Edgar R. Weippl and A Min Tjoa
Privacy is a requirement that has not received the required attention in most e‐learning platforms. Based on the results of a survey we identified weaknesses of e‐learning…
Abstract
Privacy is a requirement that has not received the required attention in most e‐learning platforms. Based on the results of a survey we identified weaknesses of e‐learning platforms and describe improvements we made in Moodle as a proof‐of‐concept.
Details
Keywords
Andreas Ekelhart, Stefan Fenz, Gernot Goluch, Markus D. Klemen and Edgar R. Weippl
Today the amount of all kinds of digital data (e.g. documents and e‐mails), existing on every user's computer, is continuously growing. Users are faced with huge difficulties when…
Abstract
Purpose
Today the amount of all kinds of digital data (e.g. documents and e‐mails), existing on every user's computer, is continuously growing. Users are faced with huge difficulties when it comes to handling the existing data pool and finding specific information, respectively. This paper aims to discover new ways of searching and finding semi‐structured data by integrating semantic metadata.
Design/methodology/approach
The proposed architecture allows cross‐border searches spanning various applications and operating system activities (e.g. file access and network traffic) and improves the human working process by offering context‐specific, automatically generated links that are created using ontologies.
Findings
The proposed semantic enrichment of automated gathered data is a useful approach to reflect the human way of thinking, which is accomplished by remembering relations rather than keywords or tags. The proposed architecture supports the goals of supporting the human working process by managing and enriching personal data, e.g. by providing a database model which supports the semantic storage idea through a generic and flexible structure or the modular structure and composition of data collectors.
Originality/value
Available programs to manage personal data usually offer searches either via keywords or full text search. Each of these existing search methodologies has its shortcomings and, apart from that, people tend to forget names of specific objects. It is often easier to remember the context of a situation in which, for example, a file was created or a web site was visited. By proposing this architectural approach for handling semi‐structured data, it is possible to offer a sophisticated and more applicable search mechanism regarding the way of human thinking.
Details
Keywords
Mohammad Tabatabai Irani and Edgar R. Weippl
The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities
Abstract
Purpose
The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities
Design/methodology/approach
Based on existing frameworks such as Metasploit and Meterpreter the paper develops a prototype and uses this to automate typical post‐exploitation activities.
Findings
Using a multi‐step approach of pivoting this paper can automate the cascaded attacks on computers not directly routable.
Practical implications
Based on the findings and developed prototypes penetration tests can be made more efficient since many manual exploitation activities can now be scripted.
Original/value
The main contribution of the paper is to extend Metapreter‐scripts so that post‐exploitation can be scripted. Moreover, using a multi‐step approach (pivoting), it can automatically exploit machines that are not directly routable
Details
Keywords
Aleksandar Hudic, Shareeful Islam, Peter Kieseberg, Sylvi Rennert and Edgar R. Weippl
The aim of this research is to secure the sensitive outsourced data with minimum encryption within the cloud provider. Unfaithful solutions for providing privacy and security…
Abstract
Purpose
The aim of this research is to secure the sensitive outsourced data with minimum encryption within the cloud provider. Unfaithful solutions for providing privacy and security along with performance issues by encryption usage of outsourced data are the main motivation points of this research.
Design/methodology/approach
This paper presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. The method supports minimal encryption to minimize the computations overhead due to encryption. The proposed method uses normalization of relational databases, tables are categorized based on user requirements relating to performance, availability and serviceability, and exported to XML as fragments. After defining the fragments and assigning the appropriate confidentiality levels, the lowest number of Cloud Service Providers (CSPs) is used required to store all fragments that must remain unlinkable in separate locations.
Findings
Particularly in the cloud databases are sometimes de‐normalised (their normal form is decreased to lower level) to increase the performance.
Originality/value
The paper proposes a methodology to minimize the need for encryption and instead focus on making data entities unlinkable so that even in the case of a security breach for one set of data, the privacy impact on the whole is limited. The paper would be relevant to those people whose main concern is to preserve data privacy in distributed systems.
