The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Software development teams apply security practices to prevent vulnerabilities in the software they ship. However, vulnerabilities can be difficult to find, and security practices take time and effort. Stakeholders can better guide software development if they have empirical data on how security practices are applied by development teams. The goal of this paper is to inform managers and developers...
Many organisations have adopted outsourcing for delivering critical IT services to their clients. Organisations need to identify the potential security threats of outsourced IT projects as early as possible to avoid or mitigate security incidents. Existing threat classification approaches suffer from limitations such as the lack of exhaustive threat classification criteria. In this paper, we propose...
In order to develop efficient and effective framework for managing any conflict between security and privacy Non-Functional requirements and to reduce risk impact in software system, the goals set by the stakeholders need to be ascertained, and then the modeling language, tools, implementation and validation procedures need to be altered accordingly. Overall, this research is aimed for constructing...
While the domain of big data is anticipated to affect many aspects of human endeavour, there are numerous challenges in building big data applications among which is how to address big data characteristics in quality requirements. In this paper, we propose a novel, unified, approach for specifying big data characteristics (e.g., velocity of data arrival) in quality requirements (i.e., those requirements...
Securing critical systems such as Cyber-Physical Systems (CPS) is an important feature especially when it comes to critical transmitted data in a real-time environment. At the same time, the implementation of security counter-measures in such systems may impact transmission delays of critical tasks. For this reason selecting proper security mechanisms in such critical systems is an important issue...
Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security oracle problem. In this work, we present SOFIA, a Security Oracle for SQL-Injection Vulnerabilities. SOFIA is programming-language and source-code independent,...
To assist the vulnerability identification process, researchers proposed prediction models that highlight (for inspection) the most likely to be vulnerable parts of a system. In this paper we aim at making a reliable replication and comparison of the main vulnerability prediction models. Thus, we seek for determining their effectiveness, i.e., their ability to distinguish between vulnerable and non-vulnerable...
Deception-based defense relies on intentional actions employed to induce erroneous inferences on attackers. Existing deception approaches are included in the software development process in an ad-hoc fashion, and are fundamentally realized as single tools or entire solutions repackaged as honeypot machines. We propose a systematic goal-driven approach to include deception tactics early in the software...
Since the first performance benchmarks proposed more than 25 years ago, the concept of comparing/ranking computer systems or components has proven to be a powerful instrument to promote the improvement of specific computer or software features. Following this path, many benchmarking studies have extended the benchmarking model initially proposed for performance to address the comparison of different...
Various security-oriented static analysis tools are designed to detect potential input validation vulnerabilities early in the development process. To verify and resolve these vulnerabilities, developers must retrace problematic data flows through the source code. My thesis proposes that existing tools do not adequately support the navigation of these traces. In this work I will explore the strategies...
In this position paper, we present our interdisciplinary research into a unified account of profiling attackers for software-intensive systems. Our work draws on the principles from requirements engineering and criminology. Specifically, we show how a unified crime theory can be adapted to model the attackers and their degree of knowledge about the environment in which the software operates. We illustrate...
There is no doubt that agile methods have become mainstream and with their increased use unanswered questions start to appear: How do we address cross-cutting concerns when software is developed vertically? Does value prioritization lead to increases in technical debt by promoting feature development over refactoring? Isn’t the reticence to write initial specifications on the premise of change an...
To design a secure system we need to understand its possible threats, more specifically we need to understand how the components of the architecture are compromised and used by an attacker in order to fulfill his objectives and how the attack proceeds through these units. We can do this using misuse patterns, an artifact we have introduced in earlier work. Threat modeling of IT systems has been widely...
KPI (Key Process Indicators) and success indicators are often defined in a rather generic and imprecise manner. This happens because they are defined very early in the project's life, when little details about the project are known, or simply because the definition does not follow a systematic and effective methodology. We need to precisely define KPI and project success indicators, guarantee that...
Computer networks today typically do not provide any mechanisms to the users to learn, in a reliable manner, which paths have (and have not!) been taken by their packets. Rather, it seems inevitable that as soon as a packet leaves the network card, the user is forced to trust the network provider to forward the packets as expected or agreed upon. This can be undesirable, especially in the light of...
The proposed patterns for a specific domain were widely used for the concept of reusing of the resolved problems to similar ones. The verification criteria for proposed patterns evaluation are one of the important factors that affect the patterns quality. This research proposed patterns verification method and criteria based on quality attributes in order to improve patterns validity. The method was...
Due to complex and heterogeneous nature of a software being used in present-day scenario, the need for developing solution to the design related problems, where solutions were made earlier can be reused in a recurring manner. For solving various design problems, it is observed that design pattern helps to find a better solution to many of the recurring design problems. Generally, design patterns are...
Context based Mobile Information Catalog Surveillance is a mobile phone based communication application. This application will give the notification to the user whenever they want to communicate with their mobile virtually. This application proved to get the recent call logs details when you send a command as message to the Android mobile device. It is used on Business point of view surveillance and...
The article describes a automated method for searching of low-level and medium-level vulnerabilities in machine code, which is based on its partial recovering. Vulnerability search is positioned in the field of telecommunication devices. All various and typical vulnerabilities in source code and algorithms for its search is given. The article contains examples of usage method and its utility. There...
Using internet of things (IoT) to connect things, service, and people for intelligent operations has been discussed and deployed in many industry domains such as smart city, smart energy, healthcare, food and water tracking, logistics and retail, and transportation. However, scarce information is available for IoT usage in industrial automation domain for reliable and collaborative automation with...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.