The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Energy harvesting motivated networks (EHNets) are rapidly emerging as a major part of ubiquitous computing and communication infrastructure in the presence of Internet-of-Things (IoT). A set of self-sustainable nodes equipped with energy harvesting capabilities can effectively exploit ambient energy and convert it into electric energy, but it is admittedly vulnerable to a Denial-of-Service (DoS) attack...
Computer network defense has traditionally been provided using reactionary tools such as signature-based detectors, white/blacklisting, intrusion detection/protection systems, etc. While event detection/correlation techniques may identify threats — those threats are then dealt with manually, often employing obstruction-based responses (e.g., blocking). As threat sophistication grows, we find these...
This study presents BotHook, a cyber pedophile trend characterization platform and a hook for computer criminals on the Internet. This work in progress represents a proposal of a distributed platform (chatbot) that includes a module of attraction of pedophile interest, an intelligent engine of a question-answer analysis, and an automatic characterization of pedophile trends. In order to perform this...
We present a dynamic security management framework where security policies are specified according to situations. A situation allows to logically group dynamic constraints and make policies closer to business. Situations are specified and calculated by using complex events processing techniques and security policies are written in XACMLv3. Finally, the framework is supported by a modular event based...
Developing practical but secure programs remains an important and open problem. Recently, the operating-system and architecture communities have proposed novel systems, which we refer to as interactive-security systems. They provide primitives that a program can use to perform security-critical operations, such as reading from and writing to system storage by restricting some modules to execute with...
The article is devoted to the experience of the Russian and Soviet Fund of algorithms and programs. The fund, created more than half a century, played a noticeable role in creating a regulatory framework for requirements for replicable software. Fund experience also contributed to the development of the copyright to the software. Currently, due to the widespread use of free software, the fund performs...
The article describes the practice of applying laws on computer crimes in the Russian Federation, as well as the situation with computer security and the training of specialists in the field of computer law.
Our research is initially motivated by a conversation we had with a group of cyber security analysts that are responsible for monitoring enterprise security at a large corporation who were experiencing day-to-day operational burdens. As a result, this paper focuses on the design and implementation of an Intelligent Cyber Security Assistant (ICSA) architecture that would provide intelligent assistance...
The rapid digitalisation of the hospitality industry over recent years has brought forth many new points of attack for consideration. The hasty implementation of these systems has created a reality in which businesses are using the technical solutions, but employees have very little awareness when it comes to the threats and implications that they might present. This gap in awareness is further compounded...
Manifold approaches to security requirements engineering have been proposed, yet there is no consensus how to elicit, analyze, or express security needs. This perspective paper systematizes the problem space of security requirements engineering. Security needs result from the interplay of three dimensions: threats, security goals, and system design. Elementary statements can be made in each dimension,...
The objective of this paper is to explore how cybersecurity policies pertaining to data privacy, data acquisition, data fusion and data mining, impact the feasibility and functionality of Dynamic Data Driven Application Systems (DDDAS). In this work, a social media network model, will serve as the DDDAS of study in order to reveal how varying cybersecurity policies, could alter the functionality and...
The Internet of Things (IoT) connects not only computers and mobile devices, but it also interconnects smart buildings, homes, and cities, as well as electrical grids, gas, and water networks, automobiles, airplanes, etc. However, IoT applications introduce grand security challenges due to the increase in the attack surface. Current security approaches do not handle cybersecurity from a holistic point...
While social networking has gone on almost as long as societies themselves have existed, the unparalleled potential of the Web to facilitate such connections has led to an exponential and ongoing expansion of that phenomenon. In addition to social media platforms, the capacity for social interaction and collaboration is increasingly built into business applications [1]. The risks in the online space...
The paper pertains to the cyber-security challenges in Industry 4.0 that cyber-security experts have to deal with nowadays. Due to the nature of Industry 4.0, where all devices in manufacturing technologies are interconnected, exchanging data and information with each other, broadens the cyber-lands horizons for cyber-criminals to exploit them in their interest. The paper makes reference to the industrial...
One of the most valuable assets of economic and social life is information. Information is a resource for organizations, the basis for efficient operation, an asset, and often also a product that is sold. Cybersecurity is rarely thought of as a problem, yet, actions taken to protect information are everywhere in our lives. There are processes that can be a critical problem in the operation of an organization...
Modern processors are becoming increasingly complex with features that improve performance and add new functionality. However, such improvements are a double-edged sword: they improve performance and functionality but also introduce security-critical bugs into the processor that attackers can leverage to bypass a system's security policies. Existing solutions require hardware extensions and often...
This tutorial provides developers with practical guidance for securely implementing Java Serialization. Java deserialization is a clear and present danger as its widely used both directly by applications and indirectly by Java subsystems such as RMI (Remote Method Invocation), JMX (Java Management Extension), JMS (Java Messaging System). Deserialization of untrusted streams can result in remote code...
Input-handling vulnerabilities have been a constant source of security problems for decades. Many famous recent bugs are in fact input-handling bugs. We argue that the techniques for writing parsers in its present form are insufficient, and hence we propose a new pattern. In this tutorial, we will show participants a new design pattern for designing and implementing parsers using this new method....
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.