The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper we describe where current risk controls (as documented in ISO27001/27002) for mitigating information security risks are likely to be inadequate for use in the cloud. Such an analysis could provide a rationale for prioritizing protection research, and the work presented here is part of a larger exercise designed to identify the potential for cascade attacks in the cloud, and those areas...
In this paper, a new miniature padlock is designed and invented that uses electronic system as its fundamental operator. The lock comes with robust software that is difficult to crack for security purposes. The lock is small in size, light but firm and does not need an analog key, offering huge boosts of convenience. With keys being removed from the scenario, lots of problems that conventional lock...
Java is a kind of type-safe language, it introduces access control mechanism into bytecode and application layer, so as to guarantee the system resource and running environment avoid the invasion of the malicious code. However, in some information systems, information leakage is not due to the faultiness of the security model, but the absence of the information flow control policy and implementation...
This paper presents a study of the security vulnerability analysis based upon the formal methods and model checking tools. Through deeply exploring the characteristics of software vulnerabilities, we develop the FSM model to formalize and reason about security vulnerabilities. The vulnerability is modeled as a series of elementary FSMs (eFSMs), which specifies a derived predicate. We have proposed...
We propose a new attack pattern model which focuses on the re-inclusion of the ldquoparent threatrdquo and ldquoparent mitigationrdquo elements to logically group the background of each of the 101 attack patterns in the common attack pattern enumeration classificationpsilas (CAPEC) release 1 dictionary. Our approach creates a graphical hierarchy for each of the attack patterns and groups them not...
Deployment of open source software for embedded system is increasing while ubiquitous devices have become widely used. System designer need to cope with malicious input which is made from exposed vulnerability. Lightweight verification and sandbox approach is effective for embedded system,because embedded system is specified, has less generic purpose than PC and servers. In this paper we apply TDE...
Software source code management uses it to improve the functioning of the information society. And there are management and security of software source code equivalent to assembly lines of important infrastructure in the early stage of information society directly. Thus, support technology and framework to protect copyrights of software source code are so poor state. In this paper, we propose management...
Past yearspsila radical changes in how we use the World Wide Web led to new challenges in guarding user rights. The ldquoWeb 2.0rdquo movement relies to large extents on commercial Web services where users can publish their content and manage their personal information. Experience has shown that the companies providing these Web services only then seek for standardized, open, and trustworthy solutions...
Security is still a serious issue for many software systems. Even if software has the correct security features in its initial implementation, recurring modifications (e.g., refactoring) could deteriorate such features. We found several refactoring transformations which might make existing software vulnerable, and organized them as security-aware refactoring. This refactoring presents information...
This paper investigates the hardware trust of a trusted computing platform. Initially, some prior researches are discussed. Based on these researches, we point out that hardware trust is the same important as the software trust in a trusted computing platform. Then, we introduce the notion of Hardware Integrity Measurement (HIM), which is similar to the software integrity measurement required by the...
Remote attestation was introduced in TCG specifications to determine whether a remote system is trusted to behave in a particular manner for a specific purpose; however, most of the existing approaches attest only the integrity state of a remote system and hence have a long way to go in achieving the above attestation objective. Behavior-based attestation and semantic attestation were recently introduced...
There are management and security of software source code equivalent to assembly lines of important infrastructure in the early stage of information society directly. A support technology and framework to protect software source code are so poor state. In this paper, we propose business model to support protection and copyrights expression of software source code using digital license and CRYPTEX...
Dynamic separation of duties, delegation and other dynamic security constraints require the state of the security system to be managed explicitly at run-time in software. The majority of this software is still programmed directly by humans, and is thus susceptible to errors that will impact the overall functionality and security of the system. In this paper we demonstrate a technique for statically...
Continuing technological innovation and competition among existing banking organizations and new entrants have allowed for a much wider array of banking products and services to become accessible and delivered to retail and wholesale customers through an electronic distribution channel collectively referred to as financial service. However, the rapid development of financial service capabilities carries...
This position paper proposes a research agenda for the field of security testing. It gives a critical account of the state of the art as seen by a practitioner and identifies questions that research failed to answer so far, or failed to answer in such a way that it would have had an impact in the real world. Three categories of research problems are proposed: theory of vulnerabilities, theory of security...
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered...
The increased availability of mobile broadband connec- tions enables the expansion of software downloads to mobile devices. This leads to greater number of available services and a better utilisation of the computational power of mobile devices. The downside of this increased software availability is an increase in the possible attack vectors. One scenario is the misuse of resources, for example,...
Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within this IF model using...
Hidden functionality in software is a big problem, because we cannot be sure that the software does not contain malicious code. We conducted an experiment where we studied the relationship between architecture constructs, dynamic behavior and security vulnerabilities. We also studied to what extent architecture analysis tools can assist in detecting security vulnerabilities that are caused by architecture...
In this paper, we describe the unique security issues involved in healthcare domains. These have been addressed to the needs of the HealthAgents project. In the proposed approach, several levels of security have been provided in accordance with Software Engineering principles, ethical regulations for healthcare data, as well as the security requirements usually raised from the distributed clinical...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.