Jan H. P. Eloff

University of Pretoria | UP

A rtificial intelligence (AI) assisted cyber-attacks, within the network cybersecurity domain, have evolved to be more successful at every phase of the cyber threat lifecycle. This involves, amongst other tasks, reconnaissance, weaponisation, delivery, exploitation, installation, command & control, and actions. The result has been AI-enhanced attac...

Users of online social network (OSN) platforms, e.g. Twitter, are not always humans, and social bots (referred to as bots) are highly prevalent. State-of-the-art research demonstrates that bots can be broadly categorized as either malicious or benign. From a cybersecurity perspective, the behaviors of malicious and benign bots differ. Malicious bot...

Recently, network intrusion attacks, particularly new unknown attacks referred to as zero-day attacks, have become a global phenomenon. Zero-day network intrusion attacks constitute a frequent cybersecurity threat, as they seek to exploit the vulnerabilities of a network system. Previous studies have demonstrated that zero-day attacks can compromis...

The increased amount of high-dimensional imbalanced data in online social networks challenges existing feature selection methods. Although feature selection methods such as principal component analysis (PCA) are effective for solving high-dimensional imbalanced data problems, they can be computationally expensive. Hence, an effortless approach for...

While privacy-enhancing solutions for car-to-car communication are increasingly researched, end user aspects of such solutions have not been in the focus. In this paper, we present a qualitative study with 16 car drivers in South Africa for analysing their privacy perceptions and preferences for control and privacy trade-offs, which will allow to d...

Chat-logs are informative digital footprints available on Social Media Platforms (SMPs). With the rise of cybercrimes targeting children, chat-logs can be used to discover and flag harmful behaviour for the attention of law enforcement units. This can make an important contribution to the safety of minors on SMPs from being exploited by online pred...

For businesses to benefit from the many opportunities of cloud computing, they must first address a number of security challenges, such as the potential leakage of confidential data to unintended third parties. An inter‐VM (where VM is virtual machine) attack, also known as cross‐VM attack, is one threat through which cloud‐hosted confidential data...

Introduction. Digital deception is a double-edged sword used by both blackhats and whitehats in cybersecurity. A status quo review of the reintroduction of digital deception can reveal challenges and initiatives and show how information behaviour expertise might inform cybersecurity research and vice versa. Aim. To use a status quo review of digita...

Purpose Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not...

The “HPI Future SOC Lab” is a cooperation of the Hasso Plattner Institute (HPI) and industry partners. Its mission is to enable and promote exchange and interaction between the research community and the industry partners. The HPI Future SOC Lab provides researchers with free of charge access to a complete infrastructure of state of the art hard an...

This book constitutes the refereed proceedings of the 18th International Conference on Information Security, ISSA 2019, held in Johannesburg, South Africa, in August 2019. The 12 revised full papers presented were carefully reviewed and selected from 35 submissions. The papers are dealing with topics such as authentication; access control; digital...

This book constitutes the refereed post-conference proceedings of the 19th International Conference on Information Security, ISSA 2020, which was supposed to be held in Pretoria, South Africa, in August 2020, but it was held virtually due to the COVID-19 pandemic. The 10 revised full papers presented were carefully reviewed and selected from 33 sub...

Purpose This paper aims to describe requirements for a model that can assist in identity deception detection (IDD) on social media platforms (SMPs). The model that was discovered demonstrates the usefulness of the requirements. The aim of the model is to identify humans lying about their identity on SMPs. Design/methodology/approach The requirem...

The increasing demand for online and real-time interaction with IT infrastructures by end users is facilitated by the proliferation of user-centric devices such as laptops, iPods, iPads, and smartphones. This trend is furthermore propounded by the plethora of apps downloadable to end user devices mostly within mobile-cum-cloud environments. It is c...

This book constitutes the refereed proceedings of the 17th International Conference on Information Security, ISSA 2018, held in Pretoria, South Africa, in August 2018. The 13 revised full papers presented were carefully reviewed and selected from 40 submissions. The papers are dealing with topics such as authentication; access control; digital (cyb...

Usability of software is a crucial aspect of successful applications and could give one application a competitive edge over another. Eye tracking is a popular approach to usability evaluation, but is time consuming and requires expert analysis. This paper proposes a semi-automated process for identifying usability problems in applications with a ta...

