Search

Your search keyword '"Logical security"' showing total 843 results
Start Over Descriptor "Logical security" Topic security service
843 results on '"Logical security"'

1. Visualization of security event logs across multiple networks and its application to a CSOC

Author

Sang-Soo Choi, Jangwon Choi, Jungsuk Song, and Boyeon Song

Subjects
Cloud computing security, Computer Networks and Communications, business.industry, Network security, Computer science, Covert channel, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Information security, Computer security model, Internet security, Computer security, computer.software_genre, Security information and event management, Logical security, Security association, Security service, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Software, Computer network
Abstract

We introduce VisIDAC presented in Song at al (In: Nguyen, P.Q., Zhou, J. (eds.) Information Security—20th International Conference, ISC 2017, Security and Cryptology, vol. 10599. Springer International Publishing, 2017), which is a 3-D real-time visualization of security event log collection detected by intrusion detection systems installed in multiple networks. VisIDAC consists of three parallel plane-squares which represent global source networks, target networks, and global destination networks. Security events are displayed in different shapes, colors and spaces, according to their main features. It helps security operators to immediately understand the key properties of security events. We also apply VisIDAC to a public cyber security operations center, Science and Technology Cyber Security Center (ST whether they are inbound or outbound traffic; whether they are momentary or continuous; and what protocol and port number are mainly used.

Published
2017

2. Opensec: Policy Based Security using Internal Software Defined Network

Author

Raashmi, Senthil Madasamy N, Gokulapriya M, and Narayini S

Subjects
business.industry, Computer science, Computer security model, Computer security, computer.software_genre, Logical security, Security service, Software security assurance, Network Access Control, Network security policy, business, Software-defined networking, computer, Computer network
Published
2017

3. Enhancing Security of Software Defined Mobile Networks

Author

Jesus Llorente Santos, Jude Okwuibe, Edgardo Montes de Oca, Raimo Kantola, Oscar Lopez Perez, Madhusanka Liyanage, Mika Ylianttila, Ijaz Ahmed, Hammad Kabir, Mikel Uriarte Itzazelaia, University of Oulu, Department of Communications and Networking, Nextel S.A., Montimage, Aalto-yliopisto, and Aalto University

Subjects
General Computer Science, mobile networks, Network security, Computer science, Mobile computing, 050801 communication & media studies, Mobile Web, Cloud computing, 02 engineering and technology, security, Computer security, computer.software_genre, Security information and event management, Logical security, Public land mobile network, SDN, NFV, 0508 media and communications, Secure communication, Distributed System Security Architecture, Mobile station, 0202 electrical engineering, electronic engineering, information engineering, Mobile search, General Materials Science, Mobile technology, ta113, Radio access network, Access network, Cloud computing security, ta213, business.industry, 05 social sciences, General Engineering, 020206 networking & telecommunications, Provisioning, Enterprise information security architecture, Computer security model, monitoring, Security service, Software security assurance, Network Access Control, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, Software-defined networking, computer, lcsh:TK1-9971, 5G, Computer network
Abstract

Traffic volumes in mobile networks are rising and end-user needs are rapidly changing. Mobile network operators need more flexibility, lower network operating costs, faster service roll-out cycles, and new revenue sources. The 5th Generation (5G) and future networks aim to deliver ultra-fast and ultra-reliable network access capable of supporting the anticipated surge in data traffic and connected nodes in years to come. Several technologies have been developed to meet these emergent demands of future mobile networks, among these are software defined networking, network function virtualization, and cloud computing. In this paper, we discuss the security challenges these new technologies are prone to in the context of the new telecommunication paradigm. We present a multi-tier component-based security architecture to address these challenges and secure 5G software defined mobile network (SDMN), by handling security at different levels to protect the network and its users. The proposed architecture contains five components, i.e., secure communication, policy-based communication, security information and event management, security defined monitoring, and deep packet inspection components for elevated security in the control and the data planes of SDMNs. Finally, the proposed security mechanisms are validated using test bed experiments.

Published
2017

4. Audit expert system of communication security assessment

Author

Grzegorz Grodzki and Henryk Piech

Subjects
0209 industrial biotechnology, Computer science, Covert channel, 02 engineering and technology, Audit, Computer security, computer.software_genre, Communications security, Encryption, Security information and event management, Logical security, Security testing, 020901 industrial engineering & automation, Information security audit, Audit system, Security association, 0202 electrical engineering, electronic engineering, information engineering, Concrete security, Security level, General Environmental Science, Hacker, business.industry, Computer security model, Security service, Software security assurance, Security convergence, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, Element (criminal law), business, computer, Cryptographic nonce
Abstract

The main goal of the research consists in the elaboration of a system concerning the investigation of security communication, which regards a set of security factors, such as: the degree of encryption, the freshness of nonces, intruder activation, the lifetime of keys, secrets, etc. This paper is devoted to the presentation of systematization formalisms describing the functioning of a security model. In our variant, we investigate the changes of all chosen factors (security attributes) during the realization of protocol operations. The security attributes should be systematically corrected in this process. It changes the general security level of communication. The audit system strategy leads us to one of the most noticeable security in fluence characteristics that refer to time parameters. We can introduce the notation concerning the lifetime of elements (key, message, nonces, secret, etc.). When the value of time activity of an element exceeds its lifetime, then the communication security is definitely threatened. By using special rules presented in the works of Burrows, and Needham2, among other authors, and by creating additional logic formulas, we can estimate intermediate security probability parameters. Finally, we propose a certain kind of probability time automata in order to investigate and predicate different types of communication threats. These automata are built on the basis of a colored Petri net. In addition, this investigation consists in checking communication security (or a kind of threats) and making a threat prediction about possible cases that are connected with losing information. We also included in the model a procedure of security modification with respect to time (the activity of some parameters depends on time). We define the finite set of states by using the LU - technique (interval attribute activity) of a date notation. The proposed system resolves security problem in more comprehensive (multifaceted) way. Ingredient security factors can be grouped in different combinations. This approach increased the range of investigated threaten structures to even unknown hacker algorithm inventions.

