Bob Duncan

Bob Duncan
University of Aberdeen | ABDN · Department of Computing Science

PhD

About

69
Publications
132,340
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
711
Citations

Publications

Publications (69)
Preprint
Full-text available
In recent years, Cloud Computing has transformed local businesses and created new business models on the Internet- and Cloud services are still flourishing. But after the emphatic hype in the early years, a more realistic perception of Cloud services has emerged. One reason for this surely is that today, Cloud Computing is considered as an establis...
Conference Paper
Full-text available
Cyber security for SMEs is a challenging activity. Since large corporations started to improve their cyber security process and strategies, this has made life considerably more challenging for attackers. This has resulted in a change of approach by attackers to pursuing SMEs. They have found such companies to be far less focussed on achieving reall...
Conference Paper
Full-text available
Disregarding cybersecurity risk management by SME decision-makers became a phenomenon that needs to be studied. Specifically, the lack of cybersecurity risk management investments, which will lead to further risks. The Covid-19 pandemic has proven how the seriousness of cybersecurity threats could increase dramatically in a short period. The author...
Conference Paper
Full-text available
Ignoring the importance of cybersecurity risk management in SMEs became an issue among decision-makers. Lack of strategic investment decision by SMEs could lead to further risks and vulnerabilities. The significant increase of cybersecurity threats might become a very difficult task for both SMEs and other parties in the future. The purpose of this...
Conference Paper
Full-text available
All corporate businesses are under constant attack. There is no doubt that the adoption of a multitude of cheap Internet of Things devices have proved to be a great enabler of the vastly expanded potential for data collection to run systems, processes, and machines more effectively. Unfortunately, their very cheapness often means that security is n...
Conference Paper
Full-text available
Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal. There are many reasons for this. The most significant of these is that the audit trail is a highly sought after goal of attackers to ensure that they do not get caught. Thus they have an incredibly strong incentive to prevent companies from succeeding...
Book
Full-text available
The Twelfth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2021), held on April 18 - 22, 2021, continued a series of events targeted to prospect the applications supported by the new paradigm and validate the techniques and the mechanisms. A complementary target was to identify the open issues and the challe...
Conference Paper
Full-text available
It has traditionally been the case that the Internet of Things represents the weak link in the corporate information system chain. While research has tried to improve the status quo, this has brought a new challenge to the table. Corporate systems, while generally much stronger than Internet of Things systems, are not, in themselves, totally secure...
Book
Full-text available
The Eleventh International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2020), held on October 25 - 29, 2020, continued a series of events targeted to prospect the applications supported by the new paradigm and validate the techniques and the mechanisms. A complementary target was to identify the open issues and the cha...
Conference Paper
Full-text available
Small and medium-sized enterprises (SMEs) have been encouraged to take advantage of any possible business opportunities by utilizing and adopting new-technologies such as cloud computing services, there is a huge misunderstanding of their cyber threats from the management perspective. Underestimation of cybersecurity threats by SMEs leads to an inc...
Book
Full-text available
CLOUD COMPUTING 2019 Proceedings of the Tenth International Conference on Cloud Computing, GRIDs, and Virtualization
Conference Paper
Full-text available
In recent years, Cloud Computing has transformed local businesses and created new business models on the Internet-and Cloud services are still flourishing. But after the emphatic hype in the early years, a more realistic perception of Cloud services has emerged. One reason for this surely is that today, Cloud Computing is considered as an establish...
Conference Paper
Full-text available
Blockchain presents a new paradigm for delivering a very robust audit trail through the use of distributed ledger technology. There is the potential to provide a high level of security while keeping costs under control. There are, of course, many challenges, which are specific to cloud computing, and these must be identified and addressed before th...
Conference Paper
Full-text available
The cloud is embedded in the operations of large businesses, who will understand the incentives in terms of cost reduction but also need to recognise, accept and mitigate the risks that come with adoption of an approach that brings in more actors and more opportunities for rogue interventions. We address the extent to which the five quoted UK banks...
Conference Paper
Full-text available
In the current business climate, there is an ever growing need for companies to comply with a range of legislation, regulation and standards. There is also a need for companies to be transparent in demonstrating that they are in compliance and due to the nature of certain cloud weaknesses, this can prove to be problematic. Given the potential magni...
Conference Paper
Full-text available
