Analysis of Existing Privacy-aware Access Control for E-Commerce Application

Due to the growing use of the internet, more and more critical processes are running over the web such as e-commerce. Internet allows commerce and business between parties who are physically distant and do not know each other doing the transaction. For the effective operation of the web application and e-commerce applications, security is a key issue. Various aspects of security are relevant to e-commerce such as database security. The availability of e-commerce, user transactions are no longer bound to traditional office-centered environment, but it can be started virtually anywhere at any time. It was moving from closed environment to open environment. In this paper, we clearly define the privacy-aware access control requirements. We also investigated few existing access control in the context of this requirements. We build an assessment criteria in our comparison based on the requirements defined which we finally used it later as a guidelines to design an access control for e-commerce application

Cyberpreneurship Resistance in Advocating Digital Inclusion Towards Socio-Cultural Sustainability

Cyberpreneurship has been recognized as a key driver for inclusive digital ecosystems worldwide. However, various factors can hinder its effectiveness in promoting digital inclusion and socio-cultural sustainability. This quantitative research aims to examine the factors of cyberpreneurship resistance underpinned by Innovation Resistance Theory (IRT) for advocating digital inclusion towards socio-cultural sustainability. The study seeks to further investigate the functional and psychological barriers that cyberpreneurs encounter in their efforts to foster digital inclusion, ultimately contributing to socio-cultural sustainability. This research utilizes a sample of 384 respondents, including cyberpreneurs, business owners, and business managers involved in various types of business operations. Data was collected through surveys, and statistical techniques such as descriptive statistics and multiple linear regression analysis were employed to analyze the collected data. These analyses aimed to identify key resistance factors hindering cyberpreneurs' endeavours and understand their impact on digital inclusion and socio-cultural sustainability goals. The findings not only shed light on a deeper understanding of cyberpreneurship resistance in the context of advocating digital inclusion and socio-cultural sustainability but also inspire policymakers, entrepreneurs, and stakeholders to formulate evidence-based strategies for fostering inclusive digital ecosystems and promoting sustainable socio-cultural development

Rivisit grid computing security

Recent studies have shown that Grid Computing provide computational power, data storage and network bandwidth of under utilized resources at a minimal cost to the end user. It integrates geographically distributed resources and perform collaborative task. Since the goal of grid is resource sharing, computer resource will be accessed by a lot of users from different virtual organizations (YO). The security requirement becomes more vital to the Grids. Securities playa major role in providing the confidentiality of the communication, the integrity of data and the privacy of the user information. This paper focuses on to define current grid security issues and address grid security problem and challenges

Statistical sampling techniques for auditors

This paper intends to look into the application of statistical sampling techniques to auditing. As voluminous data extensive testing, the conventional techniques may not be adequate and competence to the statistical method. The user of die data especially the financial statements require more stringent and concrete evidence to evaluate the status of their investment. The objectivity and calculated sampling risk of the statistical method assure a higher degree of confidence in auditor’s opinion and a more defensible results. Somehow on the contrary, the Bayesian approach which suggests the auditor's subjective estimate to the population be involved in the evaluation is discussed

