The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper combines FMEA and n2 approaches in order to create a methodology to determine risks associated with the components of an underwater system. This methodology is based on defining the risk level related to each one of the components and interfaces that belong to a complex underwater system. As far as the authors know, this approach has not been reported before. The resulting information from...
Hosting services are associated with various security threats, yet the market has barely been studied empirically. Most security research has relied on routing data and equates providers with Autonomous Systems, ignoring the complexity and heterogeneity of the market. To overcome these limitations, we combined passive DNS data with WHOIS data to identify providers and some of their properties. We...
This paper discusses the factors influencing Indian Small and Medium Enterprises' (SMEs) adoption of Cloud based services. This research, through an extensive literature review, analyzes the current situation, benefits, and challenges of Cloud based services adoption for Indian SMEs. It identifies and confirms the key factors (e.g., Cost reduction, relative advantage, security, regulatory support,...
Due to the growing advancement of crime ware services, the computer and network security becomes a crucial issue. Detecting sensitive data exfiltration is a principal component of each information protection strategy. In this research, a Multi-Level Data Exfiltration Detection (MLDED) system that can handle different types of insider data leakage threats with staircase difficulty levels and their...
Grid-based Massive dataset search systems integrate many processes to search for a large number of shared datasets distributed over several locations. The implementation of the search mechanism to deal with these distributed dataset greatly affected the system performance. However, the execution of the search over the grid requires someone with grid knowledge and expertise. Consequently, this issue...
Cloud computing is bringing significant changes in the way that public organizations interact with information systems. Existing research exploring cloud computing adoption in the public sector tends to privilege the technological factors. This paper contributes to the understanding of cloud computing adoption decisions in the public sector by also considering the organizational and environmental...
Cyber-attacks are increasing at an alarming rate and the attackers have progressively improved in devising attacks towards specific targets. To further develop the area of cyber-attack communication, we propose an ontology based issue resolution system used to identify and defend against cyber-attacks. The issue resolution system (IRS) facilitates attack discovery and suggestive defenses for a small...
Cloud Computing is being widely hailed path by enterprises to realize benefits without compromising control. However, enterprises concern is the integration of applications hosted both on premise, Cloud and partner environments. In spite of enterprise's strategic imperatives to meet their business goals by building integration services between these environments, new integration challenges are posed...
The attack graph is an abstraction that reveals the ways an attacker can leverage vulnerabilities in a network to violate a security policy. When used with attack graph-based security metrics, the attack graph may be used to quantitatively assess security-relevant aspects of a network. The Shortest Path metric, the Number of Paths metric, and the Mean of Path Lengths metric are three attack graph-based...
Many organizations hoping for cost savings and higher flexibility consider consuming services from service providers or combining such services with services offered organization-internally. Organizations, however, often renounce from the expected advantages due to security and compliance concerns. The key challenges leading to these security and compliance concerns in cross-organizational settings...
This study demonstrated two open source applications that can readily be customized and used by organizations to improve compliance with password policies and to ensure the quality of passwords within organizations. The tools address both ends of the password spectrum, in that one tool consists of CGI server code used to generate secure random passwords, while the other tool exemplifies techniques...
In this paper we examine the interdependencies and common points of failure (and attack) that plague commonly-used system and network hardware and software. The proposed approach requires not only generating inventories of acquiring organizations' equipment and software products, and clear and detailed descriptions of every link in the supply chain, but also the identification of common components...
This paper unpacks the relation between task conflict and relationship task by an exploratory research with a sample of 253 persons to, From which five escalation factors were extracted. They are mentality, relation, self-character, environment, psychological distance. An escalation model of task conflict into relationship conflict is built to show different effects of 5 accelerating factors in the...
Many factors are believed to increase the vulnerability of software system; for example, the more widely deployed or popular is a software system the more likely it is to be attacked. Early identification of defects has been a widely investigated topic in software engineering research. Early identification of software vulnerabilities can help mitigate these attacks to a large degree by focusing better...
Security risk assessment in Web Engineering is an emerging discipline, where security is given a special attention, allowing software engineers to develop high quality and secure Web based applications. A preliminary study revealed that asset identification (and evaluation) is an essential phase in risk assessment practices. This phase represents a degree of complexity and is the primary activity...
Emergence of enterprise modeling, and high integration of supply chains, virtual enterprises (VEs), virtual organizations (VOs), virtual government, agent programming, and autonomous systems represent a major trend in which organizations and enterprises seek joint organizations that allow them to participate in competitive business opportunities in new markets for innovative developments. An the virtual...
Systems concepts and artifacts provide the basis for enumerable sources of power and wealth in our modern world. Culture, art and science all are based on established systems of behavior, values and thought. The current environment is densely populated with physical system artifacts that are used in every aspect of human life. The ubiquitous nature of existing systems has generated a strong interest...
In a real world, it is often in a group setting that sensitive information has to be stored in databases of a server. Although personal information does not need to be stored in a server, the secret information shared by group members is likely to be stored there. The shared sensitive information requires more security and privacy protection. To our best knowledge, there is no paper which deals with...
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered...
We present a new approach for mutation analysis of security policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel:...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.