Current Issue : July - September Volume : 2017 Issue Number : 3 Articles : 5 Articles
Today, many organizations allow their employees to bring their own smartphones or tablets to work and to access the corporate\nnetwork, which is known as a bring your own device (BYOD). However, many such companies overlook potential security risks\nconcerning privacy and confidentiality. This paper provides a review of existing literature concerning the preservation of privacy\nand confidentiality, with a focus on recent trends in the use of BYOD. This review spans a large spectrum of information security\nresearch, ranging from management (risk and policy) to technical aspects of privacy and confidentiality in BYOD. Furthermore,\nthis study proposes a policy-based framework for preserving data confidentiality in BYOD. This framework considers a number of\naspects of information security and corresponding techniques, such as policy, location privacy, centralized control, cryptography,\nand operating system level security, which have been omitted in previous studies. The main contribution is to investigate recent\ntrends concerning the preservation of confidentiality in BYOD from the perspective of information security and to analyze the\ncritical and comprehensive factors needed to strengthen data privacy in BYOD. Finally, this paper provides a foundation for\ndeveloping the concept of preserving confidentiality in BYOD and describes the key technical and organizational challenges faced\nby BYOD-friendly organizations....
The Internet of Things (IoT) represents a technologically optimistic future\nwhere objects will be connected to the internet and make intelligent collaborations\nwith other objects anywhere, anytime. Although it makes appreciable\ndevelopment, there are still uncertainties about security concepts of its usage\nthat is usually considered as a major concern in the design of IoT architectures.\nThis paper presents a general survey of all the security issues in IoT\nalong with an analysis of IoT architectures. The study defines security requirements\nand challenges that are common in IoT implementations and\ndiscusses security threats and related solutions on each layer of IoT architecture\nto make this technology secure and more widespread accordingly....
Fingerprinting attacks are one of the most severe threats to the security of networks. Fingerprinting attack aims to obtain the\noperating system information of target hosts to make preparations for future attacks. In this paper, a fingerprint hopping method\n(FPH) is proposed based on software-defined networks to defend against fingerprinting attacks. FPH introduces the idea ofmoving\ntarget defense to show a hopping fingerprint toward the fingerprinting attackers. The interaction of the fingerprinting attack and\nits defense is modeled as a signal game, and the equilibriums of the game are analyzed to develop an optimal defense strategy.\nExperiments show that FPH can resist fingerprinting attacks effectively....
Honeypots and honeynets are popular tools in the area of network security and network forensics. The deployment\nand usage of these tools are influenced by a number of technical and legal issues, which need to be carefully\nconsidered. In this paper, we outline the privacy issues of honeypots and honeynets with respect to their technical\naspects. The paper discusses the legal framework of privacy and legal grounds to data processing. We also discuss the\nIP address, because by EU law, it is considered personal data. The analysis of legal issues is based on EU law and is\nsupported by discussions on privacy and related issues....
ARM�® is the prevalent processor architecture for embedded and mobile applications.\nFor the smartphones, it is the processor for which software applications\nare running, whether the platform is with Appleâ��s iOS or Googleâ��s Android.\nSoftware operations under these platforms are prone to semantic gap,\nwhich refers to potential difference between intended operations described in\nsoftware and actual operations done by processor. Attacks that compromise\nprogram control flows, which result in these mantic gaps, are a major attack\ntype in modern software attacks. Many recent software protection schemes for\nservers and desktops focus on protecting program control flows, but there are\nlittle protection tools available for protecting program control flows of mobile\napplications for ARM processor architecture. This paper uses a program\ncounter (PC) encoding technique (PC-Encoding) to harden program control\nflows under ARM processor architecture. The PC-Encoding directly encodes\ncontrol flow target addresses that will load into the PC. It is simple and intuitive\nto implement and incur little overhead. Encoding the control flow target\naddresses can minimize the semantic gap by preventing potential compromises\nof the control flows. This paper describes our efforts of implementing\nPC-Encoding to harden portable binaries in ELF (Executable and Linkable\nFormat)....
Loading....