Papers by Marijke Coetzee
Proceedings of the ... international conference on information warfare and security/The proceedings of the ... international conference on information warfare and security, Mar 21, 2024
The rise in aerial traffic necessitates aircraft localisation methods that go beyond radar techno... more The rise in aerial traffic necessitates aircraft localisation methods that go beyond radar technology's built-in capabilities. The Automated Dependent Surveillance-Broadcast (ADS-B) system is a novel aircraft localisation method that promises to provide the necessary precision to handle the current air traffic surge. The Federal Aviation Administration has, therefore, enforced ADS-B's deployment. However, the architecture of the ADS-B system holds several vulnerabilities. Most of these vulnerabilities are because ADS-B is designed to rely on wireless networks. This paper provides an in-depth analysis of the ADS-B threat landscape and potential mitigations to better understand their distinct characteristics and impact on the ADS-B system. Addressing these security concerns is imperative to ensure ADS-B systems' robustness and trustworthiness and safeguard the aviation industry from potential cyber threats. The paper concludes with a critical review of how well the proposed mitigations address the identified security threats.
Proceedings of the ... international conference on information warfare and security/The proceedings of the ... international conference on information warfare and security, Mar 21, 2024
Even though cybersecurity is a top priority for the aviation industry, research indicates that th... more Even though cybersecurity is a top priority for the aviation industry, research indicates that there are still many challenges to address. Modern aviation systems encompass cloud computing, OT, IoT, mobile devices, and traditional IT infrastructure. The network complexity has expanded the attack surface, leading to an increase in security incidents. Due to this complexity, detecting security incidents on time is challenging. Research indicates that it may take up to 196 days to detect an incident and another 56 days to address it, highlighting the urgency of improving security response. In this regard, establishing Security Operations Centres (SOCs) in the aviation sector must be addressed. SOCs can be instrumental in reducing the time it takes to detect and respond to security incidents. They provide visibility into threats, aid investigations, and enhance forensic efforts, enabling proactive threat mitigation. Research has been carried out on SOC implementations for specific domains like IoT, mobile devices, and higher education, neglecting aviation systems. Aviation systems such as Air Traffic Management (ATM) face unique security vulnerabilities, including signal modification, jamming, flooding, data and command injection, GPS spoofing, and blocking attacks, primarily due to their reliance on wireless technology. Most of these wireless technologies do not use encryption or authentication because they were designed to maximize performance. Insufficient funding also negatively affects ATM systems, resulting in the wide use of legacy ATM systems and a shortage of skilled personnel. ATM systems are considered critical infrastructure frequently targeted by well-resourced threat actors, including terrorists and nation-state actors, necessitating higher protection levels. This paper motivates the development of a customised SOC implementation framework for ATM systems to enhance aviation security by increasing visibility into threats and facilitating timely remediation.
Lecture Notes in Computer Science, 2021
Wi-Fi Protected Access 3 (WPA3) is a certification program that seeks to improve the security of ... more Wi-Fi Protected Access 3 (WPA3) is a certification program that seeks to improve the security of its predecessor Wi-Fi Protected Access 2 (WPA2) by introducing the Simultaneous Authentication of Equals authentication process and mandating the use of Protected Management Frames. This paper details the development of a fuzzing strategy called WPA3Fuzz that seeks to identify vulnerabilities or implementation errors in the Simultaneous Authentication of Equals process and the Protected Management Frames mechanism. Using WPA3Fuzz three vulnerabilities are discovered that are exploited into Denial of Service attacks. Specifically, the Simultaneous Deauthentication of Equals attack is described. The fuzzing strategy successfully identified vulnerabilities in Linux virtualization utilities as well as well as commercially available WPA3 devices.
