The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Aiming at the disadvantages of current vulnerability management such as taking up much of the network bandwidth and lacking of effective means to install the patch we propose a model of vulnerability detection and restoration system based on multi mobile agent technology, which restoration mechanism adopts ant colony optimization. It is proved that the model can reduce the workload of vulnerability...
The implementing risk of ERP systems has much ambiguity, having no quantifiable indicators and evaluation results only are "big", "small", "general" or other qualitative description, so it is reasonable and scientific to apply fuzzy comprehensive evaluation method for the fuzzy evaluation on ERP system implementing risk. The core of fuzzy evaluation is membership degree...
Our goal is to use the vast repositories of available open source code to generate specific functions or classes that meet a user's specifications. The key words here are specifications and generate. We let users specify what they are looking for as precisely as possible using keywords, class or method signatures, test cases, contracts, and security constraints. Our system then uses an open set of...
The increasing demand for voice over IP (VoIP) and the accompanying network convergence lead into a new area of security risks for voice infrastructures. A probability based risk analysis as an integral part of a security concept is presented which forges a hardened base system operating a voice platform. A modeling approach and a detailed system architecture is derived for the VoIP base system. Finally...
Security evaluation according to ISO 15408 (common criteria) is a resource and time demanding activity, as well as being costly. For this reason, only few companies take their products through a common criteria evaluation. To support security evaluation, the European Telecommunications Standards Institute (ETSI) has developed a threat, vulnerability, risk analysis (eTVRA) method for the Telecommunication...
In this position paper we look at the problem of letting the programmer specify what they want to search for. We discuss current approaches and their problems. We propose a semantics-based approach and describe the steps we have taken and the many open questions remaining.
Network security management plays a crucial role in protecting organization assets and its computer infrastructure. This can be done by identifying the vulnerabilities and developing effective control that reduces the risk of attacks and failures. Network risk assessment is a subjective process that is linked to multiple variables. These variables are associated with the organization assets and their...
Due to the increasing amount of Web sites offering features to contribute rich content, and the frequent failure of Web developers to properly sanitize user input, cross-site scripting prevails as the most significant security threat to Web applications. Using cross-site scripting techniques, miscreants can hijack Web sessions, and craft credible phishing sites. Previous work towards protecting against...
Supporting a security principle, such as least privilege, in a software architecture is difficult. Systematic rules are lacking, no guidance explains how to apply the principle in practice. As a result, security principles are often neglected. This lowers the overall security level of the software system and the cost of fixing such problems later on in the development cycle is high. We propose an...
Increasingly, web applications handle sensitive data and interface with critical back-end components, but are often written by poorly experienced programmers with low security skills. The majority of vulnerabilities that affect web applications can be ascribed to the lack of proper validation of user's input, before it is used as argument of an output function. Several program analysis techniques...
In this paper, we perform an empirical analysis of email traffic logs obtained from a large university to better understand the development of social networks. We analyzed data containing records of emails sent over a period of 10 months - the largest dataset we are aware of. We study the long term evolution of social networks on real world data. The initial analysis of data is followed by an exploration...
With the increasing sophistication of attack techniques and scenarios, appropriate automated decision-making systems should be developed. This paper defines a new security language allowing to cope with attack scenarios through the representation of both attacks and security solutions in a single syntactic framework. A subsequent semantic analysis has also been introduced. To implement this reasoning,...
When a number of Web services are deployed there may be many Web services can provide expected functions of a service request. QoS can be then used to distinguish those similar functional services in order to select the best services in terms of their quality. Various QoS models and QoS languages have been proposed for Web services. Therefore different organizations and companies may adopt different...
Large-scale health information software systems have to adhere to complex, multi-lateral security and privacy regulations. Such regulations are typically defined in form of natural language (NL) documents. There is little methodological support for bridging the gap between NL regulations and the requirements engineering methods that have been developed by the software engineering community. This paper...
Effective use of the resources in modern collaborative environment suggests their sharing between collaborating organisations and user groups and on-demand provisioning for the specific tasks and projects that may involve distributed resources and users from different administrative and security domains. The proposed in earlier authors' work the general Complex Resource Provisioning (CRP) model provides...
Applications performing scientific computations or processing streaming media benefit from parallel I/O significantly, as they operate on large data sets that require large I/O. MPI-I/O is a commonly used library interface in parallel applications to perform I/O efficiently. Optimizations like collective-I/O embedded in MPI-I/O allow multiple processes executing in parallel to perform I/O by merging...
We present a technique for finding security vulnerabilities in Web applications. SQL injection (SQLI) and cross-site scripting (XSS) attacks are widespread forms of attack in which the attacker crafts the input to the application to access or modify user data and execute malicious code. In the most serious attacks (called second-order, or persistent, XSS), an attacker can corrupt a database so as...
Threats against computer networks evolve very fast and require more and more complex measures. We argue that teams respectively groups with a common purpose for intrusion detection and prevention improve the measures against rapid propagating attacks similar to the concept of teams solving complex tasks known from field of work sociology. Collaboration in this sense is not easy task especially for...
Security is a critical requirement for the e-health system because the patient's sensitive information can be accessed remotely and this makes the entire system vulnerable to malicious attacks. In this paper, we present a novel role-interaction-organization security model and apply it to the e-health system which is modeled as a multi-agent system. The roles in our proposed model do not only determine...
A multiagent system (MAS) architecture is structured in terms of autonomous and communicating components. Agent orientation does not support the modularization of some system properties that affect several system components. These properties are called ldquocrosscutting concernsrdquo and need to be explicitly captured in the architectural design of MAS. Aspect-orientation provides abstractions to...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.