Ändra sökning
Avgränsa sökresultatet
12345 1 - 50 av 227
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Träffar per sida
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
Markera
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Magnusson, Christer
    Department of Computer and System Sciences, Stockholm University, Sweden.
    Yngström, Louise
    Department of Computer and System Sciences, Stockholm University, Sweden.
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
    Addressing Dynamic Issues in Information Security Management2011Ingår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 1, s. 5-24Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Purpose – The paper addresses three main problems resulting from uncertainty in information securitymanagement: i) dynamically changing security requirements of an organization ii) externalities caused by a securitysystem and iii) obsolete evaluation of security concerns.

    Design/methodology/approach – In order to address these critical concerns, a framework based on optionsreasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture anddecision-making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy.

    Findings – The paper shows through three examples that it is possible to have a coherent methodology, buildingon options theory to deal with uncertainty issues in information security at an organizational level.

    Practical implications – To validate the efficacy of the methodology proposed in this paper, it was applied tothe SHS (Spridnings- och Hämtningssystem: Dissemination and Retrieval System) system. The paper introduces themethodology, presents its application to the SHS system in detail and compares it to the current practice.

    Originality/value – This research is relevant to information security management in organizations, particularlyissues on changing requirements and evaluation in uncertain circumstances created by progress in technology.

  • 2.
    Abbas, Haider
    et al.
    KTH, School of ICT, Electronic Systems.
    Magnusson, Christer
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Yngström, Louise
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Hemani, Ahmed
    ICT/Materialfysik.
    Addressing Dynamic Issues in Information Security Management2011Ingår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 1, s. 5-24Artikel i tidskrift (Refereegranskat)
    Abstract [sv]

    Ett ramverk för behandling av osäkerhet inom ledningssystem för informationssäkerhet presenteras. Ramverket baseras på teorier från corporate finance. En fallstudie visar hur ramverket kan appliceras.

  • 3.
    Abidin, Aysajan
    et al.
    Linköpings universitet, Institutionen för systemteknik, Informationskodning. Linköpings universitet, Tekniska högskolan.
    Pacher, Christoph
    Austrian Institute of Technology, Austria.
    Lorünser, Thomas
    Austrian Institute of Technology, Austria.
    Larsson, Jan-Åke
    Linköpings universitet, Institutionen för systemteknik, Informationskodning. Linköpings universitet, Tekniska högskolan.
    Peev, Momtchil
    Austrian Institute of Technology, Austria.
    Quantum cryptography and authentication with low key-consumption2011Ingår i: Proceedings of SPIE - The International Society for Optical Engineering, 2011, s. 818916-Konferensbidrag (Refereegranskat)
    Abstract [en]

    Quantum Key Distribution (QKD - also referred to as Quantum Cryptography) is a technique for secret key agreement. It has been shown that QKD rigged with Information-Theoretic Secure (ITS) authentication (using secret key) of the classical messages transmitted during the key distribution protocol is also ITS. Note, QKD without any authentication can trivially be broken by man-in-the-middle attacks. Here, we study an authentication method that was originally proposed because of its low key consumption; a two-step authentication that uses a publicly known hash function, followed by a secret strongly universal2 hash function, which is exchanged each round. This two-step authentication is not information-theoretically secure but it was argued that nevertheless it does not compromise the security of QKD. In the current contribution we study intrinsic weaknesses of this approach under the common assumption that the QKD adversary has access to unlimited resources including quantum memories. We consider one implementation of Quantum Cryptographic protocols that use such authentication and demonstrate an attack that fully extract the secret key. Even including the final key from the protocol in the authentication does not rule out the possibility of these attacks. To rectify the situation, we propose a countermeasure that, while not informationtheoretically secure, restores the need for very large computing power for the attack to work. Finally, we specify conditions that must be satisfied by the two-step authentication in order to restore informationtheoretic security.

  • 4.
    Afzal, Zeeshan
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap.
    Lindskog, Stefan
    Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap. Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013).
    Multipath TCP IDS Evasion and Mitigation2015Ingår i: Information Security: 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings, Springer, 2015, Vol. 9290, s. 265-282Konferensbidrag (Refereegranskat)
    Abstract [en]

    The existing network security infrastructure is not ready for future protocols such as Multipath TCP (MPTCP). The outcome is that middleboxes are configured to block such protocols. This paper studies the security risk that arises if future protocols are used over unaware infrastructures. In particular, the practicality and severity of cross-path fragmentation attacks utilizing MPTCP against the signature-matching capability of the Snort intrusion detection system (IDS) is investigated. Results reveal that the attack is realistic and opens the possibility to evade any signature-based IDS. To mitigate the attack, a solution is also proposed in the form of the MPTCP Linker tool. The work outlines the importance of MPTCP support in future network security middleboxes.

  • 5.
    Al Sabbagh, Bilal
    et al.
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Ameen, Marihan
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Wätterstam, Tove
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Kowalski, Stewart
    A Prototype For HI²Ping Information Security Culture and Awareness Training2012Ingår i: 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE), Institute of Electrical and Electronics Engineers (IEEE), 2012, s. 32-36Konferensbidrag (Refereegranskat)
    Abstract [en]

    In this short paper, we propose a security culture and awareness training platform that suite different learning styles and preferences. The objective is to operationalize the platform for improving individuals security awareness and learn more about their security mental models as well as how their cultural background influence their perception of security. Useful application of the tool is to enhance the effectiveness of security knowledge transfer in a security incident response process management and to develop staff commitment to security policies at organizations. The tool can also help on enabling a global security culture by creating a common understanding of security best practices. Qualitative results show the tool can play a promising role in security education as it combines different mediums for communicating the required information to fit the audience different learning styles.

  • 6.
    Al Sabbagh, Bilal
    et al.
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Kowalski, Stewart
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    A cultural adaption model for global cyber security warning systems: A socio-technical proposal2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    In this paper we explore the problems of developing a cyber security warning system both from a theoretical and practical perspective. We review some of the current development in warning systems around the world and we also examine the security metrics area. We then expanded on a proposed socio-technical coordinate system for global cyber security alerts and adapted it to an information security culture framework.

