Single sign-on in heterogeneous computer environments
- Authors: Louwrens, Cecil Petrus
- Date: 2012-09-05
- Subjects: Computers - Access control. , Computers - Access control - Passwords. , Single sign-on.
- Type: Thesis
- Identifier: uj:9633 , http://hdl.handle.net/10210/7051
- Description: M.Sc. , The aim of this dissertation (referred to as thesis in the rest of the document) is to investigate the concept of Single Sign-on (SSO) in heterogeneous computing environments and to provide guidelines and reference frameworks for the selection and successful implementation of SSO solutions. In doing so. it also provides an overview of the basic types of SSO, Secure Single Sign-on (SSSO) solutions, enabling technologies, as well as products currently available. Chapter 1 introduces the sign-on problem, the purpose and organization of the thesis and terminology and abbreviations used. The crux of the sign-on problem is that users are required to sign on to multiple systems, developed at different times and based on different technologies, each with its own set of signon procedures and passwords. This inevitably leads to frustration, loss of productivity and weakened security. Users frequently resort to writing down passwords or using trivial password that can easily be guessed. In Chapter 2 the concepts of Single Sign-on and a special subset of SSO, Secure Single Sign-on are defined. Five types of SSO solutions are identified, namely: Synchronization, Scripting, Proxies and Trusted Hosts. Trusted Authentication Server and Hybrid solutions. Of the available types of solutions, only Trusted Authentication Server and Hybrid solutions can provide Secure Single Sign-on if properly implemented. The security services for SSSO are identified as authentication, authorization, integrity, confidentiality, non-repudiation, security management and cryptographic services. Additional SSSO concepts, as well as the vulnerabilities, obstacles and pitfalls to introducing SSO solutions are discussed. Chapter 3 provides an overview of the most important SSO enabling technologies. The following technologies are discussed: OSF DCE, SESAME, Kerberos, DSSA/SPX, TESS, NetSp, Secure Tokens, GSS-API and Public key Cryptography. Chapter 4 discusses the Open Software Foundation's (OSF) Distributed Computing Environment (DCE). OSF DCE is one of the two open standards for distributed processing which are having a major influence on the development of single sign-on solutions and forms the basis of many existing SSO products. DCE is not a SSO product. but consists of specifications and software. The goal of DCE is to turn a computer network into a single, coherent computing engine. It is considered to be one of the fundamental building blocks for SSO solutions in the future. In Chapter 5 SESAME is discussed in some detail as another major enabling technology for SSO. Secure European System for Applications in a Multi-vendor Environment (SESAME) is an architecture that implements a model for the provision of security services within open systems developed by the European Computer Manufacturers Association (ECMA). The architecture was developed and implemented on a trial basis, by Bull, ICL and Siemens-Nixdorf in an initiative supported by the European Commission. Chapter 6 presents a list of 49 commercial SSO products currently available, classified according to the type of SSO solution. A few representative products are discussed in more detail to give an indication what functionality a prospective buyer could expect. The 'Ideal Single Sign-on' solution is presented in Chapter 7. Detailed requirements are listed. These requirements are uniquely identified by a code and classified as essential or recommended functionality required. Chapter 8 assimilates the information in the previous chapters into a structured evaluation, selection and implementation plan for SSO solutions, consisting of nine separate phases. It also proposes a reference framework for the evaluation and selection process. Chapter 9 concludes the thesis. Findings and conclusions are summarized as to the importance and impact of Single Sign-on as well as the expected future directions to be expected. In addition, recommendations for the future implementation of SSO and SSSO solutions in heterogeneous computing environments are made.
- Full Text:
- Authors: Louwrens, Cecil Petrus
- Date: 2012-09-05
- Subjects: Computers - Access control. , Computers - Access control - Passwords. , Single sign-on.