Historically, little more than lip service has been paid to the rights of individuals to act to preserve their own privacy. Personal information is frequently exploited for commercial gain, often without the person's knowledge or permission. New legislation, such as the EU General Data Protection Regulation Act, has acknowledged the need for legisl...
Conference Paper
Full-text available
The EU General Data Protection Regulation (GDPR) has been with us now since the 25th May 2018. It is certainly the case that in many of the 28 EU countries, regulators were not all properly resourced by the starting deadline. However, progress has been made since then. We review the challenges faced by cloud users, and consider whether all the comp...
Conference Paper
Full-text available
In recent years, Cloud Computing has transformed local businesses and created new business models on the Internet-and Cloud services are still flourishing. But after the emphatic hype in the early years, a more realistic perception of Cloud services has emerged. One reason for this surely is that today, Cloud Computing is considered as an establish...
Article
Full-text available
Many cloud users are heading into a potentially devastating regulatory disaster zone. A major unresolved cloud issue, namely the cloud forensic problem, this is likely to mean many cloud users will be unable to be compliant with the new EU General Data Protection Regulation. We consider the possible use of blockchain, a cryptocurrency based mechani...
Article
Full-text available
The EU General Data Protection Regulation (GDPR) came into effect across the EU on 25th May 2018. It will certainly be the case that a great many companies will be inadequately prepared for this significant event. While a great many companies who use traditional in-house distributed systems are likely to have a hard enough job trying to comply with...
Article
Full-text available
It would seem that some companies have been slow or unable to secure their cloud activities or to be aware of breaches in a timely manner. The European Union (EU)s General Data Protection Regulation (GDPR) has been introduced with the intent of sufficient threat of meaningful fines that directors will now take cloud security seriously, even if they...
Article
Full-text available
IT security and privacy has always been a challenging problem to address, but with cloud, there is an exponential increase to the challenge. Once an attacker successfully breaches a cloud system, the intruder will seek to escalate privileges in order to delete the forensic trail, thus covering their tracks. There is little to prevent this from happ...
Conference Paper
Full-text available
Many cloud users are oblivious to the potential regulatory risks facing them should they be unable to comply with the EU General Data Protection Regulation (GDPR). As a result of one of the last minute changes to the GDPR last year, whereby instead of requiring reporting of a breach 'within 72 hours of the occurrence of that breach', it was changed...
Conference Paper
Full-text available
A great many cloud users face a difficult challenge in respect of the forthcoming EU General Data Protection Regulation, which comes into effect on 25th May, 2018. While all computer systems are continuously under attack, those who operate conventional distributed network systems stand a far greater chance of being able to demonstrate compliance th...
Conference Paper
Full-text available
Many attackers constantly threaten the very survival of all organisations. They will attack any and every IT component of every organisation, whether financial, industrial, retail, service, educational, charitable or governmental, using whatever means they can to breach these systems. They ignore legislation, regulations and standards, do not care...
Conference Paper
Full-text available
IT security and privacy is a challenging problem to address, and when cloud is used, there is an exponential increase in the challenge. A particular challenge is the cloud forensic problem, which arises when an attacker succeeds in breaching a cloud system, because one of the first aims is to delete the forensic trail, and there is little to preven...
Conference Paper
Full-text available
There is no doubt that the forthcoming European Union (EU) General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, will certainly concentrate many corporate minds. As for those who rely on cloud computing, there is likely to be even more consternation in the ranks, due to the issues surrounding dealing with the Cloud Fo...
Conference Paper
Full-text available
In previous literature, an inclusive practice approach to counteract possible areas of concern regarding cloud-based security for virtual learning environments has been proposed. In this paper, the theoretical framework 'transformability theory' underpinning such a proposal is applied in the context of higher education. Practicalities and limitatio...
Conference Paper
Full-text available
The forthcoming EU General Data Protection Regulation (GDPR) will come into effect across the EU on 25th May 2018. It will certainly be the case that a great many companies will be inadequately prepared for this significant event. While a great many companies who use traditional in-house distributed systems are likely to have a hard enough job tryi...
Conference Paper
Full-text available
Cloud security is often seen as a technical problem. We argue that its solution needs both technical and management input. We find that cloud computing offers reliability and flexibility and its low cost makes it attractive, particularly to small and medium sized enterprises. We note that security technology must be adopted universally and often pr...
Conference Paper
Full-text available
Many cloud users are blindly heading into a potentially devastating regulatory disaster zone. Given the shortcomings of the cloud due to the cloud forensic problem, this is likely to mean many cloud users will be unable to be compliant with the forthcoming EU General Data Protection Regulation when it comes into effect on 25th May, 2018. We conside...
