Your search keyword '"COMPUTER security research"' showing total 25 results

1. Engineering Trustworthy Systems: A Principled Approach to Cybersecurity.

Author

SAYDJARI, O. SAMI

Subjects

*INTERNET security, *COMPUTER crime prevention, *COMPUTER system failure prevention, *COMPUTER engineering, *COMPUTER security research

Abstract

The article discusses the importance of cybersecurity designs in reducing the risk of system failure from cyberattacks. Topics include the importance of practicing cybersecurity as a principled engineering discipline, and the study of how cyberattacks succeed in order to derive or improve cybersecurity principles.

Published

2019

2. Prediction Using Propagation: From Flu Trends to Cybersecurity.

Author

Prakash, B. Aditya

Subjects

INTERNET security, COMPUTER security research, MALWARE, MACHINE learning, ONLINE social networks research, MATHEMATICAL models

Abstract

This article discusses two applications of propagation-based concepts for predictive analytics: marrying epidemiological models with statistical topic models to tease out user phases for better flu-trends prediction, and using propagation-based models to generatively model estimates of malware attacks. [ABSTRACT FROM PUBLISHER]

Published

2016

3. Security and Vulnerability Assessment of Social Media Sites: An Exploratory Study.

Author

Zhao, Jensen and Zhao, Sherry Y.

Subjects

*COMPUTER networks, *SOCIAL media research, *COMPUTER security research, *INTERNET security

Abstract

While the growing popularity of social media has brought many benefits to society, it has also resulted in privacy and security threats. The authors assessed the security and vulnerability of 50 social media sites. The findings indicate that most sites (a) posted privacy and security policies but only a minority stated clearly their execution of the key security measures; (b) had network information that was publicly available through Internet search, which was vulnerable to cyber intrusion; and (c) were secured with firewalls, filters, or port closures, with only few ports detected as open, which need further improvement. [ABSTRACT FROM PUBLISHER]

Published

2015

4. Service security and privacy as a socio-technical problem.

Author

Bella, Giampaolo, Curzon, Paul, and Lenzini, Gabriele

Subjects

*COMPUTER security research, *CLOUD computing, *INTERNET security, *RIGHT of privacy, *COMPUTER simulation

Abstract

The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research in security protocol design and analysis. By contrast, it entails much broader dimensions pertaining to how users approach technology and understand the risks for the data they enter. For example, users may express cautious or distracted personas depending on the service and the point in time; further, pre-established paths of practice may lead them to neglect the intrusive privacy policy offered by a service, or the outdated protections adopted by another. The approach that sees the service security and privacy problem as a socio-technical one needs consolidation. With this motivation, the article makes a threefold contribution. It reviews the existing literature on service security and privacy, especially from the socio-technical standpoint. Further, it outlines a general research methodology aimed at layering the problem appropriately, at suggesting how to position existing findings, and ultimately at indicating where a transdisciplinary task force may fit in. The article concludes with the description of the three challenge domains of services whose security and privacy we deem open socio-technical problems, not only due to their inherent facets but also to their huge number of users. [ABSTRACT FROM AUTHOR]

Published

2015

5. Measuring Risk: Computer Security Metrics, Automation, and Learning.

Author

Slayton, Rebecca

Subjects

*RISK, *INTERNET security, *COMPUTER security research, *RISK assessment, *AUTOMATION, *MANAGEMENT

Abstract

Risk management is widely seen as the basis for cybersecurity in contemporary organizations, but practitioners continue to dispute its value. This article analyzes debate over computer security risk management in the 1970s and 1980s United States, using this debate to enhance our understanding of the value of computer security metrics more generally. Regulators placed a high value on risk analysis and measurement because of their association with objectivity, control, and efficiency. However, practitioners disputed the value of risk analysis, questioning the final measurement of risk. The author argues that computer security risk management was most valuable not because it provided an accurate measure of risk, but because the process of accounting for risks could contribute to organizational learning. Unfortunately, however, organizations were sorely tempted to go through the motions of risk management without engaging in the more difficult process of learning. [ABSTRACT FROM PUBLISHER]

Published

2015

6. Social Life of PKI: Sociotechnical Development of Korean Public-Key Infrastructure.

Author

Park, Dongoh

Subjects

*PUBLIC key infrastructure (Computer security), *INTERNET security, *COMPUTER security research, *INFORMATION technology research

Abstract

Until the late 1990s, technology analysts expected public-key infrastructure (PKI) technology to be an essential element of online security systems. Today however, South Korea represents a unique example of widespread PKI use. This article traces the development of the Korean PKI and analyzes the social and cultural factors that contributed to the implementation and social adoption of the technology. [ABSTRACT FROM PUBLISHER]