Mobile devices are considered to be the next logical step in social networking as they become mor... more Mobile devices are considered to be the next logical step in social networking as they become more pervasive and are able to establish direct communication with each other. Mobile social networking is a new movement in social networking as people have membership of both a virtual community through an online social network environment, and a physical community where they are located. A move in mobile social networking is the decentralised exploration of friendships. Short-range wireless protocols like Bluetooth enable collaborative applications between mobile devices of users. Unlike conventional centralised social networks that rely upon a central authority to organise the opinions of each member of the social network and protect their personal information, members of a decentralised network are completely autonomous and responsible for their own individual behaviour. When people meet for the first time, they thus need help to determine if they can trust each other. This book presents BlueTrust, a trust model for use in decentralised mobile social networks. BlueTrust focuses on establishing trust between users in close proximity by computing trust levels to support user interaction.
Mobile devices are considered to be the next logical step in social networking as they become mor... more Mobile devices are considered to be the next logical step in social networking as they become more pervasive and are able to establish direct communication with each other. Mobile social networking is a new movement in social networking as people have membership of both a virtual community through an online social network environment, and a physical community where they are located. A move in mobile social networking is the decentralised exploration of friendships. Short-range wireless protocols like Bluetooth enable collaborative applications between mobile devices of users. Unlike conventional centralised social networks that rely upon a central authority to organise the opinions of each member of the social network and protect their personal information, members of a decentralised network are completely autonomous and responsible for their own individual behaviour. When people meet for the first time, they thus need help to determine if they can trust each other. This book presen...
2013 IEEE Third International Conference on Information Science and Technology (ICIST), 2013
Advances in Intelligent Systems and Computing, 2019
Integrated smart technologies are fast becoming the norm in modern work and home environments for... more Integrated smart technologies are fast becoming the norm in modern work and home environments for providing interactivity and ease of use. Greater interconnectivity, however, enables greater risk of misuse. Logical assets in such environments are protected by logical access control. However, if a logical asset is given a physical form, it no longer has the same protection due to logical and physical access control not being well integrated into physical spaces. Great strides have been made to protect assets in physical spaces by geographically placing a security perimeter around them. Geo-fencing enables the demarcation of a virtual perimeter around locations to protect them from unwarranted access. A limitation of geo-fencing is that location cannot be determined accurately indoors as positioning technologies such as GPS are ineffective, and tag or active positioning systems are easily subverted. This research explores indoor positioning systems to define virtual perimeters in indoor spaces for access control to be performed even when topological changes may occur.
2020 International Conference on Artificial Intelligence, Big Data, Computing and Data Communication Systems (icABCD), 2020
Information from traditional media sources has played an important role in determining the moveme... more Information from traditional media sources has played an important role in determining the movement of stock prices. However, in recent times, online social network platforms have promoted a more efficient way to share such information. The information found on these networks can be exceptionally useful in determining various moods and feelings that surround certain topics. In this paper, ideas and news by expert investors, traders and entrepreneurs are gathered from social media platform, Twitter. Emotion features are extracted by determining the sentiment of the news. Technical features are gathered for a 10 year period, to be used as input into a Recurrent Neutral Network (RNN) model utilizing various optimization techniques to predict the stock volatility of Amazon (AMZN), Apple (AAPL) and Microsoft (MSFT). Results from experiments show that the model performs as expected namely, that with larger volumes of data, performance increases.
Proceedings of the 2nd International Conference on Intelligent and Innovative Computing Applications, 2020
This paper presents DroidSecAware, a native Android application to assist Android users to be mor... more This paper presents DroidSecAware, a native Android application to assist Android users to be more aware of harmful applications that steal and gather their personal information on their Android devices. The current Android architecture allows users to decide what resource an application may access when the application is installed. If a malicious application is installed, it can gather sensitive information from users without their knowledge. To protect users by providing them with more awareness of the permissions requested by applications, DroidSecAware is proposed. DroidSecAware consists of three components that each target a specific aspect to secure Android devices and make users more aware of their actions. When combined these components provide an environment where users can learn and share knowledge on how to make better choices when installing applications on their Android devices. The results indicate that there is a need for such an application for users as they feel vulnerable when installing applications. DroidSecAware addressed this by providing an environment where Android users are supported by experts to make better permission choices.