- Type: Thesis
- Identifier: uj:9633 , http://hdl.handle.net/10210/7051
- Description: M.Sc. , The aim of this dissertation (referred to as thesis in the rest of the document) is to investigate the concept of Single Sign-on (SSO) in heterogeneous computing environments and to provide guidelines and reference frameworks for the selection and successful implementation of SSO solutions. In doing so. it also provides an overview of the basic types of SSO, Secure Single Sign-on (SSSO) solutions, enabling technologies, as well as products currently available. Chapter 1 introduces the sign-on problem, the purpose and organization of the thesis and terminology and abbreviations used. The crux of the sign-on problem is that users are required to sign on to multiple systems, developed at different times and based on different technologies, each with its own set of signon procedures and passwords. This inevitably leads to frustration, loss of productivity and weakened security. Users frequently resort to writing down passwords or using trivial password that can easily be guessed. In Chapter 2 the concepts of Single Sign-on and a special subset of SSO, Secure Single Sign-on are defined. Five types of SSO solutions are identified, namely: Synchronization, Scripting, Proxies and Trusted Hosts. Trusted Authentication Server and Hybrid solutions. Of the available types of solutions, only Trusted Authentication Server and Hybrid solutions can provide Secure Single Sign-on if properly implemented. The security services for SSSO are identified as authentication, authorization, integrity, confidentiality, non-repudiation, security management and cryptographic services. Additional SSSO concepts, as well as the vulnerabilities, obstacles and pitfalls to introducing SSO solutions are discussed. Chapter 3 provides an overview of the most important SSO enabling technologies. The following technologies are discussed: OSF DCE, SESAME, Kerberos, DSSA/SPX, TESS, NetSp, Secure Tokens, GSS-API and Public key Cryptography. Chapter 4 discusses the Open Software Foundation's (OSF) Distributed Computing Environment (DCE). OSF DCE is one of the two open standards for distributed processing which are having a major influence on the development of single sign-on solutions and forms the basis of many existing SSO products. DCE is not a SSO product. but consists of specifications and software. The goal of DCE is to turn a computer network into a single, coherent computing engine. It is considered to be one of the fundamental building blocks for SSO solutions in the future. In Chapter 5 SESAME is discussed in some detail as another major enabling technology for SSO. Secure European System for Applications in a Multi-vendor Environment (SESAME) is an architecture that implements a model for the provision of security services within open systems developed by the European Computer Manufacturers Association (ECMA). The architecture was developed and implemented on a trial basis, by Bull, ICL and Siemens-Nixdorf in an initiative supported by the European Commission. Chapter 6 presents a list of 49 commercial SSO products currently available, classified according to the type of SSO solution. A few representative products are discussed in more detail to give an indication what functionality a prospective buyer could expect. The 'Ideal Single Sign-on' solution is presented in Chapter 7. Detailed requirements are listed. These requirements are uniquely identified by a code and classified as essential or recommended functionality required. Chapter 8 assimilates the information in the previous chapters into a structured evaluation, selection and implementation plan for SSO solutions, consisting of nine separate phases. It also proposes a reference framework for the evaluation and selection process. Chapter 9 concludes the thesis. Findings and conclusions are summarized as to the importance and impact of Single Sign-on as well as the expected future directions to be expected. In addition, recommendations for the future implementation of SSO and SSSO solutions in heterogeneous computing environments are made.
- Full Text:
Information security using intelligent software agents
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
FRAnC : a system for digital facial recognition
- Authors: Jacobs, Divan
- Date: 2012-06-04
- Subjects: FRAnC , Facial expression - Computer simulation , Human face recognition (Computer science)
- Type: Thesis
- Identifier: uj:2341 , http://hdl.handle.net/10210/4798
- Description: M. Comm. , Malicious acts such as fraud and terrorisms are continually becoming a more pressing threat. The need is growing daily for a cheap, non-intrusive technology, that does not make use of specialized equipment, which can identify individuals with or without their knowledge or permission, over the internet or in the public domain. The answer to this problem might be digital facial recognition, the authentication of a person according to the measurements and shape of his facial patterns (nodal points). Thus far the technology has primarily been used by law enforcement. The great strength of facial recognition is that it can scan multiple people in an area quickly, with or without their interaction with the system. The purpose of facial recognition surveillance is to implement it anywhere possible, for example shopping centres, street corners, hotel lobbies or train stations, and to be able to identify any individual finding himself in any of these areas. Also, if a larger system can be implemented, we would be able to track any individual wherever he goes. Through this, any suspicious character can be monitored and tracked if the need arises, ensuring that people can live in a much safer world.