Published

2015

7. Security and performance challenges for user-centric wireless networking.

Author

Frangoudis, Pantelis and Polyzos, George

Subjects

*WIRELESS Internet, *WIRELESS communications, *COMMUNICATIONS research, *INTERNET security, *COMPUTER security research, *SECURITY systems

Abstract

User-centrism has emerged as a disruptive new communication paradigm. In this article, we lay out its basic principles, study the key factors that have given rise to its adoption, and focus on the new set of challenges it brings about in various aspects of wireless networking. We study user-centric solutions on a case-by-case basis, along the dimensions of wireless access, provision of communication services, and wireless network management. We tackle specific security and performance challenges by designing and implementing architectures for secure VoIP communication tailored to user-centric wireless networks, and for robust user-driven wireless topology monitoring, a critical network management task. In both cases, we quantify the tradeoff between security and performance, showcasing the potential of relying on users to carry out traditionally provider-centric tasks. [ABSTRACT FROM PUBLISHER]

Published

2014

8. Cybersecurity Standards: Managing Risk and Creating Resilience.

Author

Collier, Zachary A., DiMase, Daniel, Walters, Steve, Tehranipoor, Mark Mohammad, Lambert, James H., and Linkov, Igor

Subjects

*INTERNET security, *STANDARDS, *RISK, *COMPUTER security research, *DECISION making

Abstract

A risk-based cybersecurity framework must continuously assimilate new information and track changing stakeholder priorities and adversarial capabilities, using decision-analysis tools to link technical data with expert judgment. [ABSTRACT FROM PUBLISHER]

Published

2014

9. A cyclical evaluation model of information security maturity.

Author

Rigon, Evandro Alencar, Westphall, Carla Merkle, dos Santos, Daniel Ricardo, and Westphall, Carlos Becker

Subjects

INFORMATION technology security, INTERNET security, COMPUTER security research, AUTOMATION, INTERNAL auditing

Abstract

Purpose -- This paper aims at presenting a cyclical evaluation model of information security (IS) maturity. The lack of a security evaluation method might expose organizations to several risky situations. Design/methodology/approach -- This model was developed through the definition of a set of steps to be followed to obtain periodical evaluation of maturity and continuous improvement of controls. Findings -- This model, based on controls present in ISO/IEC 27002, provides a means to measure the current situation of IS management through the use of a maturity model and provides a subsidy to take appropriate and feasible improvement actions, based on risks. A case study is performed, and the results indicate that the method is efficient for evaluating the current state of IS, to support IS management, risks identification and business and internal control processes. Research limitations/implications -- It is possible that modifications to the process may be needed where there is less understanding of security requirements, such as in a less mature organization. Originality/value -- This paper presents a generic model applicable to all kinds of organizations. The main contribution of this paper is the use of a maturity scale allied to the cyclical process of evaluation, providing the generation of immediate indicators for the management of IS. [ABSTRACT FROM AUTHOR]

Published

2014

10. TIM Lecture Series Web Infections and Protections: Theory and Practice.

Author

Kwong, Arnold

Subjects

LECTURES & lecturing, INTERNET security, COMPUTER security research

Abstract

The article presents the text of the lecture delivered by Arnold Kwong, managing director of Extratelligence, about his organization's research into Web infections and protections from 1999 to 2014, at Carleton University on February 27, 2014. Topics discussed include the key concept behind the research effort of the company, and the lessons learned from the research like the inadequacy of "good behavior" to protect one from infections.

Published

2014

11. Japan's Changing Cybersecurity Landscape.

Author

Kshetri, Nir

Subjects

*INTERNET security, *COMPUTER security research, *SECURITY systems, *COMPUTER security equipment industry, *SECURITY systems industry

Abstract

Japan's cybersecurity efforts have been lacking compared to other advanced economies, but the country is now taking more aggressive steps to address this deficiency. [ABSTRACT FROM PUBLISHER]

Published

2014

12. Survey on Cloud Computing Security Policies and Privacy Concerns for Information Security.

Author

Sharma, Paresh D. and Gupta, Hitesh

Subjects

CLOUD computing, INTERNET security, PERSONAL information management, COMPUTER networks, COMPUTER security research

