Your search keyword '"Gary Wills"' showing total 121 results

1. Building rating system: an instrument for building accessibility measurement for better indoor navigation by blind people

Author

Watthanasak Jeamwatthanachai, Gary Wills, and Mike Wald

Subjects

Health (social science), business.industry, Computer science, Rehabilitation, Visual impairment, Usability, Building design, computer.software_genre, Focus group, Computer Science Applications, Software, Human–computer interaction, Management of Technology and Innovation, medicine, Plug-in, medicine.symptom, business, computer, Built environment, Interior design

Abstract

Purpose The purpose of this paper is to create a building rating system (BRS) with its bottom-up design model that can be carried out manually and in the future automatically. Design/methodology/approach The BRS is built on the basis of the structure of spatial representation framework for indoor navigation by people with visual impairment, which was validated with visually impaired people, and incorporated with building design standards and regulations from around the world. The BRS was afterwards validated by three groups of five experts in the related fields such as research and development, accessibility, and building and interior designs. Finally, the user evaluation was carried out by three focus groups of three experts in risk assessment to verify the usability of the system. Findings This paper provides the design and methodology of the BRS used for classifying the accessibility in buildings into four levels of classification for people with visual impairment navigating around the buildings. This system is evaluated with system usability scales (SUS), which is found to be in a “Good” level on average (72.2 SUS scores). Research limitations/implications Success criteria used in the space classification are mainly created for people with visual impairment at this stage; other disabilities requirements must be taken into account for the next stage of the development. Practical implications The system can be carried out in the future automatically in the form of standalone software or plugins that can be integrated in buildings and interior design software to seek recommendations toward a creation of inclusive built environment. Originality/value This paper presents a design architecture of BRS with its details, description and success criteria used in the space classification.

Published

2019

2. Zlto: Increase and Track Positive Behavior using Secure Blockchain Technology

Author

Kurt Appolis, Gary Wills, Allan Van Der Meulen, Michael Gu, Marlon Parker, and Christine Taphel

Subjects

Protocol (science), Blockchain, Computer science, media_common.quotation_subject, Computer security, computer.software_genre, Focus group, Work (electrical), Software deployment, Order (business), computer, Reputation, media_common

Abstract

Zlto(zlah-toh) is a project to provide secure validation of credentials for young people. Many African youth find it difficult to obtain jobs because of a lack of formal qualification, but they have a breath of informal skills. In this paper we will describe how we implement the Zlto system to provide proof of skills completed through a peer-to-peer evaluation mechanism and stored using blockchain. Since its first deployment in 2016, Zlto has processed over 1 million transactions. We present simulation and analysis of the reputation protocol used to verify work, and further evaluate the peer review process using a think a loud focus group method with a group of peer reviewers in order to improve the system.

Published

2019

3. Analysis of a PBX Toll Fraud Honeypot

Author

Gary Wills, Ed Zaluska, and Nathaniel Mcinnes

Subjects

Honeypot, Voice over IP, biology, business.industry, Computer science, Computer security, computer.software_genre, Phone, Toll, biology.protein, Session (computer science), Resilience (network), business, Protocol (object-oriented programming), computer, Hacker

Abstract

Organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well- understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggested fast-changing approaches by attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledged this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified attackers are using various sophisticated methods to attempt to gain access and trick a PBX into making calls. When comparing previous research, the rate of attack is approximately 30 times more aggressive and the countries from where attacks originate are distributed over 75 countries.

Published

2019

4. Fuzzy Logic with Expert Judgment to Implement an Adaptive Risk-Based Access Control Model for IoT

Author

Hany F. Atlam, Robert John Walters, Joshua Daniel, and Gary Wills

Subjects

Risk analysis, Computer Networks and Communications, business.industry, Process (engineering), Computer science, Information sharing, 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer security, computer.software_genre, Session (web analytics), Hardware and Architecture, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Information system, 020201 artificial intelligence & image processing, The Internet, business, computer, Software, Information Systems

Abstract

The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.

Published

2019

5. The VoIP PBX Honeypot Advance Persistent Threat Analysis

Author

Nathaniel Mcinnes and Gary Wills

Subjects

Honeypot, Voice over IP, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Botnet, Computer security, computer.software_genre, Subnet, Phone, SQL injection, Telephony, business, computer, Hacker

Abstract

PBX hacking is a multi-billion dollar per year criminal and terrorism funding source. This paper follows on from a previous 10-day Honeypot experiment, to run a VoIP PBX Honeypot for a longer period of 103-day to not only validate any similarities, but to also analyse non-VoIP methods hackers use in an attempt to gain access to a VoIP System. Over the 103-day data collection period, the Honeypot recorded over 100 million SIP messages. Different techniques were used (including SQL injections in Invites) and hackers of the same IP subnet also attempted using web vulnerabilities in different telephony phone systems to gain access. Of specific interest, over the Christmas period of 2018, attack intensity decreased significantly. To validate these findings, the Honeypot experiment was also conducted for a short period over the Christmas period of 2019 which found that unlike Christmas 2018, attacks increased. The sophistication, scale and complexity of the fraud would suggest an Advance Persistent Threat exists with an aim to infiltrate a VoIP system (including a PBX) to conduct Toll Fraud and where possible to also add that system to a botnet of infected voice systems.

Published

2021

6. A Review of Blockchain in Internet of Things and AI

Author

Ahmed G. Alzahrani, Muhammad Ajmal Azad, Hany F. Atlam, and Gary Wills

Subjects

Service (systems architecture), Blockchain, Computer science, blockchain technology, Internet of Things, review, 02 engineering and technology, Computer security, computer.software_genre, lcsh:Technology, Management Information Systems, Artificial Intelligence, IoT with blockchain, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, Architecture, business.industry, lcsh:T, 020206 networking & telecommunications, Transparency (human–computer interaction), IoT and blockchain integration, Computer Science Applications, Obstacle, 020201 artificial intelligence & image processing, Single point of failure, business, computer, Information Systems

Abstract

The Internet of Things (IoT) represents a new technology that enables both virtual and physical objects to be connected and communicate with each other, and produce new digitized services that improve our quality of life. The IoT system provides several advantages, however, the current centralized architecture introduces numerous issues involving a single point of failure, security, privacy, transparency, and data integrity. These challenges are an obstacle in the way of the future developments of IoT applications. Moving the IoT into one of the distributed ledger technologies may be the correct choice to resolve these issues. Among the common and popular types of distributed ledger technologies is the blockchain. Integrating the IoT with blockchain technology can bring countless benefits. Therefore, this paper provides a comprehensive discussion of integrating the IoT system with blockchain technology. After providing the basics of the IoT system and blockchain technology, a thorough review of integrating the blockchain with the IoT system is presented by highlighting benefits of the integration and how the blockchain can resolve the issues of the IoT system. Then, the blockchain as a service for the IoT is presented to show how various features of blockchain technology can be implemented as a service for various IoT applications. This is followed by discussing the impact of integrating artificial intelligence (AI) on both IoT and blockchain. In the end, future research directions of IoT with blockchain are presented.