Published
2017

5. Content-based security and protected core networking with software-defined networks

Author

Konrad Wrona, Sebastian Szwaczyk, Marek Amanowicz, and Sander Oudkerk

Subjects
Computer Networks and Communications, Computer science, computer.internet_protocol, Covert channel, Access control, 02 engineering and technology, Asset (computer security), Security policy, Computer security, computer.software_genre, Logical security, Security testing, Security information and event management, Internet protocol suite, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Enforcement, Cloud computing security, business.industry, 020206 networking & telecommunications, Information security, Computer security model, Computer Science Applications, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, 020201 artificial intelligence & image processing, Software-defined networking, business, computer
Abstract

Successful execution of future network-centric military operations relies on effective enforcement of both need-to-know and responsibility- to-share principles. In modern military missions and coalitions, which have an increasingly agile character, a promising solution is to enforce security policies based on the properties of individual information objects - we call this approach content-based security. This article discusses the enforcement of content-based security policies at the different layers of the TCP/ IP model, and introduces a proof-of-concept implementation of a content-based protection and release mechanism in a software-defined networking environment. Our aim is to provide consistent enforcement of security policies across multiple system layers and multiple security dimensions (confidentiality, integrity, and availability). The results of an analysis of a concrete example of a software-defined network emulated in Mininet are encouraging and confirm the effectiveness of our approach with respect to improving protection of data in transit. The work presented in this article offers a basis for further research in this area.

Published
2016

6. HiveSec: security in resource-constrained wireless networks inspired by beehives and bee swarms

Author

Srinivas Sampalli and Raghav V. Sampangi

Subjects
020203 distributed computing, Cloud computing security, Computer Networks and Communications, Computer science, Distributed computing, 020206 networking & telecommunications, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Security service, 0202 electrical engineering, electronic engineering, information engineering, Security through obscurity, Security convergence, Safety, Risk, Reliability and Quality, computer, Software, Information Systems
Abstract

Cryptographic algorithms rely on the strengths of all their fundamental components and expect them to be harmonious in accomplishing desired levels of security in applications. In order for a security solution to be sophisticated and to provide high security (measured in terms of the security goals it satisfies), the solution needs to typically involve complex mathematical operations and/or multiple stages of operation. While these might offer increased security, such solutions might not be applicable to all systems. We refer to resource-constrained wireless networks, such as radio frequency identification and wireless body area networks, where the resources available on-chip are often decided by the balance between device costs, requirements of longevity and usability. The constraints, thus, require designing solutions that use simple logical operations and are based on reuse of functions, while introducing sufficient unpredictability to increase security. In this paper, we present a key management and message signature generation scheme called HiveSec, whose design is inspired by the symmetry in beehives and the nature of bee swarms, and which offers security through unpredictability and reduced resource usage. We validate our work through simulation studies and security analysis.

Published
2016

7. Cognitive security: securing the burgeoning landscape of mobile networks

Author

Y. Thomas Hou, Wenjing Lou, Yuichi Kawamoto, Yao Zheng, and Assad Moini

Subjects
Cloud computing security, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Logical security, Security information and event management, Security engineering, Security service, Hardware and Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Human-computer interaction in information security, computer, Software, Physical security, Information Systems
Abstract

The rapid proliferation of personal wearable as well as embedded devices point to the emergence of networks of unprecedented size and complexity in the near future. Unfortunately, traditional network security solutions fall short of addressing the unique security requirements of the emerging environment given their general emphasis on administratively managed, preconfigured security context and strong physical security mechanisms. To cope with the security challenges of this emerging environment, novel cognitive-inspired security architectures have been proposed that emphasize dynamic, autonomous trust management. Cognitive security systems take advantage of sensing and computing capabilities of smart devices to analyze raw sensor data and apply machine learning techniques to make security decisions. In this article, we present a canonical representation of cognitive security architectures and examine the practicality of using these architectures to address the security challenges of rapidly growing networks of mobile/embedded autonomous devices including the ability to identify threats simply based on symptoms, without necessarily understanding attack methods. Using authentication as the main focus, we introduce our canonical representation and define various categories of contextual information commonly used by cognitive security architectures to handle authentication requirements, and highlight key advantages and disadvantages of each category. We then examine three grand challenges facing the cognitive security research including the tension between automation and security, the unintended consequences of using machine learning techniques as a basis for making security decisions, and the revocation problem in the context of cognitive security. We conclude by offering some insight into solution approaches to these challenges.

