The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Security is still the main obstacle that is preventing businesses from moving towards the Cloud, which makes choosing the right Cloud service provider CSP a critical decision. We propose in this paper a methodology for evaluation and selection of Cloud security services based on a Multi-Criteria Analysis (MCA) process using a set of evaluation criteria and quantitative metrics. We then give a general...
Performance assessment of human teaming in complex, real-world contexts is a fundamental challenge for research and training communities alike. We highlight a unique partnership between the cybersecurity training and research communities with the common goal of capturing human team performance. Whether in the context of a training assessment or a research endeavor; both are two sides of the same coin...
Since the first performance benchmarks proposed more than 25 years ago, the concept of comparing/ranking computer systems or components has proven to be a powerful instrument to promote the improvement of specific computer or software features. Following this path, many benchmarking studies have extended the benchmarking model initially proposed for performance to address the comparison of different...
Some open systems must address a standard resourceallocation problem: how to collectivise and distribute aset of common-pool resources, with respect to multiple criteriasuch as fairness, inclusivity and sustainability. Previous work inself-organising multi-agent systems formalised Nicholas Rescher'stheory of distributive justice so that agents could self-organise theallocation according to contextualised...
Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services...
This paper introduces an approach allowing cloud application developers, service providers to consider security and privacy requirements across the application lifecycle. Specifically, a DevOps framework has been described that took into account several emerging technologies such as Network Functions Virtualization (NFV) and Microservice Pattern Design. As an illustration, a proof-of-concept application...
The extensive use of cloud services by both individual users and organizations induces several security risks. The risk perception is higher when Cloud Service Providers (CSPs) do not clearly state their security policies and/or when such policies do not directly match user-defined requirements. Security-oriented Service Level Agreements (Security SLAs) represent a fundamental means to encourage the...
Security issues of cloud computing environments are considered a major challenge for its full adoption. A Service Level Agreement (SLA) corroborates the shared management vision provided by the cloud computing paradigm, which can assist with related security issues. The necessity to address security requirements in cloud computing SLAs is considered important for both providers and consumers, along...
Mobile computing proved to be essential in today's cyber communications. However, entities in mobile computing are known of having limited energy, physical, and logical resources. This imposes various challenges that greatly affect communication quality and performance of those mobile entities, especially when applying computationally-intensive security measures that are essential for protecting the...
Attacks on critical infrastructures are beginning to increase in number and severity. They are often initiated by highly skilled attackers, who are capable of deploying advanced attacks to exfiltrate data or even to cause physical damage. In this paper, we re-visit the rationale for protecting against cyber attacks and propose a framework to monitor, detect and evaluate anomalous behaviour within...
This paper presents a text-mining based approach to detect cross-site scripting (XSS) vulnerable code files in the web applications. It uses a tailored tokenizing process to extract text-features from the source code of web applications. In this process, each code file is transformed into a set of unique text-features with their associated frequencies. These features are used to build vulnerability...
Adaptive security can take dynamic trade-off decisions autonomously at runtime and is considered a key desirable attribute in the Internet of Things (IoT). However, there is no clear evidence that it can handle these trade-offs optimally to add value to such a complex and dynamic network. We present a scenario-based approach to recognize and evaluate typical security trade-off situations in the IoT...
This work reveals some fundamental properties of an on-off transmission (OOT) scheme, in which a transmitter sends signals occasionally as per the capacity of the main channel in order to achieve physical layer security. To this end, we first identify the widely used hybrid secrecy outage probability as a function of the transmission probability and the conditional secrecy outage probability of the...
Service Level Agreement (SLA) is an essential tool for managing cloud computing services. The support of the security requirements through SLA is fundamental to achieve the full potential of the cloud computing paradigm. In this paper we present how security requirements are addressed in a cloud computing SLA. Furthermore, a unified SLA lifecycle for cloud computing services is proposed. The relationship...
Recently, machine-learning based vulnerability prediction models are gaining popularity in web security space, as these models provide a simple and efficient way to handle web application security issues. Existing state-of-art Cross-Site Scripting (XSS) vulnerability prediction approaches do not consider the context of the user-input in output-statement, which is very important to identify context-sensitive...
Research and practice show that the effectiveness of vulnerability detection tools depends on the concrete use scenario. Benchmarking can be used for selecting the most appropriate tool, helping assessing and comparing alternative solutions, but its effectiveness largely depends on the adequacy of the metrics. This paper studies the problem of selecting the metrics to be used in a benchmark for software...
There is nowadays an increasing pressure to develop complex web applications at a fast pace. The vast majority is built using frameworks based on third-party server-side plugins that allow developers to easily add new features. However, as many plugin developers have limited programming skills, there is a spread of security vulnerabilities related to their use. Best practices advise the use of systematic...
Learning to use existing or new software libraries is a difficult task for software developers, which would impede their productivity. Much existing work has provided different techniques to mine API usage patterns from client programs in order to help developers on understanding and using existing libraries. However, considering only client programs to identify API usage patterns is a strong constraint...
In order to cater for a growing user base that requires varied functionalities and owns multiple devices, software providers are using cloud solutions as the preferred technical means. In fact, all major operating systems come with a tight integration to cloud services. Software solutions that have such integration with cloud services should disclose (transparency) this to the consumer. Furthermore,...
A metric is proposed for quantifying leakage of information about secrets and about how secrets change over time. The metric is used with a model of information flow for probabilistic, interactive systems with adaptive adversaries. The model and metric are implemented in a probabilistic programming language and used to analyze several examples. The analysis demonstrates that adaptivity increases information...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.