Published

2020

7. A survey on machine learning for stock price prediction: algorithms and techniques

Author

Nongnuch Tantisantiwong, Gary Wills, Mehtabhorn Obthong, and Watthanasak Jeamwatthanachai

Subjects

Prediction algorithms, Stock exchange, business.industry, Computer science, Stock market, Artificial intelligence, Machine learning, computer.software_genre, business, computer, Stock (geology), Stock price

Abstract

Stock market trading is an activity in which investors need fast and accurate information to make effective decisions. Since many stocks are traded on a stock exchange, numerous factors influence the decision-making process. Moreover, the behaviour of stock prices is uncertain and hard to predict. For these reasons, stock price prediction is an important process and a challenging one. This leads to the research of finding the most effective prediction model that generates the most accurate prediction with the lowest error percentage. This paper reviews studies on machine learning techniques and algorithm employed to improve the accuracy of stock price prediction.

Published

2020

8. How to Analyze Data from Unlisted but Rich Firms: From the Perspective of Data and Analysis

Author

Russell Newman, Gary Wills, Robert John Walters, and Victor Chang

Subjects

020203 distributed computing, SQL, business.industry, Big data, Perspective (graphical), 02 engineering and technology, Venture capital, Investment (macroeconomics), Data science, Computer Science Applications, Financial management, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Data analysis, Preprocessor, 020201 artificial intelligence & image processing, business, computer, Software, computer.programming_language

Abstract

This article illustrates the importance of gathering and analyzing preprocessing data for unlisted but rich firms such as venture capital firms. Using datasets from three major sources, the authors demonstrate how to query and analyze data using both Datastream and SQL.

Published

2018

9. Exploring avatar roles for motivational effects in gameful environments

Author

Vanissa Wanick, Gary Wills, Nooralisa Mohd Tuah, and Ashokkumar Ranchhod

Subjects

Multimedia, lcsh:T, ComputingMilieux_PERSONALCOMPUTING, Design elements and principles, 020207 software engineering, 02 engineering and technology, Design strategy, computer.software_genre, Avatar, lcsh:Technology, Identification (information), Game design, Human–computer interaction, 0202 electrical engineering, electronic engineering, information engineering, Interface Design, Game strategy, 020201 artificial intelligence & image processing, Psychology, computer, Games

Abstract

This paper explores avatar roles and design principles in helping to develop motivation in game environments. Different avatar applications could influence the experience of players in at least three ways: as a customisation tool, game strategy, and personal identification. These possible influences could be enhanced by the application of avatar design for motivational purposes, reflected through the integration between game design elements and the avatar implementation. This paper aims to situate avatar design as a design strategy to motivate users to change their behaviour and promote adherence to new habits. We start by reviewing the current papers that address avatar design utilisations for motivation in to Serious Games. Then, we analyse the main elements in gameful applications (e.g. Re-Mission, Pain Squad, CodeInGame and Monster Manor), in order to understand and explore the design of avatars. The analysis is followed by the development of a model for Avatar Design in Motivational contexts (ADAM), which could be used to provide the necessary guidance for designers and developers of gameful systems for motivational environments.

Published

2017

10. Special issue on fog/edge computing in Enterprise Multimedia Security [SI 1138T]

Author

Gang Sun, Victor Chang, and Gary Wills

Subjects

Multimedia, Computer Networks and Communications, Hardware and Architecture, Computer science, Media Technology, Multimedia information systems, computer.software_genre, computer, Computer communication networks, Software, Edge computing

Published

2020

11. Security, Cybercrime and Digital Forensics for IoT

Author

Madini O. Alassafi, Ahmed Alenezi, Abdulrahman A. Alshdadi, Hany F. Atlam, and Gary Wills

Subjects

Computer science, Process (engineering), business.industry, Human life, Digital forensics, Wearable computer, Computer security, computer.software_genre, Cybercrime, Software deployment, The Internet, Internet of Things, business, computer

Abstract

The Internet of Things (IoT) connects almost all the environment objects whether physical or virtual over the Internet to produce new digitized services that improve people’s lifestyle. Currently, several IoT applications have a direct impact on our daily life activities including smart agriculture, wearables, connected healthcare, connected vehicles, and others. Despite the countless benefits provided by the IoT system, it introduces several security challenges. Resolving these challenges should be one of the highest priorities for IoT manufacturers to continue the successful deployment of IoT applications. The owners of IoT devices should guarantee that effective security measures are built in their devices. With the developments of the Internet, the number of security attacks and cybercrimes has increased significantly. In addition, with poor security measures implemented in IoT devices, the IoT system creates more opportunities for cybercrimes to attack various application and services of the IoT system resulting in a direct impact on users. One of the approaches that tackle the increasing number of cybercrimes is digital forensics. Cybercrimes with the power of the IoT technology can cross the virtual space to threaten human life, therefore, IoT forensics is required to investigate and mitigate against such attacks. This chapter presents a review of IoT security and forensics. It started with reviewing the IoT system by discussing building blocks of an IoT device, essential characteristic, communication technologies and challenges of the IoT. Then, IoT security by highlighting threats and solutions regarding IoT architecture layers are discussed. Digital forensics is also discussed by presenting the main steps of the investigation process. In the end, IoT forensics is discussed by reviewing related IoT forensics frameworks, discussing the need for adopting real-time approaches and showing various IoT forensics.

Published

2019

12. IoT Security, Privacy, Safety and Ethics

Author

Gary Wills and Hany F. Atlam

Subjects

Security privacy, Privacy by Design, business.industry, Computer science, 020208 electrical & electronic engineering, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Secure by design, Smart city, 0202 electrical engineering, electronic engineering, information engineering, The Internet, business, Internet of Things, computer

Abstract

The Internet of Things (IoT) represents a revolution of the Internet which can connect nearly all environment devices over the Internet to share their data to create novel services and applications for improving our quality of life. Using cheap sensors, the IoT enables various devices and objects around us to be addressable, recognizable and locatable. Although the IoT brought infinite benefits, it creates several challenges, especially in security and privacy. Handling these issues and ensuring security and privacy for IoT products and services must be a fundamental priority. Users need to trust IoT devices and related services are secure. Moreover, the IoT safety must be considered to prevent the IoT system and its components from causing an unacceptable risk of injury or physical damage and at the same time considering social behaviour and ethical use of IoT technologies to enable effective security and safety. This chapter provides a discussion of IoT security, privacy, safety and ethics. It starts by providing an overview of the IoT system, its architecture and essential characteristics. This is followed by discussing IoT security challenges, requirements and best practices to protect IoT devices. The IoT privacy is also discussed by highlighting various IoT privacy threats and solutions to preserve the privacy of IoT devices. The IoT safety, ethics, the need for the ethical design and challenges encountered are also discussed. In the end, smart cities are introduced as a case study to investigate various security threats and suggested solutions to maintain a good security level in a smart city.

