The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In the last decade, a large body of research has been dedicated to the analysis, assessment and protection of critical infrastructures against potential threats that might affect the dependability, the security or the resilience of the services supported by such infrastructures. The concept of resilience is receiving increased attention. It is defined as the persistence of service delivery that can...
Permanence of the assurance challenge in computer and communication systems is described and justified. Models and methods of meeting the assurance challenge are briefly outlined.
At present, Thai e-Tailer discover a chance for operating their business in popularly type of virtual merchant via internet channel. Unfortunately, Thai e-Tailer faces to a problem concerning to the low level of trust for making an internet activity in view point of customer. Therefore, this document studied to e-Tailer: virtual merchant regarding to common threat and technological solution on e-Tailer...
Assuring the security of a software system in terms of testing nowadays still is a quite tricky task to conduct. Security requirements are taken as a foundation to derive tests to be executed against a system under test. Yet, these positive requirements by far do not cover all the relevant security aspects to be considered. Hence, especially in the event of security testing, negative requirements,...
Although our society is critically dependent on software systems, these systems are mainly secured by protection mechanisms during operation instead of considering security issues during software design. Deficiencies in software design are the main reasons for security incidents, resulting in severe economic consequences for (i) the organizations using the software and (ii) the development companies...
Our network infrastructure is exposed to persistent threats of DDoS and many unknown attacks. These threats threaten the availability of ISP's network and services. This paper proposes network-based anomalous traffic detection method and presents an anomalous traffic detection system, its architecture and main function blocks. Every five minutes, traffic information and security events are gathered...
Using static analysis tools can detect software vulnerabilities, which is important for improving the security of software. Static analysis technology has developed rapidly, but the comparison and evaluation of static analysis techniques and tools are not much. This paper focuses on software vulnerability static analysis techniques and tools. First we discuss the commonly-used static analysis techniques...
Web applications become more and more important, and the corresponding security problems have been concerned about. This paper presents TASA, an ASP static analyzer, which employs a path-sensitive, inter-procedural and context-sensitive data flow analysis, mainly concerning the taint propagation and sanitization. This paper also discusses some techniques used in TASA, such as sanitization routines...
In the e-commerce transaction process, varieties of network fraud problems occurred frequently. A C2C service reputation evaluation model under Cloud computing is Proposed. Firstly, the paper analyzes the four factors impact reputation evaluation under the cloud computing environment, and analysis the weights of each factor quantitatively. Secondly, a method to calculate the long-time reputation,...
During the first decade of this century, the online games are developed rapidly in China. But the virtual items transaction problems hinder the development of online games. Traditional trading models cannot meet the demand of both security and convenience at the same time. In order to improve the traditional transaction models, this paper presents a more secure transaction platform by embedding a...
The reinforced security strategy can't ensure the survivability of command automation system under information warfare. To solve non-standardized and non-practical problems of present survivability analysis, a practical and operational survivability analysis framework of command automation system is presented on basis of survivability requirements, which is useful for survivability design and assessment...
Electric Power Information Networks are the infrastructure, which not only ensures electric power system operating securely as well as stably, but also promotes power companies'effective and continuable run. Electric power dispatch systems, management information systems, customer relation systems and so on, are all built on this infrastructure. It is an important task for network administrators of...
Cyber security analysis tools are necessary to evaluate the security, reliability, and resilience of networked information systems against cyber attack. It is common practice in modern cyber security analysis to separately utilize real systems of computers, routers, switches, firewalls, computer emulations (e.g., virtual machines) and simulation models to analyze the interplay between cyber threats...
During the procedure of provider selection in e-commercial environment, how to make decision on selecting providers to complete the next transaction reliably is an emergency. Establishing trust system is an alternative to respond the challenge. Based on the analysis of existing trust model and the fundamental trust requirements, a novel cosine trust computational model was proposed in this paper and...
Security Information Fusion System has recently become one of the major topics in the research area of information security. A great deal of security devices and components have been deployed in network information systems. While improving the systems security performance, they produced lots of redundant or unreliable information. Through the technologies of alert fusion and correlation analysis,...
An approach is suggested for arguing that a system is dependable. The key idea is to structure the system so that critical requirements are localized in small, reliable subsets of the system's components called trusted bases. This paper describes an idiom for modeling systems with trusted bases, and a technique for analyzing a dependability argument-the argument that a trusted base is sufficient to...
In this paper, we point out the deficiencies of the existing DAA schemes on member revocation, inter-domain attestation and Rudolph's attack prevention and present a new scheme called Enhanced Privacy Inter-domain Anonymity Attestation based on Peer-to-Peer Networks. We add a new party called Trusted Auditor (TA) and construct a TA level above the existing DAA scheme. Analysis shows that the proposed...
The number of application areas where security of resources, whether this is people, information or physical property, is ever increasing as our world culture changes and the potential threats to individuals rises. The threats that security systems need to mitigate against are becoming both more complex and also asymmetric. In association with this the number of emerging technologies that can be applied...
Software faults in the design are frequent sources of security vulnerabilities. Mode checking shows the great promise in detecting and eradicating security vulnerabilities in the programs. The wide use of the system modeling language UML with precise syntax and semantics enables software engineers to analyze the design in details. We present a method of integrating the two techniques to detect design...
In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we discuss how this infrastructure can be used in the subject domain of mission assurance as defined as the full life-cycle engineering process to identify and mitigate...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.