  • 7.
    Al Sabbagh, Bilal
    et al.
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Kowalski, Stewart
    Developing social metrics for security: modeling the security culture of it workers individuals (Case study)2012Ingår i: Proceedings of the 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), Institute of Electrical and Electronics Engineers (IEEE), 2012, s. 112-118Konferensbidrag (Refereegranskat)
    Abstract [en]

    In this short paper we present and discuss the findings of a case study aimed at developing social security metrics for modeling the security culture of certain individuals. Using these metrics we have modeled the security culture of IT workers individuals from Saudi Arabia. We suggest these metrics can be used for modeling and comparing different security cultures to develop a global security culture required for effective global response to cyber security issues. We start by reviewing the latest research on the social aspects of information security. Then we highlight the history of the under-development social security metrics. Afterward we discuss the setup of the case study and the methodology used. Finally, we discuss the experiment results and suggested further research work.

  • 8.
    Al Sabbagh, Bilal
    et al.
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Kowalski, Stewart
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Security from a Systems Thinking Perspective - Applying Soft Systems Methodology to the Analysis of an Information Security Incident2014Ingår i: Proceedings of the 58th Meeting of ISSS, Washington DC, USA, July 2014, International Society for the Systems Sciences (ISSS) , 2014Konferensbidrag (Refereegranskat)
    Abstract [en]

    Applying systems theory to information security enables security analysts to consider the socio-technical role of the security system instead of only focusing on the technical part. Systems theory can also equip security analysts with the skills required to have a holistic and an abstract level of understanding of the security problem in their organisations and to proactively define and evaluate existing risks. The Soft Systems Methodology (SSM) developed by Peter Checkland was created in order to deal with unstructured situations where human beings are part of the socio-technical system. In this paper, SSM is applied as a framework to diagnose a real case security incident in an organisation. The purpose of this application is to demonstrate how the methodology can be considered a beneficial tool for security analysts during security incident management and risk analysis. Literature review and experience indicate an existing lack of customisable incident response tools that facilitate communication and elaboration within organizations during incident management. In addition to the fact that these tools are mainly technical and don’t take the human factor into consideration. Using SSM as such, we define the security attack as a human activity transformation system that transforms a security event triggered by an attacker into a security breach that cause damage to the victim organisation. The attack system is then modelled to include a number of dependent activity sub-systems that interact with each other and their environment including the security control activity systems. By having such systemic perception of a security attack, security analysts, we suggest, can have a holistic perception under what conditions a security attack has succeeded and what elements of the socio-technical system and its environment should have been considered in order to mitigate and reduce the risk exposure.

  • 9.
    Alaqra, Alaa
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap.
    Fischer-Hübner, Simone
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap.
    Pettersson, John
    Karlstads universitet, Fakulteten för humaniora och samhällsvetenskap (from 2013), Centrum för HumanIT.
    Wästlund, Erik
    Karlstads universitet, Fakulteten för humaniora och samhällsvetenskap (from 2013), Centrum för tjänsteforskning.
    Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario2016Ingår i: Proceedings of the International Symposium on Human Aspects of Information Security & Assurance, 2016Konferensbidrag (Refereegranskat)
    Abstract [en]

    In this paper, we discuss end user requirements that we elicited for the use of malleable signatures in a Cloud-based eHealth scenario. The concept of a malleable signature, which is a privacy enhancing cryptographic scheme that enables the redaction of personal information from signed documents while preserving the validity of the signature, might be counter- intuitive to end users as its functionality does not correspond to the one of a traditional signature scheme. A qualitative study via a series of semi-structured interviews and focus groups has been conducted to understand stakeholders’ opinions and concerns in regards to the possible applications of malleable signatures in the eHealth area, where a medical record is first digitally signed by a doctor and later redacted by the patient in the cloud. Results from this study yielded user requirements such as the need for suitable metaphors and guidelines, usable templates, and clear redaction policies. 

  • 10.
    Al-Douri, Yamur K.
    et al.
    Luleå tekniska universitet, Institutionen för samhällsbyggnad och naturresurser, Drift, underhåll och akustik.
    Al-Jumaili, Mustafa
    Luleå tekniska universitet, Institutionen för samhällsbyggnad och naturresurser, Drift, underhåll och akustik.
    Karim, Ramin
    Luleå tekniska universitet, Institutionen för samhällsbyggnad och naturresurser, Drift, underhåll och akustik.
    Information security in e-maintenance: a study of Scada security2012Konferensbidrag (Refereegranskat)
    Abstract [en]

    eMaintenance solutions are spreading increasingly due to the continuous evolution in the different Information and Communication Technology (ICT) tools. In general, most of the available eMaintenance solutions are depending on Internet infrastructure what makes them vulnerable to all security threats that affect the Internet. One of the important eMaintenance solutions is Supervisory Control and Data Acquisition (SCADA) system as it has been used in most of the industrial processes. SCADA systems were designed without security considerations as they were mainly installed into isolated networks. Nowadays, SCADA systems are mainly connected to Internet and other networks. Therefore, SCADA systems have been exposed to wide range of network security threats. Hence, SCADA security has become an important aspect that needs to be investigated. In this paper, a study of SCADA security issues will be done. The main contribution of this paper is to address SCADA security issues and challenges related to eMaintenance.

  • 11.
    Andersson, Karl
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Aktivitet: Editorial Board Member, Journal of Internet Services and Information Security (JISIS)2012Övrigt (Övrig (populärvetenskap, debatt, mm))
  • 12.
    Andersson, Karl
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Interworking techniques and architectures for heterogeneous wireless networks2012Ingår i: Journal of Internet Services and Information Security (JISIS), ISSN 2182-2069, E-ISSN 2182-2077, Vol. 2, nr 1/2, s. 22-48Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Fourth generation (4G) wireless systems targeting 100 Mb/s for highly mobile scenarios and 1 Gb/s for low mobility communication are soon to be deployed on a broad basis with LTE-Advanced and IEEE 802.16m as the two candidate systems. Traditional applications spanning everything from voice, video, and data to new machine-to-machine (M2M) applications with billions of connected devices transmitting sensor data will in a soon future use these networks. Still, interworking solutions integrating those new 4G networks with existing legacy wireless networks are important building blocks in order to achieve cost-efficient solutions, offer smooth migration paths from legacy systems, and to provide means for load balancing among different radio access technologies.This article categorizes and analyzes different interworking solutions for heterogeneous wireless networks and provides suggestions for further research.

