Towards an improved national crime reporting system
Abstract
This study examined the current system of registering crimes and criminals in Uganda Police Force. Emphasis was particularly put on the performance bottlenecks in terms of data security as far as existing processes involved in crime reporting are concerned. These were authentication, integrity, confidentiality, identification, non-repudiation, availability and risk management. It was adduced that confidentiality mechanisms in Uganda Police do not protect transactions against unauthorized reading, copying, or disclosure. Also integrity mechanisms do not provide transaction accuracy and assurance that the transactions have not been altered or deleted.
The study yielded a hierarchical attack tree model for data security attributes. The purpose of this model was to represent the division of each primary threat into sub-attacks, either all or some of them being necessary to materialise the primary threat. The sub-attacks were then divided further, until the state where it does not make sense to divide the resulting attacks any more, was reached.
Vulnerabilities were assessed using a probabilistic approach and it came out that the probability of the current system being vulnerable to attacks was more than the probability of the new system being vulnerable to attacks from different sources. The new system being referred to here is the system that was designed from my study. This was justifiable to conclude that the new system is more secure and hence an improved one. This is yet another positive contribution of this research.
In the new system, there is a security feature of printing audit trail logs at the end of every
day. These can then be signed by the Systems Administrator and kept with the Inspector
General of Police and the Chief Justice. In the event that complaints arise about particular cases, the print-outs of the kept audit trail logs can be produced and if a particular date’s records on the kept print-out and the system’s fresh print-out do not match, then this means at one time, those records were altered. The feature was not there in the old system and its presence in the new system enhances non-repudiation.