Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

Using smartphones as a proxy for forensic evidence contained in cloud storage services

Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community. It is anticipated that smartphone devices will retain data from these storage services. Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service. The contribution of this paper is twofold. First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices. This view acts as a proxy for data stored in the cloud. Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services

Patterns of information security postures for socio-technical systems and systems-of-systems

This paper describes a proposal to develop patterns of security postures for computer based socio-technical systems and systems-of-systems. Such systems typically span many organisational boundaries, integrating multiple computer systems, infrastructures and organisational processes. The paper describes the motivation for the proposed work, and our approach to the development, specification, integration and validation of security patterns for socio-technical and system-of-system scale systems

A comparison of forensic toolkits and mass market data recovery applications

Digital forensic application suites are large, expensive, complex software products, offering a range of functions to assist in the investigation of digital artifacts. Several authors have raised concerns as to the reliability of evidence derived from these products. This is of particular concern, given that many forensic suites are closed source and therefore can only be subject to black box evaluation. In addition, many of the individual functions integrated into forensic suites are available as commercial stand-alone products, typically at a much lower cost, or even free. This paper reports research which compared (rather than individually evaluated) the data recovery function of two forensic suites and three stand alone `non-forensic' commercial applications. The research demonstrates that, for this function at least, the commercial data recovery tools provide comparable performance to that of the forensic software suites. In addition, the research demonstrates that there is some variation in results presented by all of the data recovery tools

United States Regulation of Foreign Currency Futures and Options Trading: Hedging for Business Competitiveness Comment

This Comment first summarizes the existing regulatory scheme and identifies the restrictions imposed on foreign currency futures and options trading.\u279 These restrictions undercut much of the apparent flexibility found in the CFTC\u27s recent clarification of its hedging definition. The discussion continues with an explanation of the benefits 20 and costs2\u27 of hedging against currency risk in today\u27s economic climate. On balance, the benefits of the trading activity-increased competitiveness and financial product innovation-appear to justify the costs of potential abuse and threats to the congressional intent of the CEA. This result justifies a fresh approach to the scheme.22 Therefore, regulatory changes are suggested to provide alternatives for United States businesses desiring to hedge their currency risks.23 The proposed changes are designed to promote self-help competitiveness among United States businesses

United States Regulation of Foreign Currency Futures and Options Trading: Hedging for Business Competitiveness Comment

This Comment first summarizes the existing regulatory scheme and identifies the restrictions imposed on foreign currency futures and options trading.\u279 These restrictions undercut much of the apparent flexibility found in the CFTC\u27s recent clarification of its hedging definition. The discussion continues with an explanation of the benefits 20 and costs2\u27 of hedging against currency risk in today\u27s economic climate. On balance, the benefits of the trading activity-increased competitiveness and financial product innovation-appear to justify the costs of potential abuse and threats to the congressional intent of the CEA. This result justifies a fresh approach to the scheme.22 Therefore, regulatory changes are suggested to provide alternatives for United States businesses desiring to hedge their currency risks.23 The proposed changes are designed to promote self-help competitiveness among United States businesses

New absorbing boundary conditions and analytical model for multilayered mushroom-type metamaterials: Applications to wideband absorbers

An analytical model is presented for the analysis of multilayer wire media loaded with 2-D arrays of thin material terminations, characterized in general by a complex surface conductivity. This includes the cases of resistive, thin metal, or graphene patches and impedance ground planes. The model is based on the nonlocal homogenization of the wire media with additional boundary conditions (ABCs) at the connection of thin (resistive) material. Based on charge conservation, new ABCs are derived for the interface of two uniaxial wire mediums with thin imperfect conductors at the junction. To illustrate the application of the analytical model and to validate the new ABCs, we characterize the reflection properties of multilayer absorbing structures. It is shown that in such configurations the presence of vias results in the enhancement of the absorption bandwidth and an improvement in the absorptivity performance for increasing angles of an obliquely incident TM-polarized plane wave. The results obtained using the analytical model are validated against full-wave numerical simulations.NASA/MS Space Grant Consortium Research Infrastructure Program NG05GJ72HMinisterio de Ciencia e Innovación TEC2010-16948, CSD2008-00066Junta de Andalucía P09-TIC-459

Generalized additional boundary conditions and analytical model for multilayered mushroom-type wideband absorbers

We present an analytical model to study the reflection properties of a multilayered wire media loaded with 2-D arrays of thin imperfect conductors. Based on charge conservation, generalized additional boundary conditions (ABCs) for the interface of two uniaxial wire mediums loaded with thin arbitrary imperfect conductors at the junction are derived. It is observed that by proper selection of the structural parameters, the mushroom structure acts as a wideband absorber for an obliquely incident TM-polarized plane wave. The presented model along with the new ABCs are validated using the full-wave numerical simulations

The sociomateriality of organisational life: considering technology in management research

Drawing on a specific scenario from a contemporary workplace, I review some of the dominant ways that management scholars have addressed technology over the past five decades. I will demonstrate that while materiality is an integral aspect of organisational activity, it has either been ignored by management research or investigated through an ontology of separateness that cannot account for the multiple and dynamic ways in which the social and the material are constitutively entangled in everyday life. I will end by pointing to some possible alternative perspectives that may have the potential to help management scholars take seriously the distributed and complex sociomaterial configurations that form and perform contemporary organisations

CDBFIP: Common Database Forensic Investigation Processes for Internet of Things

Database forensics is a domain that uses database content and metadata to reveal malicious activities on database systems in an Internet of Things environment. Although the concept of database forensics has been around for a while, the investigation of cybercrime activities and cyber breaches in an Internet of Things environment would benefit from the development of a common investigative standard that unifies the knowledge in the domain. Therefore, this paper proposes common database forensic investigation processes using a design science research approach. The proposed process comprises four phases, namely: 1) identification; 2) artefact collection; 3) artefact analysis; and 4) the documentation and presentation process. It allows the reconciliation of the concepts and terminologies of all common database forensic investigation processes; hence, it facilitates the sharing of knowledge on database forensic investigation among domain newcomers, users, and practitioners