Details
Keywords
Peter Kieseberg, Sebastian Schrittwieser, Lorcan Morgan, Martin Mulazzani, Markus Huber and Edgar Weippl
Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. For instance, this is an important basic…
Abstract
Purpose
Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. For instance, this is an important basic requirement for SOX (Sarbanes‐Oxley Act) compliance, whereby every past transaction has to be traceable at any time. However, malicious database administrators may still be able to bypass the security mechanisms in order to make hidden modifications to the database. This paper aims to address these issues.
Design/methodology/approach
In this paper the authors define a novel signature of a B+‐tree, a widely‐used storage structure in database management systems, and propose its utilization for supporting the logging in databases. This additional logging mechanism is especially useful in conjunction with forensic techniques that directly target the underlying tree‐structure of an index. Several techniques for applying this signature in the context of digital forensics on B+‐trees are proposed in the course of this paper. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thereby enabling the owner to completely restore data, even on the structural level.
Findings
For database systems in enterprise environments, compliance to regulatory standards such as SOX (Sarbanes‐Oxley Act), whereby every past transaction has to be traceable at any time, is a fundamental requirement. Today's database management systems usually implement sophisticated access control mechanisms to prevent unauthorized access and modifications. Nonetheless malicious database administrators would be able to bypass the security mechanisms in order to make modifications to the database, while covering their tracks.
Originality/value
In this paper, the authors demonstrate how the tree structure of the underlying store engine can be used to enhance forensic logging mechanisms of the database. They define a novel signature for B+‐trees, which are used by the InnoDB storage engine. This signature stores the structure of database storage files and can help in reconstructing previous versions of the file for forensic purposes. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thus enabling the owner to completely restore data, even on the structural level. The authors applied their concept to four real‐life scenarios in order to evaluate its effectiveness.
Details
Keywords
Robin Mueller, Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg and Edgar Weippl
This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on…
Abstract
Purpose
This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on several new applications. Mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to their security and privacy protection, leading to in-depth analyses of specific applications or vulnerabilities.
Design/methodology/approach
The evaluation methods mostly focus on known vulnerabilities in connection with authentication and validation mechanisms but also describe some newly identified attack vectors.
Findings
The results show a positive trend for new applications, which are mostly being developed with security and privacy features, whereas some of the older applications have shown little progress or have even introduced new vulnerabilities. In addition, this paper shows privacy implications of smartphone messaging that are not even solved by today’s most sophisticated “secure” smartphone messaging applications, as well as discusses methods for protecting user privacy during the creation of the user network.
Research limitations/implications
Currently, there is no perfect solution available; thus, further research on this topic needs to be conducted.
Originality/value
In addition to conducting a security evaluation of existing applications together with newly designed messengers that were designed with a security background in mind, several methods for protecting user privacy were discussed. Furthermore, some new attack vectors were discussed.
Details
Keywords
Bassam Samir AL-Romeedy and Shaymaa Abdul-Wahab El-Sisi
This study explores the potential of artificial intelligence (AI) in fostering sustainable entrepreneurship within the tourism industry. The rapid growth of the tourism sector has…
Abstract
This study explores the potential of artificial intelligence (AI) in fostering sustainable entrepreneurship within the tourism industry. The rapid growth of the tourism sector has raised concerns regarding its environmental impact, social equity and economic sustainability. Sustainable entrepreneurship offers a promising approach to address these challenges by integrating environmental, social and economic considerations into business practices. AI technologies, with their ability to process vast amounts of data, analyse patterns and make predictions, have the potential to support sustainable entrepreneurship initiatives in the tourism industry. By analysing the current literature, this study provides insights into the effective utilisation of AI to promote sustainable entrepreneurship in the tourism industry, while acknowledging the need for responsible and ethical AI implementation. The findings contribute to the understanding of how AI can be harnessed as a tool for driving sustainable practices and innovation in the tourism sector, ultimately leading to a more sustainable and responsible tourism industry.