Published
2016

8. Matchmaking semantic security policies in heterogeneous clouds

Author

Orazio Tomarchio, Giuseppe Di Modica, Di Modica G, and Tomarchio O

Subjects
Computer Networks and Communications, Computer science, Interoperability, Cloud computing, 02 engineering and technology, Security policy, Computer security, computer.software_genre, Logical security, Security information and event management, World Wide Web, Security engineering, 0202 electrical engineering, electronic engineering, information engineering, semantics, Cloud computing security, Ontology, business.industry, security policie, cloud computing, 020206 networking & telecommunications, Computer security model, security policies, Security service, Hardware and Architecture, Information security standards, Software security assurance, semantic, Security through obscurity, Human-computer interaction in information security, Semantic technology, Network security policy, 020201 artificial intelligence & image processing, business, computer, Software
Abstract

The adoption of the cloud paradigm to access IT resources and services has posed many security issues which need to be cared of. Security becomes even a much bigger concern when services built on top of many commercial clouds have to interoperate. Among others, the value of the service delivered to end customers is strongly affected by the security of network which providers are able to build in typical SOA contexts. Currently, every provider advertises its own security strategy by means of proprietary policies, which are sometimes ambiguous and very often address the security problem from a non-uniform perspective. Even policies expressed in standardized languages do not appear to fit a dynamic scenario like the SOA's, where services need to be sought and composed on the fly in a way that is compatible with the end-to-end security requirements. We then propose an approach that leverages on the semantic technology to enrich standardized security policies with an ad-hoc content. The semantic annotation of policies enables machine reasoning which is then used for both the discovery and the composition of security-enabled services. In the presented approach the semantic enrichment of policies is enforced by an automatic procedure. We further developed a semantic framework capable of matchmaking in a smart way security capabilities of providers and security requirements of customers, and tested it on a use case scenario. Semantic matchmaking of security policies in cloud environments.Security ontology for modeling security concepts.Automatic semantic annotation of WS-SecurityPolicy policies.

Published
2016

9. SDSA: A framework of a software-defined security architecture

Author

Lu Xingyu, Liu Yan-bing, Xiao Yunpeng, and Jian Yi

Subjects
Cloud computing security, Computer Networks and Communications, Computer science, Sherwood Applied Business Security Architecture, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Logical security, Security controls, Security engineering, Security service, Software security assurance, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, computer
Abstract

The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contributions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defined security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software developments, and improves the security extensibility of systems.

Published
2016

10. Performance and security enhanced authentication and key agreement protocol for SAE/LTE network

Author

Fikadu B. Degefa, Dong-Hoon Lee, Dongho Won, Younsung Choi, and Jiye Kim

Subjects
Computer Networks and Communications, Network security, Computer science, Security Parameter Index, Covert channel, Access control, 02 engineering and technology, Computer security, computer.software_genre, Internet security, Logical security, Security association, Distributed System Security Architecture, 0202 electrical engineering, electronic engineering, information engineering, Security level, AKA, Authentication, Access network, business.industry, Network packet, Quality of service, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Computer security model, Cryptographic protocol, Security service, Network Access Control, business, computer, Computer network
Abstract

We exhaustively discuss the security threats of LTE access network.The scheme boosts the security level and improves performance of the network.We contribute to the methods of security protocols verification.The bandwidth consumption of exchange of authentication vectors is reduced by 79%.The computational, communication and storage overheads are significantly reduced. Display Omitted In recent years, Long Term Evolution has been one of the promising technologies of current wireless communication systems. Quality of service and data rate contribute for the robustness of the field. These two factors are the sum up of transmission rate, security delay, delay variation and some other communication factors. Despite its high data rate and quality of service, Long Term Evolution has some drawbacks as far as the security of this technology is concerned. Particularly, there are some security holes in authenticating users for access in the domain of Access Network. For instance, when User Equipment requests for attachment, the International Mobile Subscriber Identity (IMSI) is sent over network without security protection, hence privacy does not hold. In addition, many parameters are generated by invoking a function with only one input key by which compromising this key results in the whole failure of the system security. So as to mitigate these and some other huge security problems, the researchers, propose an improved approach without adding extra cost so that it can be implemented within the same environment as the existing security system (Evolved Packet System Authentication and Key agreement). As one of the performance enhancements, fetching authentication vectors from foreign network is enabled instead of fetching from home network, which significantly reduces the authentication delay and message overhead. Generally, the purpose is to boost the security level and performance of the protocol keeping the architecture of the system as similar as the conventional security system. These has been exhaustively analyzed and verified under network as well as security verification and simulation tools.

Published
2016

11. Placement of Security Devices in Cloud Data Centre Network: Analysis and Implementation

Author

Sunil Kumar Dhal and Santosh Kumar Majhi

Subjects
Computer science, computer.internet_protocol, Covert channel, Data security, 050801 communication & media studies, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Logical security, Security information and event management, 0508 media and communications, Information security audit, Security association, Cloud data centre, 0202 electrical engineering, electronic engineering, information engineering, Security devices, General Environmental Science, Cloud computing security, Security configuration, business.industry, 05 social sciences, Cloud service provider, 020206 networking & telecommunications, Information security, Computer security model, Security service, Software security assurance, IPsec, Network Access Control, General Earth and Planetary Sciences, Network security policy, business, computer, Computer network
Abstract

Due to extensive use of Cloud services and newly evolving security threats, most cloud service providers (CSP) deploy varieties of security devices such as, firewalls, IPSec, IDS, etc. for controlling resource accesses based on the data centre security requirements. Today CSPs are looking for systematically hardening the security by incorporating multiple security devices in the network in a cost-effective way. In this paper, we present an automated framework for synthesizing data centre security configurations. We take a dummy data centre topology, CSP security (connectivity and isolation) requirements and business constraints (usability and cost) as input; and then synthesizes the correct and optimal data centre security. It determines the optimal placement of different security devices in the data centre.