  • 13.
    Angulo, Julio
    et al.
    Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap.
    Fischer-Hübner, Simone
    Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för HumanIT.
    Wästlund, Erik
    Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för psykologi. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för HumanIT. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för tjänsteforskning.
    Pulls, Tobias
    Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap.
    Towards Usable Privacy Policy Display & Management: The PrimeLife Approach2011Ingår i: Proceedings of 5th International Symposium on Human Aspects of Information Security & Assurance / [ed] Steven Furnell, Plymouth: University of Plymouth , 2011, s. 108-118Konferensbidrag (Refereegranskat)
  • 14.
    Aslam, Mudassar
    et al.
    RISE., Swedish ICT, SICS. Mälardalen University, Sweden; COMSATS Institute of Information Technology, Pakistan.
    Gehrmann, Christian
    RISE., Swedish ICT, SICS, Security Lab.
    Björkman, Mats
    Mälardalen University, Sweden.
    ASArP: Automated Security Assessment & Audit of Remote Platforms using TCG-SCAP synergies2015Ingår i: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Vol. 22, s. 28-39Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Many enterprise solutions today are built upon complex distributed systems which are accessible to the users globally. Due to this global access, the security of the host platforms becomes critical. The platform administrators use security automation techniques such as those provided by Security Content Automation Protocol (SCAP) standards to protect the systems from the vulnerabilities that are reported daily; furthermore, they are responsible for keeping their systems compliant to the relevant security recommendations (governmental or industrial). Additionally, third party audit and certification processes are used to increase user trust in enterprise solutions. However, traditional audit and certification mechanisms are not continuous , that is, not frequent enough to deal with the daily reported vulnerabilities, and for that matter even auditors expect platform administrators to keep the systems updated. As a result, the end user is also forced to trust the platform administrators about the latest state of the platform. In this paper we develop an automated security audit and certification system (ASArP)(ASArP) which can be used by platform users or by third party auditors. We use security automation techniques for continuous monitoring of the platform security posture and make the results trustworthy by using trusted computing (TCG) techniques. The prototype development of ASArPASArP validates the implementation feasibility; it also provides performance benchmarks which show that the ASArPASArP based audit and certification can be done much more frequently (e.g. daily or weekly). The feasibility of ASArPASArP based continuous audits is significantly better than traditional platform audits which are dependent on the physical presence of the auditors, thus making frequent audits much more expensive and operationally infeasible.

  • 15.
    Asplund, Mikael
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska fakulteten.
    Nadjm-Tehrani, Simin
    Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska fakulteten.
    Attitudes and Perceptions of IoT Security in Critical Societal Services2016Ingår i: IEEE Access, E-ISSN 2169-3536, Vol. 4, s. 2130-2138Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    A quiet revolution that impacts several sectors, ranging over transport, home automation, energy, industrial control, and health services is undergoing with addition of new networked devices leading to enhanced services. In this paper, we aim to identify information security requirements that are common over several (vertical) sectors, and in particular, ones that impact critical societal services, namely, the energy, water, and health management systems. We present the results of an interview-based study where actors in these sectors were asked about their perceptions and attitudes on the security of Internet of Things (IoT). We set these perceptions and attitudes in context through a literature review of IoT security, and relate to current challenges in this area. This paper demonstrates that despite an overall optimistic view on IoT in critical societal services, there is a lack of consensus on risks related to IoT security.

  • 16.
    Awad, Ali Ismail
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Aktivitet: Workshop on Emerging Aspects in Information Security2015Övrigt (Övrig (populärvetenskap, debatt, mm))
  • 17.
    Awad, Ali Ismail
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Aktivitet: Workshop on Emerging Aspects in Information Security2014Övrigt (Övrig (populärvetenskap, debatt, mm))
  • 18.
    Babaheidarian, Parisa
    et al.
    Sharif University of Technology.
    Salimi, Somayen
    Sharif University of Technology.
    Aref, Mohammad Reza
    Sharif University of Technology.
    Simultanously Generating Multiple keys in a Four-Terminal Network2012Ingår i: IET Information Security, ISSN 1751-8709, E-ISSN 1751-8717, Vol. 6, nr 3, s. 190-201Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    A source model including four terminals is considered, where three simultaneously generating three types of keys are intended. Terminals 1, 2 and 3 wish to share a common key, the secret key, which should be kept secret from terminal 4 and simultaneously terminals 1 and 2 intend to share a private key with terminal 3, which should be kept secret from each other. Also, all the keys should be concealed from terminal 4 (the external wiretapper). The authors assume that all terminals including the external wiretapper have access to distinct correlated i.i.d. sources; there is also a noiseless public channel with unlimited capacity among the terminals. The authors have investigated the model on two scenarios of key sharing depending on the direction of the public channel. Rate regions of the keys are derived. It is shown that in some special cases the inner and outer bounds of the capacity regions coincide and the capacity regions are derived.

  • 19.
    Barabanov, Rostyslav
    et al.
    Stockholm University, Social Sciences, DSV.
    Kowalski, Stewart
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Yngström, Louise
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Information Security Metrics: State of the Art: State of the art2011Övrigt (Övrig (populärvetenskap, debatt, mm))
    Abstract [sv]

    Rapporten är en sammanställning och analys av forskning inom säkerhetsmetriker

  • 20.
    Barka, Ezedin
    et al.
    UAE University, United Arab Emirates.
    Mathew, Sujith
    UAE University, United Arab Emirates.
    Atif, Yacine
    UAE University, United Arab Emirates.
    Securing the Web of Things With Role-Based Access Control2015Ingår i: Codes, Cryptology, and Information Security: First International Conference, C2SI 2015, Rabat, Morocco, May 26-28, 2015, Proceedings - In Honor of Thierry Berger / [ed] Said El Hajji, Abderrahmane Nitaj, Claude Carlet, El Mamoun Souidi, Springer, 2015, s. 14-26Kapitel i bok, del av antologi (Refereegranskat)
    Abstract [en]

    Real-world things are increasingly becoming fully qualified members of the Web. From, pacemakers and medical records to children’s toys and sneakers, things are connected over the Web and publish information that is available for the whole world to see. It is crucial that there is secure access to this Web of Things (WoT) and to the related information published by things on the Web. In this paper, we introduce an architecture that encompasses Web-enabled things in a secure and scalable manner. Our architecture utilizes the features of the well-known role-based access control (RBAC) to specify the access control policies to the WoT, and we use cryptographic keys to enforce such policies. This approach enables prescribers to WoT services to control who can access what things and how access can continue or should terminate, thereby enabling privacy and security of large amount of data that these things are poised to flood the future Web with.

