The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack against Hotmail, Gmail and Yahoo mail. While the attack is bothersome both in terms of...
The design and development of major products, systems or infrastructures entail conceptualisation, elicitation and articulation of a large body of requirements that is often captured as a narrative and presented in wordy documents and spreadsheets. Whilst the requirements are generally classified in terms of behavioural, functional and non-functional categories, the current methods in vogue in infrastructure...
Security is still the main obstacle that is preventing businesses from moving towards the Cloud, which makes choosing the right Cloud service provider CSP a critical decision. We propose in this paper a methodology for evaluation and selection of Cloud security services based on a Multi-Criteria Analysis (MCA) process using a set of evaluation criteria and quantitative metrics. We then give a general...
Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services...
Software-Defined Networking (SDN) and Network Function Virtualization (NFV) are emerging as promising innovations for future network, which make Virtual Network Service (VNS) possible to be implemented broadly. It is the common truth that VNS is realized by the collaborations of multi-providers in practical scenario, where potential risks are lying in the collaborations. The primary risk is the availability...
The extensive use of cloud services by both individual users and organizations induces several security risks. The risk perception is higher when Cloud Service Providers (CSPs) do not clearly state their security policies and/or when such policies do not directly match user-defined requirements. Security-oriented Service Level Agreements (Security SLAs) represent a fundamental means to encourage the...
Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we can limit the damage caused by low-level attacks such as control-flow hijacking. When used to defend against such attacks, compartmentalization is often implemented...
The proposed patterns for a specific domain were widely used for the concept of reusing of the resolved problems to similar ones. The verification criteria for proposed patterns evaluation are one of the important factors that affect the patterns quality. This research proposed patterns verification method and criteria based on quality attributes in order to improve patterns validity. The method was...
The usage of the internet consists of several fields e.g. business, social, government, education, and so on. In business, the internet is needed to connect producers with consumers. Consumers do not need to come to a place to buy some goods. Transactions can be done at home using an internet connection. One of the usage of Internet technology is a web service. The emerging of this technology as there...
The widespread use of the HTTP and hypertext makes it possible to freely publish new information and expose it in the context of its description. Unfortunately, this is a human-centric environment that cannot easily be adapted to an application-centric approach, which is required to provide distributed enterprise management and real-time process control. In this article new architecture is presented...
With the growth of the Internet, web applications are becoming very popular in the user communities. However, the presence of security vulnerabilities in the source code of these applications is raising cyber crime rate rapidly. It is required to detect and mitigate these vulnerabilities before their exploitation in the execution environment. Recently, Open Web Application Security Project (OWASP)...
Research and practice show that the effectiveness of vulnerability detection tools depends on the concrete use scenario. Benchmarking can be used for selecting the most appropriate tool, helping assessing and comparing alternative solutions, but its effectiveness largely depends on the adequacy of the metrics. This paper studies the problem of selecting the metrics to be used in a benchmark for software...
With the increasing popularity of cloud computing, security in cloud-based applications is gaining awareness and is regarded as one of the most crucial factors for the long term success of such applications. Despite all benefits of cloud computing, its fate lies in its success in gaining trust from its users achieved by ensuring cloud services being built in a safe and secure manner. This work evaluates...
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions and although a wealth of law and regulation has emerged, the technical basis for enforcing and demonstrating compliance lags behind. Our Cloud Safety Net project aims to show that Information Flow Control (IFC) can augment existing security mechanisms and provide continuous enforcement of extended. Finer-grained...
Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches...
This paper is meant to provide an overview over SWIM and its context from a security point of view. Rather than describing everything in detail it refers to the relevant SJU deliverables where possible and tries to provide the "glue" between the different pieces of information.
Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable security labels, i.e., labels that can change over the course of the computation. This feature is often used to boost the permissiveness of the IFC monitor, by rejecting fewer programs, and to reduce the burden of explicit label annotations. However, when added naively, in a purely dynamic setting, mutable...
Computer and network systems are consistently exposed to security threats, making their management even more complex. The management of known vulnerabilities plays a crucial role for ensuring their safe configurations and preventing security attacks. However, this activity should not generate new vulnerable states. In this paper we present a novel approach for autonomously assessing and remediating...
The number of security incidents is still increasing. The re-occurrence of past breaches shows that lessons have not been effectively learned across different organisations. This illustrates important weaknesses within information security management systems (ISMS). The sharing of recommendations between public and private organisations has, arguably, not been given enough attention across academic...
Recent days, the areas of internet and network computing recognize a fast development, especially with distributed computing and efficient storage technologies that make sharing and diffusion of system resources more easier. However, if the information system didn't adopt a security policy it may undergo serious damages. In this paper, we will propose a logical security scheme based on an access control...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.