Published
2016

13. Providing customized security based on network function composition and reconfiguration

Author

Yuxiang Hu, Yufeng Li, Chiqiang Zing, and Jianxin Liao

Subjects
Computer Networks and Communications, Computer science, business.industry, Control reconfiguration, 020206 networking & telecommunications, 02 engineering and technology, Computer security model, Logical security, Network simulation, Security service, Software security assurance, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, Multilevel security, business, Computer network
Abstract

Real-time multimedia sharing in Consumer-centric Multimedia Network (CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMNs subjected to their fixed substrate security framework. A fundamental diversifying attribute for the customized security experiences of CMNs is pressing. This paper proposes a programmable network structure which is named Service Processing Chain (SPC) based on network function combination. The SPC is established by the ordinal combination of network functions in substrate switches dynamically, and therefore constructs a special channel for each CMN with required security. The construction and reconfiguration algorithms of SPC are also discussed in this paper. Evaluations and implementation show that above approaches are effective in providing multilevel security with flexibility and expansibility. It is believed that the SPC could provide customized security service and drive participative real-time multimedia sharing for CMNs.

Published
2016

14. A novel security architecture of electronic vehicle system for smart grid communication

Author

Seungjoo Kim, Taeshik Shon, Hyunwoo Lim, and Kyumin Cho

Subjects
Cloud computing security, Computer science, 020208 electrical & electronic engineering, Covert channel, 02 engineering and technology, Enterprise information security architecture, Computer security model, Computer security, computer.software_genre, Security information and event management, Logical security, Theoretical Computer Science, Security engineering, Smart grid, Distributed System Security Architecture, Security service, Hardware and Architecture, Software security assurance, Information and Communications Technology, 0202 electrical engineering, electronic engineering, information engineering, Network security policy, computer, Software, Information Systems
Abstract

As ICT is incorporated into the existing electrical grid, security threats can also be unintentionally introduced to the Smart Grid, as has happened with conventional information and communication networks. To avoid this, a new security architecture design addressing the particular characteristics of ICT is required. This paper proposes a logical architecture considering the case of electric vehicle telecommunication, which is one of the core Smart Grid services and one closely related to actual users. Based on that architecture, we analyzed the security threats and the respective security measures required to respond to them. By analyzing the security techniques and algorithms applicable to the Smart Grid environment and applying them to address its security requirements and threats we proposed a new security architecture for Smart Grid.

Published
2015

15. Lesson Learned: Security is Inevitable

Author

Charles P. Pfleeger

Subjects
Cloud computing security, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Cloud computing, Information security, Computer security model, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Security engineering, Security service, Software security assurance, Security through obscurity, Human-computer interaction in information security, The Internet, Electrical and Electronic Engineering, business, Law, computer
Abstract

The history of computing shows simple ideas that caught on: personal computers, the Internet, cloud computing, and smartphones were timely inventions that became successful, sometimes beyond the expectations of their original designers and developers. But ideas that work for one mode of use sometimes show serious limitations in other environments. Creators must anticipate unintended uses, even though predicting change is difficult. Designers must document expectations and limitations of products so that adapters will know when an expanded use threatens security. And developers must accept responsibility for the security of their products. The relatively small group of security professionals can no longer be assumed responsible for anticipating and countering all security threats.

Published
2015

16. Mobile-Based DoS Attack Security Agent in Sensor Networking

Author

Sungmo Jung, Seoksoo Kim, Donghyun Kim, and Dae-Joon Hwang

Subjects
Information privacy, Computer science, Covert channel, Data security, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Logical security, 0202 electrical engineering, electronic engineering, information engineering, Data Protection Act 1998, Electrical and Electronic Engineering, Security bug, Cloud computing security, business.industry, 020206 networking & telecommunications, Provisioning, Computer Science Applications, Security service, Software security assurance, Network Access Control, Security through obscurity, 020201 artificial intelligence & image processing, business, computer, Mobile device, Countermeasure (computer), Computer network
Abstract

Cloud computing emerges as a way to dynamically increase the capacity or capabilities in infrastructure architectures, software delivery, and development models. However, security is one of the major issues with mobile applications as they can be attacked by malicious users which reduces the growth of cloud computing and complications with data privacy and data protection. In this paper, a mobile-based security agent is presented which provides security mechanisms to security agents as well as hosts. This type of security agent is significant in providing security mechanism to security risks in cloud computing due to its ability to migrate from one host to another where it can resume its processing and service provisioning. Additionally, some of the current attacks are created that attackers may initiate. A fault tolerance at a high level was enabled for mobile-based distributed transaction processing in the cloud. The results show that most of the attack messages were detected and identified, and the type of attack was identified within a specific period of time.

Published
2015

17. A First Step Toward Network Security Virtualization: From Concept To Prototype

Author

Guofei Gu, Haopei Wang, and Seungwon Shin

Subjects
Computer Networks and Communications, Network security management, Network security, Computer science, Covert channel, Computer security, computer.software_genre, Asset (computer security), Security policy, Logical security, Security information and event management, Security engineering, Security association, Safety, Risk, Reliability and Quality, Network architecture, Cloud computing security, business.industry, Information security, Computer security model, Virtualization, Security service, Software deployment, Software security assurance, Network Access Control, Security through obscurity, Network security policy, business, computer, Computer network
Abstract

Network security management is becoming more and more complicated in recent years, considering the need of deploying more and more network security devices/middle-boxes at various locations inside the already complicated networks. A grand challenge in this situation is that current management is inflexible and the security resource utilization is not efficient. The flexible deployment and utilization of proper security devices at reasonable places at needed time with low management cost is extremely difficult. In this paper, we present a new concept of network security virtualization, which virtualizes security resources/functions to network administrators/users, and thus maximally utilizing existing security devices/middle-boxes. In addition, it enables security protection to desirable networks with minimal management cost. To verify this concept, we further design and implement a prototype system, NETSECVISOR, which can utilize existing pre-installed (fixed-location) security devices and leverage software-defined networking technology to virtualize network security functions. At its core, NETSECVISOR contains: 1) a simple script language to register security services and policies; 2) a set of routing algorithms to determine optimal routing paths for different security policies based on different needs; and 3) a set of security response functions/strategies to handle security incidents. We deploy NETSECVISOR in both virtual test networks and a commercial switch environment to evaluate its performance and feasibility. The evaluation results show that our prototype only adds a very small overhead while providing desired network security virtualization to network users/administrators.