Abstract

This paper describes a study on the existing methods and techniques for the cloud computing. Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided 'As a service' over the Internet. Cloud computing provides on demand and at scale services for network infrastructure, platforms, and applications based on an off premise, pay-as-you-go operational model. Files and other data can be stored in the cloud and be accessed from any Internet connection. But some security or privacy issues should be taken into account while using this services such as private information disclosure problem while data being shared within the cloud, unauthorized access to personal data, Unauthorized secondary storage, Uncontrolled data propagation etc. various service providers use Identity Management to solve privacy problems but it's not sufficient. In this paper, a survey on the security policies, trust & privacy issues are studied & based on that the proposed system created. For providing the security to the network and data different encryption methods are used. So, the proposed approach can be used by the service providers in order to get a secured cloud computing environment. [ABSTRACT FROM AUTHOR]

Published

2013

13. Method for a Two Dimensional Honeypot to Deter Web Bots in Commerce Systems.

Author

Nassar, Nader and Miller, Grant

Subjects

INTERNET security, COMPUTER security research, COMPUTER hackers, ELECTRONIC commerce research, HONEYPOTS (Network security)

Abstract

Security for web applications is an ongoing dilemma. Hackers and bots are getting more and more innovative in bypassing the various defensive tools implemented to enforce security. e-Commerce applications, such as those used for transaction processing, could be placed in a position of not providing a fair chance to all consumers because bots can interact more quickly. This is especially true when a commerce site offers popular inventory items where many traders are competing to get an item that has a limited supply. The e-Commerce site's security is compromised when some traders utilize pre-formatted scripts or spiders to place orders, thus giving them an unfair advantage. The problem is: how to eliminate the interaction of scripts and spiders in a given web application flow while requiring no additional actions taken by a human user. Our paper introduces an innovative multi-layer approach to honeypots where cashing or bypassing the honeypot is technically impractical. [ABSTRACT FROM AUTHOR]

Published

2013

14. Analysis of «incident» definitions and its interpretation in cyberspace.

Author

Gnatyuk, V. O.

Subjects

INFORMATION technology security, MULTIPLE criteria decision making, INTERNET security, COMPUTER security research, COMPUTER systems

Abstract

Determining of the most concepts is focused on specific sectors or industries as a result of the international legal base modernization. Analysis of scientific sources showed the lack of the works devoted to the base terminology research. This makes not clear the concepts of information security incident and cyber incident. As a result, methods and systems for responding to information security incidents (cyber incidents) are complicated and low efficient. In view of this, multicriteria analysis of concept definitions «incident» in international and industry standards, scientific publications, dictionaries, reference books and online resources were carried out. After the analysis a common set of basic features of the incident concept was identified and the generalized definitions of information security incident & cyber incident were proposed. [ABSTRACT FROM AUTHOR]

Published

2013

15. Cyber insecurity as a national threat: overreaction from Germany, France and the UK?

Author

Guitton, Clement

Subjects

*COMPUTER security research, *INTERNET security, *NATIONAL security, *GOVERNMENT policy

Abstract

The US billion dollars investments in cyber security are creating a securitisation of cyberspace. What has happened meanwhile in Europe? The argument is threefold. First, cyber threats were raised to the national threat level in Germany (2006), France (2008) and the UK (2008), but the justifications put forward for such an upgrade did not hold, as well as invested resources at that point in time. Second, cyber security strategy followed up this upgrade and designed a framework to tackle the threat that was found coherent with the assessment of the respective national security strategies. Third, cyber insecurity stemmed from criminals operating in cyberspace. Therefore, deterring criminals should have been at the core of tackling cyber insecurity but the defence strategies of France, Germany and the UK were instead focused on mitigating the effects of cyber attacks. [ABSTRACT FROM PUBLISHER]

Published

2013

16. Solving identity delegation problem in the e-government environment.

Author

Sánchez García, Sergio, Gómez Oliva, Ana, Pérez Belleboni, Emilia, and Pau de la Cruz, Iván

Subjects

*INTERNET fraud prevention, *IDENTITY theft prevention, *COMPUTER security research, *INTERNET security, *PUBLIC administration, *INTERNET in public administration, *COMPUTER network resources

Abstract

At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed. [ABSTRACT FROM AUTHOR]

Published

2011

17. An analysis of accuracy experiments carried out over of a multi-faceted model of trust.

Author

Quinn, Karl, Lewis, David, O’Sullivan, Declan, and Wade, Vincent

Subjects

*INTERNET security, *TRUST, *COMPUTER security research, *DATA security, *WEBSITE security, *INFORMATION technology security

Abstract

Trust models in internet environments today are single-faceted. A single-faceted approach to modelling trust can suit some, or many, individuals but we believe that such a single-faceted approach cannot capture the wide and varied range of subjective views of trust found across a large and broad population. In response, we have designed, developed and evaluated a rich, semantic, human-centric model of trust that can handle the myriad of terms and intertwined meanings of trust. This multi-faceted model of trust can be Personalised on a per user basis and specialized on per domain basis. In this paper we briefly present an overview of this model and explain how it can be Personalised and specialized. However, the primary focus of this paper is on the experimental evaluation that has been carried out to evaluate the accuracy of recommendations based on this multi-faceted, Personalised model of trust for internet environments. [ABSTRACT FROM AUTHOR]

Published

2009

18. The Future of Cybersecurity Education.

Author

McDuffie, Ernest L. and Piotrowski, Victor P.

