Search results

1 – 8 of 8
Article
Publication date: 30 November 2005

Edgar R. Weippl and A Min Tjoa

Privacy is a requirement that has not received the required attention in most e‐learning platforms. Based on the results of a survey we identified weaknesses of e‐learning…

Abstract

Privacy is a requirement that has not received the required attention in most e‐learning platforms. Based on the results of a survey we identified weaknesses of e‐learning platforms and describe improvements we made in Moodle as a proof‐of‐concept.

Details

Interactive Technology and Smart Education, vol. 2 no. 4
Type: Research Article
ISSN: 1741-5659

Keywords

Article
Publication date: 28 September 2007

Andreas Ekelhart, Stefan Fenz, Gernot Goluch, Markus D. Klemen and Edgar R. Weippl

Today the amount of all kinds of digital data (e.g. documents and e‐mails), existing on every user's computer, is continuously growing. Users are faced with huge difficulties when…

Abstract

Purpose

Today the amount of all kinds of digital data (e.g. documents and e‐mails), existing on every user's computer, is continuously growing. Users are faced with huge difficulties when it comes to handling the existing data pool and finding specific information, respectively. This paper aims to discover new ways of searching and finding semi‐structured data by integrating semantic metadata.

Design/methodology/approach

The proposed architecture allows cross‐border searches spanning various applications and operating system activities (e.g. file access and network traffic) and improves the human working process by offering context‐specific, automatically generated links that are created using ontologies.

Findings

The proposed semantic enrichment of automated gathered data is a useful approach to reflect the human way of thinking, which is accomplished by remembering relations rather than keywords or tags. The proposed architecture supports the goals of supporting the human working process by managing and enriching personal data, e.g. by providing a database model which supports the semantic storage idea through a generic and flexible structure or the modular structure and composition of data collectors.

Originality/value

Available programs to manage personal data usually offer searches either via keywords or full text search. Each of these existing search methodologies has its shortcomings and, apart from that, people tend to forget names of specific objects. It is often easier to remember the context of a situation in which, for example, a file was created or a web site was visited. By proposing this architectural approach for handling semi‐structured data, it is possible to offer a sophisticated and more applicable search mechanism regarding the way of human thinking.

Details

International Journal of Web Information Systems, vol. 3 no. 3
Type: Research Article
ISSN: 1744-0084

Keywords

Article
Publication date: 20 November 2009

Mohammad Tabatabai Irani and Edgar R. Weippl

The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities

Abstract

Purpose

The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities

Design/methodology/approach

Based on existing frameworks such as Metasploit and Meterpreter the paper develops a prototype and uses this to automate typical post‐exploitation activities.

Findings

Using a multi‐step approach of pivoting this paper can automate the cascaded attacks on computers not directly routable.

Practical implications

Based on the findings and developed prototypes penetration tests can be made more efficient since many manual exploitation activities can now be scripted.

Original/value

The main contribution of the paper is to extend Metapreter‐scripts so that post‐exploitation can be scripted. Moreover, using a multi‐step approach (pivoting), it can automatically exploit machines that are not directly routable

Details

International Journal of Web Information Systems, vol. 5 no. 4
Type: Research Article
ISSN: 1744-0084

Keywords

Article
Publication date: 29 March 2013

Aleksandar Hudic, Shareeful Islam, Peter Kieseberg, Sylvi Rennert and Edgar R. Weippl

The aim of this research is to secure the sensitive outsourced data with minimum encryption within the cloud provider. Unfaithful solutions for providing privacy and security…

2914

Abstract

Purpose

The aim of this research is to secure the sensitive outsourced data with minimum encryption within the cloud provider. Unfaithful solutions for providing privacy and security along with performance issues by encryption usage of outsourced data are the main motivation points of this research.

Design/methodology/approach

This paper presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. The method supports minimal encryption to minimize the computations overhead due to encryption. The proposed method uses normalization of relational databases, tables are categorized based on user requirements relating to performance, availability and serviceability, and exported to XML as fragments. After defining the fragments and assigning the appropriate confidentiality levels, the lowest number of Cloud Service Providers (CSPs) is used required to store all fragments that must remain unlinkable in separate locations.