  • 21.
    Bergström, Erik
    et al.
    Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi.
    Åhlfeldt, Rose-Mharie
    Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi.
    Information Classification Issues2014Ingår i: Secure IT Systems: 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings / [ed] Karin Bernsmed & Simone Fischer-Hübner, Springer, 2014, s. 27-41Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper presents an extensive systematic literature review with the aim of identifying and classifying issues in the information classification process. The classification selected uses human and organizational factors for grouping the identified issues. The results reveal that policy-related issues are most commonly described, but not necessarily the most crucial ones. Furthermore, gaps in the research field are identified in order to outline paths for further research.

  • 22.
    Bergström, Erik
    et al.
    Högskolan i Skövde, Forskningscentrum för Informationsteknologi. Högskolan i Skövde, Institutionen för informationsteknologi.
    Åhlfeldt, Rose-Mharie
    Högskolan i Skövde, Forskningscentrum för Informationsteknologi. Högskolan i Skövde, Institutionen för informationsteknologi.
    Anteryd, Fredrik
    Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi.
    Informationsklassificering och säkerhetsåtgärder2016Rapport (Övrigt vetenskapligt)
  • 23.
    Booth, Todd
    et al.
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Andersson, Karl
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap. Luleå tekniska universitet, Institutionen för system- och rymdteknik, CDT.
    Network Security of Internet Services: Eliminate DDoS Reflection Amplification Attacks2015Ingår i: Journal of Internet Services and Information Security (JISIS), ISSN 2182-2069, E-ISSN 2182-2077, Vol. 5, nr 3, s. 58-79, artikel-id 5Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Our research problem is that there are a large number of successful network reflection DDoS attacks. Via a UDP Reflection Attack, an attacker can send just 1 Gb/s of payload to innocent servers, and it is these servers which then can send over 4,600 times the payload to the victim! There are very expensive and complex solutions in use today, however most all of these on premise solutions can be easily circumvented. The academic community has not adequately addressed this research problem. We have created a new Internet services network security surface attack mitigation methodology. Our novel design patterns will help organizations improve the price/performance of their anti-network reflection solution by 100 times, as compared to common on premise solutions. Our analysis and results confirm that our solution is viable. Our novel solution is based on stateless IP packet header filtering firewalls (which can be implemented mostly in hardware due to their simplicity). We have reduced and in some cases eliminated the need for researchers to even try and find new ways to filter the same traffic via more complex, software driven stateful solutions.

  • 24. Borg, Anton
    et al.
    Boldt, Martin
    Lavesson, Niklas
    Informed Software Installation through License Agreement Categorization2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    Spyware detection can be achieved by using machinelearning techniques that identify patterns in the End User License Agreements (EULAs) presented by application installers. However, solutions have required manual input from the user with varying degrees of accuracy. We have implemented an automatic prototype for extraction and classification and used it to generate a large data set of EULAs. This data set is used to compare four different machine learning algorithms when classifying EULAs. Furthermore, the effect of feature selection is investigated and for the top two algorithms, we investigate optimizing the performance using parameter tuning. Our conclusion is that feature selection and performance tuning are of limited use in this context, providing limited performance gains. However, both the Bagging and the Random Forest algorithms show promising results, with Bagging reaching an AUC measure of 0.997 and a False Negative Rate of 0.062. This shows the applicability of License Agreement Categorization for realizing informed software installation.

  • 25. Borg, Anton
    et al.
    Boldt, Martin
    Lavesson, Niklas
    Blekinge Institute of Technology, School of Computing, Karlskrona, Sweden.
    Informed Software Installation through License Agreement Categorization2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    Spyware detection can be achieved by using machinelearning techniques that identify patterns in the End User License Agreements (EULAs) presented by application installers. However, solutions have required manual input from the user with varying degrees of accuracy. We have implemented an automatic prototype for extraction and classification and used it to generate a large data set of EULAs. This data set is used to compare four different machine learning algorithms when classifying EULAs. Furthermore, the effect of feature selection is investigated and for the top two algorithms, we investigate optimizing the performance using parameter tuning. Our conclusion is that feature selection and performance tuning are of limited use in this context, providing limited performance gains. However, both the Bagging and the Random Forest algorithms show promising results, with Bagging reaching an AUC measure of 0.997 and a False Negative Rate of 0.062. This shows the applicability of License Agreement Categorization for realizing informed software installation.

  • 26.
    Brodin, Martin
    Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi.
    Combining ISMS with strategic management: The case of BYOD2015Ingår i: Information Systems 2015: Proceedings of the 8th IADIS International Conference / [ed] Miguel Baptista Nunes, Pedro Isaias, Philip Powell, IADIS Press, 2015, s. 161-168Konferensbidrag (Refereegranskat)
    Abstract [en]

    Bring Your Own Device (BYOD) (where employees use their private devices for work) causes problems for organisations since their management systems are seldom designed for this purpose. If BYOD is not adequately regulated, many security and privacy issues may result. This paper proposes an analysis-design-action framework for designing a suitable security management strategy by combining Johnson and Scholes’ strategic management model with the ISO/IEC 27000-series.

  • 27.
    Brodin, Martin
    Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi. Actea Consulting AB.
    Mobile Device Strategy: A management framework for securing company information assets on mobile devices2016Licentiatavhandling, sammanläggning (Övrigt vetenskapligt)
    Abstract [en]

    The problem addressed by this research is a demand for increased flexibility in access to organisational information, driven by the increasing popularity of mobile devices. Employees increasingly bring private devices to work (Bring Your Own Device, BYOD) or use work devices for private purposes (Choose Your Own Device, CYOD). This puts managers in a difficult position, since they want the benefits of mobility, without exposing organisational data to further risk. The research focuses on management (particularly information security management) issues in the design and implementation of strategies for mobile devices.  There are two objectives. The first is to identify existing information security management strategies for mobile and dual-use devices. The second is to develop a framework for analysing, evaluating and implementing a mobile device strategy.

    The overall research strategy is inspired by Design Science; where the mission is to develop an artefact, in this case a framework, which will help to solve a practical problem. Methods include literature review, theoretical development, and the collection and analysis of qualitative data through interviews with executives. The main result of this work is the framework, which deals with the complete process, including analysis, design and implementation of a mobile device management strategy. It helps researchers to understand necessary steps in analysing phenomenon like BYOD and gives practitioners guidance in which analyses to conduct when working on strategies for mobile devices. The framework was developed primarily through theoretical work (with inspiration from the mobile security and strategic management literature, and the ISO/IEC 27000 standard), and evaluated and refined through the empirical studies. The results include twelve management issues, a research agenda, argumentation for CYOD and, guidance for researchers and practitioners.