Published
2015

18. Physical-Layer Security in the Internet of Things: Sensing and Communication Confidentiality Under Resource Constraints

Author

Amitav Mukherjee

Subjects
Engineering, Cloud computing security, business.industry, Computer security model, Transmission security, Communications security, Internet security, Computer security, computer.software_genre, Logical security, Security association, Security service, Electrical and Electronic Engineering, business, computer, Computer network
Abstract

The Internet of Things (IoT) will feature pervasive sensing and control capabilities via a massive deployment of machine-type communication (MTC) devices. The limited hardware, low-complexity, and severe energy constraints of MTC devices present unique communication and security challenges. As a result, robust physical-layer security methods that can supplement or even replace lightweight cryptographic protocols are appealing solutions. In this paper, we present an overview of low-complexity physical-layer security schemes that are suitable for the IoT. A local IoT deployment is modeled as a composition of multiple sensor and data subnetworks, with uplink communications from sensors to controllers, and downlink communications from controllers to actuators. The state of the art in physical-layer security for sensor networks is reviewed, followed by an overview of communication network security techniques. We then pinpoint the most energy-efficient and low-complexity security techniques that are best suited for IoT sensing applications. This is followed by a discussion of candidate low-complexity schemes for communication security, such as on–off switching and space-time block codes. The paper concludes by discussing open research issues and avenues for further work, especially the need for a theoretically well-founded and holistic approach for incorporating complexity constraints in physical-layer security designs.

Published
2015

19. A Survey of Securing Networks Using Software Defined Networking

Author

Adam Radford, Vijay Sivaraman, Sanjay Jha, and Syed Taha Ali

Subjects
Computer science, Computer security model, Computer security, computer.software_genre, Security information and event management, Logical security, Security service, Software security assurance, Network Access Control, Network security policy, Electrical and Electronic Engineering, Safety, Risk, Reliability and Quality, Software-defined networking, computer
Abstract

Software Defined Networking (SDN) is rapidly emerging as a new paradigm for managing and controlling the operation of networks ranging from the data center to the core, enterprise, and home. The logical centralization of network intelligence presents exciting challenges and opportunities to enhance security in such networks, including new ways to prevent, detect, and react to threats, as well as innovative security services and applications that are built upon SDN capabilities. In this paper, we undertake a comprehensive survey of recent works that apply SDN to security, and identify promising future directions that can be addressed by such research.

Published
2015

20. Security of Software Defined Networks: A survey

Author

Dianxiang Xu and Izzat Alsmadi

Subjects
Spoofing attack, General Computer Science, Network security, Computer science, Covert channel, Access control, Denial-of-service attack, Audit, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Logical security, Information security audit, Network architecture, Cloud computing security, business.industry, Information security, Computer security model, Security controls, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, business, Software-defined networking, Law, computer
Abstract

Software Defined Networking (SDN) has emerged as a new network architecture for dealing with network dynamics through software-enabled control. While SDN is promoting many new network applications, security has become an important concern. This paper provides an extensive survey on SDN security. We discuss the security threats to SDN according to their effects, i.e., Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, and Elevation of Privilege. We also review a wide range of SDN security controls, such as firewalls, IDS/IPS, access control, auditing, and policy management. We describe several pathways of how SDN is evolving. We presented an extensive survey on Software Defined Networks with focus on security.We majorly divided survey in two categories or perspectives; security attacks and controls or countermeasures.We presented our own vision on how security may evolve in future based on SDN.

Published
2015

21. New Proof Methods for Improving Privacy and Security by using Abe

Author

S. Suresh Babu and Chimili Ankapanaidu

Subjects
Cloud computing security, business.industry, Computer science, Internet privacy, Covert channel, Data security, Cloud computing, Information security, Permission, Service provider, Computer security model, Computer security, computer.software_genre, Encryption, Asset (computer security), Security information and event management, Logical security, Information security audit, Security association, Security service, Software security assurance, Security through obscurity, business, computer
Abstract

Searching and Security plays a major role in cloud computing. Providing encryption for the outsourced data is security concern in cloud computing. Service providers will take care of security for the data stored by the users. In this paper, the new security is provided by the service providers and data is authorized by the data owners and finally encrypted data searched by the users and decrypt the data for usage. In this paper, advanced attribute keyword search is used to provide security and data can access only by owner's permission. Results will show the performance of the data security.

