The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper contains a description of programs currently available for detecting physiological changes in the human reaction to a stressful situation. For each program described what is being evaluated, what we get like output of the program, advantages, disadvantages and potential contribution to commercial security. As alternative solutions are included training programs to help security personnel...
Software development teams apply security practices to prevent vulnerabilities in the software they ship. However, vulnerabilities can be difficult to find, and security practices take time and effort. Stakeholders can better guide software development if they have empirical data on how security practices are applied by development teams. The goal of this paper is to inform managers and developers...
As security incidents continue to impact organisations, there is a growing demand for systems to be ‘forensic-ready’ - to maximise the potential use of evidence whilst minimising the costs of an investigation. Researchers have supported organisational forensic readiness efforts by proposing the use of policies and processes, aligning systems with forensics objectives and training employees. However,...
Mobile devices have become our true companions in recent years. While bringing plenty of convenience, they also come with many security and privacy concerns. Being small, a mobile device is prone to loss or theft. Privacy data such as emails in a saved Gmail or Yahoo account on a lost device can be easily accessed by an unwanted visitor. Therefore, it is essential to research methods protecting mobile...
Network defenders are locked in a constant race with attackers as they try to defend their networks. The defenders suffer from a huge disadvantage: they lack knowledge of the existence of zero-day vulnerabilities that have not been yet been discovered or publically disclosed, but that are still weakening the security of their networks. It would be a huge advantage to these defenders if they had some...
After a software system is compromised, it can be difficult to understand what vulnerabilities attackers exploited. Any information residing on that machine cannot be trusted as attackers may have tampered with it to cover their tracks. Moreover, even after an exploit is known, it can be difficult to determine whether it has been used to compromise a given machine. Aviation has long-used black boxes...
The rapid development of Internet of Things and the current capabilities of high performance embedded systems have made them more attractive for the replacement of human personnel in hazardous or tedious duties. One such application is for guarding certain areas, such as the entrance of a warehouse for example. The aim of this work is to design an autonomous embedded security system for surveillance...
With the advent of the Internet of Things (IoT), electronics devices are everywhere in our lives. This omnipresence implies a growing of security issues (data or identity theft, hostile takeover of sensitive equipments…). To counter security vulnerabilities, “Security by Design” methods are being developed. It advises to think about security from the beginning of the conception at both software and...
This article presents a series of recommendations to integrate techniques of Security Engineering with Agile Methods without compromising agility. Such recommendations are grouped in a guide based on a literature review. To evaluate the guide, specialists with different profiles were interviewed in order to obtain a variety of perspectives on the addressed subject. This way, positive and negative...
Cyber criminals use phishing emails in high-volume and spear phishing emails in low volume to achieve their malicious objectives. Hereby they inflict financial, reputational, and emotional damages on individuals and organizations. These (spear) phishing attacks get steadily more sophisticated as cyber criminals use social engineering tricks that combine psychological and technical deceptions to make...
Security patterns are well-known solutions to security-specific problems. They are often claimed to benefit designers without much security expertise. We have performed an empirical study to investigate whether the usage of security patterns by such an audience leads to a more secure design, or to an increased productivity of the designers. Our study involved 32 teams of master students enrolled in...
This article presents an application of simulators for training in the security area. The system carries professionals closer to a reality of daily work. The system is designed to promote the training of professionals in public and private security through an interactive simulator based on voice recognition and motion, 3D environments and fire the laser with real firearm. The approach simulator is...
The vertiginous change in technologies and the increasing sophistication that cyber space present require organization and permanent preparation. However, time, education and training, results too short and not appropriate enough through traditional training methods. Training through simulation may offer proper preparation to fight against new threats that exist in this digital battlefield. The paper...
Security breaches in software systems are often caused by vulnerable code, which result in loss of confidential data in addition to reputation and financial damages. To achieve robust software security, developers must be given proper training on secure coding practices. Conventional training methods are limited as they do not take the prior code written by the developers into account. We propose...
The paper describes on-going work on a configurable network based experimental platform ReSeLa. The platform is a key component of the ongoing EU funded TEMPUS project ENGENSEC. The project is aiming at providing courses and training material to educate future generation of Cyber security experts. Our project is based on the educational Framework; Conceive, Design, Implement, Operate (CDIO1). The...
The path constraints are leaked by conditional jump instructions which are the binary form of software's internal logic. Based on the problem of above, reverse engineering using path-sensitive techniques such as symbolic execution and theorem proving poses a new threat to software intellectual property protection. In order to mitigate path information leaking problem, we propose a novel obfuscation...
A study on the employment of disabled people as forklift truck drivers for cargo handling operations is here presented. The work focused on the design of a customized forklift and the development of a novel lift machine as aid for people with paraplegia. Results of a market research about the usefulness of such a system is presented and a novel robotic modified forklift simulator has been realized...
Educated and trained people are critical success factor in any IT work environment to minimize threats or misuse of the organizational assets that may damage the growth, excellence, and efficiency of any business. However, humans are always the weakest point in any security plan. Awareness is by far the most successful technique that does not cost much when compared with training and education and...
Over the past decade the traceability research community has focused upon developing and improving trace retrieval techniques in order to retrieve trace links between a source artifact, such as a requirement, and set of target artifacts, such as a set of java classes. In this Trace Challenge paper we present a previously published technique that uses machine learning to trace software artifacts that...
With the currently implemented high standards in passenger screening, air cargo is being perceived as the security chain's weakest link in civil aviation and therefore becomes an attractive target for terrorists. Detailed regulations exist to harden air cargo against terrorist attacks. Blended learning training methods can be used to enable screeners to detect suspicious consignments even in situations...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.