Search results

1 – 4 of 4
Article
Publication date: 29 March 2013

Peter Kieseberg, Sebastian Schrittwieser, Lorcan Morgan, Martin Mulazzani, Markus Huber and Edgar Weippl

Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. For instance, this is an important basic…

Abstract

Purpose

Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. For instance, this is an important basic requirement for SOX (Sarbanes‐Oxley Act) compliance, whereby every past transaction has to be traceable at any time. However, malicious database administrators may still be able to bypass the security mechanisms in order to make hidden modifications to the database. This paper aims to address these issues.

Design/methodology/approach

In this paper the authors define a novel signature of a B+‐tree, a widely‐used storage structure in database management systems, and propose its utilization for supporting the logging in databases. This additional logging mechanism is especially useful in conjunction with forensic techniques that directly target the underlying tree‐structure of an index. Several techniques for applying this signature in the context of digital forensics on B+‐trees are proposed in the course of this paper. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thereby enabling the owner to completely restore data, even on the structural level.

Findings

For database systems in enterprise environments, compliance to regulatory standards such as SOX (Sarbanes‐Oxley Act), whereby every past transaction has to be traceable at any time, is a fundamental requirement. Today's database management systems usually implement sophisticated access control mechanisms to prevent unauthorized access and modifications. Nonetheless malicious database administrators would be able to bypass the security mechanisms in order to make modifications to the database, while covering their tracks.

Originality/value

In this paper, the authors demonstrate how the tree structure of the underlying store engine can be used to enhance forensic logging mechanisms of the database. They define a novel signature for B+‐trees, which are used by the InnoDB storage engine. This signature stores the structure of database storage files and can help in reconstructing previous versions of the file for forensic purposes. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thus enabling the owner to completely restore data, even on the structural level. The authors applied their concept to four real‐life scenarios in order to evaluate its effectiveness.

Details

International Journal of Web Information Systems, vol. 9 no. 1
Type: Research Article
ISSN: 1744-0084

Keywords

Article
Publication date: 1 June 2015

Robin Mueller, Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg and Edgar Weippl

This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on…

1830

Abstract

Purpose

This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on several new applications. Mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to their security and privacy protection, leading to in-depth analyses of specific applications or vulnerabilities.

Design/methodology/approach

The evaluation methods mostly focus on known vulnerabilities in connection with authentication and validation mechanisms but also describe some newly identified attack vectors.

Findings

The results show a positive trend for new applications, which are mostly being developed with security and privacy features, whereas some of the older applications have shown little progress or have even introduced new vulnerabilities. In addition, this paper shows privacy implications of smartphone messaging that are not even solved by today’s most sophisticated “secure” smartphone messaging applications, as well as discusses methods for protecting user privacy during the creation of the user network.

Research limitations/implications

Currently, there is no perfect solution available; thus, further research on this topic needs to be conducted.

Originality/value

In addition to conducting a security evaluation of existing applications together with newly designed messengers that were designed with a security background in mind, several methods for protecting user privacy were discussed. Furthermore, some new attack vectors were discussed.

Details

International Journal of Pervasive Computing and Communications, vol. 11 no. 2
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 29 March 2013

Aleksandar Hudic, Shareeful Islam, Peter Kieseberg, Sylvi Rennert and Edgar R. Weippl

The aim of this research is to secure the sensitive outsourced data with minimum encryption within the cloud provider. Unfaithful solutions for providing privacy and security…

2913

Abstract

Purpose

The aim of this research is to secure the sensitive outsourced data with minimum encryption within the cloud provider. Unfaithful solutions for providing privacy and security along with performance issues by encryption usage of outsourced data are the main motivation points of this research.

Design/methodology/approach

This paper presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. The method supports minimal encryption to minimize the computations overhead due to encryption. The proposed method uses normalization of relational databases, tables are categorized based on user requirements relating to performance, availability and serviceability, and exported to XML as fragments. After defining the fragments and assigning the appropriate confidentiality levels, the lowest number of Cloud Service Providers (CSPs) is used required to store all fragments that must remain unlinkable in separate locations.

Findings

Particularly in the cloud databases are sometimes de‐normalised (their normal form is decreased to lower level) to increase the performance.

Originality/value

The paper proposes a methodology to minimize the need for encryption and instead focus on making data entities unlinkable so that even in the case of a security breach for one set of data, the privacy impact on the whole is limited. The paper would be relevant to those people whose main concern is to preserve data privacy in distributed systems.

Details

International Journal of Pervasive Computing and Communications, vol. 9 no. 1
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 6 April 2023

Gao Shang, Low Sui Pheng and Roderick Low Zhong Xia

The construction industry has arrived at a crossroads of rapid technological progress. While it is foreseen that the advent of new construction technologies will disrupt the…

Abstract

Purpose

The construction industry has arrived at a crossroads of rapid technological progress. While it is foreseen that the advent of new construction technologies will disrupt the construction industry’s future, such disruptions often create the ideal environment for innovation. As poor payment practices continue to plague the construction industry, the advent of smart contracts has created an opportunity to rectify the inherent flaws in the mitigation of payment problems in traditional construction contracts. Given the intrinsic resistance of construction firms to such revolutionary changes, this study aims to understand the various factors influencing the adoption of smart contracts in the Singapore construction industry.

Design/methodology/approach

A mixed method was adopted involving quantifying respondents’ perceptions of the factors influencing smart contract adoption, and validation from a group of interviewees on the matter. Out of 461 registered quantity surveyor members contacted via the Singapore institute of surveyors and valuers website, 55 respondents took part in the survey. This is followed by semi-structured interviews to validate the survey results.

Findings

The findings indicate that construction firms have neither a significant knowledge of nor willingness to adopt smart contracts. A total of 29 institutional factors were also identified that significantly influence the adoption of smart contracts. The quantitative findings were further reinforced by qualitative interviews with five industry experts.

Originality/value

With recognition of and the successful formulation of the significant institutional drivers and barriers, the key findings of this study will be integral in driving the commercial adoption of smart contracts within the construction industry.

Details

Construction Innovation , vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1471-4175

Keywords

1 – 4 of 4