2018 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD), 2018
The Identity and Access Assurance (IAA) Component Model provides a comprehensive view of identity... more The Identity and Access Assurance (IAA) Component Model provides a comprehensive view of identity and access management components at an executive level. Showing the current status of the IAA environment within an organisation allows strategic identity and access decisions to be made based on risk, compliance requirements and end user experience. The IAA component model dimension view provides a 3rd level of analysis, whereby the current state of an organisation is depicted based on an evaluation criterion. Evaluation criteria include concepts such as hot spots, maturity, technology gaps and compliance as base dimensions. Dimension attributes include concepts such as description, evaluation score, graphical representation and evaluation reference data. The lifecycle of data gathering, analysis and presentation requires a methodology to ensure the process is well defined and understood by all participating parties. This paper investigates different evaluation models that can be applied to the IAA Component Model to define the various dimensions of components. A methodology is suggested that will assist organisations in creating the dimensions for their IAA Component Model.
2020 International Conference on Artificial Intelligence, Big Data, Computing and Data Communication Systems (icABCD), 2020
Event based social networks enable users to make real connections with both the real and virtual ... more Event based social networks enable users to make real connections with both the real and virtual worlds. This research aims at providing a way to increase user satisfaction at the events they attend from the event based social network. Two approaches are explained and used to determine the user's interests from the events they have attended and also through the sentiment analysis of the reviews they have given for these events. A profile specific to each user is developed to support event recommendations to users in the system based on a matching profile and a set of at least K friends on the social network. The paper uses content-based filtering by using the events details to make recommendations and collaborative filtering to find users who have similar interests. Lastly the sentiment of event reviews is determined to gain an understanding about how users feel about the events they attended. This sentiment data is integrated into the recommendation of events. The paper also discusses the results achieved and the limitations of the current state of the algorithm.
Proceedings of Sixth International Congress on Information and Communication Technology, 2021
Security for Web Services and Service-Oriented Architectures, 2009
An access control model restricts the set of service requestors that can invoke Web service’s ope... more An access control model restricts the set of service requestors that can invoke Web service’s operations. While access control has been widely investigated, especially in database systems [42], only recently work on security for Web services emerged as an important part of the Web service saga [285, 237, 41]. However, most approaches assume that the Web services are stateless.
Abstract—Web Services technology provides organizations with the ability to exploit the serviceor... more Abstract—Web Services technology provides organizations with the ability to exploit the serviceoriented computing paradigm by enabling location and connection independent services. There is an increased risk that undetected, unauthorised accesses to services may occur, as interaction is enabled by unattended automated systems. Services are provided by independent business infrastructures that cannot adopt similar access control capabilities. As services may be used in unexpected ways, by any number of unknown partners, ...
The rapid growth of the Internet and the deployment of intranets and extranets increase the impor... more The rapid growth of the Internet and the deployment of intranets and extranets increase the importance of connecting to existing databases. More than ever before, it is possible to deliver information instantly to thousands of internal and external users via XML and client interfaces.
ISSA: Information Security South Africa, Sandton, South Africa, Jul 1, 2005
The Extensible Access Control Markup Language (XACML) is a platform independent standard based ac... more The Extensible Access Control Markup Language (XACML) is a platform independent standard based access control policy specification language. It defines rules on how authorization decisions from evaluating applicable access control policies are combined. However, it fails to incorporate built-in trust and privacy-enhancing mechanisms. There are some possible attacks that are identified in the specification that can potentially breach the security of a system using XACML. They are: unauthorized disclosure, ...
... Summary Title: WSACT A Model for Web Services Access Control incorporating Trust Candidate:... more ... Summary Title: WSACT A Model for Web Services Access Control incorporating Trust Candidate:Marijke Coetzee Supervisor: Prof JHP Eloff Department: Department of Computer Science, Faculty of Engineering, Built Environment and Information Technology ...
People, whether for business or pleasure, often travel or visit locations they are unfamiliar wit... more People, whether for business or pleasure, often travel or visit locations they are unfamiliar with. To overcome this, a mobile tourist recommendation system can be used. This system is able to generate tourist attraction recommendations for a person, based on a number of criteria such as time and location. One criterion often overlooked though, is a person's social environment. This is an important consideration as touring is often done with more than one person. By not considering the other people within a person's social environment, ...
Uploads
Papers by Marijke Coetzee