The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
To solve the problems of noise interference and multistream tracing in anonymous network tracing, this article proposes an interval packet-size-based spread spectrum (IPS3) network flow watermarking technology, which adopts a new watermarking carrier based on the original direct sequence spread spectrum (DSSS) technology. On one hand, IPS3 solves the problem of multistream tracing through the operation...
Software vulnerabilities pose significant security risks to the host computing system. Faced with continuous disclosure of software vulnerabilities, system administrators must prioritize their efforts, triaging the most critical vulnerabilities to address first. Many vulnerability scoring systems have been proposed, but they all require expert knowledge to determine intricate vulnerability metrics...
It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements...
Internet of Things (IoT) brings the third development wave of the global information industry, which makes users, network, and perception devices cooperate more closely. However, if IoT has security problems, it may cause a variety of damage and even threaten human lives and properties. To improve the abilities of monitoring, providing emergency response, and predicting the development trend of IoT...
In the MANETs (Mobile Ad Hoc Networks), attack detection in Location Aided Routing (LAR) has become a challenging problem due to the dynamic network topology and diverse routing attacks. This paper proposes a universal framework to analyze and detect attack traces for various potential attack targets. In this framework, the attack targets are identified by matching key events, and a reverse search...
Cloud computing, as a kind of internet-based computing, has to entrust data which are managed by external parties on remote servers. One of the critical security challenges on cloud computing is to ensure data security and privacy. In order to perform rigorous formal analysis for cloud-based applications, we use UML, an industry-adopted modeling language to build an abstraction of a system. In this...
Software security evaluation is considered as a significant and indispensible activity in all phases of software development lifecycle, and there are also many factors that should be taken into account such as the environment, risks, and development documents. Despite the achievements of the past several decades, there is still a lack of methodology in evaluating software security systematically....
In this paper, a method about how to identify insecure behaviors of browser extensions is proposed. Typically, the identification of insecure extension behaviors is based on knowledge which is got by investigating known malicious or vulnerable extensions. We present an automatic technique that can ease the laborious manual investigating process. Our technique mines the difference between the behavior...
This paper proposes a Software Risk Assessment Method based on Object-Oriented Petri Net (OOPN-SRAM), in which risk assessment procedure is divided into four steps, expressed as four corresponding objects, including asset recognition, weakness analysis, consequence property confirmation and risk calculation. Each object is modeled with Petri net. Specialists recognize software assets by the 1-9 scales...
A web service security analysis model based on program slicing is proposed, which can be used to find existence of critical information disclosure vulnerabilities and proliferation of such vulnerabilities in a web service net, and eventually improve protection of critical information. Web service protocol is analyzed to obtain external service interfaces; source code is sliced to obtain interface...
This paper presents an attack scenario based approach for software security testing at design stage. Attack scenarios are represented as extended activity diagram (EAD) and new unified threat model (NUTM). Security test cases are derived from attack scenarios automatically according to coverage criteria of complex attack path. These test cases are applied to test the security of system. According...
This paper presents a unified threat model for assessing threat in web applications. We extend the threat tree model with more semantic and context information about threat to form the new model which is used to analyze and evaluate threat in the software design stage. We utilize historical statistical information contained in this model to design threat mitigation schemes. The threat assessing results...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.