The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Trust model has been suggested as an effective security mechanism in distributed network environment. Considerable researches have been done on trust evaluation and trust prediction. Traditional methods take the historical behavior data into consideration to predict the trust value of the network entity. However, the context of the network entity is seldom taken into account. It is obvious that the...
To design a secure system we need to understand its possible threats, more specifically we need to understand how the components of the architecture are compromised and used by an attacker in order to fulfill his objectives and how the attack proceeds through these units. We can do this using misuse patterns, an artifact we have introduced in earlier work. Threat modeling of IT systems has been widely...
Today, E-Commerce has become the largest revenue generation industry, letting seller sell everything from a pen to plane to the customers across the globe. Over an E-commerce platform where user and vendor merely interact with each other, the trust is undeniably the most important factor for users to perform transactions online. But at the same time it can't be assessed directly using some pre-defined...
Protecting (authorizing) access to individual web services has been explored in many research efforts. The focus of such research is to ensure that authorized users with appropriate credentials are able to access resources under controlled and authorized security. However, integrating and/or composing such services, e.g. through workflow environments in collaborative environments, remains an open...
Mobile device consumerisation has introduced the Bring-Your-Own-Device (BYOD) trend to the organisational context, allowing employees to work using their personal devices. However, as personal mobile devices are perceived as less secure than those provided by the organisation, BYOD has risen security concerns about corporate information being accessed by mobile devices from inside and outside the...
KPI (Key Process Indicators) and success indicators are often defined in a rather generic and imprecise manner. This happens because they are defined very early in the project's life, when little details about the project are known, or simply because the definition does not follow a systematic and effective methodology. We need to precisely define KPI and project success indicators, guarantee that...
Certification has been proved as an essential mechanism for achieving different security properties in new systems. However, it has important advantages; among which we highlighted the increasing in users trust by means of attesting security properties, but it is important to consider that in most of cases the system that is subject of certification is considered to be monolithic, and this feature...
Software-Defined Networking (SDN) and Network Function Virtualization (NFV) are emerging as promising innovations for future network, which make Virtual Network Service (VNS) possible to be implemented broadly. It is the common truth that VNS is realized by the collaborations of multi-providers in practical scenario, where potential risks are lying in the collaborations. The primary risk is the availability...
Today authentication has become a major challenge in mobile cloud computing. Using a static password for authentication in cloud provider presents several security drawbacks: passwords can be forgotten, guessed, written down and stolen, eavesdropped or deliberately being told to other people. In this article, we propose a solution in order to improve authentication in mobile cloud computing and mainly...
The extensive use of cloud services by both individual users and organizations induces several security risks. The risk perception is higher when Cloud Service Providers (CSPs) do not clearly state their security policies and/or when such policies do not directly match user-defined requirements. Security-oriented Service Level Agreements (Security SLAs) represent a fundamental means to encourage the...
Computer networks today typically do not provide any mechanisms to the users to learn, in a reliable manner, which paths have (and have not!) been taken by their packets. Rather, it seems inevitable that as soon as a packet leaves the network card, the user is forced to trust the network provider to forward the packets as expected or agreed upon. This can be undesirable, especially in the light of...
Memory error exploits rank among the most serious security threats. Of the plethora of memory error containment solutions proposed over the years, most have proven to be too weak in practice. Multi-Variant eXecution (MVX) solutions can potentially detect arbitrary memory error exploits via divergent behavior observed in diversified program variants running in parallel. However, none have found practical...
Social networking sites have billions of users who communicate and share their personal information every day. Social engineering is considered one of the biggest threats to information security nowadays. Social engineering is an attacker technique to manipulate and deceive users in order to access or gain privileged information. Such attacks are continuously developed to deceive a high number of...
Value-dependent noninterference allows the classification of program variables to depend on the contents of other variables, and therefore is able to express a range of data-dependent security policies. However, so far its static enforcement mechanisms for software have been limited either to progress-and termination-insensitive noninterference for sequential languages, or to concurrent message-passing...
Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we can limit the damage caused by low-level attacks such as control-flow hijacking. When used to defend against such attacks, compartmentalization is often implemented...
Cloud Computing did come up with so many attractive advantages such as scalability, flexibility, accessibility, rapid application deployment, and user self service. However in hindsight, Cloud Computing makes ensuring security within these environments so much challenging. Therefore traditional security mechanisms such as firewalls and antivirus softwares have proven insufficient and incapable of...
Cities are seeking new innovative approaches to deliver public services by involving their community in a co-creation process. The main innovation of CLIPS is to provide a usable methodology with a toolkit that enables civil servants and other external stakeholders to collaborate in new designs and delivery of services, starting from a set of basic building blocks available in the cloud. This offers...
When enterprises decide to outsource their business processes to the Cloud, various considerations should be tackled. Indeed, the enterprises aim to reduce the business processes investment cost, to enhance their performance, and to focus on the enterprise core competency while considering security constraints. Hence, it is essential to assist enterprises to take the suitable decision by providing...
The proposed patterns for a specific domain were widely used for the concept of reusing of the resolved problems to similar ones. The verification criteria for proposed patterns evaluation are one of the important factors that affect the patterns quality. This research proposed patterns verification method and criteria based on quality attributes in order to improve patterns validity. The method was...
In the cloud computing context, Service Level Agreements (SLAs) are contracts between Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs), stating the guaranteed quality level of the services offered by CSPs. Existing cloud SLAs focus only on few service terms, completely ignoring all security related aspects. They are often reported in a way that is hardly understandable for customers...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.