  • 28.
    Brodin, Martin
    et al.
    Högskolan i Skövde, Forskningscentrum för Informationsteknologi. Högskolan i Skövde, Institutionen för informationsteknologi.
    Rose, Jeremy
    Högskolan i Skövde, Forskningscentrum för Informationsteknologi. Högskolan i Skövde, Institutionen för informationsteknologi.
    Åhlfeldt, Rose-Mharie
    Högskolan i Skövde, Forskningscentrum för Informationsteknologi. Högskolan i Skövde, Institutionen för informationsteknologi.
    Management issues for Bring Your Own Device2015Ingår i: Proceedings of 12th European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015) / [ed] Kostantinos Lambrinoudakis, Vincenzo Morabito & Marinos Themistocleous, European, Mediterranean & Middle Eastern Conference on Information Systems (EMCIS) , 2015Konferensbidrag (Refereegranskat)
    Abstract [en]

    Bring Your Own Device (BYOD) is an emerging research area focusing on the organisational adoption of (primarily mobile) devices used for both private and work purposes. There are many information security related problems concerning the use of BYOD and it should therefore be considered an issue of strategic importance for senior managers. This paper presents a systematic literature analysis using a BYOD strategic management framework to assess developing research trends. The analysis reveals early work in the analysis and design aspects of BYOD strategies, but a lack of research in operationalizing (planning, implementation and evaluating) strategy – the action phase. The resulting research agenda identifies twelve management issues for further research and four overall research directions that may stimulate future research.

  • 29.
    Budurushi, Jurlind
    et al.
    TU Darmstadt/CASED, Germany.
    Jöris, Roman
    TU Darmstadt/CASED, Germany.
    Volkamer, Melanie
    TU Darmstadt/CASED, Germany.
    Implementing and evaluating a software-independent voting system for polling station elections2014Ingår i: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Vol. 19, nr 2, s. 1-10Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    In 2009 the German Federal Constitutional Court introduced the principle of “public nature of elections” (Federal Constitutional Court of Germany, March 2009). This principle requires that when using electronic voting systems it must be possible for the citizen to verify the essential steps in the election process and in the ascertainment of the results reliably and without special expert knowledge. Unfortunately, none of the existing systems complies with this principle. As a result, the use of electronic voting systems in Germany for parliamentary elections has stopped. Nevertheless, electronic voting systems are necessary and would improve the situation, especially for elections with complex ballots and voting rules, for example some local elections in Germany or parliamentary elections in Belgium and Luxembourg. The concept proposed by Volkamer et al. (Volkamer et al., 2011) was analyzed by a legal expert and evaluated to comply with the German legal requirements for local elections in the state of Hesse (Henning et al., 2012). In this paper we specify and concretize processes that were left open in the concept, and implement a prototype. We evaluated this prototype in a user study that was conducted alongside the university elections at the Technische Universtität Darmstadt in June 2013. The results of the study show that most of the participants were satisfied with the prototype and would support its use for the upcoming university elections. We also report some lessons learned.

  • 30.
    Budurushi, Jurlind
    et al.
    CASED, TU Darmstadt, Darmstadt, Germany.
    Stockhardt, Simon
    CASED, TU Darmstadt, Darmstadt, Germany.
    Woide, Marcel
    CASED, TU Darmstadt, Darmstadt, Germany.
    Volkamer, Melanie
    CASED, TU Darmstadt, Darmstadt, Germany.
    Paper Audit Trails and Voters’ Privacy Concerns2014Ingår i: Human Aspects of Information Security, Privacy and Trust, 2014, Vol. 8533, s. 400-409Konferensbidrag (Refereegranskat)
    Abstract [en]

    Advances in information technology have simplified many processes in our lives. However, in many cases trust issues arise when new technology is introduced, and voting is one prominent example. To increase voters’ trust, current e-voting systems provide paper audit trails (PATs) which enable automatic tally and/or manual audit of the election result. PATs may contain only the encrypted vote or the plaintext vote in human-readable and/or machine-readable format. Previous studies report voter privacy concerns with PATs containing additional information (e.g. QR-Codes) other than the human-readable plaintext vote. However, omitting such PATs negatively influences security and/or efficiency. Hence, to address these concerns we applied the coping and threat appraisal principles of the protection motivation theory in the communication process. We evaluated them in separate surveys focused on the EasyVote system [15]. Results show that the coping appraisal is more promising than the threat appraisal approach. While our findings provide novel directions on addressing privacy concerns in the e-voting context, corresponding limitations need to be considered for future user studies.

  • 31. Camenisch, Jan
    et al.
    Fischer-Hübner, SimoneKarlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för HumanIT.Murayama, YukoPortmann, ArmandRieder, Carlos
    Future Challenges in Security and Privacy for Academia and Industry: Proceedings of the 26th IFIP TC 11 International Information Security Conference, SEC 2011, Lucerne/Switzerland, June 20112011Proceedings (redaktörskap) (Refereegranskat)
  • 32.
    Caroline Kiondo, Caroline
    et al.
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Kowalski, Stewart
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Yngström, Louise
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Exploring Security Risks in Virtual Economies2011Ingår i: First International Conference on Social Eco-Informatics, 2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    A most recent, phenomenon within new socio-eco-systems is the so called Virtual Economies. This paper presents an exploratory study of information security risks that are inherent with the Virtural Economies. A Dynamic Network Analysis Tools (DNAT) was used to perform a risk analysis in the Second life virtual world. The analysis indicates that the currency and user account are the most important assets. User accounts provide access to virtual trading and are critical to the flow of currency within the virtual economy. The removal of both of these from the system will affect the dynamics of the system and defeat the whole purpose of the system. The analysis further identified selling and creation of virtual goods to be important tasks in order to maintain a successful Virtual Economy. If a threat occurs that manipulates the creation of virtual goods then it would affect the trading of virtual goods between the users of the system hence affecting the economy. It is important that users who invest in such an economy to be aware of possible risks associated with this. As the field expands and more internet communities adopt this business model all parties involved need to think of strategies to protect assets that exist within this type of environment.