Subjects

*PUBLIC-private sector cooperation, *INTERNET security, *NATIONAL security, *COMPUTER security research

Abstract

By fostering public-private partnerships in cybersecurity education, the US government is motivating federal agencies, industry, and academia to work more closely together to defend cyberspace. [ABSTRACT FROM PUBLISHER]

Published

2014

19. Computer attack trends challenge Internet security.

Author

Householder, A., Houle, K., and Dougherty, C.

Subjects

*CYBERTERRORISM, *COMPUTER security research, *ORGANIZATION, *SECURITY systems

Abstract

Organizations relying on the Internet face significant challenges to ensure that their networks operate safely and that their systems continue to provide critical services even in the face of attack. The article seeks to help raise awareness of some of those challenges by providing an overview of current trends in attack techniques and tools [ABSTRACT FROM PUBLISHER]

Published

2002

20. The drivers and inhibitors of cyber security evolution.

Author

Ashford, Warwick

Subjects

INTERNET security, INFORMATION technology security, COMPUTER security research, PROGRAM budgeting

Abstract

The article discusses the study by market research firm Pierre Audoin Consultants (PAC), that showed a shift in cyber security investment by European organisations to detection and response capabilities, and difference in pace of change. Topics discussed include factors inhibiting cyber security evolution such as lack of information technology (IT) budget and cyber security skills shortage, outsourcing of security incident response, and need to retain risk assessment responsibility.

Published

2015

21. Events.

Subjects

*COMPUTER security research, *INFORMATION technology security, *INTERNET security, *CONFERENCES & conventions

Published

2018

22. Rock Stars of Cybersecurity House Advertisement.

Subjects

MANUSCRIPTS, INTERNET security, CYBER intelligence (Computer security), COMPUTER security research, COMPUTER crimes

Abstract

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers. [ABSTRACT FROM PUBLISHER]

Published

2015

23. Wide Disparity Between Consumer, IT Pro Views of IoT Security.

Author

Preimesberger, Chris

Subjects

*COMPUTER security research, *NONPROFIT organizations, *INTERNET security, *INFORMATION scientists, *CUSTOMER satisfaction, *INTERNET of things

Abstract

The article reports on the results of a computing security research conducted by nonprofit global association ISACA which showed the disparity of opinion between consumers and cybersecurity and information technology specialists regarding the securability of connected devices. Topics discussed include the level of consumer satisfaction with regard to controlling the security of their mobile devices and the low level of security implementation for Internet of Things devices among businesses.

Published

2015

24. Google: Software Updates Are The 'Seatbelts Of Online Security' And Many Don't Buckle Up.

Author

Santus, Rex

Subjects

SOFTWARE upgrades, COMPUTER security research, INTERNET security, INTERNET users, ANTIVIRUS software, COMPUTER passwords

Abstract

The article reveals the failure of most non-cybersecurity experts to perform software updates as a safety precaution and for online security, according to research from Internet search company Google. It presents the top five security practices chosen by cybersecurity experts and the top five security measures chosen by regular Internet users. The research indicate the reliance of non-experts on antivirus software and the importance of having strong passwords.

Published

2015

25. Strengthening CAPTCHA-based Web security.

Author

Bell, Graeme Baxter

Subjects

COMPUTER security research, CAPTCHA (Challenge-response test), INTERNET security, PREVENTION of computer hacking, COMPUTER users

Abstract

Simple, universally applicable strategies can help any captcha-protected system resist automated attacks and can improve the ability of administrators to detect attacks. The strategies discussed here cause an exponential increase in the difficulty faced by automated attackers, while only increasing the inconvenience for human users in an approximately linear manner. These strategies are characterised using a new metric, the 'Captcha Improvement Ratio'. The paper concludes that presenting multiple captcha systems together in random order may provide quantitative and qualitative advantages over many typical present-day captcha systems. [ABSTRACT FROM AUTHOR]

Published

2012