- Full Text:
- Authors: Jacobs, Divan
- Date: 2012-06-04
- Subjects: FRAnC , Facial expression - Computer simulation , Human face recognition (Computer science)
- Type: Thesis
- Identifier: uj:2341 , http://hdl.handle.net/10210/4798
- Description: M. Comm. , Malicious acts such as fraud and terrorisms are continually becoming a more pressing threat. The need is growing daily for a cheap, non-intrusive technology, that does not make use of specialized equipment, which can identify individuals with or without their knowledge or permission, over the internet or in the public domain. The answer to this problem might be digital facial recognition, the authentication of a person according to the measurements and shape of his facial patterns (nodal points). Thus far the technology has primarily been used by law enforcement. The great strength of facial recognition is that it can scan multiple people in an area quickly, with or without their interaction with the system. The purpose of facial recognition surveillance is to implement it anywhere possible, for example shopping centres, street corners, hotel lobbies or train stations, and to be able to identify any individual finding himself in any of these areas. Also, if a larger system can be implemented, we would be able to track any individual wherever he goes. Through this, any suspicious character can be monitored and tracked if the need arises, ensuring that people can live in a much safer world.
- Full Text:
Securing the digital signing process
- Authors: Van den Berg, James Richard
- Date: 2010-03-25T06:47:20Z
- Subjects: Digital signature , Computer security , Public key cryptography
- Type: Thesis
- Identifier: uj:6707 , http://hdl.handle.net/10210/3109
- Description: M.Comm. , Worldwide an increasing amount of legal credibility is being assigned to digital signatures and it is therefore of utmost importance to research and develop additional measures to secure the technology. The main goal of this dissertation is to research and identify areas in which the user’s private key, used for the digital signing of messages, is exposed to the risk of being compromised and then develop a prototype system (SecureSign) to overcome the identified vulnerabilities and secure the digital signing process. In order to achieve the above stated, use will be made of a cryptographic token, which will provide secure storage and a secure operational environment to the user’s private key. The cryptographic token is at the heart of SecureSign and it is where the user’s private key will be created, stored and used. All operations requiring the user’s private key will be performed on the token, which is equipped with its own processor for this purpose.
- Full Text:
- Authors: Van den Berg, James Richard
- Date: 2010-03-25T06:47:20Z
- Subjects: Digital signature , Computer security , Public key cryptography
- Type: Thesis
- Identifier: uj:6707 , http://hdl.handle.net/10210/3109
- Description: M.Comm. , Worldwide an increasing amount of legal credibility is being assigned to digital signatures and it is therefore of utmost importance to research and develop additional measures to secure the technology. The main goal of this dissertation is to research and identify areas in which the user’s private key, used for the digital signing of messages, is exposed to the risk of being compromised and then develop a prototype system (SecureSign) to overcome the identified vulnerabilities and secure the digital signing process. In order to achieve the above stated, use will be made of a cryptographic token, which will provide secure storage and a secure operational environment to the user’s private key. The cryptographic token is at the heart of SecureSign and it is where the user’s private key will be created, stored and used. All operations requiring the user’s private key will be performed on the token, which is equipped with its own processor for this purpose.
- Full Text:
The reasons for and prevention of IT project failure.
- Authors: Nuss, Jacques Erich
- Date: 2012-08-16
- Subjects: Project management , Information technology , Business failures
- Type: Thesis
- Identifier: uj:2554 , http://hdl.handle.net/10210/6007
- Description: M.A. , The rate of change in the business arena is continuously increasing and companies are constantly seeking innovative products, services and knowledge-enabled processes to enable them to compete effectively against each other. IT plays an important role as an enabler of these processes. The problem is that the implementations of IT projects, commissioned to support and enable the business functions, often fail. The high rate of failing IT projects is a real and relevant concern of the business environment. Companies are wasting a significant portion of their resources on failed IT projects. More than often, IT projects fail to realize their intended purpose of reducing operating costs, increasing worker productivity, increasing cycle times and eventually increasing companies' market share. Management of these companies continues to complain about costly IT expenditure returning only a portion of the expected return on investment. The phenomenon of IT project failure has been in existence for many years and has in more recent years become a relevant topic calling for investigation and further study. Accordingly, this document is the culmination of the results of a study of the reasons why IT projects fail and offers possible measures to be taken to counter the failure of IT projects. The most significant and relevant reasons for IT project failure are listed in this document. These reasons span from the internal project environment through to the external project environment. Aligning these reasons with the environment of any anticiPated IT project will establish a base from which a successful IT project could be initiated. It is hoped that this document will serve as valuable input to the decision makers in the IT and business arenas that need to be made aware of the reasons for IT project failure in order for them to better manage their IT projects.