  • 33.
    Charif, Bilal
    et al.
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Awad, Ali Ismail
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Towards smooth organisational adoption of cloud computing: a customer-provider security adaptation2016Ingår i: Computer fraud & security, ISSN 1361-3723, E-ISSN 1873-7056, Vol. 2016, nr 2, s. 7-15Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Cloud computing is daily becoming more and more accepted as a promising computing paradigm. For some years now, cloud computing has been in common use for such applications as Google apps (email, documents, etc), MSN Messenger (instant messaging), Skype (voice communications), and Flickr (image sharing). The idea of offering cloud computing facilities as a public utility began as early as the 1960s with John McCarthy.1, 2, 3 and 4 Organisations and universities offered distributed computing starting in the late 1970s through dial-up access.5 Grid computing was introduced in the early 1990s with the idea of providing access to shared computing power similar to the way electricity is shared through the electric power grid. In addition, open source platforms were first introduced by Eucalyptus, OpenNebula, and Nimbus for deploying private and hybrid clouds.6, 7 and 8Although cloud computing has been available for some time, there is still some organisational resistance to its adoption, not least because of security concerns.Bilal Charif, of Luleå University of Technology, Sweden and Ali Ismail Awad of Luleå University and Al Azhar University, Egypt show that a number of organisations have no internal security responsibilities, nor do they have proper information security policies such as business and disaster recovery plans, all of which makes cloud adoption difficult. In contrast, cloud computing offers recovery plans for small and medium-sized organisations that will often otherwise not be implemented.

  • 34.
    Cucurull, Jordi
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska högskolan.
    Nadjm-Tehrani, Simin
    Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska högskolan.
    Raciti, Massimiliano
    Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska högskolan.
    Modular Anomaly Detection for Smartphone Ad Hoc Communication2012Ingår i: Information Security Technology for Applications: 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers / [ed] Peeter Laud, Springer Berlin/Heidelberg, 2012, Vol. 7161, s. 65-81Konferensbidrag (Refereegranskat)
    Abstract [en]

    The capabilities of the modern smartphones make them the obvious platform for novel mobile applications. The open architectures, however, also create new vulnerabilities. Measures for prevention, detection, and reaction need to be explored with the peculiarities that resource-constrained devices impose. Smartphones, in addition to cellular broadband network capabilities, include WiFi interfaces that can even be deployed to set up a mobile ad hoc network (MANET). While intrusion detection in MANETs is typically evaluated with network simulators, we argue that it is important to implement and test the solutions in real devices to evaluate their resource footprint. This paper presents a modular implementation of an anomaly detection and mitigation mechanism on top of a dissemination protocol for intermittently-connected MANETs. The overhead of the security solution is evaluated in a small testbed based on three Android-based handsets and a laptop. The study shows the feasibility of the statistics-based anomaly detection regime, having low CPU usage, little added latency, and acceptable memory footprint.

  • 35.
    Davidson, Alan
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    de La Puente Martinez, Javier
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Huber, Markus
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    A SWOT analysis of virtual laboratories for security education2013Ingår i: IFIP Advances in Information and Communication Technology, 2013, s. 233-240Konferensbidrag (Refereegranskat)
    Abstract [en]

    Work is active in many institutes of higher education on utilising virtual computer environments for creating laboratories for practical course-work. Computer Security education is one area where virtual environments are proving to be useful, and where several schools have reported their own schemes for implementing environments for practical exercises. In this study we attempt to take a somewhat broader look at what the use of virtualisation technology can imply terms of a number of factors, i.e. the pedagogy, security, licensing, administration and cost. A simple analysis of the general strengths, weaknesses, opportunities and threats of virtual security laboratories allows us to motivate design choices when implementing yet another of these experimental environments.

  • 36.
    Dhillon, Gurpreet
    et al.
    Virginia Commonwealth University.
    Harnesk, Dan
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Dialogical narrative networks and study of global IT-sourcing projects: implications for information security and privacy2013Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper explores the patterns of technology use in a global enterprise. We use the concept of narrative networks to understand interactions between technology and organizations and the emergent implications. The paper is based on empirical work undertaken in the context of offshoring electronic medical records and billing systems from a group of US physician practices to service providers in India. Findings from our research suggest technology, represented as information security and privacy, as playing a central role in determining outcome of actions and the performances thereof. The narratives in technology in use and enactment of organizational forms display multiple third men, with features that modify the initial understandings of an agreement to implement technical systems.

  • 37.
    Dhillon, Gurpreet S
    et al.
    Virginia Commonwealth University.
    Harnesk, Dan
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Misunderstandings and misjudgments about security: A dialogical narrative analysis of global it offshoring2016Ingår i: AMCIS 2016: Surfing the IT Innovation Wave - 22nd Americas Conference on Information Systems, Association for Information Systems, 2016Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper explores the patterns of technology use in a global enterprise. We use the concept of narrative networks to understand interactions between technology and organizations and the emergent implications. The paper is based on empirical work undertaken in the context of offshoring electronic medical records and billing systems from a group of US physician practices to service providers in India. Findings from our research suggest technology, represented as information security and privacy, as playing a central role in determining outcome of actions and the performances thereof. The narratives in technology in use and enactment of organizational forms display multiple third men, with features that modify the initial understandings of an agreement to implement technical systems.

  • 38.
    Dán, György
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Kommunikationsnät.
    Sandberg, Henrik
    KTH, Skolan för elektro- och systemteknik (EES), Reglerteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Björkman, Gunnar
    Challenges in Power System Information Security2012Ingår i: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 10, nr 4, s. 62-70Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Achieving all-encompassing component-level security in power system IT infrastructures is difficult, owing to its cost and potential performance implications.

  • 39.
    Ekfeldt, Jonas
    Stockholms universitet, Juridiska fakulteten, Juridiska institutionen.
    Om informationstekniskt bevis2016Doktorsavhandling, monografi (Övrigt vetenskapligt)
    Abstract [en]

    Information technology evidence consists of a mix of representations of various applications of digital electronic equipment, and can be brought to the fore in all contexts that result in legal decisions. The occurrence of such evidence in legal proceedings, and other legal decision-making, is a phenomenon previously not researched within legal science in Sweden.

    The thesis examines some of the consequences resulting from the occurrence of information technology evidence within Swedish practical legal and judicial decision-making. The thesis has three main focal points. The first consists of a broad identification of legal problems that information technology evidence entails. The second focal point examines the legal terminology associated with information technology evidence. The third focal point consists of identifying sources of error pertaining to information technology evidence from the adjudicator’s point of view.