Published
2015

22. A Study on Stabilizing a Network Security Zone Based on the Application of Logical Area to Communication Bandwidth

Subjects
Network architecture, Engineering, Network security, business.industry, Computer security, computer.software_genre, Logical security, Security testing, Security service, Network Access Control, Broadcast communication network, Network security policy, business, computer, Computer network
Abstract

Regarding countless network disorders or invasions happening nowadays from 2014 until 2015, illegal access intended to attack through the communication line provided by ISP (Internet Service Provider) appears to be the source of the problem. As a defensive way to prevent such network-based attacks, not only stabilization structures for network communication but various policies as well as physical security devices and solutions corresponding to those have been realized and established. Therefore, now is the time to gain foundational research data to secure network security sections by producing logical area on communication bandwidth or such, suggest tasks to expand the communication line which is another research topic in the network security market, and recognize the fact that the active communication bandwidth linkage paradigm using network communication bandwidth is needed as one of the areas that can realize physical security. Additionally, it is necessary to limit the data in the forms of organizing visible security structures into a certain range of physical information by re-dividing communication capacity being currently provided by telecommunicators into subdivided organizational areas and applying the logical virtualization of communication capacity in each of the areas divided. By proposing a network security section based on a logical field application in place of the existing physical structure, basic data that designs a stable physical network communication structure will be provided.

Published
2015

23. A Study on Security Attribute Design in Security Plan of The Design Phase

Author

Seong-Yoon Shin

Subjects
General Computer Science, Database, business.industry, Computer science, Covert channel, Access control, Computer security model, Encryption, computer.software_genre, Logical security, Security service, Security association, Software security assurance, Network Access Control, business, computer
Abstract

In this paper, a method to identify components per unit task system is expressed with node, module, and interface. We define security subject per unit task system and explain node, module, and interface per component. According to the defined security standard in design phase, we also perform to design and elaborate security attributes for node and module as identified security subjects in their defined tables. And then we describe the composition standard for security attribute design with some examples, after classifying it into security subject, access subject, access control area, identification or verification area, and encryption.

Published
2015

24. A novel secure architecture of the virtualized server system

Author

Jongsub Moon, Sang-Kon Kim, and Seung-Young Ma

Subjects
Computer science, Data security, Covert channel, 050109 social psychology, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Asset (computer security), Logical security, Security information and event management, Theoretical Computer Science, Security engineering, Distributed System Security Architecture, Server, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, 020203 distributed computing, Cloud computing security, business.industry, 05 social sciences, Hypervisor, Information security, Computer security model, Virtualization, Security service, Hardware and Architecture, Software security assurance, business, computer, Software, Information Systems
Abstract

To make cloud computing environments more secure, this paper focuses on the security of virtualized server systems. A security layer is introduced to the secure architecture of a virtualized server as an abstraction. Because the security layer will play a key role in securing the virtualized server, there is a need for it to be sufficiently robust to tackle the most common security threats associated with cloud computing. First, security threats to cloud computing are analysed based on a publication from an international organization and the security issues surrounding virtualized servers are clarified. Following this, the security elements and their functions for each of the security requirements for virtualized servers are defined. The relationship between the security issues and security elements is then presented to verify the effectiveness of the security layer. It is shown that, using the proposed security elements, the security issues facing virtualized server systems in cloud computing are adequately mitigated. Therefore, our research will be helpful in the development of virtualized servers by making cloud computing more secure.

Published
2015

25. Security Techniques in Distributed Systems

Author

Reza Nayebi Shahabi

Subjects
Environmental Engineering, Computer science, Distributed computing, Information security, Computer security model, Computer security, computer.software_genre, Logical security, Industrial and Manufacturing Engineering, Distributed System Security Architecture, Security service, Network Access Control, Security through obscurity, Security convergence, computer
Abstract

The security of information systems is the most important principle that can also be said that the most difficult, because security must be maintained throughout the system. At the beginning of this article we are going to introduce basic principles of security. The securities of distributed systems are divided into two parts: A portion of the communication between users and processes is concerned with examining issues such as authentication, message integrity and encryption will be discussed. In the next section, we will examine the guaranteed access permissions to resources in distributed systems. In addition to traditional access solutions, access control in mobile codes will be examined.

Published
2015

26. Reactive Data Security Approach and Review of Data Security Techniques in Wireless Networks

Author

Arif Sari and Mehmet Karay

Subjects
Cloud computing security, business.industry, Computer science, Data security, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Security service, Network Access Control, Security through obscurity, business, computer, Computer network
Abstract

There have been various security measures that deal with data security in wired or wireless network, where these measures help to make sure that data from one point to another is intact, by identifying, authenticating, authorizing the right users and also encrypting the data over the network. Data communication between computers has brought about countless benefits to users, but the same information technologies have created a gap, a vulnerable space in the communication medium, where the data that’s been exchanged or transferred, thereby causing threats to the data. Especially data on wireless networks are much exposed to threats since the network has been broadcasted unlike a wired network. Data security in the past dealth with integrity, confidentiality and ensuring authorized usage of the data and the system. Less or no focus was placed on the reactive approach or measures to data security which is capable of responding properly to mitigate an attacker and avoid harm and also to prevent future attacks. This research is going to expose the mechanisms and measures of data security in wireless networks from the reactive security approaches point of view and exposes the reactive approaches used to enhance data security.

Published
2015

27. Study of the Security Enhancements in Various E-Mail Systems

Author

Saja Alqurashi, Aisha M. Alshiky, Afnan S. Babrahem, Jayaprakash Kar, and Eman T. Alharbi

Subjects
Cloud computing security, Security service, Computer science, Security through obscurity, Security convergence, Computer security model, Computer security, computer.software_genre, Logical security, computer, Security testing, Security information and event management
Abstract

E-mail security becomes critical issue to research community in the field of information security. Several solutions and standards have been fashioned according to the recent security requirements in order to enhance the e-mail security. Some of the existing enhancements focus on keeping the exchange of data via e-mail in confident and integral way. While the others focus on authenticating the sender and prove that he will not repudiate from his message. This paper will survey various e-mail security solutions. We introduce different models and techniques used to solve and enhance the security of e-mail systems and evaluate each one from the view point of security.

