The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We present a novel approach for detecting malicious user activity in databases. Specifically, we propose a new machine learning algorithm for detecting attacks such as a stolen user account or illegal use by a user. Our algorithm relies on two main components that examine the consistency of a user's activity and compare it with activity patterns learned from past access. The first component tests...
Dagger is a modeling and visualization framework that addresses the challenge of representing knowledge and information for decision-makers, enabling them to better comprehend the operational context of network security data. It allows users to answer critical questions such as “Given that I care about mission X, is there any reason I should be worried about what is going on in cyberspace?” or “If...
Context: Security is becoming increasingly important during software engineering. Software developers should be able to adapt and deploy secure systems in a continuously changing execution context. Method: We use Software Product Lines (SPLs), Business Process Management (BPM) and Security Requirements Engineering (SRE) techniques for anticipating the uncertainty and the changes of security requirements...
In this position paper, we present our interdisciplinary research into a unified account of profiling attackers for software-intensive systems. Our work draws on the principles from requirements engineering and criminology. Specifically, we show how a unified crime theory can be adapted to model the attackers and their degree of knowledge about the environment in which the software operates. We illustrate...
It is with the advancement of overwhelming wireless internet access in mobile environments, users and usage data has become huge and voluminous on regular basis. For instance, the financial transactions performed via online by users are unsecure and unauthenticated in many contexts. Methods and algorithms exist for secure data transmission over different channels, perhaps lacks to achieve high performance...
Radio frequency identification (RFID) is a useful technology that has myriad applications in retail, manufacturing, and healthcare settings. RFID can scan devices in their proximity and report the data to information systems. RFID in healthcare settings presents potential security and privacy concerns to the people and processes being tracked by the devices -- particularly healthcare workers including...
Quality of Data (QoD) became a major concern which more and more considers necessary to evolve the satisfaction of final users. In this work, we are approaching a methodology which consists of classifying and listing factors impacting Data Quality in Data Integration Systems, and more literally these which influence mediation systems and which will constitute our long-term research axis. Moreover,...
The recent emergence of the cloud opens new challenges for data processing and integration. Indeed, unlimited access to cloud resources and the "pay as U go" model change the hypothesis for integrating and processing big data collections. This is accentuated due to cloud provider incentives to attract data providers and let them choose their cloud. In this context data services are deployed...
In this paper we deal with the cloud brokering problem in the context of a multi-cloud infrastructure. The problem is by nature a multi-criterion optimization problem. The focus is put mainly (but not only) on the security/trust criterion which is rarely considered in the litterature. We use the well known Promethee method to solve the problem which is original in the context of cloud brokering. In...
The control and protection of user data is a very important aspect in the design and deployment of the Internet of Things (IoT). The heterogeneity of the IoT technologies, the number of the participating devices and systems, and the different types of users and roles create important challenges in the IoT context. In particular, requirements of scalability, interoperability and privacy are difficult...
Detection of human behavior in On-line Social Networks (OSNs) has become more and more important for a wide range of applications, such as security, marketing, parent controls and so on, opening a wide range of novel research areas, which have not been fully addressed yet. In this paper, we present a two-stage method for anomaly detection in humans' behavior while they are using a social network....
Privacy threats are considered as very serious issues in Internet-based applications such as e-services since there are good opportunities to malicious attacks. Protecting the user from being observed when requesting an e-service is a fundamental right that any user should have. The unobservability is among the basic privacy properties. However, most of the existing privacy preserving techniques has...
Cloud storage federation improves service availability and reduces vendor lock-in risks of single-provider cloud storage solutions. Federation therefore distributes and replicates data among different cloud storage providers. Missing controls on data location and distribution however introduce security and compliance issues. This paper proposes a novel approach of using data-driven usage control to...
Although there is significant research and development into information security areas such as confidentiality and availability, scope remains for attention to the third fundamental security property: integrity. The Biba and Clark-Wilson models are still the most recognised for managing integrity of data in systems. After identifying several desirable extensions to the original ideas in these models,...
Inadvertent data disclosure by insiders is considered as one of the biggest threats for corporate information security. Data loss prevention systems typically try to cope with this problem by monitoring access to confidential data and preventing their leakage or improper handling. Current solutions in this area, however, often provide limited means to enforce more complex security policies that for...
Prior studies had notably figured out that security, satisfaction, and trust are very critical elements in mobile-based banking usage. This study is to propose an explanatory and exploratory research framework based on the Expectation Confirmation Model. The results showed that perceived security and satisfaction were strong determinant factors for the formation of consumers' reuses decisions and...
Information technology has attracted considerable attention in modern automobiles for their promise of value-added services. Based on increasing connectivity and seamless integration of advanced functionality into vehicles, a new challenge is the development of holistic and standardized privacy approaches. So far, privacy has often been considered as a singular task, neglecting the impact of a holistic...
Large and various amounts of context data related to a user's environment are available from different domains including mobile devices, smarthomes, wearable sensors, and social networking services. These context domains are interconnected and the context data from them can be shared thanks to mobile, pervasive, convergent, and ubiquitous technologies. We can provide user-centric context-aware services...
Recently issues about cyber-war have gained relevant attention, especially because of gravity of damages that could be caused by cyber attacks to strategic targets, mining security of citizens. Examples of targets might include national civil and military airports, command and control systems of civil and military transportation means electronic military systems for national defense, national infrastructures...
Computing power is shifting from local computers to a globally distributed system of servers. Data that used to be stored on the user's machine as well as applications that process this data are now part of the “cloud”. While there are various advantages in doing so such as cost, performance and availability; security and trust relationships now become major issues. For instance, in the cloud, computations...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.