Serwis Infona wykorzystuje pliki cookies (ciasteczka). Są to wartości tekstowe, zapamiętywane przez przeglądarkę na urządzeniu użytkownika. Nasz serwis ma dostęp do tych wartości oraz wykorzystuje je do zapamiętania danych dotyczących użytkownika, takich jak np. ustawienia (typu widok ekranu, wybór języka interfejsu), zapamiętanie zalogowania. Korzystanie z serwisu Infona oznacza zgodę na zapis informacji i ich wykorzystanie dla celów korzytania z serwisu. Więcej informacji można znaleźć w Polityce prywatności oraz Regulaminie serwisu. Zamknięcie tego okienka potwierdza zapoznanie się z informacją o plikach cookies, akceptację polityki prywatności i regulaminu oraz sposobu wykorzystywania plików cookies w serwisie. Możesz zmienić ustawienia obsługi cookies w swojej przeglądarce.
In human history, the dependency on secret phrases - passwords - known to only a selected few in a group has mostly ensured that only those are authorised to access certain resources or information. However, such passwords have also spelled disasters when compromised. Beyond passwords, multi-factor authentication requires the knowledge of or the possession of things other than a password to complete...
We present a random access method inspired on Bloom filters that is suited for Machine-Type Communications (MTC). Each accessing device sends a signature during the contention process. A signature is constructed using the Bloom filtering method and contains information on the device identity and the connection establishment cause. We instantiate the proposed method over the current LTE-A access protocol...
Industry classification has been rigorously utilized in academic research and business analytics. The existing classification schemes, however, have been constructed and maintained manually by domain experts, which require exhaustive time and human effort while vulnerable to subjectivity. Hence, the existing classification systems do not properly reflect the fast-changing trends of the firms and the...
With the growing interest in Software Defined Networking (SDN) and thanks to the programmability provided by SDN protocols like OpenFlow, network application developers have started implementing solutions to fit corporate needs, like firewalls, load balancers and security services. In this paper, we present a novel solution to answer those needs with usage control policies. We design a policy based...
Dagger is a modeling and visualization framework that addresses the challenge of representing knowledge and information for decision-makers, enabling them to better comprehend the operational context of network security data. It allows users to answer critical questions such as “Given that I care about mission X, is there any reason I should be worried about what is going on in cyberspace?” or “If...
The task of generating network-based evidence to support network forensic investigation is becoming increasingly prominent. Undoubtedly, such evidence is significantly imperative as it not only can be used to diagnose and respond to various network-related issues (i.e., performance bottlenecks, routing issues, etc.) but more importantly, can be leveraged to infer and further investigate network security...
The security of Cyber-Physical Systems (CPS) has been recently receiving significant attention from the research community. To this end, this paper sheds the light on a number of security approaches for CPS from two perspectives, namely, control-theoretic and cyber security. Further, threat detectors in various CPS environments are highlighted and discussed. The aim is to demonstrate the lack of coherent...
Context: Security is becoming increasingly important during software engineering. Software developers should be able to adapt and deploy secure systems in a continuously changing execution context. Method: We use Software Product Lines (SPLs), Business Process Management (BPM) and Security Requirements Engineering (SRE) techniques for anticipating the uncertainty and the changes of security requirements...
Web browsers were initially designed to retrieve resources on the world wide web in a static manner such that adding security checks in select locations throughout the codebase sufficiently provided the necessary security guarantees of the web. Even though systematic security checks were always performed, those security checks were sprinkled throughout the codebase. Over time, various specifications...
Software applications run on top of infrastructure consisting of hardware (processors, devices, communication networks, …) and software (operating systems, compilers, virtual machines, language runtimes, databases, …). In many cases, attacks against application software rely at least to some extent on aspects of that infrastructure, and in some cases vulnerabilities can be fixed by strengthening the...
Securing critical systems such as Cyber-Physical Systems (CPS) is an important feature especially when it comes to critical transmitted data in a real-time environment. At the same time, the implementation of security counter-measures in such systems may impact transmission delays of critical tasks. For this reason selecting proper security mechanisms in such critical systems is an important issue...
Multiagent patrolling in adversarial domains has been widely studied in recent years. However, little attention has been paid to cooperation issues between patrolling agents. Moreover, most existing works focus on one-shot attacks and assume full rationality of the adversaries. Nonetheless, when patrolling frontiers, detecting illegal fishing or poaching, security forces face several adversaries with...
Performance assessment of human teaming in complex, real-world contexts is a fundamental challenge for research and training communities alike. We highlight a unique partnership between the cybersecurity training and research communities with the common goal of capturing human team performance. Whether in the context of a training assessment or a research endeavor; both are two sides of the same coin...
Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security oracle problem. In this work, we present SOFIA, a Security Oracle for SQL-Injection Vulnerabilities. SOFIA is programming-language and source-code independent,...
To assist the vulnerability identification process, researchers proposed prediction models that highlight (for inspection) the most likely to be vulnerable parts of a system. In this paper we aim at making a reliable replication and comparison of the main vulnerability prediction models. Thus, we seek for determining their effectiveness, i.e., their ability to distinguish between vulnerable and non-vulnerable...
This work proposes to include security and privacy into to context of Linked Open Data (LOD) and the Semantic Web. Here, a database partitioning approach to logically and physically separate data and distribute the partitions across several different cloud providers is applied. This data distribution is called fixed vertical partitioning and distribution approach (FVPD), as data schemes are vertically...
User modelling is an old research discipline. The main concern of this discipline is to improve the quality of human-computer interaction predictive goals, preferences and context. Thus, adaptation and personalization of a document or an application for a particular user need to have information on the latter. It often referred to as “user profile”. A user profile modelling process must be done in...
Deception-based defense relies on intentional actions employed to induce erroneous inferences on attackers. Existing deception approaches are included in the software development process in an ad-hoc fashion, and are fundamentally realized as single tools or entire solutions repackaged as honeypot machines. We propose a systematic goal-driven approach to include deception tactics early in the software...
Since the first performance benchmarks proposed more than 25 years ago, the concept of comparing/ranking computer systems or components has proven to be a powerful instrument to promote the improvement of specific computer or software features. Following this path, many benchmarking studies have extended the benchmarking model initially proposed for performance to address the comparison of different...
In the collaborative systems, in order to establish successful and protected collaboration, the trust management is first established between the participating entities and the trust score of each entity is calculated. This score is obtained based on the three trust criteria (satisfaction, reputation and recommendation) that are redefined and reused in our model: Tr-OrBAC. The evaluation of these...
Podaj zakres dat dla filtrowania wyświetlonych wyników. Możesz podać datę początkową, końcową lub obie daty. Daty możesz wpisać ręcznie lub wybrać za pomocą kalendarza.