Published

2019

13. A Security Framework to Protect Data in Cloud Storage

Author

Gary Wills, Robert John Walters, Victor Chang, and Farashazillah Yahya

Subjects

Gigabyte, Computer science, business.industry, Reliability (computer networking), Accountability, Key (cryptography), Cloud computing, Security policy, business, Computer security, computer.software_genre, Cloud storage, computer

Abstract

According to Cisco Global Cloud Index, cloud storage users will store 1.6 Gigabytes data per month by 2019, compared to 992 megabytes data per month in 2014. With this trend, it has been shown that more and more data will reside in cloud storage and it is expected to grow further. As cloud storage is becoming an option for users for keeping their data online, it comes with security concerns for protecting data from threats. This thesis addresses the need to investigate the security factors that will enable efficient security protection for data in cloud storage and the relationships that exist between the different security factors. Consequently, this research has developed a conceptual framework that supports security in cloud storage. The main contribution of this research is the development of a Cloud Storage Security Framework (CSSF) to support an integrative approach to understanding and evaluating security in cloud storage. The framework enables understanding of the makeup of security in cloud storage and measures the understanding of security in cloud storage. Drawing upon established theories and prior research findings, the framework indicates that security in cloud storage can be determined by nine factors: (1) security policies implementation in cloud storage, security measure that relates to (2) protecting the data accessed in cloud storage; (3) modifications of data stored; (4) accessibility of data stored in cloud storage; (5) non-repudiation to the data stored; (6) authenticity of the original data; (7) reliability of the cloud storage services; (8) accountability of service provision; and (9) auditability of the data accessed and stored in cloud storage. An example of CSSF application has been demonstrated through the development of a measuring instrument called Security Rating Score (SecRaS) and through a series of experiments, SecRaS has been validated and used in a research scenario. The instrument consists of several items generated using goal-question-metric approach. These potential items were evaluated by a series of experiments; the security experts assessed using content validity ratio while the security practitioners took part in the validation study. The validation study completed two experiments that look into the correlation analyses and internal reliability. SecRaS instrument was later applied in a research scenario; the validated instrument was distributed and a number of 218 usable responses were received. Using structural equation modelling, the data has revealed a good fit of the measurement analyses and structural model. The key findings were as follow: the relationships between factors were found to have both direct and indirect effects in the result. While establishing the relationship(s) among the factors, the structural model proposes three types of causal relationships in terms of how the security implementation in cloud storage could be affected by the security factors. This thesis presents a detailed discussion of the CSSF development, confirmation, and application in a research scenario. For security managers, CSSF offers a new paradigm on how stakeholders can make cloud storage security implementation successful in some depth. For security practitioners, the CSSF enables deconstruction of the concept of security in cloud storage into smaller, conceptually distinct and manageable factors to guide the design of security in cloud storage. For researchers, the CSSF provides a common framework in which to conceptualise their research and make it easier to see how the security factors fit into the larger picture.

Published

2019

14. Intersections between IoT and distributed ledger

Author

Gary Wills and Hany F. Atlam

Subjects

Intersection (set theory), Computer science, business.industry, 02 engineering and technology, Computer security, computer.software_genre, 020202 computer hardware & architecture, Central authority, Ledger, Distributed ledger, 0202 electrical engineering, electronic engineering, information engineering, The Internet, Single point of failure, Architecture, Internet of Things, business, computer

Abstract

The Internet of Things (IoT) is growing exponentially. It allows not only humans but also all various devices and objects in the environment to be connected over the Internet to share their data to create new applications and services which result in a more convenient and connected lifestyle. However, the current centralized IoT architecture faces several issues. For instance, all computing operations of all nodes in the network are carried out using a single server. This creates a single point of failure in which if the server goes down, the entire system will be unavailable. Also, the IoT centralized architecture is an easy target of various types of security and privacy attacks, since all IoT data collected from different devices is under the full authority of a single server. Therefore, adopting one of the Distributed Ledger Technologies (DLTs) for the IoT may be the right decision. One of the popular types of DLTs is the blockchain. It provides an immutable ledger with the capability of maintaining the integrity of transactions by decentralizing the ledger among participating nodes in the blockchain network which eliminates the need for a central authority. Integrating the IoT system with the blockchain technology can provide several benefits which can resolve the issues associated with the IoT centralized architecture. Therefore, this chapter provides a discussion of the intersection between IoT and DLTs. It started by providing an overview of the DLT by highlighting its main components, benefits and challenges. The centralized IoT system is also discussed with highlighting its essential limitations. Then, the integration of blockchain with IoT is presented by highlighting the integration benefits. Various application and challenges of integrating blockchain with IoT are also discussed.

Published

2019

15. Technical aspects of blockchain and IoT

Author

Gary Wills and Hany F. Atlam

Subjects

Structure (mathematical logic), Blockchain, Process (engineering), business.industry, Computer science, Computer security, computer.software_genre, Distributed ledger, Ledger, The Internet, Architecture, Internet of Things, business, computer

Abstract

Blockchain technology is getting a growing attention from various organizations and researchers as it provides magical solutions to the problems associated with the classical centralized architecture. Blockchain, whether public or private, is a distributed ledger with the capability of maintaining the integrity of transactions by decentralizing the ledger among participating users. On the other hand, the Internet of Things (IoT) represents a revolution of the Internet which can connect nearly all environment devices over the Internet to share their data to create novel services and applications for improving our quality of life. Although the centralized IoT system provides countless benefits, it raises several challenges. Resolving these challenges can be done by integrating IoT with blockchain technology. To be prepared for the integration process, this chapter provides an overview of technical aspects of the blockchain and IoT. It started by reviewing blockchain technology and its main structure. Applications and challenges of the blockchain are also presented. This is followed by reviewing the IoT system by highlighting common architecture and essential characteristics. Various applications and challenges of the IoT system are also discussed.

Published

2019

16. Linux Patch Management: With Security Assessment Features

Author

Soranut Midtrapanon and Gary Wills

Subjects

Computer science, Ransomware, Security assessment, Python (programming language), Computer security, computer.software_genre, computer, ComputingMethodologies_COMPUTERGRAPHICS, computer.programming_language

Abstract

The lack of patch management has been identified as the main reason for many ransomware attacks. The cost of patch management is still an obstacle for many small and medium-size businesses. There are many open source, free of charge, patch management systems but these require many pre-configuration steps making them complicated to use. Hence, this paper presents a patch management system that is cost-effective but also efficient in terms of set-up time. We have written the system in Python with Puppet and Mcollective to aid the configuration steps. An additional feature of this system is the ability to assess the security of the system being patched, using CVE scanning.

Published

2019

17. The design of a hybrid cultural model for Arabic gamified systems

Author

Vanissa Wanick, Gary Wills, and Noura Alomar

Subjects

Knowledge management, Multimedia, business.industry, Computer science, Arabic, 05 social sciences, 050801 communication & media studies, 050109 social psychology, Mood board, computer.software_genre, Popularity, language.human_language, Human-Computer Interaction, 0508 media and communications, Software, Arts and Humanities (miscellaneous), language, 0501 psychology and cognitive sciences, Software system, User interface, business, computer, General Psychology, Global environmental analysis, Software project management

Abstract

The growing popularity of gamification in the global environment increases the importance of balancing factors that affect user engagement, satisfaction and acceptability in different cultures. While the main motivation behind gamifying software systems is to improve user engagement, an adverse effect might happen if the design and functionality did not consider users' cultural requirements. This paper presents a hybrid cultural design model for localising Arabic systems that takes into consideration the visual elements of user interfaces as well as the functionality and cultural factors of Arabic countries. We start by introducing design guidelines for localising Arabic systems and then evaluate the designed localisation criteria by conducting questionnaires and interviews. We base our studies on the factors that could affect the productivity levels of software engineers who use gamified software project management tools in their workplace. 63 software engineers participated in a mood board based questionnaire composed by different visual elements, rewards and achievements. To validate our findings, seven experts were interviewed. Those were software developers and designers. Based on our results, we propose a hybrid cultural design model, composed of personalised elements, localised elements and non-localised elements. This paper also proposes the first comprehensive model for localising Arabic gamified systems.