A new tv-based database encryption scheme using ts block cipher

Current database security research classify four types of controls for the protection of data in databases: access controls, information flow controls, inference controls, and cryptographic controls. This paper covers the fourth type of controls, cryptographic controls in database security that provides security of data stored in commercial RDBMS like Oracle. The proposed database encryption scheme is based on TS Block and Stream Ciphers, and is capable of protecting data at the data element, row, and column levels using both block and stream encryptions. The design of the scheme's key generation and management system allows the controls of users' access to encrypted data in a multilevel fashion thus provide multilevel security. The scheme solves the problem of mandatory and discretionary access controls in a given organization. The security of the scheme is based on the fact that no cryptographic keys are stored in the database system. All encryption and decryption keys are stored securely in smartcards thus providing minimum cryptographic information to users. The design of the encryption scheme is based on the provably strong ciphers with 128-bit keys which is currently infeasible to be broken even by exhaustive key search. Implementation of the scheme has been conducted successfully in Oracle RDBMS and complements the Oracle encryption security available. ABSTRAK: Penyelidikan masa kini dalam bidang keselamatan pangkalan data mengelaskan empat jenis kawalan bagi mengawal keselamatan data iaitu kawalan capaian, kawalan aliran maklumat, kawalan inferens dan kawalan kriptografi. Kertas ini menerangkan kawalan jenis keempat iaitu kawalan kriptografi yang dapat menyediakan keselamatan data bagi suatu sistem pengurusan pangkalan data hubungan komersial seperti sistem Oracle. Skema pengenkriptan pangkalan data yang di cadangkan ini adalah berdasarkan sistem-sistem sipher "TS Block" dan "TS Stream ". Skema ini dapat memberi keselamatan data pada aras unsur data, baris dan lajur data menggunakan kaedah pengenkriptan blok dan "stream". Reka bentuk sistem penjana dan pengurusan kunci kriptografi dapat mengawal pengguna mencapai data yang telah di enkripkan secara berbilang aras. Ini dapat memberi ciri keselamatan data berbilang aras (multilevel security). Skema ini mendapat ciri keselamatannya berdasarkan atas fakta bahawa tiada kunci kriptografi di simpan dalam sistem pangkalan data tersebut. Oleh itu maklumat kriptografi yang minimum diberi kepada pengguna iaitu hanya kunci kriptografi mereka disimpan secara selamat dalam kad-kad pintar. Reka bentuk skema pengenkriptan ini dibuat menggunakan sistem sipher yang terbukti kuatnya dan menggunakan kunci sepanjang 128 bit. Pada masa ini, kunci sepanjang ini tidak mungkin dapat di cari penyelesaiannya walaupun menggunakan kaedah pencarian kunci secara menyeluruh. Pelaksanaan skema ini dalam sistem pangkalan data hubungan Oracle telah dibuat dengan berjaya dan ia dapat melengkapkan lagi sistem keselamatan pengenkriptan Oracle yang tersedia ada

Utilizing hippocratic database for personal information privacy protection

In today's digital world, privacy protection over personal information has become a major element in web based application. Both parties involved in a web based application transaction, either consumer or application provider should be ensured with this privacy. Protecting privacy are always related with personal information. Personal information is an information type that usually needs to keep as a private. Because of the important of privacy concerns today, we need to design a database system that suits with privacy. Agrawal et. al. has introduced Hippocratic Database. This paper will explain how HOB can be a future trend for web-based application to enhance their privacy level of trustworthiness among internet user

The development of a commercially viable database encryption tool for Oracle8i Rdbms

In database security, access control is a major research issue. Discretionary access controls have been handled well by many database management systems through user roles and privileges. Mandatory access controls, on the other hand, remains a big problem when users with lower security clearance accessing data of higher security class. Data with classifications and users have clearances developed multilevel access controls, thus the problem of multilevel security. Many researches have been conducted using methods like object labeling, trusted systems, security filters, database views and etc. Many a times the problem remains unsolved due to either too theoretical or not practical to be implemented. Recent developments in research showed cryptography to be the promising solution to the multilevel security problem. With appropriate key management and good multilevel security scheme design, the problem can be solved in both theory and implemented in practice. This research endeavor is one such effort. It presents an investigation into the applications of modern cryptography for the security of databases. The investigation yields a new multilevel security scheme based on indigenous cryptographic primitives and supported by a new key management technique. The cryptographic primitives include enhanced block cipher and a new stream cipher design successfully implemented in a commercial database. The system yields a new approach in accessing and processing encrypted data using Initialization Vectors and provides solutions for hierarchical and direct access controls. The novel scheme allows the encryption of data at the tuple, attribute, and data element levels of a relation. The security of the scheme is guaranteed with no keys present in the system but stored securely in smartcards. The outcome from this research is realized in OraCrypt application which is implemented by usign Oracle 8i RDBMS

Controlling and disclosing your personal information

As organizations come to rely on the collection and use of personal information in order to complete the transactions and providing good services to their users, more and more user personal information is being shared with web service providers leading to the need to protect the privacy. Personal information is processed, stored and disclosed and often it generated in the course of making a commercial exchange. Credit card numbers, individual identity number, purchase records, monthly income, and related types of personal information all have important role with his this commercial information system. However this creation and use of personal information raises issues of privacy not only for the individual, but also for organizations. Easy access to private personal information will cause the misuse of data, no control over the information and others. Because of this, it's important to protect the information not only from external threats but also from insider threats. Data disclosure when performing a task in web-based application should be ensured. Within the electronic scenario, personal information have been collected, stored, manipulated and disclosed without the owner's consent. This paper will discuss on the relationship between personal information and its privacy. We also extended the model introduced by Al-Fedaghi as a way to control the personal information disclosure. We also suggested that the use of Hippocratic Database concepts as a way to control the personal information disclosure