The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Medical facilities are vital ingredients which can make or break lives. In such critical matters, proper management of Private Health Information (PHI) of each individual is very necessary. In many foreign countries, Information Technology has made a revolutionary impact in the medical sector too, providing with absolute paperless hospitals. Several emergency facilities are available, and doctors...
Given the proliferation of malware and malicious activities, the integrity of communication systems is an ever growing concern. In this work, we propose StaticTrust, an integrity measurement framework which enables a system to evaluate the integrity and state of a remote client prior to providing trusted communication services. StaticTrust is designed for a specific class of network devices that have...
Phishing is the criminal activity of enticing people into visiting websites that impersonate the real thing, to dupe them into revealing passwords and other credentials to carry out financial fraud. This less suspected and high profile attack lays a deceit trap to the unwitting and gullible customers to part with their sensitive credentials to unauthorized entities. The inherent suave and subtle vulnerabilities...
Continuous biometric authentication schemes (CBAS) are built around the biometrics supplied by user behavioural characteristics and continuously check the identity of the user throughout the session. The current literature for CBAS primarily focuses on the accuracy of the system in order to reduce false alarms. However, these attempts do not consider various issues that might affect practicality in...
In a clear contrast with the phenomenal growth of Web database applications, access control issues related to data stored in the back-end databases have largely been neglected. Current approaches to access control on databases do not fit web databases because they are mostly based on individual user identities. In this paper, we propose (RBAC+), a dynamic access control model to enforce fine-grained...
As the modern society becomes increasingly dependent on software, how to develop Trustworthy Software(TS) systems is considered a critical issue by academia, government and industry. The domain of our work focused on the reliability research on UNIX system, which is the famous and widely used operation system in the world, and adopts C/S software architecture. However, when the user remote login the...
This paper designs and implements a network worm detection prototype system. The system includes four components: (1) the network status information collection subsystem, including two modules: monitoring module, to achieve real-time capture of network data packets from the network, and pre-process these data packets to form statistics information can be submitted; data storage module, to store the...
Security is one of the main aspects to take into account when designing and developing web services. A meaning number of mechanisms of attack can lead to a web service system crash. As a result, the web service cannot allow the access to authorized users. This type of attacks is so-called as denial of service attack (DoS) which affects the availability of the services and resources. This paper presents...
SCADA systems are widely used in critical infrastructure sectors, including electricity generation and distribution, oil and gas production and distribution, and water treatment and distribution. SCADA process control systems are typically isolated from the internet via firewalls. However, they may still be subject to illicit cyber penetrations and may be subject to cyber threats from disgruntled...
In 2005, Yoon et al. proposed a user-friendly remote user authentication scheme using smart cards. The security of their scheme is based on one-way hash function and they claimed that their scheme is secured from attacks and achievable for proving mutual authentication, freely choosing password, no verification tables, and involving very lightweight hashing operations. However, we find that Yoon et...
Recently, network resource has become extremely vulnerable to denial of service (DoS) and distributed denial of service (DDoS) attacks, which have become a pressing problem due to scarcity of an efficient method to locate the real attacker. Especially, as network topology becomes more advanced and complex, IP traceback is difficult but necessary. For protection against DoS/DDoS even partial information...
This paper surveys the current situation of phishing attacks in Spain and discuss some of the currently used countermeasures. Based on specialist interviews we estimate the costs of phishing to both individual clients and the banks. The focus of this paper is on authentication and transaction signing methods. We give examples of ??two-factor??and ??two-factor, two-channel?? authentication and transaction...
The Gmail vulnerability allowed unauthorized parties to add custom mail filters to target Gmail accounts. The only requirement was that the target users visit a Web site with malicious content while signed into Gmail
An operational definition for role-based access control (RBAC) is that permission assignment is based on the role a principal is assuming during a work session. The central underlying concept is thus that IT permissions are assigned to roles rather than directly to users. This level of indirection can provide simpler security administration and finer-grained access control policies.
As the 21st century progresses, computer systems have become a target for a new type of criminal who attacks software with malicious intent. Failure Modes and Effects Analysis, which is normally used to improve system reliability by identifying and mitigating the effects of potential system failures, provides a basic framework that can be applied to counter the threats a computer system will encounter...
Unified Enterprise application security is a new emerging approach for providing protection against application level attacks. Conventional application security approach that consists of embedding security into each critical application leads towards scattered security mechanism that is not only difficult to manage but also creates security loopholes. According to the CSI/FBI computer crime survey...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.