The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Cloud users have little visibility into the performance characteristics and utilization of the physical machines underpinning the virtualized cloud resources they use. This uncertainty forces users and researchers to reverse engineer the inner workings of cloud systems in order to understand and optimize the conditions their applications operate. At Massachusetts Open Cloud (MOC), as a public cloud...
Background: Software security has drawn immense importance in the recent years. While efforts are expected in minimizing security vulnerabilities in source code, the developers' practice of code cloning often causes multiplication of such vulnerabilities and program faults. Although previous studies examined the bug-proneness, stability, and changeability of clones against non-cloned code, the security...
Some companies are willing to execute their business processes (BP) in the cloud for enjoying its benefits. However, they are also reluctant because of the new security risks that using cloud resources introduces. Security risk includes many dimensions, but this work focus on preserving the privacy of the logic of a BP deployed in a multi-cloud context by preventing a coalition of malicious clouds...
Cyber attacks are a critical threat to government infrastructure, commercial enterprises and personal devices. When belligerents attack cyber systems, they need to spread laterally to reach high value targets and communicate with their command and control sites. Intuitively, a layered defense including intrusion detection systems will limit the adversary's exploitation of the target. We apply lessons...
Machine learning has become one of the go-to methods for solving problems in the field of networking. This development is driven by data availability in large-scale networks and the commodification of machine learning frameworks. While this makes it easier for researchers to implement and deploy machine learning solutions on networks quickly, there are a number of vital factors to account for when...
With the growing adoption of cloud computing for business systems, the efforts to keep those environments secure are also increasing. Virtualization infrastructures are key to support such systems, but engineers lack means to help them in selecting the best solutions according to their security requirements. The goal of this work is to define and develop a benchmarking approach to assess and compare...
A Software Defined Network (SDN) provides functionalities for modifying network configurations. To enhance security, Moving Target Defense (MTD) techniques are deployed in the networks to continuously change the attack surface. In this paper, we realize an MTD system by exploiting the SDN functionality to optimally reconfigure the network topology. We introduce a novel problem Shuffle Assignment Problem...
There are several security requirements identification methods proposed by researchers in up-front requirements engineering (RE). However, in open source software (OSS) projects, developers use lightweight representation and refine requirements frequently by writing comments. They also tend to discuss security aspect in comments by providing code snippets, attachments, and external resource links...
Existing work on identifying security requirements relies on training binary classification models using domain-specific data sets to achieve a high accuracy. Considering that domain-specific data sets are often not readily available, we propose a domain-independent model for classifying security requirements based on two key ideas. First, we train our model on the description of weaknesses from the...
As the Android app market keeps growing, there is a pressing need for automated tool supports to empower Android developers to produce quality apps with higher productivity. Yet existing tools for Android mostly aim at security and privacy protection, primarily targeting end users and security analysts. Towards filling this gap, we present DROIDFAX, a toolkit that targets the developers to help them...
Most existing research for Android focuses on particular security issues, yet there is little broad understanding of Android application run-time characteristics and their implications. To mitigate this gap, we present the first systematic dynamic characterization study of Android apps that targets a broad understanding of application behaviors in Android. Through lightweight method-level profiling,...
Software vulnerabilities pose significant security risks to the host computing system. Faced with continuous disclosure of software vulnerabilities, system administrators must prioritize their efforts, triaging the most critical vulnerabilities to address first. Many vulnerability scoring systems have been proposed, but they all require expert knowledge to determine intricate vulnerability metrics...
This article discusses the assessment of the impact of the modern risk-based standards for ensuring the safety and security of Complex Industrial Facilities (CIF) of various industries. The focus pointed on the implementation the management systems based on PDCA cycle of safety process for CIF of fuel and energy complexes, including IT-Security. Furthermore, it is shown that the relevant applicability...
This article discusses aspects of the implementation and audit of the risk management system, implemented on the basis of modern standards for the enterprises of the oil and gas industry. Shows several practical examples of the implementation of the risk management process in the PDCA cycle proposed IMS model which contains all the basic entities to perform the audits (criteria, metrics, finding etc...
Developers frequently rely on free static analysis tools to automatically detect vulnerabilities in the source code of their applications, but it is well-known that the performance of such tools is limited and varies from one software development scenario to another, both in terms of coverage and false positives. Diversity is an obvi-ous direction to take to improve coverage, as different tools usual-ly...
Compared to other remote attestation methods, the binary-based approach is the most direct and complete one, but privacy protection has become an important problem. In this paper, we presented an Extended Hash Algorithm (EHA) for privacy protection based on remote attestation method. Based on the traditional Merkle Hash Tree, EHA altered the algorithm of node connection. The new algorithm could ensure...
Low Power and Lossy Networks (LLN) are characterized by stringent energy constraints and frequent communication errors. Recent research in the area of LLNs has focused in solving many issues like security, energy efficiency, and routing. RPL is a new routing protocol proposed for LLNs by IETF ROLL group. RPL provides opportunities for improving overall performance of LLN by providing mechanisms for...
River planform changes influence human residence, industrial development, agricultural development and national border security. A river consists of many reaches. Reach planform changes can be acquired by field survey works which are high-precision but time-consuming, or geographic information technologies which are low-precision but efficient. A reach planform can be described by two lines in GIS,...
This publication presents a novel concept for securing P2P-based M2M applications using the integration of a trust management system. In addition, this publication presents different security problems inside the P2P-based M2M application (P2P4M2M) framework and evaluates P2P protocols based on security. Furthermore, this paper emphasises the importance of trust for ensuring security. This is done...
It is difficult to assess the security of modern enterprise networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) and security metrics (e.g., attack cost, shortest attack path) are widely used to systematically analyse the security posture of network systems. However,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.