- Full Text:
- Authors: Nuss, Jacques Erich
- Date: 2012-08-16
- Subjects: Project management , Information technology , Business failures
- Type: Thesis
- Identifier: uj:2554 , http://hdl.handle.net/10210/6007
- Description: M.A. , The rate of change in the business arena is continuously increasing and companies are constantly seeking innovative products, services and knowledge-enabled processes to enable them to compete effectively against each other. IT plays an important role as an enabler of these processes. The problem is that the implementations of IT projects, commissioned to support and enable the business functions, often fail. The high rate of failing IT projects is a real and relevant concern of the business environment. Companies are wasting a significant portion of their resources on failed IT projects. More than often, IT projects fail to realize their intended purpose of reducing operating costs, increasing worker productivity, increasing cycle times and eventually increasing companies' market share. Management of these companies continues to complain about costly IT expenditure returning only a portion of the expected return on investment. The phenomenon of IT project failure has been in existence for many years and has in more recent years become a relevant topic calling for investigation and further study. Accordingly, this document is the culmination of the results of a study of the reasons why IT projects fail and offers possible measures to be taken to counter the failure of IT projects. The most significant and relevant reasons for IT project failure are listed in this document. These reasons span from the internal project environment through to the external project environment. Aligning these reasons with the environment of any anticiPated IT project will establish a base from which a successful IT project could be initiated. It is hoped that this document will serve as valuable input to the decision makers in the IT and business arenas that need to be made aware of the reasons for IT project failure in order for them to better manage their IT projects.
- Full Text:
A multi-dimensional model for information security management
- Authors: Eloff, Maria Margaretha
- Date: 2011-12-06
- Subjects: Information resources management , Data protection , Computer security , Database management security measures
- Type: Thesis
- Identifier: uj:1794 , http://hdl.handle.net/10210/4158
- Description: D.Phil. , Any organisation is dependent on its information technology resources. The challenges posed by new developments such as the World Wide Web and e-business, require new approaches to address the management and protection of IT resources. Various documents exist containing recommendations for the best practice to follow for information security management. BS7799 is such a code of practice for information security management. The most important problem to be addressed in this thesis is the need for new approaches and perspectives on information security (IS) management in an organisation to take cognisance of changing requirements in the realm of information technology. In this thesis various models and tools are developed that can assist management in understanding, adapting and using internationally accepted codes of practice for information security management to the best benefit of their organisations. The thesis consists of three parts. Chapter 1 and Chapter 2 constitute Part 1: Introduction and Background. In Chapter 1 the problem statement, objectives and deliverables are given. Further the chapter contains definitions of important terminology used in the thesis as well as an overview of the research. Chapter 2 defines various terms associated with information security management in an attempt to eliminate existing confusion. The terms are mapped onto a hierarchical framework in order to illustrate the relationship between the different terms. In Part 2: IS Management Perspectives and Models, consisting of chapters 3, 4, 5 and 6, new approaches to information security management is discussed. In Chapter 3 different perspectives on using a code of practice, such as BS7799 for IS management, is presented. The different perspectives are based on the unique characteristics of the organisation such as its size and functional purpose. These different perspectives also enable organisations to focus on the controls for specific resources or security services such as integrity or confidentiality. In Chapter 4 these different perspectives ofbusiness type/size, the security services and the resources are integrated into a multi-dimensional model and mapped onto BS7799. Using the multi-dimensional model will enable management to answer questions such as: "Which BS7799 controls must a small retail organisation interested in preserving the confidentiality of their networks implement?" In Chapter 5 the SecComp model is proposed to assist in determining how well an organisation has implemented the BS7799 controls recommended for their needs. In Chapter 6 the underlying implemented IT infrastructure, i.e. the software, hardware and network products are also incorporated into determining if the information assets of organisations are sufficiently protected. This chapter combines technology aspects with management aspects to provide a consolidated approach towards the evaluation of IS. The thesis culminates in Part 3: Conclusion, which comprises one chapter only. In this last chapter, Chapter 7, the research undertaken thus far is summarised and the pros and cons of the proposed modelling approach is weighed up. The thesis is concluded with a reflection on possible areas for further research.