    The examination utilizes a Swedish legal viewpoint from a perspective of the public trust in courts. Conclusions include a number of legal problems in several areas, primarily in regards to the knowledge of the adjudicator, the qualification of different means of evidence and the consequences of representational evidence upon its evaluation. In order to properly evaluate information technology evidence, judges are – to a greater extent than for other types of evidence – in need of (objective) knowledge supplementary to that provided by parties and their witnesses and experts. Furthermore, the current Swedish evidence terminology has been identified as a complex of problems in and of itself. The thesis includes suggestions on certain additions to this terminology. Several sources of error have been identified as being attributable to different procedures associated with the handling of information technology evidence, in particular in relation to computer forensic investigations.

    There is a general need for future research focused on matters regarding both standards of proof for and evaluation of information technology evidence. In addition, a need for deeper legal scientific studies aimed at evidence theory has been identified, inter alia regarding the extent to which frequency theories are applicable in respect to information technology evidence. The need for related further discussions on future emerging areas such as negative evidence and predictive evidence are foreseen.

  • 40.
    El Mekawy, Mohamed
    et al.
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    AlSabbagh, Bilal
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    Kowalski, Stewart
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    The Impact of Business-IT Alignment on Information Security Process2014Ingår i: HCI in Business: Proceedings / [ed] Fiona Fui-Hoon Nah, Springer, 2014, s. 25-36Konferensbidrag (Refereegranskat)
    Abstract [en]

    Business-IT Alignment (BITA) has the potential to link with organi-zational issues that deal with business-IT relationships at strategic, tactical and operational levels. In such context, information security process (ISP) is one of the issues that can be influenced by BITA. However, the impact has yet not been researched. This paper investigates the BITA impact on ISP. For this in-vestigation, the relationships of elements of the Strategic Alignment Model and the components of Security Values Chain Model are considered. The research process is an in-depth literature survey followed by case study in two organiza-tions located in United States and the Middle East. The results show clear impact of BITA on how organizations would distribute allocated security budget and resources based on the needs and risk exposure. The results should support both practitioners and researchers to gain improved insights of the relationships between BITA and IT security components.

  • 41.
    Fischer-Hübner, Simone
    Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för HumanIT.
    Transparency Enhancing Tools & HCI for Policy Display and Informed Consent2011Ingår i: Privacy, Accountability, Trust – Challenges and Opportunities: ENISA Report / [ed] Rodica Tirtea (ENISA), European Network and Information Security Agency, Technical Competence Department , 2011Kapitel i bok, del av antologi (Refereegranskat)
  • 42.
    Fischer-Hübner, Simone
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap.
    Berthold, Stefan
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap.
    Privacy-Enhancing Technologies2013Ingår i: Computer and Information Security Handbook, Elsevier, 2013, 2, s. 755-772Kapitel i bok, del av antologi (Övrigt vetenskapligt)
    Abstract [en]

    In our modern information age, recent technical developments and trends, such as mobile and pervasive computing, cloud computing, and Web 2.0 applications, increasingly pose privacy dilemmas. Due to the low costs and technical advances of storage technologies, masses of personal data can easily be stored. Once disclosed, these data may be retained forever, often without the knowledge of the individuals concerned, and be removed with difficulty. Hence, it has become hard for individuals to manage and control their personal spheres. Both legal and technical means are needed to protect privacy and to (re)establish the individuals’ control. This chapter provides an overview to the area of privacy-enhancing technologies (PETs), which help to protect privacy by technically enforcing legal privacy principles. It will start with defining the legal foundations of PETs and will present a classification of PETs as well as a definition of traditional privacy properties that PETs are addressing and metrics for measuring the level of privacy that PETs are providing. Then, a selection of the most relevant PETs is presented.

  • 43. Futcher, L.
    et al.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    A review of IFIP TC 11 WG 11.8 publications through the ages2013Ingår i: IFIP Advances in Information and Communication Technology, 2013, s. 113-122Konferensbidrag (Refereegranskat)
    Abstract [en]

    IFIP WG 11.8 established a series of conferences in 1999 entitled World Information Security Education (WISE). These conferences have been held every second year since then, with the eighth one being held in 2013. Not surprisingly, there has been numerous high quality papers presented and published in the WISE conference proceedings over the years. However, many of these publications are not easily accessible and are therefore not being readily cited. One of the reasons for the inaccessibility of these papers is that they have not been made widely available through either print or a well-known repository on the Web. Furthermore, a need exists to reflect on what has been done in the past in order to realize the future of these conferences and related events. In order to begin the process of addressing this need, this paper presents a review of the IFIP WG 11.8 publications through the ages. It also reflects briefly on the problems relating to the inaccessibility of these publications, the decline in paper submissions and the lack of citations.

  • 44.
    Giustolisi, Rosario
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Gehrmann, Christian
    RISE., Swedish ICT, SICS, Security Lab.
    Ahlström, Markus
    RISE - Research Institutes of Sweden, ICT, SICS.
    Holmberg, Simon
    RISE - Research Institutes of Sweden, ICT, SICS.
    A secure group-based AKA protocol for machine-type communications2016Ingår i: Information Security and Cryptology – ICISC 2016 / [ed] Seokhie Hong, Jong Hwan Park, 2016, s. 3-27, artikel-id 10157Konferensbidrag (Refereegranskat)
    Abstract [en]

    The fifth generation wireless system (5G) is expected to handle with an unpredictable number of heterogeneous connected devices while guaranteeing a high level of security. This paper advances a groupbased Authentication and Key Agreement (AKA) protocol that contributes to reduce latency and bandwidth consumption, and scales up to a very large number of devices. A central feature of the proposed protocol is that it provides a way to dynamically customize the trade-off between security and efficiency. The protocol is lightweight as it resorts on symmetric key encryption only, hence it supports low-end devices and can be already adopted in current standards with little effort. Using ProVerif, we prove that the protocol meets mutual authentication, key confidentiality, and device privacy also in presence of corrupted devices, a threat model not being addressed in the state-of-the-art group-based AKA proposals. We evaluate the protocol performances in terms of latency and bandwidth consumption, and obtain promising results.