Published

2016

18. Formal Modelling of Data Integration Systems Security Policies

Author

Andrew M. Gravell, Federica Paci, Gary Wills, Asieh Salehi Fathabadi, and Fatimah Y. Akeel

Subjects

Computer science, Security policy, Formal method, Computational Mechanics, Security policy, Event-B, Formal method, Privacy, Trust, Confidentiality, RBAC, Trust model, Access control Modelling, Data security, 02 engineering and technology, Trust, Asset (computer security), computer.software_genre, Computer security, 0202 electrical engineering, electronic engineering, information engineering, Trust model, Cloud computing security, RBAC, 020207 software engineering, Computer security model, Access control Modelling, Computer Science Applications, Security service, Privacy, Information security standards, Event-B, 020201 artificial intelligence & image processing, computer, Confidentiality, Data integration

Abstract

Data Integration Systems (DIS) are concerned with integrating data from multiple data sources to resolve user queries. Typically, organisations providing data sources specify security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data. If the security policies were not correctly enforced by the integration component of DIS, the data is exposed to data leakage threats, e.g. unauthorised disclosure or secondary use of the data. SecureDIS is a framework that helps system designers to mitigate data leakage threats during the early phases of DIS development. SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties. In this paper, we apply a formal approach to model a DIS with the SecureDIS security policies and verify the correctness and consistency of the model. The model can be used as a basis to perform security policies analysis or automatically generate a Java code to enforce those policies within DIS.

Published

2016

19. Internet of Things Forensics: A Review

Author

Hany F. Atlam, Ahmed Alenezi, Gary Wills, Madini O. Alassafi, and Ezz El-Din Hemdan

Subjects

business.industry, Computer science, Human life, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Secure by design, Computer Science Applications, Forensic science, Artificial Intelligence, Hardware and Architecture, Management of Technology and Innovation, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Key (cryptography), 020201 artificial intelligence & image processing, Internet of Things, business, Engineering (miscellaneous), computer, Software, Information Systems

Abstract

The rapid growth of Internet of Things (IoT) devices brings countless benefits, but it also brings new security and forensics challenges. The IoT system with billions of devices generates a huge amount of evidence which causes big challenges to digital investigators and practitioners who are required to interact with IoT devices to investigate cybercrimes in a forensically sound and timely fashion. These challenges create more opportunities for cybercrimes to attack various IoT application and services resulting in a direct impact on IoT users. As the IoT has incorporated in most aspects of our life, cybercrimes will literally threaten human life, hence, IoT forensics is required to investigate and mitigate against such attacks. Therefore, this paper provides a detailed review of IoT forensics. It started by providing a comprehensive discussion of IoT security involving the need for security by design and security challenges of the IoT system. Then, a review of IoT forensics is presented by highlighting the need for Artificial Intelligence (AI) in IoT forensics, state-of-the-art research and recent studies, opportunities and key requirements for a successful IoT forensics. Challenges and suggested solutions of IoT forensics are also discussed. Finally, a discussion of open research directions of IoT forensics is presented.

Published

2020

20. Internet of Nano Things

Author

Gary Wills, Robert John Walters, and Hany F. Atlam

Subjects

Network architecture, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, 021001 nanoscience & nanotechnology, Computer security, computer.software_genre, Object (computer science), Telecommunications network, 0202 electrical engineering, electronic engineering, information engineering, The Internet, 0210 nano-technology, Internet of Things, business, computer

Abstract

Nanotechnology provides new solutions for numerous applications that have a significant effect on almost every aspect of our community including health monitoring, smart cities, military, agriculture, and industry. The interconnection of nanoscale devices with existing communication networks over the Internet defines a novel networking paradigm called the Internet of Nano-Things (IoNT). The IoNT involves a large number of nanosensors that used to provide more precise and detailed information about a particular object to enable a better understanding of object behaviour. In this paper, we investigate the challenges and opportunities of the IoNT system in various applications. An overview of the IoNT is first introduced. This is followed by a discussion of the network architecture of the IoNT and various applications that benefit from integrating IoT with nanotechnology. In the end, since security is considered to be one of the main issues of the IoNT system, we provide an in-depth discussion on security goals, attack vectors and security challenges of the IoNT system.

Published

2018

21. Blockchain with Internet of Things: benefits, challenges, and future directions

Author

Gary Wills, Madini O. Alassafi, Hany F. Atlam, and Ahmed Alenezi

Subjects

Control and Optimization, Blockchain, Computer Networks and Communications, business.industry, Computer science, Information sharing, 020206 networking & telecommunications, 02 engineering and technology, Business model, Computer security, computer.software_genre, Decentralization, Computer Science Applications, Human-Computer Interaction, Artificial Intelligence, Modeling and Simulation, Signal Processing, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, Single point of failure, business, computer, Management process

Abstract

The Internet of Things (IoT) has extended the internet connectivity to reach not just computers and humans, but most of our environment things. The IoT has the potential to connect billions of objects simultaneously which has the impact of improving information sharing needs that result in improving our life. Although the IoT benefits are unlimited, there are many challenges facing adopting the IoT in the real world due to its centralized server/client model. For instance, scalability and security issues that arise due to the excessive numbers of IoT objects in the network. The server/client model requires all devices to be connected and authenticated through the server, which creates a single point of failure. Therefore, moving the IoT system into the decentralized path may be the right decision. One of the popular decentralization systems is blockchain. The Blockchain is a powerful technology that decentralizes computation and management processes which can solve many of IoT issues, especially security. This paper provides an overview of the integration of the blockchain with the IoT with highlighting the integration benefits and challenges. The future research directions of blockchain with IoT are also discussed. We conclude that the combination of blockchain and IoT can provide a powerful approach which can significantly pave the way for new business models and distributed applications.

Published

2018

22. Fog Computing and the Internet of Things: A Review

Author

Robert John Walters, Hany F. Atlam, and Gary Wills

Subjects

Data processing, business.industry, Computer science, lcsh:T, Internet of Things, IoT with fog computing, cloud computing, Cloud computing, Computer security, computer.software_genre, lcsh:Technology, Computer Science Applications, Management Information Systems, Cloud of things, cloud of things, Artificial Intelligence, Fog computing, fog as a service, Architecture, fog computing, business, computer, Information Systems, ComputingMethodologies_COMPUTERGRAPHICS

Abstract

With the rapid growth of Internet of Things (IoT) applications, the classic centralized cloud computing paradigm faces several challenges such as high latency, low capacity and network failure. To address these challenges, fog computing brings the cloud closer to IoT devices. The fog provides IoT data processing and storage locally at IoT devices instead of sending them to the cloud. In contrast to the cloud, the fog provides services with faster response and greater quality. Therefore, fog computing may be considered the best choice to enable the IoT to provide efficient and secure services for many IoT users. This paper presents the state-of-the-art of fog computing and its integration with the IoT by highlighting the benefits and implementation challenges. This review will also focus on the architecture of the fog and emerging IoT applications that will be improved by using the fog model. Finally, open issues and future research directions regarding fog computing and the IoT are discussed.

Published

2018

23. THE FRAMEWORK FOR IDENTIFYING THE MOTIVATIONAL REQUIREMENTS FOR CHILDREN IN DIGITAL STORYTELLING TOOLS

Author

Gary Wills, Mike Wald, and Mashael Asiri

Subjects

Digital storytelling, Multimedia, Computer science, computer.software_genre, computer

Published

2018

24. Validation of an adaptive risk-based access control model for the Internet of Things

Author

Ahmed Alenezi, Hany F. Atlam, Gary Wills, and Raid Khalid Hussein

Subjects

Risk analysis, Computer Networks and Communications, Computer science, Emerging technologies, media_common.quotation_subject, Context (language use), Access control, 02 engineering and technology, Computer security, computer.software_genre, Resource (project management), 0202 electrical engineering, electronic engineering, information engineering, Quality (business), media_common, Authentication, business.industry, Applied Mathematics, Information sharing, 020206 networking & telecommunications, 020202 computer hardware & architecture, Computer Science Applications, business, Safety Research, computer, Software, Information Systems

Abstract

The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.