Published
2015

28. An Integrated Electricity Information Security Monitoring Platform

Author

Hong Fei Xu, Shen Jin, Ran Yu, and Jiao Jiao Zhang

Subjects
Engineering, Cloud computing security, business.industry, General Medicine, Information security, Computer security, computer.software_genre, Logical security, Security information and event management, Security service, Information security management, Software security assurance, Network Access Control, business, computer
Abstract

An integrated electricity information security monitoring platform is presented, electrical information security integrated real-time monitoring of the state power applied information security systems, security equipment, network equipment, network boundaries, desktop computers, to improve information security monitoring, early warning, emergency response and defense capabilities to protect IT hardware, software and network security, which can guarantee continuous, reliable and efficient operation.

Published
2014

29. AC-PROT: An Access Control Model to Improve Software-Defined Networking Security

Author

Dali Kaafar, Wei Ni, Wei Wu, Xiaojing Huang, and Ren Ping Liu

Subjects
Cloud computing security, business.industry, Computer science, 05 social sciences, Authorization, 050801 communication & media studies, 020206 networking & telecommunications, Access control, 02 engineering and technology, Logical security, Network operations center, 0508 media and communications, Security service, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, Physical access, business, Software-defined networking, Computer network
Abstract

© 2017 IEEE. The logically-centralized controllers have largely operated as the coordination points in software-defined networking(SDN), through which applications submit network operations to manage the global network resource. Therefore, the validity of these network operations from SDN applications are critical for the security of SDN. In this paper, we analyze the mechanism that generates network operations in SDN, and present a fine-grained access control model, called Access Control Protector(AC-PROT),that employs an attribute-based signature scheme for network applications. The simulation result demonstrates that AC-PROT can efficiently identify and reject unauthorized network operations generated by applications.

Published
2017

30. Personal computer security system

Author

Jorge L. Besada

Subjects
Cloud computing security, Security service, Software security assurance, Computer science, Covert channel, Computer security model, Computer security, computer.software_genre, Asset (computer security), computer, Security information and event management, Logical security
Published
2017

31. Design process for usable security and authentication using a user-centered approach

Author

Eduardo B. Fernandez, Jaime Muñoz-Arteaga, César A. Collazos, Paulo Realpe-Munoz, and Toni Granollers

Subjects
Computer science, Vulnerability, 02 engineering and technology, Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Security engineering, Distributed System Security Architecture, 0202 electrical engineering, electronic engineering, information engineering, Security management, Authentication, Cloud computing security, business.industry, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Usability, Information security, Computer security model, Security service, Software security assurance, Network Access Control, Human-computer interaction in information security, Security through obscurity, User interface, business, Software engineering, computer
Abstract

Computer security is one of the most important current tasks in digital applications. However, from the best of our knowledge, there is little research for designing effective interfaces in the context of security management systems. Security problems for these systems include vulnerabilities, due to difficulty using the systems and poor user interfaces because of their security constraints. Nowadays, finding a good trade-off between security and usability is a challenge, mainly for user authentication services. This paper presents a preliminary process for designing secure and usable systems using a user-centered approach. According to the above, the researchers and development team could have a process for designing and carrying out security and usability solutions for users. For the development of this process, the MPIu+a methodology to implement highly usable and accessible interactive applications is used.

Published
2017

32. Transaction-based security for smart grids

Author

Christoph Ruland and Jochen Sassmannshausen

Subjects
Cloud computing security, Security service, Software security assurance, Business, Information security, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, computer
Abstract

This paper focuses on security of data exchange and supervisory control according to IEC 61850. The existing security measures standardized by IEC 62351 are described and compared with similar systems that are widely used in industry automation, i.e. the OPC Unified Architecture. These security measures are not sufficient because they cover the communication only and do not respect the contained data, which specify the transactions to be processed. This paper presents extensions of existing security measures by the introduction of transaction oriented security mechanisms, which are independent of the data exchange and communication protocols. This allows a very fine-grained level of security, which considers the individual level of sensitivity of each transaction.

Published
2017

33. Modeling and Analysis of the Security Protocol in C-DAX Based on Process Algebra

Author

Gang Lu, Shuangqing Xiang, Huibiao Zhu, Wanling Xie, Ailun Liu, and Yuan Fei

Subjects
Otway–Rees protocol, business.industry, Computer science, Distributed computing, 02 engineering and technology, Computer security model, Cryptographic protocol, Internet security, Logical security, Public-key cryptography, Security association, Security service, Software security assurance, 020204 information systems, Server, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business
Abstract

The security protocol is proposed as a security solution for end-to-end communication between smart grid applications in the EU FP7 project C-DAX. Since the importance and widespread use of the security protocol, it is of great significance to formally analyze and verify relevant security properties of this security protocol. In this paper, we apply Communicating Sequential Processes (CSP) to model the security protocol. Further, we use the model checker Process Analysis Toolkit (PAT) to automatically simulate the developed model, and verify whether the model caters for the specification and relevant secure properties, e.g. reachability of the fake goal. Our modeling and verification show that a risk may exist in the security protocol.

