The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Enhanced Course of Action (CoA) generation is a fundamental component of effective risk management and mitigation. This paper presents an extension of a system capable of integrating physics-based (hard) and people-generated (soft) data, for the purpose of achieving increased situational assessment and automatic CoA generation upon risk identification. The system's capabilities are enhanced through...
In today's cloud computing platforms, more and more users are now working or collaborating in multi-cloud environment, in which collaborators, clouds, computing nodes may belong to different institutions or organizations. Those different organizations might have their own policies. Security is still a big concern in cloud computing. To help cloud vendors and customers to detect and prevent from being...
Fault attack becomes a serious threat to system security and requires to be evaluated in the design stage. Existing methods usually ignore the intrinsic uncertainty in attack process and suffer from low scalability. In this paper, we develop a general framework to evaluate system vulnerability against fault attack. A holistic model for fault injection is incorporated to capture the probabilistic nature...
E-commerce is the future of the businesses of 21st Century. A relatively new demanding area to researchers and managers is implementation of quality management practice in E-commerce Applications. For evaluating the quality of the E-commerce application, an E-commerce Total Quality Management framework (E-TQMF) is proposed which takes into consideration the quality aspect both from the customer's...
Security is still the main obstacle that is preventing businesses from moving towards the Cloud, which makes choosing the right Cloud service provider CSP a critical decision. We propose in this paper a methodology for evaluation and selection of Cloud security services based on a Multi-Criteria Analysis (MCA) process using a set of evaluation criteria and quantitative metrics. We then give a general...
Ensuring software security is essential for developing a reliable software. A software can suffer from security problems due to the weakness in code constructs during software development. Our goal is to relate software security with different code constructs so that developers can be aware very early of their coding weaknesses that might be related to a software vulnerability. In this study, we chose...
Dynamic networks can be characterised by many factors such as changes (e.g., vulnerability change, update of applications and services, topology changes). It is of vital importance to assess the security of such dynamic networks in order to improve the security of them. One way to assess the security is to use a graphical security model. However, the existing graphical security models (e.g., attack...
Nowadays, information security is an increasing concern in institutions and organizations. This concern is even greater in the finance sector, not only because the financial amount involved but also clients and organization's private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing...
In graph based extractive summarization the extraction of sentences can be determined by the importance of the words it contains and the association between the sentences. This method considers the word separately. It does not provide association link handling between the words. This paper addresses to what extent the integration of coreference resolution into the summarization process can improve...
The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate...
Malicious cloud computing activity can take many forms, including running unauthorized programs in a virtual environment. Detection of these malicious activities while preserving the privacy of the user is an important research challenge. Prior work has shown the potential viability of using cloud service billing metrics as a mechanism for proxy identification of malicious programs. Previously this...
Betweenness centrality is a popular metric in social science, and recently it was adopted also in computer science. Betweenness identifies the node, or the nodes, that are most suitable to perform critical network functions, such as firewalling and intrusion detection. However, computing centrality is resource-demanding, we can not give for granted that it can be computed in real time at every change...
The node replica attack is known to be dangerous to wireless sensor networks (WSNs) because it enables the adversary to extend the damage throughout the network with very low cost. To stop such attack, we propose a similarity estimation based scheme with group deployment knowledge. Compared with prior works, our proposal provides extra functionality that prevent replica from generating false location...
Physical Unclonable Functions (PUF) are an emerging hardware security primitives proposed by various researchers in last one decade. PUFs are useful security architectures used for identification, authentication and cryptographic key generation. Many PUF topologies are proposed in the past targeting both ASIC and FPGA. It is nearly impossible to get two PUF circuits with same characteristics for the...
Cognitive radio technology is used to alleviate the contradiction between the scarcity problem and low utilization rate of spectrum resources. However, the existence of unbelievable data leads to an inaccurate judge for some available resources, which causes the failed network behaviors and interferes the authorized networks. The traditional security techniques can't defense this threat efficiently...
Devices that monitor and measure various system parameters or physical phenomena form an integral part of cyber-physical systems. Such devices usually operate continuously and gather important data that is often critical for the operation of the underlying system. Thus, it becomes important to understand and detect abnormal or malicious device behavior, false injection of data by an adversary, or...
Considering the various security constraints is a primordial task in software development. Dealing with security problems early enable us to not going further in the process and avoid rework. Extract-Transform-Load (ETL) processes are the back stage of data warehouse architectures. Securing the ETL processes development is highly important and helps in mitigating security defects. Defining the right...
Accurate measurement of the quality of systems is crucial to building trustworthy systems. Such a measurement indicates whether a system is working properly and meeting its requirements. Although security and dependability metrics are regarded as key metrics for measuring the quality of systems, they are not sufficient for measuring the quality of systems that are placed in a multi-domain environment...
Performance assessment of human teaming in complex, real-world contexts is a fundamental challenge for research and training communities alike. We highlight a unique partnership between the cybersecurity training and research communities with the common goal of capturing human team performance. Whether in the context of a training assessment or a research endeavor; both are two sides of the same coin...
Software-Defined Networking (SDN) provides the potential for highly configurable, automated networks by separating the control and forwarding functions of network devices. While SDN appears to have many potential benefits for coalition tactical networking, including rapid reconfigurability and improved network situational awareness, there are significant obstacles to overcome. In particular, the low...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.