Published

2018

25. Towards Mapping the security Challenges of the Internet of Things (IoT) supply Chain

Author

Tope Omitola and Gary Wills

Subjects

Computer science, business.industry, Supply chain, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, Internet of Things, business, computer, General Environmental Science

Abstract

The flow complexity in today’s IoT supply chain is enormous. To produce an item in a global network of suppliers requires a delicate dance of people, assets, systems, information, companies, and even governments. The opportunities for security vulnerabilities abound. In this paper, we describe the security challenges facing an IoT supply chain. We first start by describing what an IoT endpoint is, their various types together with their concomitant security challenges. An IoT endpoint is an output of an IoT supply chain, and the enumeration of its security challenges is then used to describe what IoT attack surfaces are, together with the threats and vulnerabilities facing a typical IoT supply chain. We use the iPhone/Apple supply chain as an exemplar, creating a map, and using that map to depict likely vulnerabilities and attacks. We conclude by discussing the mitigations against potential vulnerabilities in such a supply chain.

Published

2018

26. XACML for Building Access Control Policies in Internet of Things

Author

Robert John Walters, Gary Wills, Hany F. Atlam, Madini O. Alassafi, and Ahmed Alenezi

Subjects

Computer science, business.industry, XACML, 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer security, computer.software_genre, Work (electrical), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Internet of Things, business, computer, computer.programming_language

Abstract

Although the Internet of things (IoT) brought unlimited benefits, it also brought many security issues. The access control is one of the main elements to address these issues. It provides the access to system resources only to authorized users and ensures that they behave in an authorized manner during their access sessions. One of the significant components of any access control model is access policies. They are used to build the criteria to permit or deny any access request. Building an efficient access control model for the IoT require selecting an appropriate access policy language to implement access policies. Therefore, this paper presents an overview of most common access policy languages. It starts with discussing different access control models and features of the access policy. After reviewing different access policy languages, we proposed XACML as the most efficient and appropriate policy language for the IoT as it compatible with different platforms, provides a distributed and flexible approach to work with different access control scenarios of the IoT system. In addition, we proposed an XACML model for an Adaptive Risk-Based Access Control (AdRBAC) for the IoT and showed how the access decision will be made using XACML.

Published

2018

27. Keynote speaker 3: Looking after our IP in supply chain

Author

Gary Wills

Subjects

Computer science, Supply chain, Information security policy, Intellectual property, computer.software_genre, Computer security, computer, Secure by design, Data integration

Abstract

It is necessary to pass intellectual property (designs, specification, etc.) along a supply chain, but it is also known that these also ‘leaks’, often through poor security. This becomes more complex when the IP crosses international borders. We will examine three methods, each using security by design principles to protect our data and IP. Preserving information security policy during data integration, protecting documents when they leave an organisation, and when information is passed along the supply chain. I will also briefly look at how we move these ideas from academia to commercialisation.

Published

2017

28. A Framework for Cloud Forensic Readiness in Organizations

Author

Ahmed Alenezi, Raid Khalid Hussein, Robert John Walters, and Gary Wills

Subjects

Cloud computing security, business.industry, Computer science, Digital forensics, Internet privacy, Information technology, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Cybercrime, Transformative learning, Utility computing, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, History of computing, computer

Abstract

Many have argued that cloud computing is one of the fastest growing and most transformative technologies in the history of computing. It has radically changed the way in which information technologies can manage, access, deliver and create services. It has also brought numerous benefits to end-users and organizations. However, this rapid growth in cloud computing adoption has also seen it become a new arena for cybercrime. This has, in turn, led to new technical, legal and organizational challenges. In addition to the large number of attacks which affect cloud computing and the decentralized nature of data processing in the cloud, many concerns have been raised. One of these concerns is how to conduct a proper digital investigation in cloud environments and be ready to collect data proactively before an incident occurs in order to save time, money and effort. This paper proposes the technical, legal and organizational factors that influence digital forensic readiness for Infrastructure as a Service consumers.

Published

2017

29. Integration of Cloud Computing with Internet of Things: Challenges and Open Issues

Author

Hany F. Atlam, Gary Wills, Abdulrahman Alharthi, Ahmed Alenezi, and Robert John Walters

Subjects

Cloud computing security, Access network, Computer science, business.industry, media_common.quotation_subject, Dynamic data, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Data modeling, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Quality (business), Architecture, business, computer, media_common

Abstract

The Internet of Things (IoT) is becoming the next Internet-related revolution. It allows billions of devices to be connected and communicate with each other to share information that improves the quality of our daily lives. On the other hand, Cloud Computing provides on-demand, convenient and scalable network access which makes it possible to share computing resources; indeed, this, in turn, enables dynamic data integration from various data sources. There are many issues standing in the way of the successful implementation of both Cloud and IoT. The integration of Cloud Computing with the IoT is the most effective way on which to overcome these issues. The vast number of resources available on the Cloud can be extremely beneficial for the IoT, while the Cloud can gain more publicity to improve its limitations with real world objects in a more dynamic and distributed manner. This paper provides an overview of the integration of the Cloud into the IoT by highlighting the integration benefits and implementation challenges. Discussion will also focus on the architecture of the resultant Cloud-based IoT paradigm and its new applications scenarios. Finally, open issues and future research directions are also suggested.

Published

2017

30. Developing an Adaptive Risk-Based Access Control Model for the Internet of Things

Author

Joshua Daniel, Ahmed Alenezi, Hany F. Atlam, Robert John Walters, and Gary Wills

Subjects

Computer science, business.industry, Big data, Bring your own device, 020206 networking & telecommunications, Access control, Usability, 02 engineering and technology, Computer security, computer.software_genre, Data access, Business intelligence, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, Internet of Things, computer

Abstract

The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimation that this number will almost double by 2020. Society has become dependent on these billions of devices, devices that are connected and communicating with each other all the time with information constantly share between users, services, and internet providers. The emergent IoT devices as a technology are creating a huge security rift between users and usability, sacrificing usability for security created a number of major issues. First, IoT devices are classified under Bring Your Own Device (BYOD) that blows any organization security boundary and make them a target for espionage or tracking. Second, the size of the data generated from IoT makes big data problems pale in comparison not to mention IoT devices need a real-time response. Third, is incorporating secure access and control for IoT devices ranging from edge nodes devices to application level (business intelligence reporting tools) is a challenge because it has to account for several hardware and application levels. Establishing a secure access control model between different IoT devices and services is a major milestone for the IoT. This is important because data leakage and unauthorized access to data have a high impact on our IoT devices. However, traditional access control models with the static and rigid infrastructure cannot provide the required security for the IoT infrastructure. Therefore, this paper proposes a risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback. The proposed model uses IoT environment features to estimate the security risk associated with each access request using user context, resource sensitivity, action severity and risk history as inputs for security risk estimation algorithm that is responsible for access decision. Then the proposed model uses smart contracts to provide adaptive features in which the user behaviour is monitored to detect any abnormal actions from authorized users.