Social media platforms allow billions of individuals to share their thoughts, likes and dislikes in real-time, without any censorship. This freedom, however, comes at a cyber-security risk. Cyber threats are more difficult to detect in a cyber world where anonymity and false identities are ever-present. The speed at which these deceptive identities...

There is a growing number of people who hold accounts on social media platforms (SMPs) but hide their identity for malicious purposes. Unfortunately, very little research has been done to date to detect fake identities created by humans, especially so on SMPs. In contrast, many examples exist of cases where fake accounts created by bots or computer...

During the operations and maintenance phase of a software system, software-related failures can be ascribed to many reasons, for example, a crash as a result of insufficient cache memory where the software system just comes to an unexpected halt without any explanation of what happened. This chapter presents the concept of near misses, as immediate...

Inaccurate identification of the root cause of a software failure leads to the implementation of inappropriate countermeasures. This does not only hamper the prevention of their recurrence but also thwarts the correction of faulty software and obstructs the improvement of its quality and reliability. This chapter presents digital forensics as a sui...

This chapter presents a mathematical model developed to detect and prioritise near misses as they occur on a running system. Although this research does not use near-miss analysis to improve software reliability but rather to improve the accuracy of failure analysis, reliability concepts specific to the IT industry can be used to develop methods to...

Since major software failures often result in disasters ranging from financial loss to loss of lives, preventing their recurrence is absolutely necessary. A post-mortem investigation is required to identify their root cause and implement appropriate countermeasures. Current approaches to software failure investigations are limited and often result...

This chapter presents an architecture for a near-miss management system (NMS). This architecture combines, in a novel way, aspects of the forensic investigation process and a near-miss detection and prioritisation model. The goal is to promote the usage of sound forensic evidence to conduct an accurate root-cause analysis of software failures. Furt...

An NMS detects, prioritises and assists in the investigation process of near misses. This chapter describes a prototype environment as well as implementation of an NMS. The prototype is designed to demonstrate the viability of the architecture, more specifically the detection of near misses from the analysis of event logs.

This paper investigates how to effectively stop an attacker from using compromised user credentials to gain authorized entry to systems that they are otherwise not authorised to access. The proposed solution extends previous work to move beyond a risk-based multi-factor authentication system. It adds a behavioural analytics component that uses keys...

This book reviews existing operational software failure analysis techniques and proposes near-miss analysis as a novel, and new technique for investigating and preventing software failures. The authors provide details on how near-miss analysis techniques focus on the time-window before the software failure actually unfolds, so as to detect the high...

Erratum to: Sihan. Qing and Jan. H.P. Eloff (Eds.) Information Security for Global Information Infrastructures DOI: 10.1007/978-0-387-35515-3

Erratum to: J.H.P. Eloff et al. (Eds.) Information Security Management & Small Systems Security DOI: 10.1007/978-0-387-35575-7

Many businesses see Big Data and Data Science as a catalyst for innovation. The problem is that many of these businesses are hesitant to embrace these new technologies mainly because of a shortage in skilled manpower. On a global level, higher education institutions are in the process of developing curricula for graduate degree programs relating to...

Identity Deception Detection is a problem on social media platforms today. Not only is there challenges towards determining the authenticity of people, but also with analyzing the data that forms part of the communications. These data are of heterogeneous type and include photos, videos and sound. Furthermore, most social media platforms are operat...

Digital forensics has been proposed as a methodology for doing root-cause analysis of major software failures for quite a while. Despite this, similar software failures still occur repeatedly. A reason for this is the difficulty of obtaining detailed evidence of software failures. Acquiring such evidence can be challenging, as the relevant data may...

IT systems are ubiquitous in today's interconnected society and play a vital role in a number of industries such as banking, telecommunications and aviation. Software, in particular, is embedded in most technical and electronic products, ranging from massive machines such as airplanes to lightweight devices such as mobile phones. Software applicati...

Cloud lntrastructures are vulnerable to serious data leakage threats. Tenants with conflicting interests, residing on a shared cloud infrastructure, can potentially view the data of other potentially conflicting tenants' by means of inter-VM attacks. This paper discusses an innovative solution to overcome this data leakage problem by proposing the...