Book
Full-text available
Proceedings of the Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
Conference Paper
Full-text available
Cloud computing has been a great enabler for a great many companies and individuals in the decade or so since it gained traction. The ability to access new systems rapidly without concern for forward planning, accessing corporate budgets and in particular the ability to scale up (or down) on demand has proved particularly attractive. A great many r...
Article
Full-text available
Conventional web based systems present a multi-plicity of attack vectors and one of the main components, the database, is frequently configured incorrectly, frequently using default settings, thus leaving the system wide open to attack. Once a system has been attacked, valuable audit trail and system log data is usually deleted by the intruder to c...
Conference Paper
Full-text available
Ahead of the introduction of the EU General Data Privacy Regulation, we consider some important unresolved issues with cloud computing, namely, the insecure cloud audit trail problem and the challenge of retaining cloud forensic evidence. Developing and enforcing good cloud security controls is an essential requirement for this is to succeed. The n...
Conference Paper
Full-text available
The new EU General Data Protection Regulation comes into effect on 25 May 2018. The vast majority of financial institutions in the UK are woefully under-prepared to comply with this legislation. Current estimates suggest that UK banks could potentially suffer fines in the first year alone of over 5 Billion Euros. We argue how a simple encryption me...
Conference Paper
Full-text available
Achieving enterprise security is a huge challenge, which becomes much more challenging when cloud is added to the mix, due to the multi-tenancy nature of cloud ecosystems. Once we add the dimensions of the Internet of Things (IoT) and Big Data, this problem becomes exponentially more complex. We consider why this is so and highlight a number of key...
Book
In the era of Internet of Things (IoT) and with the explosive worldwide growth of electronic data volume, and associated need of processing, analysis, and storage of such humongous volume of data, several new challenges are faced in protect-ing privacy of sensitive data and securing systems by designing novel schemes for secure authentication, inte...
Chapter
Full-text available
Achieving cloud security is not a trivial problem to address. Developing and enforcing good cloud security controls are fundamental requirements if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desira...
Conference Paper
Full-text available
Achieving information security in the cloud is not a trivial exercise. When the systems involved are accounting software systems, this becomes much more challenging in the cloud, due both to the systems architecture in use, the challenges of proper configuration, and to the multiplicity of attacks that can be made against such systems. A particular...
Conference Paper
Full-text available
Unikernels allow application deployment through custom-built minimal virtual machines. The authors investigate how unikernels and their inherent minimalism benefit system security. The analysis starts with common security vulnerability classes and their possible remediation. A platonic unikernel framework is used to describe how unikernels can solv...
Chapter
Full-text available
In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be trans-ferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to other cloud security approaches, starting with t...
Conference Paper
Full-text available
Cloud security and privacy is a very challenging problem to solve. We started a project to explore a new approach to addressing this problem by utilising a unikernel based solution. In this paper, we outline the technical details of such an approach, identifying how this new approach can better address the issues involved. We have demonstrated how...
Conference Paper
Full-text available
Physical testbeds offer the ability to test out cyber-security practices, which may be dangerous to implement in a real-life scenario. They also provide a means to educate students and researchers on effective cyber-defence practices. However, the majority of existing non-virtualised physical testbeds are costly, inaccessible, and are often locatio...
Conference Paper
Full-text available
The use of IT based systems in mainstream education brings a particular focus to bear on security. When these systems involve the use of cloud, the challenge increases exponentially. There are a great many benefits to be gained from cloud use, and therefore, we argue that developing a suitable approach to provide a secure cloud based learning envir...
Conference Paper
Full-text available
Cloud computing has been with us for over a decade now. Cloud based systems present a multiplicity of attack vectors. Cloud users frequently fail to grasp the complexity of cloud ecosystems, and fail to monitor properly what is going on within their cloud ecosystem. Due to the failure to monitor properly, and the frequent time lag between penetrati...
Conference Paper
Full-text available
In today's corporate world, the notion of corporate governance has taken a more important role in the management of large corporates. There is a growing consensus that large corporates ought to take more of a stewardship approach to running a company in a clear attempt to move away from the agency theory approach, with all its attendant problems an...
Conference Paper
Full-text available
