David Preston

A New Approach of Digital Forensic Model for Digital Forensic Investigation

The research introduces a structured and consistent approach for digital forensic investigation. Digital forensic science provides tools, techniques and scientifically proven methods that can be used to acquire and analyze digital evidence. The digital forensic investigation must be retrieved to obtain the evidence that will be accepted in the court. This research focuses on a structured and consistent approach to digital forensic investigation. This research aims at identifying activities that facilitate and improves digital forensic investigation process. Existing digital forensic framework will be reviewed and then the analysis will be compiled. The result from the evaluation will produce a new model to improve the whole investigation process.

Website Design and Localisation: A Comparison of Malaysia and Britain

This study aims to explore the local cultural values on Malaysian and British websites selected from different sectors. In recent years, a number of studies have addressed the issue of local culture in website design, but most of the studies have focused on USA representing western cultures, whereas Chinese and Japanese cultures have been the main focal point of Asian cultures. This study intends to fill this gap, focusing on less-debated cultures: Malaysia and Britain. It applies Hofstede’s individualism/collectivism, and power distance, and Hall’s high/low-context cultural dimensions, and analyses how these cultural values are reflected in Malaysian and British websites. A content analysis of the websites highlights considerable differences in representing local cultural values on the local websites.

Kaizen: the applicability of Japanese techniques to IT

The initial objective of this paper is to discover the concepts behind Kaizen, which is the Japanese word for improvements. It implies a gradual and continuous change for the better and occurs within a stable environment. A Japanese perspective was adopted because the Japanese have experienced particular success using Kaizen; learning from their structure was then extrapolated on to the particular problems encountered within the software industry.The conclusion reached was that Kaizen has no definite cultural dependence, therefore it can be successfully employed in software development. Its particular appeal lies in the fact that it is people- and process-oriented, as a result quality is built into the system through the people who work on it and through process control. The former is established via training and education, participative management and by fostering involvement in the organization. Psychological constructs such as motivation and satisfaction are examined through the person-environment fit and job characteristics theory to discover their application to software personnel.Process control is suggested as a means of building quality by using statistical methods which should be accessible at all levels of the organizational hierarchy. The importance of management commitment to this fundamental change in work practices is highlighted. Finally, with regard to software development, a different perspective on the life-cycle is presented which attempts to amalgamate all the ideas that Kaizen incoporates to take advantage of the latest technological capabilities.

Taxonomy of quality metrics for assessing assurance of security correctness

Assurance is commonly considered as “something said or done to inspire confidence” (Webster dictionary). However, the level of confidence inspired from a statement or an action depends on the quality of its source. Similarly, the assurance that the deployed security mechanisms exhibit an appropriate posture depends on the quality of the verification process adopted. This paper presents a novel taxonomy of quality metrics pertinent for gaining assurance in a security verification process. Inspired by the systems security engineering capability maturity model and the common criteria, we introduce five ordinal quality levels for a verification process aimed at probing the correctness of runtime security mechanisms. In addition, we analyse the mapping between the quality levels and different capability levels of the following verification metrics families: coverage, rigour, depth and independence of verification. The quality taxonomy is part of a framework for the Security Assurance of operational systems. These metrics can also be used for gaining assurance in other areas such as legal and safety compliance. Furthermore, the resulting metrics taxonomy could, by identifying appropriate quality security requirements, assist manufacturers of information technology (IT) in developing their products or systems. Additionally, the taxonomy could also empower consumers in IT security product selection to efficaciously and effectively match their organisational needs, while IT security evaluators can use it as a reference point when forming judgments about the quality of a security product. We demonstrate the applicability of the proposed taxonomy through access control examples.

Geofencing in a Security Strategy Model

The aim of this research paper is to investigate and create a security strategy model using geofencing; which can then be used to secure wireless local area networks (WLANs). In order to do so, the investigation will use the systematic arrangement and design used by geofencing technology for locating pre-configured wireless laptop. The objective is for the wireless laptop to function within a defined geographical area and be served by a specified wireless intercommunication unit. This is so that the defined geographical area can be used as a geo-fenced test bed to monitor the acts of the wireless laptop when communicating with the electromagnetic waves which is the medium through which it transmits data and communicates with the wireless intercommunication unit. By performing this experiment the security strategy model will be used to observe, detect and record the operations of the electromagnetic waves as they convey information within the geo-fenced test bed to the wireless laptop. Finally, by recording the operations the investigation will look to identify if predetermined acts took place within the geo-fenced test bed and in so doing develop a trusted security strategy model.

Securing address registration in location/ID split protocol using ID-based cryptography

The Locator/ID Separation Protocol (LISP) is a routing architecture that provides new semantics for IP addressing. In order to simplify routing operations and improve scalability in future Internet, the LISP separates the device identity from its location using two different numbering spaces. The LISP also, introduces a mapping system to match the two spaces. In the initial stage, each LISP-capable router needs to register with a Map Server, this is known as the Registration stage. However, this stage is vulnerable to masquerading and content poisoning attacks. Therefore, a new security method for protecting the LISP Registration stage is presented in this paper. The proposed method uses the ID-Based Cryptography (IBC) which allows the mapping system to authenticate the source of the data. The proposal has been verified using formal methods approach based on the well-developed Casper/FDR tool.

Cybercrime Victimisations/Criminalisation and Punishment

With the increased of use of the internet as a means of sharing information, the need to protect and preserve the confidentiality and integrity of data is ever more evident. The digital age provides not only established criminals with new ways of committing, but also has empowered previously non deviant individuals, into new cyber criminal behaviour. Many individuals are unaware of online threats and many fail to take advantage of precautionary measures to protect themselves from risks when they are online. Therefore, individuals consistently underestimate their risk of becoming victims or underestimate the punishment that may face if they are engaged on online deviant behaviour. This ongoing research has found that there is a relationship between individual’s perception of cybercrime law and cybercrime victimisation and/or criminalisation.

Modelling Trust Requirements by Means of a Visualization Language

Little effort has been put into understanding how trust can be modelled and reasoned when developing information systems. Equally little effort has been put into developing visual languages to support trust modelling. Our motivation comes from this situation and we aim to develop a visualization language for trust related requirements elicitation. In this paper we highlight the lack of substantial work in this area and we describe the foundation for such a visualization language.

A Meta-model for Legal Compliance and Trustworthiness of Information Systems

Information systems manage and hold a huge amount of important and critical information. For this reason, information systems must be trustworthy and should comply with relevant laws and regulations. Legal issues should be incorporated into the system development process and there should be a systematic and structured assessment of a system’s trustworthiness to fulfil relevant legal obligations. This paper presents a novel meta-model, which combines legal and trust related concepts, to enable information systems developers to model and reason about the trustworthiness of a system in terms of its law compliance. A case study is used to demonstrate the applicability and benefits of the proposed meta-model.

A framework for culture influence Virtual Learning Environments trust

Trust problems in virtual learning environments are the main problems why virtual learning environments providers do not have enough number of students to participate in these environments. This study proposed a framework to explain the factors that constitute students trust in virtual learning environments across different cultures. The variables that constitute students trust factors are found to vary across cultures with regards to their respective parametric values.