The increasing complexity of software applications can lead to operational failures that have disastrous consequences. In order to prevent the recurrence of such failures, a thorough post-mortem investigation is required to identify the root causes involved. This root cause analysis must be based on reliable digital evidence to ensure its objectivi...

Digital forensics is an established research and application field. Various process models exist describing the steps and processes to follow during digital forensic investigations. During such investigations, it is not only the digital evidence itself that needs to prevail in a court of law; the process followed and terminology used should also be...

In one embodiment, a method for extracting data items for a task requesting a set of data items in a virtual organization including a plurality of members is provided. A set of confidentiality sub-policies associated with the set of data items and an information utility sub-policy associated with the task are retrieved. At least a portion of the se...

Eye tracking has been around for more than 100 years and the technology has improved at an incredible rate. With the advancement of technology, eye tracking can even be done from a mobile phone, which allows for large scale eye tracking studies to be performed. Unfortunately, eye tracking analysis is still a time consuming activity especially when...

Trust Management in Emerging countries: International cooperation research challenges for Horizon 2020 An international cooperation approach to trust management that considers cultural differences appears necessary if we would like to design multi-cultural trust models that can be understood and used by different cultures. The cultivation of trust...

This chapter demonstrates how interoperability can serve as a catalyst for business innovation. It explores its core definitions and illustrates relevance and applicability thereof through a use case: Business in Your Pocket (BiYP) use case, that enforces value co-creation amongst business ecosystem partners. The BiYP use case clearly indicates tha...

The increasing demand for on-line and real-time interaction with IT infrastructures by endusers are facilitated by the proliferation of user centric devices such as laptops, iPods, iPads, and smartphones. This trend is furthermore propounded by the plethora of apps down loadable to end-user devices mostly within mobile-cum-cloud environments. It is...

Many cities in East and West Africa are characterized by the phenomenon of motorcycles as means of public transport. In East African countries such as Kenya, Uganda and Rwanda, this mode of public transport is called Boda-Boda. In this paper we present the challenges facing the Boda-Boda industry. We also present a prototype that will enable Bo...

One major function of computer security is to ensure the availability of an IT system. Software failures disrupt the availability of a system and its underlying resources. In addition, a system crash can cause data loss and data corruption, affecting the integrity of the stored information. It can also open the door for unauthorised access to confi...

This paper explores the effectiveness of usage control deterrents. Usage control enables finer-grained control over the usage of objects than do traditional access control models. Deterrent controls are intended to discourage individuals from intentionally violating information security policies or procedures. In this context, an adaptation of usag...

Individualistic cultures that prevail in predominantly developed economies thrive on e-commerce environments where consumer trust is facilitated through trust mechanisms such as institutional guarantees, laws and policies, information security mechanisms, and social controls. These trust mechanisms are based on individualist cultural norms of behav...

Various factors such as socio-cultural conditions, geographical area and infrastructural development can inhibit access to information and communication technologies (ICTs). The aim of this paper is to report on the challenges that women in Pretoria encounter when accessing ICTs. The paper presents the results of a case study that was conducted in...

Graphical User Interfaces (GUI) are discussed in the context of being used by users coming from the “bottom of the pyramid” to interact with and to run ICT (Information and Communication Technologies) applications for real life usage in their developing world. These interfaces are called “GUI 4D” (Graphical User Interfaces for Development). GUI 4D...

Donor funds are available for treatment of many diseases such as HIV. However, privacy constraints make it hard for donor organisations to verify that they have not sponsored the same patient twice --- or sponsored a patient whose treatment was also sponsored by another donor. This paper presents a protocol based on digital cash that enables donor...

The purpose of this paper is to discuss certain challenges that emerge when evaluating a Living Lab (LL). These challenges are linked to the choice of evaluation methods as well as whether to measure, when, what and how to measure. A LL in itself is a complex context that provides a successful mixture of ICT-based collaborative environments, open i...

This paper is intended as an opinion paper regarding information security concerns in the Workflow Reference Model (WfRM) as defined by the Workflow Management Coalition (WfMC). After an introduction into the workflow environment, the WfRM is described. The security services, identification and authentication, authorization, confidentiality, integr...

The boundaries for business are constantly moving beyond the physical premises. Today, customers are seeking innovative and dynamic business solutions that allow for business to be conducted at any place, anytime or on any device. SAP has recognised this need and has started to provide innovative business solutions that can be run on premise, on de...

