33 research outputs found
Addressing The Human Factor In Information Systems Security
In this paper the historically persistent mismatch between the information systems development and security paradigms is revisited. By considering the human activity systems as a point of reference rather than a variable in information systems security, we investigate the necessity for a change in the information systems security agenda, accepting that a viable system would be more user-centric by accommodating and balancing human processes rather then entertaining an expectation of a one sided change of behaviour of the end user. This is done by drawing upon well established information systems methodologies and research
Cyber-Crime Investigations: Complex Collaborative Decision Making
This paper reports on the challenges computer forensic investigators face in relation to collaborative decision making, communication and coordination. The opportunities, operational environment and modus operandi of a cyber criminal are considered and used to develop the requirements in terms of both skill sets and procedural support a forensics investigator should have in order to respond to the respective threat vectors. As such, we show how a published framework for systemic thinking can be fit fir purpose for supporting the collaborative enquiry and decision making process
Translating contextual integrity into practice using CLIFOD.
Public open data increases transparency, but raises questions about the privacy implications of affected individuals. We present a case for using CLIFOD (ContextuaL Integrity for Open Data), a step-by-step privacy decision framework derived from contextual integrity, to assess the hidden risks of making data obtained from Internet of Things (IoT) and Smart City devices before any data is released and made openly available. We believe CLIFOD helps reduce the risk of any personal or sensitive data being inadvertently published or made available by guiding decision makers into thinking about privacy in context and what privacy risks might be associated with making the data available and how this might impact prosumers
On-scene triage open source forensic tool chests: Are they effective?
Considering that a triage related task may essentially make-or-break a digital investigation and the fact that a number of triage tools are freely available online but there is currently no mature framework for practically testing and evaluating them, in this paper we put three open source triage tools to the test. In an attempt to identify common issues, strengths and limitations we evaluate them both in terms of efficiency and compliance to published forensic principles. Our results show that due to the increased complexity and wide variety of system configurations, the triage tools should be made more adaptable, either dynamically or manually (depending on the case and context) instead of maintaining a monolithic functionality. © 2013 Elsevier Ltd. All rights reserved
Cryptographic Key Management in Delay Tolerant Networks (DTNs): A survey
Since their appearance at the dawn of the second millennium, Delay or Disruption Tolerant Networks (DTNs) have gradually evolved, spurring the development of a variety of methods and protocols for making them more secure and resilient. In this context, perhaps, the most challenging problem to deal with is that of cryptographic key management. To the best of our knowledge, the work at hand is the first to survey the relevant literature and classify the various so far proposed key management approaches in such a restricted and harsh environment. Towards this goal, we have grouped the surveyed key management methods into three major categories depending on whether the particular method copes with a) security initialization, b) key establishment, and c) key revocation. We have attempted to provide a concise but fairly complete evaluation of the proposed up-to-date methods in a generalized way with the aim of offering a central reference point for future research
Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures
There is a continuous increase in the sophistication that modern malware
exercise in order to bypass the deployed security mechanisms. A typical
approach to evade the identification and potential take down of a botnet
command and control server is domain fluxing through the use of Domain
Generation Algorithms (DGAs). These algorithms produce a vast amount of
domain names that the infected device tries to communicate with to find the
C&C server, yet only a small fragment of them is actually registered. This
allows the botmaster to pivot the control and make the work of seizing the
botnet control rather difficult.
Current state of the art and practice considers that the DNS queries performed by a compromised device are transparent to the network administrator and therefore can be monitored, analysed, and blocked. In this work, we
showcase that the latter is a strong assumption as malware could efficiently
hide its DNS queries using covert and/or encrypted channels bypassing the
detection mechanisms. To this end, we discuss possible mitigation measures
based on traffic analysis to address the new challenges that arise from this
approach
A framework for designing cloud forensic‑enabled services (CFeS)
Cloud computing is used by consumers to access cloud services. Malicious
actors exploit vulnerabilities of cloud services to attack consumers. The link
between these two assumptions is the cloud service. Although cloud forensics assists
in the direction of investigating and solving cloud-based cyber-crimes, in many
cases the design and implementation of cloud services falls back. Software designers
and engineers should focus their attention on the design and implementation of
cloud services that can be investigated in a forensic sound manner. This paper presents
a methodology that aims on assisting designers to design cloud forensic-enabled
services. The methodology supports the design of cloud services by implementing
a number of steps to make the services cloud forensic-enabled. It consists
of a set of cloud forensic constraints, a modelling language expressed through a
conceptual model and a process based on the concepts identified and presented in
the model. The main advantage of the proposed methodology is the correlation of
cloud services’ characteristics with the cloud investigation while providing software
engineers the ability to design and implement cloud forensic-enabled services via
the use of a set of predefined forensic related task