- Full Text:
- Authors: Eloff, Maria Margaretha
- Date: 2011-12-06
- Subjects: Information resources management , Data protection , Computer security , Database management security measures
- Type: Thesis
- Identifier: uj:1794 , http://hdl.handle.net/10210/4158
- Description: D.Phil. , Any organisation is dependent on its information technology resources. The challenges posed by new developments such as the World Wide Web and e-business, require new approaches to address the management and protection of IT resources. Various documents exist containing recommendations for the best practice to follow for information security management. BS7799 is such a code of practice for information security management. The most important problem to be addressed in this thesis is the need for new approaches and perspectives on information security (IS) management in an organisation to take cognisance of changing requirements in the realm of information technology. In this thesis various models and tools are developed that can assist management in understanding, adapting and using internationally accepted codes of practice for information security management to the best benefit of their organisations. The thesis consists of three parts. Chapter 1 and Chapter 2 constitute Part 1: Introduction and Background. In Chapter 1 the problem statement, objectives and deliverables are given. Further the chapter contains definitions of important terminology used in the thesis as well as an overview of the research. Chapter 2 defines various terms associated with information security management in an attempt to eliminate existing confusion. The terms are mapped onto a hierarchical framework in order to illustrate the relationship between the different terms. In Part 2: IS Management Perspectives and Models, consisting of chapters 3, 4, 5 and 6, new approaches to information security management is discussed. In Chapter 3 different perspectives on using a code of practice, such as BS7799 for IS management, is presented. The different perspectives are based on the unique characteristics of the organisation such as its size and functional purpose. These different perspectives also enable organisations to focus on the controls for specific resources or security services such as integrity or confidentiality. In Chapter 4 these different perspectives ofbusiness type/size, the security services and the resources are integrated into a multi-dimensional model and mapped onto BS7799. Using the multi-dimensional model will enable management to answer questions such as: "Which BS7799 controls must a small retail organisation interested in preserving the confidentiality of their networks implement?" In Chapter 5 the SecComp model is proposed to assist in determining how well an organisation has implemented the BS7799 controls recommended for their needs. In Chapter 6 the underlying implemented IT infrastructure, i.e. the software, hardware and network products are also incorporated into determining if the information assets of organisations are sufficiently protected. This chapter combines technology aspects with management aspects to provide a consolidated approach towards the evaluation of IS. The thesis culminates in Part 3: Conclusion, which comprises one chapter only. In this last chapter, Chapter 7, the research undertaken thus far is summarised and the pros and cons of the proposed modelling approach is weighed up. The thesis is concluded with a reflection on possible areas for further research.
- Full Text:
Investigating and comparing multimodal biometric techniques
- Authors: Andrade, Christopher Grant
- Date: 2009-05-19T06:23:41Z
- Subjects: Biometry , Biometric identification , Statistical matching
- Type: Thesis
- Identifier: uj:8372 , http://hdl.handle.net/10210/2538
- Description: M.Sc. , Determining the identity of a person has become vital in today’s world. Emphasis on security has become increasingly more common in the last few decades, not only in Information Technology, but across all industries. One of the main principles of security is that a system only be accessed by a legitimate user. According to the ISO 7498/2 document [1] (an international standard which defines an information security system architecture) there are 5 pillars of information security. These are Identification/Authentication, Confidentiality, Authorization, Integrity and Non Repudiation. The very first line of security in a system is identifying and authenticating a user. This ensures that the user is who he/she claims to be, and allows only authorized individuals to access your system. Technologies have been developed that can automatically recognize a person by his unique physical features. This technology, referred to as ‘biometrics’, allows us to quickly, securely and conveniently identify an individual. Biometrics solutions have already been deployed worldwide, and it is rapidly becoming an acceptable method of identification in the eye of the public. As useful and advanced as unimodal (single biometric sample) biometric technologies are, they have their limits. Some of them aren’t completely accurate; others aren’t as secure and can be easily bypassed. Recently it has been reported to the congress of the U.S.A [2] that about 2 percent of the population in their country do not have a clear enough fingerprint for biometric use, and therefore cannot use their fingerprints for enrollment or verification. This same report recommends using a biometric system with dual (multimodal) biometric inputs, especially for large scale systems, such as airports. In this dissertation we will investigate and compare multimodal biometric techniques, in order to determine how much of an advantage lies in using this technology, over its unimodal equivalent.