Many large organisations find it difficult to develop an e-commerce strategy. Senior management should first develop a comprehensive understanding of what it means to become e-commerce enabled before deciding whether or not to pursue that route. With e-commerce comes major changes that must be carefully planned and coordinated to avoid chaos and co...

The purpose of this paper is to indicate how Living Labs (LL) are organized and applied as part of the research mandate of the SAP Research Pretoria in South Africa. This will be done by exploring existing definitions of LLs. This is followed by the identification of four dimensions of living labs which is then used to evaluate three existing LLs t...

We rely on advancements made on Web 2.0 to propose a Web portal for accessing services by SMMEs in South Africa. The suggested Web solution exploits the so-called mashup technique that consists of gathering information (i.e. data and services) from various Web sources, and consolidating them within a single integrated platform. The extracted data a...

For the past forty years, security experts have spent billions of dollars trying to improve security technologies. However, security systems are continually failing to protect end users' information systems and their information. Security experts claim that the end users are the weakest link in the security chain, and the end users claim that secur...

In the face of the expanding Internet and an ever-growing number of threats, today's society is becoming more geared towards greater security and protection of privacy and personal information. Smart cards provide protection for information at the hardware level, however, smart cards are designed for use with a single specific application. In this...

An organisation's approach to information security should focus on employee behaviour, as the organisation's success or failure effectively depends on the things that its employees do or fail to do. An information security-aware culture will minimise risks to information assets and specifically reduce the risk of employee misbehaviour and harmful i...

300-500 words) Keywords: Computers and networks have provided for increased connectivity, ease of use and convenience. Other advantages include the ability to communicate across borders, have access to information at your fingertips and the huge capacity for storage and transport. However, there also arises the need to properly protect these vital...

4th International Conference on Information Warfare and Security, Cape Town, South Africa, 26-27 March 2009 Security and usability are crucial factors for the successful of any e-commerce system. However, they have traditionally been considered a design trade-off. In an effort to align them, this paper highlights the design principles and guideline...

This chapter defines information warfare (IW), discusses its most common tactics, weapons, and tools, compares IW terrorism with conventional warfare, and addresses the issues of liability and the available legal remedies under international law. Today information is probably worth much more than any other commodity. Globalization, the other import...

Access controls are difficult to implement and evidently deficient under certain conditions. Traditional controls offer no protection for unclassified information, such as a telephone list of employees that is unrestricted, yet available only to members of the company. On the opposing side of the continuum, organizations such as hospitals that mana...

The international refereed conference proceedings are published in a paperback volume in the Proceedings Journal Network warfare is an emerging concept that focuses on the network and computer based forms through which information is attacked and defended. Various computer and network security concepts thus play a role in network warfare. Due the i...

The use of lattice-based access control models has been somewhat restricted by their complexity. We argue that attribute exploration from formal concept analysis can help create lattice models of manageable size, while making it possible for the system designer to better understand dependencies between different security categories in the domain an...

This paper proposes an original architecture for a fraud management system (FMS) for convergent. Next-generation networks (NGNs), which are based on the Internet protocol (IP). The architecture has the potential to satisfy the requirements of flexibility and application-independency for effective fraud detection in NGNs that cannot be met by tradit...

The entire business landscape finds itself on the verge of a recession because of ongoing global economic turmoil. Thus, there is a heightened need to minimise and mitigate business risk and scrutinise information spending while ensuring compliance with regulatory mandates. This calls for decision makers to become vigilant in their spending and mov...

Women are active participants in the Small, Medium and Micro Enterprise (SMME) sector. In conducting their business activities they are usually confronted with a range of challenges in accessing operational resources. These include but are not limited to lack of financial support, skills, Information and Communication Technology (ICT) infrastructur...

Copyright: Virtus Interpress World wide the importance of Information Security Governance is demanding the attention of senior management. This is due to the ever-changing threat landscape requiring that organisations adopt a focussed approach towards the protection of information assets. Any successful approach towards Information Security Governa...

Trust and trust models have invoked a wide interest in the field of computer science. Trust models are seen as the solution to interactions between agents (computer systems) that may not have previously interacted with one another; as is often the case in the uncertain world of e-commerce. These models are seen as facilitators to the definition and...

