurs, afin de mieux répondre à leur besoin en matière de service et d’infrastructure informatiques. Dans l’environnement infonuagique, une même machine ou serveur physique peut héberger plusieurs machines virtuelles (VMs) qui sont partagées entre différents usagers ou clients, rendant ainsi transparent le partage des ressources matériels. De ce fait, l’Infonuagique crée un environnement propice à des cibles faciles, vulnérables et sujettes à des attaques accrues de pirates informatiques. A cause de la complexité des contrôles d’accès et de la difficulté à surveiller les interconnexions entre les différents systèmes, les applications et les données, l’on s’expose à de nouvelles opportunités. Il ne fait aucun doute que, en termes de sécurité, le plus grand défis auquel les fournisseurs et clients sont confrontés dans l’environnement Infonuagique multi-usager est le contrôle d’accès. La prévention des accès illicites et non autorisés aux ressources infonuagiques passe par un mécanisme de contrôle efficace des accès. D’un côté, les techniques de contrôle d’accès conçues originalement pour des systèmes locaux d’entreprise ne sont pas appropriées à l’Infonuagique et au système de colocation. D’un autre côté, un mécanisme de contrôle d’accès bien conçu ne devrait pas surcharger le système d’Infonuagique et devrait s’adapter avec facilité à l’infrastructure existante. De nos jours, on se fie au VLAN et Coupe-feu par exemple pour assurer le contrôle d’accès dans l’environnement infonuagique. Ces techniques sont tout à fait efficaces mais des techniques complémentaires spécifiques à l’Infonuagique sont nécessaires pour prévenir les accès non autorisés aux ressources partagées dans le système distribué. Dans le cadre de ce projet de recherche nous proposons CloudGuard, un système qui implémente un mécanisme de contrôle d'accès basé sur un hyperviseur. Suivant le concept de sécurité en profondeur (security-in-depth), CloudGuard ajoute une couche complémentaire de sécurité aux environnements en colocation de l'infonuagique et prévient les accès non autorisés et illicites aux ressources infonuagiques. Cette architecture de sécurité peut être simplement appliquée à l'hyperviseur et fourni un contrôle d'accès évolutif et plus robuste que les techniques basées sur les réseaux existants.----------ABSTRACT Cloud Computing is a distributed computing paradigm which allows the users to access the services and shared resources hosted by the various service providers, to meet their services or resources requirements. In a multi-tenancy cloud computing environment, multiple virtual machines (VMs) are collocated on the same physical server. In such system, physical resources are transparently shared by the VMs belonging to multiple users. Cloud computing also creates a suitable environment for easy targets, vulnerable and prone to sophisticated attacks. Also, due to the complexity of access and difficulty in monitoring all interconnection point between systems, applications and data sets, this can create new targets for intrusion. Undoubtedly, one of the most important security mechanisms in multi-tenancy cloud computing environment is access control. Implementing a proper access control mechanism can lead us to prevent unauthorized or illegal access to cloud resources. In one hand, most of current access control techniques were originally designed for enterprise environments that do not consider the characteristics of cloud computing and multi-tenancy environments. On the other hand, a well-designed access control mechanism should impose less possible overhead to the cloud computing system and it should easily leverage with the existing cloud infrastructure. Today, VLANs and firewalls are example of techniques that provide access control for cloud environments. These techniques are definitely effective but we need complimentary techniques that fit cloud computing and prevent unauthorized access to the resources in the distributed system. In this research project we propose CloudGuard, a system that implements a hypervisor-based access control mechanism. Based on the concept of security-in-depth, CloudGuard adds another layer of security to multi-tenancy cloud computing environments and prevents unauthorized and illegal access to the cloud resources. This security architecture can be simply implemented to hypervisor and provide scalable and more robust access control than existing network-based techniques

Towards internet voting in the state of Qatar

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government