The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Android applications pose security and privacy risks for end-users. These risks are often quantified by performing dynamic analysis and permission analysis of the Android applications after release. Prediction of security and privacy risks associated with Android applications at early stages of application development, e.g. when the developer (s) are writing the code of the application, might help...
Critical infrastructures like smart grid and smart transportations are large-scale distributed CPSs and cyber-physical security is pivotal to their safety and security. Efficient security assessment can help administrators to protect CINs effectively and we propose a universal quantitative cyber-physical security assessment methodology which is based on cyber-physical dependence analyses. For given...
Data anonymization is required before a big-data business can run effectively without compromising the privacy of personal information it uses. It is not trivial to choose the best algorithm to anonymize some given data securely for a given purpose. In accurately assessing the risk of data being compromised, there needs to be a balance between utility and security. Therefore, using common pseudo microdata,...
The paper considers the issue of countermeasures selection for ongoing computer network attacks. The suggested technique is based on the countermeasure model that was defined on the base of the open standards, the family of interrelated security metrics and the security analysis technique based on attack graphs and service dependencies. The technique was implemented in a security assessment and countermeasure...
The paper considers the issue of countermeasures selection for ongoing computer network attacks. The suggested technique is based on the countermeasure model that was defined on the base of the open standards, the family of interrelated security metrics and the security analysis technique based on attack graphs and service dependencies. The technique was implemented in a security assessment and countermeasure...
The electric grid is a critical cyber-physical infrastructure that serves as lifeline for modern society. With the increasing trend of cyber-attacks, electric grid security has become a significant concern. System operators have the difficult task of reducing the risk exposure and maintaining operational reliability under the constant threat of cyber-attacks. Good security metrics for assessing and...
At present, most of the software security assessment system can only evaluate the potential impact of a single vulnerability on the system which ignore the impact of the multiple vulnerabilities. Therefore, we introduce the concept of relevance vulnerability pattern and design a relevance vulnerability pattern library taking consider of the potential impact caused by multiple vulnerabilities. After...
Evaluating the accuracy of vulnerability security risk metrics is important because incorrectly assessing a vulnerability to be more critical could lead to a waste of limited resources available and ignoring a vulnerability incorrectly assessed as not critical could lead to a breach with a high impact. In this paper, we compare and evaluate the performance of the CVSS Base metrics and Microsoft Rating...
A smart grid is a fully automated electricity network, which monitors and controls all its physical environments of electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various intrusion detection algorithms to protect SCADA system and generation sector have been suggested, whereas there were...
Cloud infrastructures are prone to various anomalies due to their ever-growing complexity and dynamics. Monitoring behavior of dynamic resource management systems is necessary to guarantee cloud reliability. In this paper, we present AMAD, a system designed for detecting an abusive use of dynamic virtual machine migration, in the case of the abusive virtual machine migration attack. This attack is...
Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hyper visor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hyper visor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hyper visor will be affected...
Accurate and lightweight evaluation of web service security properties is a key problem, especially when business processes are dynamically built by composing atomic services provided by different suppliers at runtime. In this paper, we tackle this problem by proposing a security certification approach that virtually certifies a composite service for a set of security properties, starting from certificates...
Today, intrusion detection systems (IDS) are indispensable to protect environments that provide information via Internet. In the present trend of self-organizing and self-protecting system, a special type of IDS that operates by non-supervised learning is an interesting approach. This type of IDS is able to extract models of behavior of the environment without the need of prior knowledge about attacks...
Decentralized Online Social Networks (OSNs) attempt to improve user privacy and security. One example is Vegas, a Peer-to-Peer (P2P) OSN which attempts to bring its users back into complete control of the data they share. Due to its decentralized characteristics, P2P OSNs cannot support social search functions in the same way users of centralized OSNs like Facebook are familiar with. Well-known and...
Cloud computing is a promising computing model that enables convenient and on-demand network access to a shared pool of configurable computing resources. The first offered cloud service is moving data into the cloud. data owners let cloud service providers host their data on cloud servers and data consumers can access the data from the cloud servers. This new paradigm of data storage service also...
With the growth of Cloud Computing, more and more companies are offering different cloud services. From the customer's point of view, it is always difficult to decide whose services they should use, based on users' requirements. Currently there is no software framework which can automatically index cloud providers based on their needs. In this work, we propose a framework and a mechanism, which measure...
Computing systems today have large number of security configuration settings that are designed to offer flexible and robust services. However, incorrect configuration increases the potential of vulnerability and attacks. Security Content Automation Protocol provides a unified mean to automate the process of checking the desktop system compliance using standard interfaces. However, misconfiguration...
In order to set up universal criteria for measuring and evaluating network security and survivability, this paper presents a novel index system. This index system was built according to the Protection-Detection-Response (PDR) security model and the Resistance-Recognition-Recovery (R3) survivability principle of network in the presence of attacks, failures, or accidents. And all the 24 metrics in the...
In the recent years, more attention is given to firewalls as they are considered the corner stone in Cyber defense perimeters. The ability to measure the quality of protection of a firewall policy is a key step to assess the defense level for any network. To accomplish this task, it is important to define objective metrics that are formally provable and practically useful. In this work, we propose...
M & A between companies go up quickly in the past 20 years in China, M & A performance is focused gradually, and the study on the measurement of M & A performance becomes more and more important. This paper researches the M & A happened in 2004 of 92 Chinese A-share listed companies, uses the improved assets yield of net cash flow to measure performance before and after the acquisition,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.