Information security has evolved from addressing minor and harmless security breaches to managing those with a huge impact on organisations' economic growth. This paper investigates the evolution of information security; where it came from, where it is today and the direction in which it is moving. It is argued that information security is not abou...

Short Message Service is usually used to transport unclassified information, but with the rise of mobile commerce it has become an integral tool for conducting business. However, SMS does not guarantee confidentiality and integrity of the message content. This paper proposes a protocol called SMSSec that can be used to secure an SMS communication s...

Each vulnerability scanner (VS) represents, identifies and classifies vulnerabilities in its own way, thus making the different scanners difficult to study and compare. Despite numerous efforts by researchers and organisations to solve the disparity in vulnerability names used in the different VSs, vulnerability categories have still not been stand...

The field of digital forensics is faced with a number of challenges, given the constant growth in technologies. The reliability and integrity associated with digital evidence from disparate sources is also a perpetual challenge, requiring considerable human interpretation in the reconstruction of any particular sequence of events. In this paper we...

ISSA 2008 Innovative Minds Conference, Johannesburg, South Africa, 7-9 July 2008 Information warfare has surfaced as an emerging concept that affects not only military institutions but ordinary organisations as well. Information warfare in itself consists of various components ranging from its electronic and psychological aspects to its network ena...

A number of forensic processes have been used successfully in the field of Digital Forensics. The aim of this paper is to model some of these processes by using the Unified Modeling Language (UML) -specifically the behavioural Use Cases and Activity diagrams. This modelling gives a clear indication of the limitations of these processes. A UML-based...

Many companies, especially Japanese companies, have implemented information security with bottom up approach, starting from implementing piece by piece security controls. As increase the number of information security incidents and spread its impact, companies have implemented many measures in the wide spectrum, from technical counter measure syste...

Intrusion in information systems is a major problem in security management. Present-day intrusion detection systems detect attacks too late to counter them in real-time. Several authors in the digital forensics literature have proposed using Boyd's Observe-Orient-Decide-Act (OODA) model for intrusion protection, but none have taken these proposals...

The efficacy of the aspect-oriented paradigm has been well established within several areas of software security as aspect-orientation facilitates the abstraction of these security-related tasks to reduce code complexity. The aim of this paper is to demonstrate that aspect-orientation may be used to monitor the information flows between objects in...

With the advent of agile programming, lightweight software processes are being favoured over the highly formalised approaches of the past. Likewise, access control may benefit from a less prescriptive approach with an increasing reliance on users to behave ethically. These ideals correlate with optimistic access controls. However, ensuring that use...

The design of effective access control models, to meet the unique challenges posed by the web services paradigm, is a current research focus. Despite recent advances in this field, solutions are generally limited to controlling access to single operations of request-response nature. To ensure that a service is used appropriately, message exchanges...

Purpose This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users. Design/methodology/approach A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web se...

Intrusion Detection Systems play an invaluable role within organisations by detecting attempted attacks on their IT systems. However, Intrusion Detection Systems are complex to set-up and require large quantities of memory and processing power to effectively analyse the large volumes of network traffic involved. Behavioural analysis plays an import...

Network device availability and reliability are very important in a network environment. The network devices in this environment provide services to the other nodes or devices on the network. Hence we define a service-oriented network environment. We also propose a novel model for a trusted service-oriented network environment by using an Internet...

The aim of this paper is to document experiences with augmenting multilevel security with usage control at the application level within the aspect-oriented paradigm. Multilevel access control is an access control policy that supports systems that process especially sensitive data. However, attribute-based access control is sometimes insufficient an...

International Federation for Information Processing The IFIP series publishes state-of-the-art results in the sciences and technologies of information and communication. The scope of the series includes: foundations of computer science; software theory and practice; education; computer applications in technology; communication systems; systems mode...

The dramatic increase in crime relating to the Internet and computers has caused a growing need for digital forensics. Digital forensic tools have been developed to assist investigators in conducting a proper investigation into digital crimes. In general, the bulk of the digital forensic tools available on the market permit investigators to analyse...

When communicating secret information there is more than one route to follow to ensure the confidentiality of the message being transmitted. Encryption might be an obvious choice; however there are limitations and disadvantages to using encryption. An alternative approach is steganography, which is a technology for hiding information in other infor...