- Full Text:
- Authors: Andrade, Christopher Grant
- Date: 2009-05-19T06:23:41Z
- Subjects: Biometry , Biometric identification , Statistical matching
- Type: Thesis
- Identifier: uj:8372 , http://hdl.handle.net/10210/2538
- Description: M.Sc. , Determining the identity of a person has become vital in today’s world. Emphasis on security has become increasingly more common in the last few decades, not only in Information Technology, but across all industries. One of the main principles of security is that a system only be accessed by a legitimate user. According to the ISO 7498/2 document [1] (an international standard which defines an information security system architecture) there are 5 pillars of information security. These are Identification/Authentication, Confidentiality, Authorization, Integrity and Non Repudiation. The very first line of security in a system is identifying and authenticating a user. This ensures that the user is who he/she claims to be, and allows only authorized individuals to access your system. Technologies have been developed that can automatically recognize a person by his unique physical features. This technology, referred to as ‘biometrics’, allows us to quickly, securely and conveniently identify an individual. Biometrics solutions have already been deployed worldwide, and it is rapidly becoming an acceptable method of identification in the eye of the public. As useful and advanced as unimodal (single biometric sample) biometric technologies are, they have their limits. Some of them aren’t completely accurate; others aren’t as secure and can be easily bypassed. Recently it has been reported to the congress of the U.S.A [2] that about 2 percent of the population in their country do not have a clear enough fingerprint for biometric use, and therefore cannot use their fingerprints for enrollment or verification. This same report recommends using a biometric system with dual (multimodal) biometric inputs, especially for large scale systems, such as airports. In this dissertation we will investigate and compare multimodal biometric techniques, in order to determine how much of an advantage lies in using this technology, over its unimodal equivalent.
- Full Text:
A security model for a virtualized information environment
- Authors: Tolnai, Annette
- Date: 2012-08-15
- Subjects: Virtual computer systems - Security measures , Computer security
- Type: Thesis
- Identifier: uj:9384 , http://hdl.handle.net/10210/5821
- Description: D.Phil. , Virtualization is a new infrastructure platform whose trend is sweeping through IT like a blaze. Improving the IT industry by higher utilization from hardware, better responsiveness to changing business conditions and lower cost operations is a must have in the new generation of virtualization solutions. Virtualization is not just one more entry in the long line of “revolutionary” products that have hit the technology marketplace. Many parts of the technology ecosystem will be affected as the paradigm shifts from the old one-to-one correspondence between software and hardware to the new approach of software operating on any hardware that happens to be most suitable to use at the time. This brings along with it security concerns, which need to be addressed. Security evolving in and around the virtualized system will become more pertinent the more virtualization is employed into everyday IT technology and use. In this thesis, a security model for virtualization will be developed and presented. This model will cover the different facets needed to address virtualization security.
- Full Text:
- Authors: Tolnai, Annette
- Date: 2012-08-15
- Subjects: Virtual computer systems - Security measures , Computer security
- Type: Thesis
- Identifier: uj:9384 , http://hdl.handle.net/10210/5821
- Description: D.Phil. , Virtualization is a new infrastructure platform whose trend is sweeping through IT like a blaze. Improving the IT industry by higher utilization from hardware, better responsiveness to changing business conditions and lower cost operations is a must have in the new generation of virtualization solutions. Virtualization is not just one more entry in the long line of “revolutionary” products that have hit the technology marketplace. Many parts of the technology ecosystem will be affected as the paradigm shifts from the old one-to-one correspondence between software and hardware to the new approach of software operating on any hardware that happens to be most suitable to use at the time. This brings along with it security concerns, which need to be addressed. Security evolving in and around the virtualized system will become more pertinent the more virtualization is employed into everyday IT technology and use. In this thesis, a security model for virtualization will be developed and presented. This model will cover the different facets needed to address virtualization security.