Findings

Particularly in the cloud databases are sometimes de‐normalised (their normal form is decreased to lower level) to increase the performance.

Originality/value

The paper proposes a methodology to minimize the need for encryption and instead focus on making data entities unlinkable so that even in the case of a security breach for one set of data, the privacy impact on the whole is limited. The paper would be relevant to those people whose main concern is to preserve data privacy in distributed systems.

Details

International Journal of Pervasive Computing and Communications, vol. 9 no. 1
Type: Research Article
ISSN: 1742-7371

Keywords

Content available
Article
Publication date: 28 September 2007

Ismail Khalil Ibrahim, David Tanier and Eric Pardede

373

Abstract

Details

International Journal of Web Information Systems, vol. 3 no. 3
Type: Research Article
ISSN: 1744-0084

Content available
Article
Publication date: 20 November 2009

Ismail Khalil

460

Abstract

Details

International Journal of Web Information Systems, vol. 5 no. 4
Type: Research Article
ISSN: 1744-0084

Article
Publication date: 29 March 2013

Peter Kieseberg, Sebastian Schrittwieser, Lorcan Morgan, Martin Mulazzani, Markus Huber and Edgar Weippl

Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. For instance, this is an important basic…

Abstract

Purpose

Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. For instance, this is an important basic requirement for SOX (Sarbanes‐Oxley Act) compliance, whereby every past transaction has to be traceable at any time. However, malicious database administrators may still be able to bypass the security mechanisms in order to make hidden modifications to the database. This paper aims to address these issues.

Design/methodology/approach

In this paper the authors define a novel signature of a B+‐tree, a widely‐used storage structure in database management systems, and propose its utilization for supporting the logging in databases. This additional logging mechanism is especially useful in conjunction with forensic techniques that directly target the underlying tree‐structure of an index. Several techniques for applying this signature in the context of digital forensics on B+‐trees are proposed in the course of this paper. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thereby enabling the owner to completely restore data, even on the structural level.

Findings

For database systems in enterprise environments, compliance to regulatory standards such as SOX (Sarbanes‐Oxley Act), whereby every past transaction has to be traceable at any time, is a fundamental requirement. Today's database management systems usually implement sophisticated access control mechanisms to prevent unauthorized access and modifications. Nonetheless malicious database administrators would be able to bypass the security mechanisms in order to make modifications to the database, while covering their tracks.

Originality/value

In this paper, the authors demonstrate how the tree structure of the underlying store engine can be used to enhance forensic logging mechanisms of the database. They define a novel signature for B+‐trees, which are used by the InnoDB storage engine. This signature stores the structure of database storage files and can help in reconstructing previous versions of the file for forensic purposes. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thus enabling the owner to completely restore data, even on the structural level. The authors applied their concept to four real‐life scenarios in order to evaluate its effectiveness.

Details

International Journal of Web Information Systems, vol. 9 no. 1
Type: Research Article
ISSN: 1744-0084

Keywords

Article
Publication date: 1 June 2015

Robin Mueller, Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg and Edgar Weippl

This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on…

1833

Abstract

Purpose

This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on several new applications. Mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to their security and privacy protection, leading to in-depth analyses of specific applications or vulnerabilities.

Design/methodology/approach

The evaluation methods mostly focus on known vulnerabilities in connection with authentication and validation mechanisms but also describe some newly identified attack vectors.

Findings

The results show a positive trend for new applications, which are mostly being developed with security and privacy features, whereas some of the older applications have shown little progress or have even introduced new vulnerabilities. In addition, this paper shows privacy implications of smartphone messaging that are not even solved by today’s most sophisticated “secure” smartphone messaging applications, as well as discusses methods for protecting user privacy during the creation of the user network.

Research limitations/implications

Currently, there is no perfect solution available; thus, further research on this topic needs to be conducted.

Originality/value

In addition to conducting a security evaluation of existing applications together with newly designed messengers that were designed with a security background in mind, several methods for protecting user privacy were discussed. Furthermore, some new attack vectors were discussed.

Details

International Journal of Pervasive Computing and Communications, vol. 11 no. 2
Type: Research Article
ISSN: 1742-7371

Keywords

1 – 8 of 8