Published

2017

31. Toward confirming a framework for securing the virtual machine image in cloud computing

Author

Ahmed Alenezi, Raid Khalid Hussein, Hany F. Atlam, Mohammed Q. Mohammed, Robert John Walters, and Gary Wills

Subjects

Physics and Astronomy (miscellaneous), Computer science, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Virtualisation, lcsh:Technology, Field (computer science), Utility computing, Management of Technology and Innovation, Cloud testing, 0202 electrical engineering, electronic engineering, information engineering, lcsh:Science, Engineering (miscellaneous), Cloud computing security, lcsh:T, business.industry, Information Security, 020206 networking & telecommunications, Cloud Computing, Virtual Machine Image, Virtualization, Virtual machine, lcsh:Q, 020201 artificial intelligence & image processing, Web service, business, computer

Abstract

The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction of cloud computing is virtualisation. While this concept brings its own security risks, these risks are not necessarily related to the cloud. The main disadvantage of using cloud computing is linked to safety and security. This is because anybody which chooses to employ cloud computing will use someone else’s hard disk and CPU in order to sort and store data. In cloud environments, a great deal of importance is placed on guaranteeing that the virtual machine image is safe and secure. Indeed, a previous study has put forth a framework with which to protect the virtual machine image in cloud computing. As such, the present study is primarily concerned with confirming this theoretical framework so as to ultimately secure the virtual machine image in cloud computing. This will be achieved by carrying out interviews with experts in the field of cloud security.

Published

2017

32. An event-based access control for IoT

Author

Gary Wills and Nurul Huda Nik Zulkipli

Subjects

010407 polymers, Exploit, Computer science, business.industry, Event (computing), Event based, Vulnerability, Access control, 010103 numerical & computational mathematics, Computer security, computer.software_genre, 01 natural sciences, 0104 chemical sciences, Task (project management), 0101 mathematics, business, Internet of Things, computer

Abstract

The Internet of Things (IoT) comes together with the connection between sensors and devices. These smart devices have been upgraded from a standalone device which can only handle a specific task at one time to an interactive device that can handle multiple tasks in time. However, this technology has been exposed to many vulnerabilities especially on the malicious attacks of the devices. With the IoT constraints and low-security mechanisms applied, the malicious attacks could exploit the sensor vulnerability to provide wrong data where it can lead to wrong interpretation and actuation to the users. Due to this problems, this short paper presents an event-based access control framework that considers integrity, privacy and the authenticity in the IoT devices.

Published

2017

33. IoT Forensic: Bridging the Challenges in Digital Forensic and the Internet of Things

Author

Ahmed Alenezi, Gary Wills, and Nurul Huda Nik Zulkipli

Subjects

Bridging (networking), business.industry, Computer science, Internet privacy, Digital forensics, Vulnerability, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Cybercrime, Forensic science, Home automation, 020204 information systems, Smart city, 0202 electrical engineering, electronic engineering, information engineering, business, Internet of Things, computer

Abstract

The smart devices have been used in the most major domain like the healthcare, transportation, smart home, smart city and more. However, this technology has been exposed to many vulnerabilities, which may lead to cybercrime through the devices. With the IoT constraints and low-security mechanisms applied, the device could be easily been attacked, treated and exploited by cyber criminals where the smart devices could provide wrong data where it can lead to wrong interpretation and actuation to the legitimate users. To comply with the IoT characteristics, two approaches towards of having the investigation for IoT forensic is proposed by emphasizing the pre-investigation phase and implementing the real-time investigation to ensure the data and potential evidence is collected and preserved throughout the investigation.

Published

2017

34. Clustering Goal-Driven Security Factors for Protecting Data in Cloud Storage using Exploratory Factor Analysis (EFA): An Empirical Study

Author

Robert John Walters, Gary Wills, and Fara Yahya

Subjects

Knowledge management, business.industry, Computer science, Public sector, 020206 networking & telecommunications, 020207 software engineering, Cloud computing, 02 engineering and technology, Security policy, Computer security, computer.software_genre, Exploratory factor analysis, Empirical research, Information security audit, 0202 electrical engineering, electronic engineering, information engineering, Security management, business, Cloud storage, computer

Abstract

The purpose of this paper is to explore the important security factors for protecting data in cloud storagefrom the perspective of security practitioners. The study consist of 43 security variables (or indicator items)from a survey participated by security practitioners in Malaysia. Exploratory factor analysis (EFA) isconducted to understand the clusters of variables (or indicator items) and the inter-relationships constructingthe security factors (or components). Most of the respondents are from public sector organisations(government and higher education organisations) in Malaysia. The clusters of variables resulting from thisanalysis can be used as a reference for security practitioners planning to produce security policies to protectdata stored in a cloud storage. The top security factors identified from this study are shown in terms ofpolicy implementation and controls in confidentiality, integrity, availability, non-repudiation, authenticity,reliability, accountability and auditability of data services in cloud storage.

Published

2017

35. An Overview of Risk Estimation Techniques in Risk-based Access Control for the Internet of Things

Author

Hany F. Atlam, Ahmed Alenezi, Robert John Walters, and Gary Wills

Subjects

Risk analysis, Flexibility (engineering), Estimation, Authentication, business.industry, Computer science, Process (engineering), 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer security, computer.software_genre, 020202 computer hardware & architecture, Variety (cybernetics), Domain (software engineering), Risk analysis (business), 0202 electrical engineering, electronic engineering, information engineering, business, computer

Abstract

The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and privacy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.

Published

2017

36. A Proposed Best-practice Framework for Information Security Governance

Author

Ghada Gashgari, Gary Wills, and Robert John Walters

Subjects

Cloud computing security, Computer science, Standard of Good Practice, Sherwood Applied Business Security Architecture, 020206 networking & telecommunications, 02 engineering and technology, Enterprise information security architecture, Computer security model, Computer security, computer.software_genre, Information security management, 0202 electrical engineering, electronic engineering, information engineering, Security convergence, 020201 artificial intelligence & image processing, computer, Corporate security

Published

2017

37. Security in Organisations: Governance, Risks and Vulnerabilities in Moving to the Cloud

Author

Raid K. Hussain, Ghada Ghashgari, Madini O. Alassafi, Robert John Walters, Gary Wills, Chang, V., Ramachandran, M., Walters, R., and Wills, G.

Subjects

Cloud computing security, Certified Information Security Manager, 020206 networking & telecommunications, 02 engineering and technology, Information security, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Information security management, Security service, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Information governance, Business, computer

Abstract

Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG. Enterprise governance is directing and controlling the organization by the boardofdirectorsandexecutivemanagementinordertoensurethesuccessofthe organization.ITGandISGareintegralpartofcorporategovernance.ITGisabout the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important torecognizethatanimportantandspecificissuerelatedtocloudcomputingisthe potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts usedforconstructing cloudcomputing, which hasitsown security risks,butthey are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.

Published

2017

38. A conceptualization of intended learning outcomes supporting self-regulated learners in indicating learning paths

Author

Lester Gilbert, Gary Wills, and Preecha Tangworakitthaworn

Subjects

Independent study, Conceptualization, Instructional design, Plain text, Computer science, media_common.quotation_subject, Computer-Assisted Instruction, Metacognition, computer.file_format, Computer Science Applications, Education, Diagrammatic reasoning, Pedagogy, Mathematics education, Conceptual model, computer, media_common

Abstract

Intended learning outcomes ILOs indicate what learners will be able to achieve after they are taught. Traditionally, ILOs are expressed as plain text or unstructured documents. What if all ILOs of a specific course of study can be conceptualized through a structured diagrammatic technique? It was hypothesized that learners can benefit from this conceptualization in learning, especially in self-regulated learning. The aim of this study was to investigate whether the ILOs represented in unstructured or structured formats can facilitate learners to identify learning paths. The results revealed that the mean ratings of all learning paths were statistically significantly higher with structured ILOs.