- Full Text:
ISAP - an information security awareness portal
- Authors: Tolnai, Annette
- Date: 2010-05-27T06:08:54Z
- Subjects: Computer security , Internet security measures
- Type: Thesis
- Identifier: uj:6852 , http://hdl.handle.net/10210/3283
- Description: M.Sc. , The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a part of our daily lives, the more we expose ourselves and our personal information on the World Wide Web and hence, the more opportunities arise for fraudsters to get hold of this information. Internet use can be associated with Internet banking, online shopping, online transactions, Internet Relay Chat, newsgroups, search engines, online blogs and e-mail. The source behind online activities carried on over the Internet may be different from what we are led to believe. Communication lines may be intercepted, compromising sensitive information of the user. It is a risk to make digital payments and reveal sensitive information about ourselves to an unknown source. If the risk materializes, it may result in undesired circumstances. Using the Internet securely should be a prerequisite to every user before conducting online transactions and activities over the World Wide Web. Owing to the versatility and ease of the electronic medium, electronic databases and vast amounts of sensitive information are readily accumulated. This is cause for concern regarding the main issues, namely privacy, identity theft and monetary fraud. Major countermeasures to mitigate the main forms of security and Internet-related issues are awareness of these risks and how they may materialize as well as relevant protection mechanisms. A discussion about why the Internet is a popular medium for criminal behaviour, what risks are involved, what can be done about them and some technical as well as non-technical preventative measures are covered in this dissertation. The purpose of this dissertation is to create an overall awareness of Internet banking and the process of Internet transactions. The end result is the development of an information security awareness portal (ISAP) aimed at the general public and potential Internet users who may be subject to identity and credit fraud. The aim of the ISAP is to sensitize users and minimize the growing numbers of individuals who are victimized through online crimes. Individuals using the Internet need to be aware of privacy concerns governing the Internet and how searchers are able to find out almost anything about them. The false sense of security and anonymity we as users think we have when innocently connecting to the World Wide Web outlines threats lurking in the background where we would never imagine. By the time you are finished reading this dissertation, it may put you off transacting and revealing sensitive information about yourself online ever again.
- Full Text:
- Authors: Tolnai, Annette
- Date: 2010-05-27T06:08:54Z
- Subjects: Computer security , Internet security measures
- Type: Thesis
- Identifier: uj:6852 , http://hdl.handle.net/10210/3283
- Description: M.Sc. , The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a part of our daily lives, the more we expose ourselves and our personal information on the World Wide Web and hence, the more opportunities arise for fraudsters to get hold of this information. Internet use can be associated with Internet banking, online shopping, online transactions, Internet Relay Chat, newsgroups, search engines, online blogs and e-mail. The source behind online activities carried on over the Internet may be different from what we are led to believe. Communication lines may be intercepted, compromising sensitive information of the user. It is a risk to make digital payments and reveal sensitive information about ourselves to an unknown source. If the risk materializes, it may result in undesired circumstances. Using the Internet securely should be a prerequisite to every user before conducting online transactions and activities over the World Wide Web. Owing to the versatility and ease of the electronic medium, electronic databases and vast amounts of sensitive information are readily accumulated. This is cause for concern regarding the main issues, namely privacy, identity theft and monetary fraud. Major countermeasures to mitigate the main forms of security and Internet-related issues are awareness of these risks and how they may materialize as well as relevant protection mechanisms. A discussion about why the Internet is a popular medium for criminal behaviour, what risks are involved, what can be done about them and some technical as well as non-technical preventative measures are covered in this dissertation. The purpose of this dissertation is to create an overall awareness of Internet banking and the process of Internet transactions. The end result is the development of an information security awareness portal (ISAP) aimed at the general public and potential Internet users who may be subject to identity and credit fraud. The aim of the ISAP is to sensitize users and minimize the growing numbers of individuals who are victimized through online crimes. Individuals using the Internet need to be aware of privacy concerns governing the Internet and how searchers are able to find out almost anything about them. The false sense of security and anonymity we as users think we have when innocently connecting to the World Wide Web outlines threats lurking in the background where we would never imagine. By the time you are finished reading this dissertation, it may put you off transacting and revealing sensitive information about yourself online ever again.