Conventional web based systems present a multiplic-ity of attack vectors. One of the main components, the database, is frequently configured incorrectly, often using default settings, which leave the system wide open to attack. Once a system has been attacked, valuable audit trail and system log data is usually deleted to cover the trail of the per...
Book
Full-text available
The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2017), held between February 19-23, 2017 in Athens, Greece, continued a series of events meant to prospect the applications supported by the cloud computing paradigm and validate the techniques and the mechanisms. A complementary target was to identif...
Conference Paper
Full-text available
Cloud computing has been a great enabler for both the Internet of Things and Big Data. However, as with all new computing developments, development of the technology is usually much faster than consideration for, and development of, solutions for security and privacy. In a previous paper, we proposed that a unikernel solution could be used to impro...
Conference Paper
Full-text available
Achieving information security and privacy is not a trivial exercise. This becomes much more challenging in the cloud, due to the multi-tenancy nature of cloud ecosystems. We are concerned that the traditional legacy compatible approach to software development is holding enterprises back from achieving effective security and privacy, particularly i...
Conference Paper
Full-text available
Achieving cloud security is not a trivial problem and developing and enforcing good cloud security controls is a fundamental requirement if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable char...
Presentation
Full-text available
Seminar: Enhancing Cloud Security and Privacy: The Pros and Cons
Conference Paper
Full-text available
Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a...
Conference Paper
Full-text available
Many people assume that cloud audit is no more difficult than IT audit in general. We provide an outline of the evolution of cloud, providing an explanation of how it differs from conventional IT. We then discuss some of the benefits and drawbacks of cloud, particularly in connection to audit challenges, highlighting the dangers and shortcomings of...
Presentation
Full-text available
Seminar for Oil and Gas Computing Science Masters students,
Article
Full-text available
Cyber-security presents a serious challenge. Cyber security in the cloud presents a far more serious challenge, due to the multi-tenant nature of cloud relationships and the transitory nature of cloud instances.We have identified a fundamental weakness when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what co...
Conference Paper
Full-text available
Defining proper measures for evaluating the effectiveness of an assurance model, which we have developed to ensure cloud security, is vital to ensure the successful implementation and continued running of the model. We need to understand that with security being such an essential component of business processes, responsibility must lie with the boa...
Conference Paper
Full-text available
Since the inception of cloud computing, security researchers have been active in addressing the question of cloud information security, which has seen the development of a wide range of technical solutions. The same can be said for non-cloud information security research which has been active for a far longer period of time. Yet, year on year, secu...
Conference Paper
Full-text available
Achieving security and privacy in the cloud is not a trivial exercise. Indeed, the difficulties associated with achieving this goal are both many and highly complex, and present one of the major barriers to the uptake of cloud computing. Yet, we know cloud computing offers the possibility of substantial economic benefit to firms, as well as providi...
Conference Paper
Full-text available
Historically, companies have been managed under the principles of agency theory. There is evidence to suggest that the complexity of modern computing systems, and in particular cloud computing systems, has become so convoluted that the principles of agency theory can no longer cope. We suggest that the adoption of stewardship theory for cloud secur...
Conference Paper
Full-text available
All Cloud computing standards are dependent upon checklist methodology to implement and then audit the alignment of a company or an operation with the standards that have been set. An investigation of the use of checklists in other academic areas has shown there to be significant weaknesses in the checklist solution to both implementation and audit...
Conference Paper
Full-text available
Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assur- ance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly man- aged by recognising the implications of the self-interest...
Conference Paper
Full-text available
Managing information security in the cloud is a challenge. Traditional checklist approaches to standards compliance may well provide compliance, but do not guarantee to provide security assurance. The complexity of cloud relationships must be acknowledged and explicitly managed by recognising the implications of self-interest of each party involved...
Conference Paper
Full-text available
Corporate voluntary disclosure covers a wide variety of annual report content that might be truly voluntary or is, at least, not formally and clearly mandated. UK discursive reporting requirements have evolved over time and, from October 2013, require a “fair review of the company’s business and … a balanced and comprehensive analysis of … the deve...
Conference Paper
Full-text available
These notes describe a contribution to the 2011 GIVE Challenge from the University of Aberdeen. Our contribution focuses on an attempt to increase the extent to which participants felt engaged in the direction giving/following game on which the GIVE challenge focuses.

Network

Cited By