The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Exploratory evaluation is an effective way to analyze and improve the security of information system. The information system structure model for security protection capability is set up in view of the exploratory evaluation requirements of security protection capability, and the requirements of agility, traceability and interpretation for exploratory evaluation are obtained by analyzing the relationship...
We present a secure design for a map-reduce framework that guarantees preservation of privacy of the original data. We use Hadoop as a typical environment for illustration. That is, in spite of the data divisions/replications for the computations, the privacy of the original data remains invariant. Specifically, we use the novel information flow model called RWFM model that assures that in spite of...
Excellence in IT is both a driver and a key enabler of the digital transformation. The digital transformation changes the way we live, work, learn, communicate, and collaborate. The Internet of Things (IoT) fundamentally influences today's digital strategies with disruptive business operating models and fast changing markets. New business information systems are integrating emerging Internet of Things...
In this paper, we propose a new strategic security resource allocation scheme based on the Blotto game. In the Blotto game, players are tasked to simultaneously distribute limited resources over several objects. For the efficient security resource allocation, the proposed game model constitutes a class of repeated two-person game while employing the iterative learning approach to approximate an optimal...
Integration of hospital information systems (HIS) is an important area and one the basic requirements of hospitals since it increases quality of care and at the same time reduces costs of creating, upgrading, updating and keeping up with technology and healthcare industry standards and information technology. Cloud computing with features like multitenancy, massive scalability, elasticity, pay as...
Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Relationship Model (PRM) to define relationships between Security and QoS parameters. In this paper,...
Path Computation Element (PCE) architecture enables effective traffic engineering in multi-domain networks while limiting the exposure of intra-domain information. However, returned path computations might reveal confidential information if artfully correlated by a malicious PCE. Thus, the selection of domains sequence as the result of PCEs cooperation should depend not only on the capability of providing...
According to the National classified protection of information system security requirements, the cloud computing systems classified above rank 3 is important information system, playing vital roles from the point of view of National Security. This paper develops a conceptual framework with which to address the protection of integrality protection named 'Dual Systems Architecture' to protect computing...
Transparency and confident towards cloud provider are some of the prominent issues in cloud today. In order to solve these problems, cloud service providers should have a high level of assurance and accountability in order to maintain trust between them and the users. This trust can be achieved through data provenance. Data provenance provides historical data from its original resources and can facilitate...
This study aims to develop a research model for the study of the trust factors that may influence the adoption of cloud-based interorganizational systems (CIOS). The proposed trust model consists of seven dimensions: security, usability, reliability, auditability, interoperability, accountability, and controllability. The proposed model also suggests that the scale of the company may moderate the...
The applications submitted to cloud middle ware have been distributed to the Cloud Service Providers(CSPs) based on the available CSPs in the cloud environment to categorize the service CSP providers with this work we are trying to introduce a concept to find the optimal CSP based on rough set based approach. IaaS provides a large amount of computational capacities to users in a flexible and efficient...
Dynamic risk evaluation model provides a new way against to the efficiency of traditional static evaluation model which only focused on the results made at a time. It is a model to transfer the information system into topological and combinational construction, users' operation of the information system into the conception of visiting route, the connection between components into independent and collaborative...
Space based information system security risk evaluation is the important content of the protection of it. Basic on the analysis of the system's structure and those attack it faced, This paper improved the attack tree model, then a new quantitative risk evaluation method was studied here. While the risk evaluation steps was given, the risk value of the leaf node was quantified by the use of the multi-attribute...
Cloud computing offers tremendous opportunities for private industry, governments, and even individuals to access massive amounts of compute resources on-demand at very low cost. Recent advancements in bandwidth availability, virtualization, security services and general public awareness have contributed to this information technology (IT) business model. Cloud computing provides on-demand scalability,...
In order to evaluate the risks of information system, the paper proposed an information system grey evaluation model from the concept of “grey degree” and this can reduce the subjectivity of the evaluators. Fuzzy-AHP method was used to ensure the objectivity of the weight selection. The demonstration research proves the method is effectively.
Cloud computing is one of the fastest growing opportunities for enterprises and service providers. Enterprises use the Infrastructure-as-a-service (IaaS) model to build private clouds, and virtual private clouds that reduce operating and capital expenses and increase the agility and reliability of their critical information systems. Service providers build public clouds to offer on-demand, secure,...
When the information system risk is evaluated, it is of great importance to take various factors into account. Hierarchical fuzzy evaluation is a relatively valid method. However there is a great deal of difficulty in this algorithm. Therefore hierarchical fuzzy evaluation method based on bottom index clustering was introduced to assess information system in this paper. According to the attributes...
C4I (command, control, communications, computer and intelligence) system is a complex system of systems that enables the military commander to achieve decision superiority by affecting adversary's information and information based processes while protecting one`s own information systems. Owing to the sensitivity of military information the security threats to C4I systems are real and growing therefore...
The input-process-output (IPO) model has been used in many interdisciplinary applications to convey systems fundamentals, as exemplified in abstract diagramming of attacks on information systems. The resulting IPO-based diagram can provide a framework for identifying points of potential security concern and to develop protection strategies. This paper introduces an alternative diagramming representation...
The research proposed an approach that based on situational awareness to make decisions about the protection and defense against cyber attacks. The statistics of the situational awareness system outputs were formalized and described. Strategy sets of each player were set according to the system states. Cost-benefit factors were considered comprehensively to calculate the payoffs of each player. The...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.