Modification data attack inside computer systems: a critical review

This paper is a review of types of modification data attack based on computer systems and it explores the vulnerabilities and mitigations. Altering information is a kind of cyber-attack during which intruders interfere, catch, alter, take or erase critical data on the PCs and applications through using network exploit or by running malicious executable codes on victim's system. One of the most difficult and trendy areas in information security is to protect the sensitive information and secure devices from any kind of threats. Latest advancements in information technology in the field of information security reveal huge amount of budget funded for and spent on developing and addressing security threats to mitigate them. This helps in a variety of settings such as military, business, science, and entertainment. Considering all concerns, the security issues almost always come at first as the most critical concerns in the modern time. As a matter of fact, there is no ultimate security solution; although recent developments in security analysis are finding daily vulnerabilities, there are many motivations to spend billions of dollars to ensure there are vulnerabilities waiting for any kind of breach or exploit to penetrate into the systems and networks and achieve particular interests. In terms of modifying data and information, from old-fashioned attacks to recent cyber ones, all of the attacks are using the same signature: either controlling data streams to easily breach system protections or using non-control-data attack approaches. Both methods can damage applications which work on decision-making data, user input data, configuration data, or user identity data to a large extent. In this review paper, we have tried to express trends of vulnerabilities in the network protocols’ applications.

Download Full-text

Digital Ecosystem Security Issues for Organizations and Governments

Web 2.0 and Cloud Technologies for Implementing Connected Government - Advances in Electronic Government, Digital Divide, and Regional Development ◽

10.4018/978-1-7998-4570-6.ch010 ◽

2021 ◽

pp. 204-228

Author(s):

Heru Susanto ◽

Leu Fang Yie ◽

Desi Setiana ◽

Yani Asih ◽

Ambar Yoganingrum ◽

...

Keyword(s):

Sensitive Information ◽

Cyber Attack ◽

Security Issues ◽

Digital Ethics ◽

Digital Ecosystem ◽

Unethical Behaviors ◽

Core Elements ◽

Ethical Approaches ◽

The Government ◽

Use Of The Internet

The growth of the digital ecosystem has given a sense that the rise of security implementations must be considered by every organization including governments in terms of adopting the best digital ethical approaches and awareness on the importance of ensuring privacy. Increased use of the internet has also increased matters of cyber threats and unethical behaviors. Therefore, implementation of digital ethics has become crucial to prevent or minimize the impacts of cybercrime, and so, securing sensitive information from unauthorized access has become extremely important. This study analyses and describes the future trends regarding security in digital ethics and privacy within the digital ecosystem. The results point to a relative correlation between the government and business sector and the types of attacks and that digital ethics and privacy makes up the core elements of security. Implementing cautionary steps are also necessary to prevent from any form of cyber-attack.

Download Full-text

Modeling Access Control in Healthcare Organizations

Certification and Security in Health-Related Web Applications ◽

10.4018/978-1-61692-895-7.ch002 ◽

2011 ◽

pp. 23-44

Author(s):

Efstratia Mourtou

Keyword(s):

Information Security ◽

Access Control ◽

Security Policy ◽

Healthcare Professionals ◽

Vital Role ◽

Sensitive Information ◽

Healthcare Organizations ◽

Security Issues ◽

Efficiency And Effectiveness ◽

The Status

Since Hospital Information Systems (HIS) are designed to support doctors and healthcare professionals in their daily activities, information security plays a vital role in managing access control. Efficiency and effectiveness of information security policy is crucial, especially when dealing with situations that affect the status and life-history of the patient. In addition, the rules and procedures to follow, in order to provide confidentiality of sensitive information, have to focus on management of events on any table of the HIS. On the other hand, control and statement constraints, as well as events and security auditing techniques, play also an important role, due to the heterogeneity of healthcare professionals’ roles, actions and physical locations, as well as to the specific characteristics and needs of the healthcare organizations. This chapter will first explore issues in managing access control and security of healthcare information by reviewing the possible threats and vulnerabilities as well as the basic attributes of the hospital’s security plan. The authors will then present a hierarchical access model that, from a security policy perspective, refers to data ownership and access control issues. The authors conclude the chapter with discussions of upcoming security issues.

Download Full-text

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

PeerJ Computer Science ◽

10.7717/peerj-cs.362 ◽

2021 ◽

Vol 7 ◽

pp. e362

Author(s):

Jinghua Yu ◽

Stefan Wagner ◽

Feng Luo

Keyword(s):

Information Security ◽

Data Flow ◽

Process Analysis ◽

Security Analysis ◽

Security Requirements ◽

Security Issues ◽

External Threats ◽

Complex Interactions ◽

Controlling System ◽

Potential System

Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and specify security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional approaches lack the power to identify insecure incidents caused by complex interactions among physical systems, human and social entities. By contrast, the System-Theoretic Process Analysis for Security (STPA-Sec) approach views losses as resulting from interactions, focuses on controlling system vulnerabilities instead of external threats, and is applicable for complex socio-technical systems. However, the STPA-Sec pays less attention to the non-safety but information-security issues (e.g., data confidentiality) and lacks efficient guidance for identifying information security concepts. In this article, we propose a data-flow-based adaption of the STPA-Sec (named STPA-DFSec) to overcome the mentioned limitations and elicit security constraints systematically. We use the STPA-DFSec and STPA-Sec to analyze a vehicle digital key system and investigate the relationship and differences between both approaches, their applicability, and highlights. To conclude, the proposed approach can identify information-related problems more directly from the data processing aspect. As an adaption of the STPA-Sec, it can be used with other STPA-based approaches to co-design systems in multi-disciplines under the unified STPA framework.

Download Full-text

Modeling Access Control in Healthcare Organizations

IT Policy and Ethics ◽

10.4018/978-1-4666-2919-6.ch038 ◽

2013 ◽

pp. 835-856

Author(s):

Efstratia Mourtou

Keyword(s):

Information Security ◽

Access Control ◽

Security Policy ◽

Healthcare Professionals ◽

Vital Role ◽

Sensitive Information ◽

Healthcare Organizations ◽

Security Issues ◽

Efficiency And Effectiveness ◽

The Status

Download Full-text

A sensitive information protection scheme in wearable devices based on quantum entanglement

International Journal of Distributed Sensor Networks ◽

10.1177/1550147718808487 ◽

2018 ◽

Vol 14 (10) ◽

pp. 155014771880848

Author(s):

Yongzhi Chen ◽

Xiaojun Wen ◽

Zhiwei Sun ◽

Zoe L Jiang ◽

Junbin Fang

Keyword(s):

Information Security ◽

Quantum Entanglement ◽

Secure Communication ◽

Wearable Devices ◽

Sensitive Information ◽

Mathematical Algorithm ◽

Protection Scheme ◽

Security Issues ◽

Quantum Secure Communication ◽

Secure Transmission

At present, wearable devices are in the ascendant in the field of personal smart communication terminals across the globe, but their information security issues deserve attention. We hereby propose a secure transmission solution that addresses the special requirements of wearable devices in information security. It is based on the principle of quantum secure communication and works well to protect sensitive information on wearable devices. The solution utilizes the coherence properties of quantum entanglement and uses quantum information security techniques such as quantum key distribution and non-orthogonal base measurement to realize secure transmission of sensitive information on wearable devices. Unlike traditional encryption methods based on the complexity of the mathematical algorithm, the solution has unconditional security.

Download Full-text

BSVMS: Novel Autonomous Trustworthy Scheme for Video Monitoring

Wireless Communications and Mobile Computing ◽

10.1155/2021/6518743 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Xuan Wang ◽

Jingjing Xu ◽

Jiaxin Wang ◽

Wei Ou ◽

Jung Yoon Kim ◽

...

Keyword(s):

Monitoring System ◽

Security Analysis ◽

Video Data ◽

Video Monitoring ◽

Monitoring Systems ◽

Sensitive Information ◽

Monitoring Technology ◽

Security Issues ◽

Industry Standards ◽

Encryption And Decryption

With the continuous development and application of monitoring technology, which involves increasingly more sensitive information, the global demand for video monitoring systems has surged. As a result, video monitoring technology has received widespread attention both at home and abroad. Traditional video monitoring systems experience security threats, with differing levels of severity, in terms of attack, storage, transmission, etc., which results in different degrees of damage to users’ rights. Therefore, we propose a blockchain-SM-based video monitoring system called BSVMS. For the front-end device invasion risk, internal attack risk, and security storage problem of the monitoring system, we use commercial cryptography algorithms to complete the encryption processing of images through a visual change network in the imaging process, thereby ensuring the security of the video data from the source. To address the problem that the video monitoring application software and data are vulnerable to damage, we use blockchain technologies that are tamper-proof and traceable to build a trustworthy video monitoring system. In the system, no member can query the original monitoring data. To address the security issues in network transmission, we use a commercial cryptography algorithm for multilayer encryption to ensure the security of data during transmission, guarantee the confidentiality of the system, and realize domestic autonomous control. We then conduct tests and security analysis of the encryption and decryption efficiency of the SM4 algorithm used in the system, the blockchain performance, and the overall performance. The experimental results show that in this system environment, the SM4 algorithm encryption and decryption efficiency is better than other algorithms and that the blockchain used meets industry standards.

Download Full-text

Getting the Right Balance: Information Security and Information Access

Legal Information Management ◽

10.1017/s1472669610000125 ◽

2010 ◽

Vol 10 (1) ◽

pp. 51-54 ◽

Cited By ~ 1

Author(s):

Jennifer Smith

Keyword(s):

Information Security ◽

Information Management ◽

Information Access ◽

Sensitive Information ◽

Practical Advice ◽

Security Issues ◽

Complex Information ◽

The Right

AbstractThis article by former law librarian, Jennifer Smith, highlights access and security issues to consider when handling sensitive information. Jennifer is a Director of the Information Management and IT consultancy, OneIS, which specialises in working with smaller organisations with complex information management requirements. The article provides practical advice and is particularly aimed at readers working in organisations without dedicated information security professionals.

Download Full-text

Web Sites Information Security Management Based on B/S Pattern

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.3141 ◽

2012 ◽

Vol 263-266 ◽

pp. 3141-3144

Author(s):

Xiao Long Zhu

Keyword(s):

Information Security ◽

Web Sites ◽

Security Analysis ◽

Security Management ◽

Management Program ◽

Records Management ◽

Security Strategy ◽

Information Security Management ◽

Security Issues ◽

Electronic Records Management

This paper summarizes the development of electronic records management, and due to current defects and shortcomings, discusses the more effective and reasonable information security management program. For the system security issues, the paper has done an overall security analysis of system from the application layer, network layer, and database layer to physical and management levels, and has made a system’s security strategy.

Download Full-text

Tenant-Oriented Monitoring for Customized Security Services in the Cloud

Symmetry ◽

10.3390/sym11020252 ◽

2019 ◽

Vol 11 (2) ◽

pp. 252 ◽

Cited By ~ 3

Author(s):

Huaizhe Zhou ◽

Haihe Ba ◽

Yongjun Wang ◽

Zhiying Wang ◽

Jun Ma ◽

...

Keyword(s):

Virtual Machines ◽

Service Providers ◽

Security Analysis ◽

Security Requirements ◽

Security And Privacy ◽

Sensitive Information ◽

Cloud Environment ◽

Security Issues ◽

Security Services ◽

Runtime Information

The dramatic proliferation of cloud computing makes it an attractive target for malicious attacks. Increasing solutions resort to virtual machine introspection (VMI) to deal with security issues in the cloud environment. However, the existing works are not feasible to support tenants to customize individual security services based on their security requirements flexibly. Additionally, adoption of VMI-based security solutions makes tenants at the risk of exposing sensitive information to attackers. To alleviate the security and privacy anxieties of tenants, we present SECLOUD, a framework for monitoring VMs in the cloud for security analysis in this paper. By extending VMI techniques, SECLOUD provides remote tenants or their authorized security service providers with flexible interfaces for monitoring runtime information of guest virtual machines (VMs) in a non-intrusive manner. The proposed framework enhances effectiveness of monitoring by taking advantages of architectural symmetry of cloud environment. Moreover, we harden our framework with a privacy-preserving capacity for tenants. The flexibility and effectiveness of SECLOUD is demonstrated through a prototype implementation based on Xen hypervisor, which results in acceptable performance overhead.

Download Full-text

Review on quick response codes in the field of information security (Analysis of various imperceptibility characteristics on grayscale and binary QR code

2014 International Conference on Advances in Engineering and Technology (ICAET) ◽

10.1109/icaet.2014.7105222 ◽

2014 ◽

Cited By ~ 1

Author(s):

V. Ramya ◽

G. Gopinath

Keyword(s):

Information Security ◽

Security Analysis ◽

Qr Code ◽

Quick Response

Download Full-text