Published

2014

39. Automated penetration testing based on a threat model

Author

Gary Wills and Norah Ahmed Almubairik

Subjects

021110 strategic, defence & security studies, Process (engineering), Computer science, 0211 other engineering and technologies, It innovation, 02 engineering and technology, Computer security, computer.software_genre, Penetration test, Reliability engineering, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Threat model, Penetration (warfare), 0202 electrical engineering, electronic engineering, information engineering, NIST, 020201 artificial intelligence & image processing, Algorithm design, computer

Abstract

The aim of this work is to propose a systematic penetration testing algorithm guided by a threat model. The use of the threat model in penetration testing ensures that all existing threats are checked and no threat is overlooked through the penetration test process. The objectives of this work are as follows: assembling a package of penetration testing tools (toolkit) to test the security of a equation system. Moreover, considering standard methodologies to design the automated penetration testing. A number of methodologies have been followed during the design of the algorithm. First, a threat model designed at the IT Innovation Centre was used extract threats. These threats were used as a starting point for the penetration testing. Second, the NIST 800-115 standard for penetration testing was followed. Applying the proposed automated penetration testing algorithm to a real system contributes to the reduction of consequences which can result from malicious attacks.

Published

2016

40. A Framework to Secure the Virtual Machine Image in Cloud Computing

Author

Robert John Walters, Ahmed Alenezi, Raid Khalid Hussein, and Gary Wills

Subjects

Cloud computing security, Database, Computer science, business.industry, Cloud computing, computer.software_genre, Virtualization, Outsourcing, Utility computing, Virtual machine, Cloud testing, Operating system, Web service, business, computer

Abstract

Cloud computing which uses outsourcing and remote processing of applications first appeared about ten years ago. Cloud Computing built on research in virtualization, distributed computing, utility computing, and web services. It reduces the information technology overhead for starting a new business and it can be accessed from anywhere. One of the concepts used for constructing cloud computing is virtualization, which has its own security risks, but they are not specific to the cloud. The key drawback to adopting cloud computing is security since clients use someone else's CPU and hard disk for processing and storing data. This paper proposes a security framework to secure Virtual Machine Images in a virtualization layer in the cloud environment. Securing the virtual machine image is significant as it will most probably affect the security of cloud computing.

Published

2016

41. Web 2.0 – The past and the future

Author

Robert John Walters, Victor Chang, Russell Newman, and Gary Wills

Subjects

Web standards, Engineering, medicine.medical_specialty, Web development, Computer Networks and Communications, business.industry, 05 social sciences, 02 engineering and technology, Library and Information Sciences, Web application security, computer.software_genre, World Wide Web, 020204 information systems, 0502 economics and business, Web design, 0202 electrical engineering, electronic engineering, information engineering, medicine, Web navigation, Web service, business, computer, Web modeling, 050203 business & management, Data Web, Information Systems

Abstract

We provide review of Web 2.0 including its past and future perspectives.We present Web 3.0 with its desired features.We have inspected the development of Web 2.0/3.0 between year 2005 and 2016. Although it has been around for 11 years, it is still not clear where Web 2.0 will lead. This paper presents a general discussion of past and recent trends that may positively influence the direction of Web 2.0, including cloud computing and other emerging business models. In order to move forward, Web 3.0 is proposed for the next generation of work that integrates Cloud Computing, Big Data, Internet of Things and security. We also present criteria and future direction for Web 3.0 to allow all services and people can stay connected with each other.

Published

2016

42. Identifying factors that affect the acceptance and use of E-assessment by academics in Saudi Universities

Author

Nuha Alruwais, Mike Wald, and Gary Wills

Subjects

060201 languages & linguistics, Multimedia, Process (engineering), 05 social sciences, Control (management), Theory of planned behavior, 050301 education, Developing country, 06 humanities and the arts, computer.software_genre, Affect (psychology), E-assessment, Order (exchange), 0602 languages and literature, Marketing, Psychology, 0503 education, computer, Developed country, E-assessment,E-exam,electronic exam,online exam,online assessment

Abstract

As assessment is one of the important pillars of the learning process, and E-assessment has become an essential part of education systems. E-assessment has developed to address some of the limitations and problems of a paper-test. In last the10 years, E-assessment has improved in developed countries such as the UK. In contrast, in Saudi Arabia, one of the developing countries, less attention has been paid to the usage of E-assessment and research which discusses E-assessment issues in Saudi Arabia is limited. Consequently, we investigate the factors that impact on academic’s use of E-assessment in Saudi universities. In order to examine these factors, the Decomposed Theory of Planned Behavior model (DTPB) is adopted with slight modification. Age and gender are added to the proposed model as moderating factors that affect attitude, subjective norms and perceived behavioral control. IT support is also added as a sub-factor under perceived behavioral control and technology facilitating conditions are included under resources facilitating conditions. Keywords : E-assessment, E-exam, electronic exam, online exam, online assessment.

Published

2016

43. Matching learning material to people with disabilities based on competence and functional capability

Author

Sasithorn Mongkolsripattana, Gary Wills, and Mike Wald

Subjects

Cooperative learning, Multimedia, Computer science, Learning environment, 05 social sciences, Lifelong learning, Educational technology, 050301 education, Collaborative learning, 02 engineering and technology, computer.software_genre, Robot learning, Learning sciences, Synchronous learning, ComputingMilieux_COMPUTERSANDEDUCATION, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0503 education, computer

Abstract

Lifelong learning is a very important activity especially for disabled learners. Learning technology allows disabled learners to acquire knowledge and skills more conveniently and effectively. Designing a learning environment should consider accessibility in order to provide an opportunity for those learners to access learning material and information. Much research has focused on improving the discovery of learning materials suitable for the needs of those with disabilities. However, there is no standard approach to adaptive techniques for discovering suitable materials. Most current practice focuses on disability type without considering learners' competence. This research proposes a model that addresses the challenge of accessible learning material based on people's competences and functional capability. This model includes data preparation, matching, and presentation.

Published

2016

44. Security risk factors that influence cloud computing adoption in Saudi Arabia government agencies

Author

Madini O. Alassafi, Robert John Walters, Abdulrahman Alharthi, and Gary Wills

Subjects

Service (systems architecture), Government, Knowledge management, Cloud computing security, business.industry, Information technology, Cloud computing, Context (language use), 02 engineering and technology, Private sector, Computer security, computer.software_genre, Order (exchange), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer

Abstract

Cloud computing technologies play a substantial role in public organizations and private sector companies since it reduces the cost of using information technology services and allows users to access the service anytime and everywhere, whilst only paying for what they use. In developing countries, such as Saudi Arabia, the cloud computing is still not widely adopted, compared to countries in the west. In order to promote the adoption of cloud computing, it is important to recognize that an important and specific issue related to cloud computing is the potential and perceived security risks posed by implementing such technology. Therefore, the aim of this research is to investigate the security risk factors that influence organization to adopt cloud computing in a Saudi Arabia context. This research proposed a framework for the successful adoption of cloud computing, focused on risks when implementing security in the cloud system.