- Full Text:
MOSS : a model for open system security
- Van Zyl, Pieter Willem Jordaan
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
Legal implications of information security governance
- Authors: Etsebeth, Verine
- Date: 2009-01-08T13:04:36Z
- Subjects: Computer security , Data protection , Liability (Law) , Information technology management , Computer network security , Business enterprises
- Type: Thesis
- Identifier: uj:14757 , http://hdl.handle.net/10210/1837
- Description: LL.M. , Organisations are being placed under increased pressure by means of new laws, regulations and standards, to ensure that adequate information security exists within the organisation. The King II report introduced corporate South Africa to the concept of information security in 2002. In the same year the Electronic Communications and Transactions Act 25 of 2002 addressed certain technical information security issues such as digital signatures, authentication, and cryptography. Therefor, South Africa is increasingly focussing its attention on information security. This trend is in line with the approach taken by the rest of the international community, who are giving serious consideration to information security and the governance thereof. As organisations are waking up to the benefits offered by the digital world, information security governance is emerging as a business issue pivotal within the e-commerce environment. Most organisations make use of electronic communications systems such as e-mail, faxes, and the world-wide-web when performing their day-to-day business activities. However, all electronic transactions and communications inevitably involve information being used in one form or another. It may therefor be observed that information permeates every aspect of the business world. Consequently, the need exists to have information security governance in place to ensure that information security prevails. However, questions relating to: which organisation must deploy information security governance, why the organisation should concern itself with this discipline, how the organisation should go about implementing information security governance, and what consequences will ensue if the organisation fails to comply with this discipline, are in dispute. Uncertainty surrounding the answers to these questions contribute to the reluctance and skepticism with which this discipline is approached. This dissertation evolves around the legal implications of information security governance by establishing who is responsible for ensuring compliance with this discipline, illustrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline, ultimately providing the reader with certainty and clarity regarding the above mentioned questions, while simultaneously enabling the reader to gain a better understanding and appreciation for the discipline information security governance. The discussion hereafter provides those who should be concerned with information security governance with practical, pragmatic advice and recommendations on: (i) The legal obligation to apply information security; (ii) Liability for failed information security; (iii) Guidelines on how to implement information security; and (iv) A due diligence assessment model against which those responsible for the governance and management of the organisation may benchmark their information security efforts.
- Full Text:
- Authors: Etsebeth, Verine
- Date: 2009-01-08T13:04:36Z
- Subjects: Computer security , Data protection , Liability (Law) , Information technology management , Computer network security , Business enterprises
- Type: Thesis
- Identifier: uj:14757 , http://hdl.handle.net/10210/1837
- Description: LL.M. , Organisations are being placed under increased pressure by means of new laws, regulations and standards, to ensure that adequate information security exists within the organisation. The King II report introduced corporate South Africa to the concept of information security in 2002. In the same year the Electronic Communications and Transactions Act 25 of 2002 addressed certain technical information security issues such as digital signatures, authentication, and cryptography. Therefor, South Africa is increasingly focussing its attention on information security. This trend is in line with the approach taken by the rest of the international community, who are giving serious consideration to information security and the governance thereof. As organisations are waking up to the benefits offered by the digital world, information security governance is emerging as a business issue pivotal within the e-commerce environment. Most organisations make use of electronic communications systems such as e-mail, faxes, and the world-wide-web when performing their day-to-day business activities. However, all electronic transactions and communications inevitably involve information being used in one form or another. It may therefor be observed that information permeates every aspect of the business world. Consequently, the need exists to have information security governance in place to ensure that information security prevails. However, questions relating to: which organisation must deploy information security governance, why the organisation should concern itself with this discipline, how the organisation should go about implementing information security governance, and what consequences will ensue if the organisation fails to comply with this discipline, are in dispute. Uncertainty surrounding the answers to these questions contribute to the reluctance and skepticism with which this discipline is approached. This dissertation evolves around the legal implications of information security governance by establishing who is responsible for ensuring compliance with this discipline, illustrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline, ultimately providing the reader with certainty and clarity regarding the above mentioned questions, while simultaneously enabling the reader to gain a better understanding and appreciation for the discipline information security governance. The discussion hereafter provides those who should be concerned with information security governance with practical, pragmatic advice and recommendations on: (i) The legal obligation to apply information security; (ii) Liability for failed information security; (iii) Guidelines on how to implement information security; and (iv) A due diligence assessment model against which those responsible for the governance and management of the organisation may benchmark their information security efforts.
- Full Text:
- «
- ‹
- 1
- ›
- »