  • 45.
    Guanciale, Roberto
    et al.
    KTH, Skolan för datavetenskap och kommunikation (CSC), Teoretisk datalogi, TCS.
    Gurov, Dilian
    KTH, Skolan för datavetenskap och kommunikation (CSC), Teoretisk datalogi, TCS.
    Laud, P.
    Business process engineering and secure multiparty computation2015Ingår i: Cryptology and Information Security Series, ISSN 1871-6431, Vol. 13, s. 129-149Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    In this chapter we use secure multiparty computation (SMC) to enable privacy-preserving engineering of inter-organizational business processes. Business processes often involve structuring the activities of several organizations, for example when several potentially competitive enterprises share their skills to form a temporary alliance. One of the main obstacles to engineering the processes that govern such collaborations is the perceived threat to the participants’ autonomy. In particular, the participants can be reluctant to expose their internal processes or logs, as this knowledge can be analyzed by other participants to reveal sensitive information. We use SMC techniques to handle two problems in this context: process fusion and log auditing. Process fusion enables the constituents of a collaboration to discover their local views of the inter-organizational workflow, enabling each company to re-shape, optimize and analyze their local flows. Log auditing enables a participant that owns a business process to check if the partner’s logs match its business process, thus enabling the two partners to discover failures, errors and inefficiencies.

  • 46.
    Gustafsson, Mariana S.
    Linköpings universitet, Institutionen för ekonomisk och industriell utveckling, Statsvetenskap. Linköpings universitet, Filosofiska fakulteten.
    Constructing security: reflections on the margins of a case study of the use of electronic identification in ICT platforms in schools2014Ingår i: Privacy and Identity Management for Emerging Services and Technologies: 8th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6 International Summer School, Nijmegen, The Netherlands, June 17-21, 2013, Revised Selected Papers / [ed] M. Hansen, J.-H. Hoepman, R. Leenes, D. Whitehouse, Springer, 2014, s. 224-236Kapitel i bok, del av antologi (Refereegranskat)
    Abstract [en]

    This paper addresses how people construct meanings regarding “the concept of security”, based upon the descriptions collected from participants in a case study of the use of electronic identification in ICT platforms in schools. The aim of the paper is to reflect on the concept of security by identifying and analyzing how people build their own understanding of security when using ICT platforms in schools. The analysis identifies three ontological instances of security: security as an ideal state of affairs, security as a value and information security. The analysis also clarifies the difference between the objective and subjective nature of security, as well as the differences between factual and perceived information security. As a result, I raise several research questions concerning “security”, and identify common assumptions with regard to constructing the concept of security. 

  • 47.
    Gustafsson, Mariana
    et al.
    Linköpings universitet, Institutionen för ekonomisk och industriell utveckling, Statsvetenskap. Linköpings universitet, Filosofiska fakulteten.
    Wihlborg, Elin
    Linköpings universitet, Institutionen för ekonomisk och industriell utveckling, Statsvetenskap. Linköpings universitet, Filosofiska fakulteten.
    Safe on-line e-services building legitimacy for e- government: A case study of public e-services in education in Sweden2013Ingår i: eJournal of eDemocracy & Open Government, ISSN 2075-9517, E-ISSN 2075-9517, Vol. 5, nr 2, s. 155-173Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    There is an increased use of public e-services integrating citizens into public administration through electronic interfaces. On-line interaction among public organizations and citizens is one core relation in e-government that hereby becomes embedded into daily practices. A safe entry into e-governmental systems is essential for security and trust in the e-governmental systems and schools as well as public services in general. This paper addresses how electronic identification has been used for access to public e-services in schools in a Swedish municipality. This paper draws on a case study of use of ICT platforms in education administration in order to study the implementation of secure login process and factors that may have implications upon trust in-and legitimacy of public e-services at local e-government level. Besides describing the implementation process and analyzing security and organizational arrangements connected to the use of the platform, the paper address the argument that secure identification tools are essential for increased use of e-services and lead to greater legitimacy of the public (e)services. The analysis focuses on information security, organization set-up and potential development of the platforms, contributing with empirical findings and conceptual applications. A key finding was that the organization of identification and access to public e-services seemed highly dependent of the organizational structure of the public schools. The more general implication of the findings was that safe and well organized identification systems that were considered as trustworthy and useful among citizens were essential for increased use of the services and legitimate public e-services in general. 

  • 48.
    Harnesk, Dan
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Convergence of information security in B2B networks2011Ingår i: Electronic Business Interoperability: Concepts, Opportunities, and Challenges, Hershey: Idea Group Publishing, 2011, s. 571-595Kapitel i bok, del av antologi (Övrigt vetenskapligt)
    Abstract [en]

    Over the past 20 years, researchers have made significant headway into understanding information security, with most studies focusing on internal organizational information security affairs. This study adds to the cumulative tradition by creating a concept for the convergence of information security in B2B network contexts. More specifically, the move from information security safeguards to information security observers is presented in depth. By adopting the Actor Network Theory and the Process Theory, this chapter demonstrates how three conversion, use, and performance sub-processes constitute the devised process of converging information security. Each sub-process directs attention towards definition, integration, the evaluation of security and how the metaphor of the observer may operate in the B2B network context.

  • 49.
    Harnesk, Dan
    et al.
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Hartikainen, Heidi
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Multi-layers of information security in emergency response2011Ingår i: International Journal of Information Systems for Crisis Response and Management, ISSN 1937-9390, E-ISSN 1937-9420, Vol. 3, nr 2, s. 1-17Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper draws on the socio-technical research tradition in information systems to re-conceptualize the information security in emergency response. A conceptual basis encompassing the three layers—technical, cognitive, and organizational—is developed by synthesizing Actor Network Theory and Theory of Organizational Routines. This paper makes the assumption that the emergency response context is built on the relationship between association and connectivity, which continuously shapes the emergency action network and its routines. Empirically, the analysis is based on a single case study conducted across three emergency departments. The data thus collected on information security, emergency department routines, and emergency actions is used to theorize specifically on the association/connectivity relationship. The resultant findings point to the fact that information security layers have a meaning in emergency response that is different from mainstream definitions of information security.

  • 50.
    Harnesk, Dan
    et al.
    Luleå tekniska universitet, Institutionen för system- och rymdteknik, Datavetenskap.
    Lindström, John
    Luleå tekniska universitet, Institutionen för teknikvetenskap och matematik, Produkt- och produktionsutveckling.
    Materializing organizational information security2012Ingår i: Nordic Contributions in IS Research: Third Scandinavian Conference on Information Systems, SCIS 2012, Sigtuna, Sweden, August 17–20, 2012. Proceedings / [ed] Christina Keller; Mikael Wiberg; Pär J. Ågerfalk; Jenny Eriksson Lundström, Encyclopedia of Global Archaeology/Springer Verlag, 2012, Vol. 124, s. 76-94Konferensbidrag (Refereegranskat)
    Abstract [en]

    In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees' security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center

12345 1 - 50 av 227
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf