We propose a formalization of the security of transparent harddisk-encryption using the universal composability framework. We point out that several commercially available schemes for transparent hard disk encryption are built on principles that limit security, and we propose schemes for disk encryption with passive and active security, respectively. As for the efficiency of the schemes, securi...

Businesses are deploying Public Key Infrastructures (PKIs) to support internal business processes, implement virtual private networks, and secure corporate assets. In addition, most businesses have industrial partnerships with other businesses for economic reasons. If these industrial alliances wish to exploit their internal security capabilities for businessto-business (B2B) electronic commerc...

Cassandra is a distributed NoSQL system providing high scalability and availability. However, it has many security vulnerabilities. Especially the information about internal cluster structure and transferred data can be exposed by outside attackers. In this paper, we present a novel way to enhance Cassandra security by means of group key. The group key model is designed considering Cassandra’s ...

A majority of computer security breaches occur because internal employees of an organization subvert existing controls. While exploring the issue of violation of safeguards by trusted personnel, with specific reference to Barings Bank and the activities of Nicholas Leeson, this paper provides an understanding of related information security concerns. In a final synthesis, guidelines are provide...

A pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNGs with input was proposed in 2005 by Barak and Halevi (BH). This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random num...

Auditing complex SNA networks is a scarcely explored area, confronting the reviewers with a number of distinct, though related questions such as: what are the measures for security and internal control integrated in the networks, what are their strengths and weaknesses, how can one verify their effectiveness, and how are the measures impacted by interconnecting networks? From an EDP-auditor's p...

Large organizations must be able to communicate with external suppliers, partners, and customers. Implementation of bidirectional E-mail and file transfers, however, may pose a significant security threat to the organization's internal systems. This article describes a network architecture for securing external communications that has been successfully implemented at Lockheed Missiles and Space...

This study is a reliability generalization meta-analysis that reviews 5 of the most frequently used continuous measures of adult attachment security: the Adult Attachment Scale, Revised Adult Attachment Scale, Adult Attachment Questionnaire, Experiences in Close Relationships, and Experiences in Close Relationships-Revised. A total of 313,462 individuals from 564 studies provided 1,629 internal...

In this paper, we present an infrastructure for providing secure transactional support for mobile databases. Our infrastructure protects against external threats — malicious actions by nodes not authorized to access the data. The major contribution of this paper, however, is to classify and present algorithms to protect against internal security threats. Internal threats are malicious actions b...

With the increasing maturity of various cloud service delivery models ( Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of each cloud service configuration is coming into focus. In this paper, we take up the example of a Public Infrastructure as a Service (Iaas) ...