The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The spring up of cloud storage, such as Hadoop HDFS, Open Stack Swift, brings us more intelligent storage solutions. Nowadays, the most commercial version of cloud storage system puts more emphasis on high-performance and high-availability, very little attention is given to privacy protection. This paper proposes a user influence-based data distribution optimization method, User Rank, which migrate...
This paper considers the estimation of reliability and availability of intrusion-tolerant systems subject to non-detectable intrusions. Our motivation comes from the observation that typical techniques of intrusion tolerance may in certain circumstances worsen the non-functional properties they were meant to improve (e.g., dependability). We start by modeling attacks as adversarial efforts capable...
Development organizations often do not have time to perform security fortification on every file in a product before release. One way of prioritizing security efforts is to use metrics to identify core business logic that could contain vulnerabilities, such as database interaction code. Database code is a source of SQL injection vulnerabilities, but importantly may be home to unrelated vulnerabilities...
In recent years, the number of web services has proliferated; consequently the number of web services that offer the same services have been increased. The differences between same web services are quality parameters. Quality of service in web services consists of various non-functional factors such as execution cost, execution time, availability, successful execution rate, and security. Also clients...
The continuous growth of the users pool of Social Networking web sites such as Face book and My Space, and their incessant augmentation of services and capabilities will in the future, meet and compare in contrast with today's Content distribution Networks (CDN) and Peer-to-Peer File sharing applications such as Kazaa and Bit Torrent, but how can these two main streams applications, that already encounter...
We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast: PHP: declining, with occasional SQL injection...
Aiming at the shortages of the existing data-mining model for forecasting the industry security, a classification model based on rough sets and BP neural network (BPNN) is put forward in this paper. First, the theory of rough set is applied to pick up and reduce the index attributes. Then, the training samples are sent to the BPNN to train and learn. After that, the sorts of the coal industry security...
Trust, the most fundamental concept in Trusted Computing, is a pervasive notion and, as such, has been studied thoroughly in a variety of different fields. Based on a survey of trust and security, two formal definitions for trust in Trusted Computing are presented in this paper: one for trust between coequal components (the direct trust) and the other for trust in specialization-employed environment...
During the procedure of provider selection in e-commercial environment, how to make decision on selecting providers to complete the next transaction reliably is an emergency. Establishing trust system is an alternative to respond the challenge. Based on the analysis of existing trust model and the fundamental trust requirements, a novel cosine trust computational model was proposed in this paper and...
The verification of policy configuration is the key point during the security analysis of SELinux. Most of current verification methods focus on the construction of policy configurations mathematical model, rather than the difficulty of security requirements description for the verifiers. A new security requirement description language (SRDL) based on the theory of information flow is proposed, whose...
To realize commercial application of web service, research on its trust and reputation model should be raised into the agenda. After all, short of trust and reputation evaluation, web service will be trustless, which is not propitious for its development. Considering the feature of web service and existing trust and reputation evaluation methods, a trust evaluation model supporting domain distinction...
The risk assessment of information security is an important evaluation method and decision-making mechanism in the process of constructing information security mechanisms. The risk assessment of information security has character of complex, nonlinear, uncertain and strong real-time, the traditional mathematical model for the risk assessment of information security not only lays some limitations,...
In recent years Steganography plays an important role in secure communication. Steganography is a technique of embedding secret information into cover media, like image, video, audio and text, so that only the sender and the authorized recipient can detect the presence of secret information. In this paper we propose Spatial Domain Steganography using 1-Bit Most Significant Bit (MSB) with chaotic manner...
Peer-to-Peer (P2P) networking is beneficial when removing a centralized server. On the other hand, new mechanisms are required to compensate for the central authority, especially for network security and dependability. In this paper, we propose a new fuzzy reputation (Fuzzy-Rep) model to improve security and dependability of P2P e-commerce. The model employs fuzzy logic inference rules to assess transactions...
We consider a simplest Markov decision process model for intrusion tolerance, assuming that (i) each attack proceeds through one or more steps before the system's security fails and (ii) defensive responses targeting these intermediate steps may only sometimes thwart the attack. Our analysis shows that, even in the ideal case of perfect detectors, it can be sub-optimal in the long run to employ defensive...
In the open distributed environment, the knowledge of belief is absent for the entity with which we will contact, so the recommendation trust is very important for the distributed system. In this paper a recommendation trust model is proposed based on encouragement and punishment. In the model, the trust value of any entity consists of trading reputation value and recommendation reputation value,...
Information security managers with fixed budgets must invest in security measures to mitigate increasingly severe threats whilst maintaining the alignment of their systems with their organization's business objectives. The state of the art lacks a systematic methodology to support security investment decision-making. We describe a methodology that integrates methods from multi-attribute utility evaluation...
Based on the review of recent development of evolutionary computation and the principle of free energy minimization of thermodynamics, a new thermodynamics evolutionary algorithm (TDEA) for solving six-hump camel back function optimization problem is proposed. Numerical experiments are conducted to measure the performance of thermodynamics evolutionary algorithm. The results show that thermodynamics...
It is known that software system plays an important role in the information society, and high trustworthiness is a key requirement for many types of systems, such as safety critical systems, telecommunication systems, and mission critical software systems. How to improve the trustworthiness to better serve our society has become an important research focus among areas of software theory and technology...
After the instruction of FCS and Time, a new proxy signature is proposed. The new scheme not only has the properties of proxy signature, but also greatly improves the security.
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.