Published

2016

45. Investigating the Security Factors in Cloud Computing Adoption: Towards Developing an Integrated Framework

Author

Alharthi, Abdulrahman, Ayad, Alassafi, Madini, Obad, Ahmed Alenezi, Gary Wills, and Robert John Walters

Subjects

Flexibility (engineering), Service (systems architecture), Government, Cloud computing security, Knowledge management, business.industry, Context (language use), Cloud computing, Computer security, computer.software_genre, Utility computing, Order (exchange), Business, computer

Abstract

There are several benefits of using cloud computing in organizations and government agencies such as cost saving and flexibility in getting resources. Cloud computing plays a significant changing in organizations since it allows the users to access the service anytime and everywhere via networks, with paying for using only. In developing countries, such as Saudi Arabia, the cloud computing is still in its early time not widely adopted, compared to countries in the west. In order to promote the adoption of cloud computing, it is important to recognize an important and specific issue related to cloud computing is the potential and perceived security factors that posed by implementing the technology. Hence, the aim of this study is to investigate the security factors that influence organization and government agencies to adopt cloud computing in a Saudi Arabia context. This paper proposed a framework identifies the key factors for the successful adoption of cloud computing, focused on risks, social and security benefits when implementing security in the cloud services. The proposed framework is involving of three categories, social factors category, cloud security risks category and perceived cloud security benefits. The finding showed that all the proposed factors in the framework were statistically significant, except one factors under perceived cloud security benefits were not statically significant.

Published

2016

46. Goal-based security components for cloud storage security framework: a preliminary study

Author

Robert John Walters, Gary Wills, and Fara Yahya

Subjects

Cloud computing security, Security service, Security through obscurity, Security convergence, Data security, Business, Computer security model, Computer security, computer.software_genre, Security testing, computer, Security information and event management

Abstract

There are a variety of ways to ensure the security of data in the cloud depending on the set of anticipated concerns. Many cloud storage secure data either by encrypting data on transfer, or by encrypting data at rest. These security protections seem very different, and currently there are no common goalbased security components for comparing them. In this paper we investigate the security components forming security, which ensures data are securely protected in cloud storage. We will show security components that were extracted by synthesising existing security frameworks and industry accepted standards to satisfy the concerns for which there is little extant research. The components are also mapped to security concerns happening in the cloud. A triangulation method was applied to investigate the important security components. This exploratory research has been considered by security experts and practitioners who confirmed the proposed framework.

Published

2016

47. A Model to Compare Cloud and non-Cloud Storage of Big Data

Author

Victor Chang and Gary Wills

Subjects

Database, Computer Networks and Communications, business.industry, Computer science, Big data, Process (computing), 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, computer.software_genre, Visualization, File size, Consistency (database systems), Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Metric (unit), Data mining, business, Cloud storage, computer, Software

Abstract

When comparing Cloud and non-Cloud Storage it can be difficult to ensure that the comparison is fair. In this paper we examine the process of setting up such a comparison and the metric used. Performance comparisons on Cloud and non-Cloud systems, deployed for biomedical scientists, have been conducted to identify improvements of efficiency and performance. Prior to the experiments, network latency, file size and job failures were identified as factors which degrade performance and experiments were conducted to understand their impacts. Organizational Sustainability Modeling (OSM) is used before, during and after the experiments to ensure fair comparisons are achieved. OSM defines the actual and expected execution time, risk control rates and is used to understand key outputs related to both Cloud and non-Cloud experiments. Forty experiments on both Cloud and non-Cloud systems were undertaken with two case studies. The first case study was focused on transferring and backing up 10,000 files of 1 GB each and the second case study was focused on transferring and backing up 1000 files 10 GB each. Results showed that first, the actual and expected execution time on the Cloud was lower than on the non-Cloud system. Second, there was more than 99% consistency between the actual and expected execution time on the Cloud while no comparable consistency was found on the non-Cloud system. Third, the improvement in efficiency was higher on the Cloud than the non-Cloud. OSM is the metric used to analyze the collected data and provided synthesis and insights to the data analysis and visualization of the two case studies. Organizational sustainability modeling (OSM) compares Cloud and non-Cloud storage.We identify factors affect performance and design ways to make fair comparisons.We explain how to use OSM including its definitions, input and output.We present two case studies of Big Data storage with 40 runs to support.Results are analyzed and presented with data analysis and visualization.

Published

2016

48. Data security in cloud computing

Author

Madini O. Alassafi, Robert John Walters, Ahmed Albugmi, and Gary Wills

Subjects

Cloud computing security, Computer science, business.industry, Software as a service, Data security, Cloud computing, Computer security, computer.software_genre, Security service, Cloud testing, Data Protection Act 1998, business, computer, Data virtualization

Abstract

This paper discusses the security of data in cloud computing. It is a study of data in the cloud and aspects related to it concerning security. The paper will go in to details of data protection methods and approaches used throughout the world to ensure maximum data protection by reducing risks and threats. Availability of data in the cloud is beneficial for many applications but it poses risks by exposing data to applications which might already have security loopholes in them. Similarly, use of virtualization for cloud computing might risk data when a guest OS is run over a hypervisor without knowing the reliability of the guest OS which might have a security loophole in it. The paper will also provide an insight on data security aspects for Data-in-Transit and Data-at-Rest. The study is based on all the levels of SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service).

Published

2016

49. Synote: development of a Web-based tool for synchronized annotations

Author

Yunjia Li, David E. Millard, Jiri Kajaba, Priyanka Singh, Mike Wald, Gary Wills, Shakeel Ahmed Khoja, and Lester Gilbert

Subjects

Ajax, Multimedia, business.industry, Computer science, media_common.quotation_subject, Interoperability, computer.software_genre, Computer Science Applications, Time line, World Wide Web, Annotation, Presentation, Resource (project management), User experience design, Media Technology, Web application, business, computer, Information Systems, media_common, computer.programming_language

Abstract

This paper discusses the development of a Web-based media annotation application named Synote, which addresses the important issue that while the whole of a multimedia resource on the Web can be easily bookmarked, searched, linked to and tagged, it is still difficult to search or associate notes or other resources with a certain part of a resource. Synote supports the creation of synchronized notes, bookmarks, tags, links, images and text captions. It is a freely available application that enables any user to make annotations in and search annotations to any fragment of a continuous multimedia resource in the most used browsers and operating systems. In the implementation, Synote categorized different media resources and synchronized them via time line. The presentation of synchronized resources makes full use of Web 2.0 AJAX technology to enrich interoperability for the user experience. Positive evaluation results about the performance, efficiency and effectiveness of Synote were returned when using it with students and teachers for a number of undergraduate courses.

Published

2011

50. A User-Centric Approach for Secured eDocument Transmission: Digital Signing Practical Issues and the eCert Solution

Author

Andrew M. Gravell, David Argles, Lester Gilbert, Lisha Chen-Wilson, and Gary Wills

Subjects

Engineering, Transmission (telecommunications), Digital signature, business.industry, Access control, Use case, business, Computer security, computer.software_genre, computer, User-centered design

Abstract

Digital signing is commonly used in eDocument security, but does not address all requirements such as fine-grained access control and content status validation. A system for distributing electronic educational certificates (eCertificates) is used as a case study in the eCert project. This paper describes the issues, identifies the required use cases, explores the gap between current techniques and the desired system, and presents a design which meets the requirements. A preliminary implementation confirms that the design is a sound one, and can be used to solve digital signing issues in related scenarios such as mobile IDs and healthcare records.

Published

2011