Simon Tjoa

Forensics Investigations of Multimedia Data: A Review of the State-of-the-Art

Digital forensics is one of the cornerstones to investigate criminal activities such as fraud, computer security breaches or the distribution of illegal content. The importance and relevance of this research fields attracted various research institutes leading to substantial progress in the area of digital investigations. One essential piece of evidence is multimedia data. For this reason this paper provides an overview of the state-of-the-art in the forensic investigation of multimedia data, the relationship between the various research fields and further potential research activities.

Integration of an Ontological Information Security Concept in Risk Aware Business Process Management

The ability to prevent risks as well as to appropriately counteract occurring threats has increasingly become a crucial success factor. Traditional business process management provides concepts for the economical optimization of processes, while risk management focuses on the design of robust business processes. While aiming at the same goal, namely the improvement of business, the approaches how to reach this vary, due to a different understanding of improvement Following this, optimizing recommendations of business process management and risk management may be contradictory. Therefore, we proposed a unified method, integrating both points of views to enable risk-aware business process management and optimization. In this paper, we briefly describe the ROPE (risk-oriented process evaluation) methodology and the security ontology concept, which provides a solid knowledge base for an applicable and holistic company specific IT security approach. This heavy-weight ontology provides structured knowledge regarding the relations between threats, safeguards, and assets, which are crucial for modeling processes in ROPE. We show how the integration of the security ontologys knowledge base enhances the applicability of the ROPE methodology leading to improved risk-aware business process management.

A Formal Approach Enabling Risk-Aware Business Process Modeling and Simulation

The effective, efficient and continuous execution of business processes is crucial for meeting entrepreneurial goals. Business process modeling and simulation are used to enable desired business process optimizations. However, current approaches mainly focus on economic aspects while security aspects are dealt with in separate initiatives. This missing interconnection may lead to significant differences in improvement suggestions, such as the differing valuation of security investments (e.g., redundancy of systems). The major contribution of this paper is the introduction of a formal model that is capable of expressing the relations between threats, detection mechanisms, safeguards, recovery measures and their effects on business processes. This novel business process simulation capability paves the way for the evaluation of security investments at process design stage by allowing the consideration of stochastic influences of the occurrence of threats on process activities and resources in a unified way. A stylized business case outlines how our method can be applied to real world scenarios.

A reference model for risk-aware business process management

The major contribution of this paper is the introduction of a reference model which is capable to consider information acquired within the business process management and risk management domain. The central objective of the reference model is to enable the modeling of risk aspects in such a way that it provides the foundation for risk-aware business process simulations. Within this paper, we firstly present an approach that combines essential activities of business process and risk management leading to risk aware business process management within an organization. Secondly, we illustrate our novel reference model which comprises extensions of existing modeling languages in order to meet our simulation-based risk-evaluation needs. We conclude this paper stating future research challenges.

Facebook Watchdog: A Research Agenda for Detecting Online Grooming and Bullying Activities

Due to the rising popularity of communications taking place in social networks, an inconsiderable part of interpersonal interactions of young people is performed online. By introducing novel communication media, new risks and threats, such as cyber bullying, -stalking and online grooming, emerge. The main affected group in this context are children between 12 to 17. The major contribution of this paper, is a research agenda for a Facebook Watchdog application pursuing the aim to detect the above-mentioned threats to improve the situation. Threat indications are determined by image analysis, social media analytics, and text mining techniques in order to raise awareness about ongoing attacks and to provide assistance for further actions.

A Comprehensive Literature Review of File Carving

File carving is a recovery technique allowing file recovery without knowledge about contextual information such as file system metadata. Due to recent advancements in research, file carving has become an essential technique for both general data recovery and digital forensics investigations. During the last few years a considerable amount of publications has been published on the topic of file carving. Out of around 130 publications in this field we selected 70 key papers with major contributions to the topic in order to identify potential fields of future research activities. The first contribution of this paper is a survey on state-of-the-art literature supporting researchers and practitioners in gaining a comprehensive view on the progress in file carving research. In addition to that, the second major contribution of this paper is a (preliminary) file carving ontology. The purpose of the ontology presented within this paper is to push forward recovery approaches that are based on knowledge bases processible by computer systems.

Roadmap to Approaches for Carving of Fragmented Multimedia Files

File carving is a recovery technique which does not consider file tables or other meta-data which is used to organize data on storage media. As files can be recovered based only on their content and/or structure this technique is an indispensable task during digital investigations. The main contribution of this paper is a survey about new approaches in the file carving research field and a roadmap that outlines the necessary steps towards video file carving. So far many approaches for the recovery of digital images have been proposed. After a short discussion of relevant representatives in this domain we focus on the applicability of these approaches to the recovery of multimedia files. Further this paper discusses ideas from the forensics wiki for their applicability to such a file carver. Finally our findings are summarized verbally and visually as a roadmap.

A roadmap to risk-aware business process management

The continuous, effective and efficient performance of business processes is the central element for entrepreneurial success. In order to achieve the abovementioned goal various disciplines are involved: The improvement from an economical viewpoint is mainly performed by the domain of business process management, whereas the consideration of risks and continuous execution of business processes is considered separately by risk management and business continuity management. We observed that this separation often leads to inefficiencies as decisions can be contradictory and a consistent information basis is missing. Therefore, we introduce our vision of risk-aware business process management that is capable of providing information for economic as well as for security disciplines.

Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support

Increasingly, companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT, it is essential to establish effective incident handling. In this paper, we introduce new extensions of the risk-aware business process management framework ROPE (risk-oriented process evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).

A Formal Approach Towards Risk-Aware Service Level Analysis and Planning

Effectively and efficiently performing business processes is a key success factor for achieving economic entrepreneurial goals. Amongst others, the argument of more stringent cost pressure lead companies to enforce outsourcing activities. Thus, the management of services - both, from the service requester and provider point of view - gained importance. However, considering only economic aspects is half the truth. One must not forget to simultaneously reflect risk aspects in an integrated way. Observing developments in the past years one can see that regulative bodies, the industry as well as the research community laid a special focus on the tighter integration of business process and risk management. In the course of this movement, we developed a conceptual method enabling risk-aware business process modeling and simulation. The major contribution of this paper is to introduce formal extensions of risk-aware business process management in order to support the related discipline of service management, especially risk-aware service analysis and planning.