Published
2017

34. A multi-factors security key generation mechanism for IoT

Author

Paul Loh Ruen Chze, Elizabeth Sim, Kan-Siew-Leong, Kan Ee May, and Ang Khoon Wee

Subjects
Cloud computing security, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Logical security, Security information and event management, Security association, Security service, 0202 electrical engineering, electronic engineering, information engineering, Human-computer interaction in information security, Network security policy, 020201 artificial intelligence & image processing, business, computer, Computer network
Abstract

This paper introduces a multi-factors security key generation mechanism for self-organising Internet of Things (IoT) network and nodes. The mechanism enables users to generate unique set of security keys to enhance IoT security while meeting various business needs. The multi-factor security keys presents an additional security layer to existing security standards and practices currently being adopted by the IoT community. The proposed security key generation mechanism enables user to define and choose any physical and logical parameters he/she prefers, in generating a set of security keys to be encrypted and distributed to registered IoT nodes. IoT applications and services will only be activated after verifying that all security keys are present. Multiple levels of authorisation for different user groups can be easily created through the mix and match of the generated multi-factors security keys. A use case, covering indoor and outdoor field tests was conducted. The results of the tests showed that the mechanism is easily adaptable to meet diverse multi-vendor IoT devices and is scalable for various applications.

Published
2017

35. Automated verification of security chains in software-defined networks with synaptic

Author

Abdelkader Lahmadi, Nicolas Schnepf, Rémi Badonnel, Stephan Merz, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Modeling and Verification of Distributed Algorithms and Systems (VERIDIS), Max-Planck-Institut für Informatik (MPII), Max-Planck-Gesellschaft-Max-Planck-Gesellschaft-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Proof-oriented development of computer-based systems (MOSEL), Department of Formal Methods (LORIA - FM), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Max-Planck-Institut für Informatik (MPII), and Max-Planck-Gesellschaft-Max-Planck-Gesellschaft

Subjects
Computer science, Distributed computing, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO], 020206 networking & telecommunications, 02 engineering and technology, Computer security model, Formal methods, Security testing, Logical security, Software-Defined Networking, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Security Management, Security service, Software security assurance, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Security management, Formal Verification
Abstract

International audience; Software-defined networks provide new facilities for deploying security mechanisms dynamically. In particular, it is possible to build and adjust security chains to protect the infrastructures, by combining different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. It is important to ensure that these security chains, in view of their complexity and dynamics, are consistent and do not include security violations. We propose in this paper an automated strategy for supporting the verification of security chains in software-defined networks. It relies on an architecture integrating formal verification methods for checking both the control and data planes of these chains, before their deployment. We describe algorithms for translating specifications of security chains into formal models that can then be verified by Satisfiability Modulo Theories (SMT) solving or model checking. Our solution is prototyped as a package, named Synaptic, built as an extension of the Frenetic family of SDN programming languages. The performances of our approach are evaluated through extensive experimentations based on the CVC4, veriT, and nuXmv checkers.

Published
2017

36. A framework for security on demand

Author

Yueming Yin and Zhiyuan Hu

Subjects
Cloud computing security, Computer science, business.industry, Network security, Computer security model, Computer security, computer.software_genre, Internet security, Logical security, Security information and event management, Security engineering, Firewall (construction), Security service, Security association, Software security assurance, Network Access Control, Network security policy, business, computer, Computer network
Abstract

With new technologies such as SDN(Software-Defined Networking) and NFV(Network Function Virtualization), network transformation is inevitable for network operators to make network programmable as well as to save cost. Consequently, applications can be deployed rapidly and automatically based on SDN and NFV. Correspondingly, security as one of key features for application also has to be provided dynamically and adaptively to meet different security requirements for today's rapid-increasing and evolving applications. However, traditional security appliances such as firewall are implemented as hardware-based middleboxes and placed on fixed locations in the network, so it is difficult to meet security requirements for today's applications. This paper proposes a new security service model based on security chain (i.e. security on demand) to provide customized security services dynamically and adaptively for today's applications. How to apply security on demand to the application (i.e. special vehicle speedup) is also elaborated.

Published
2017

37. Dynamic adaptation and reconfiguration of security in mobile devices

Author

Mohamed Amoud and Ounsa Roudies

Subjects
Engineering, Cloud computing security, business.industry, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Security engineering, Security service, Software security assurance, business, computer
Abstract

Mobile Devices offer enriched services and information for the end users. Achieving security in such a dynamic and heterogeneous environment is a challenging task. Hence, adaptive security is an applicable solution for this challenge. It is able to automatically select security mechanisms and their parameters at runtime in order to preserve the required security level in a changing environment. In this paper, we propose a self-adaptive security solution for Mobile Devices (Smartphone, Tablets,...) based on the combination of the MAPE-K reference model to dynamic negotiate and deploy of security policies, and DSPL approach to reconfigure the security level of the applications at runtime and monitor the changes in the context. The novelty of our approach comes from dynamic negotiation of security policies and automatic reconfiguration of security level to instantiate the new security policies at runtime in order to be capable of deploying adaptive security mechanisms to satisfy different security needs at different conditions.

Published
2017

38. A Hierarchical Architecture for Distributed Security Control of Large Scale Systems

Author

Yar Rouf, Marios Fokaefs, Mark Shtern, and Marin Litoiu

Subjects
Computer science, Distributed computing, Big data, 0211 other engineering and technologies, Covert channel, Cloud computing, 02 engineering and technology, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Security engineering, Software, Distributed System Security Architecture, 0202 electrical engineering, electronic engineering, information engineering, Software system, Control system security, 021110 strategic, defence & security studies, Cloud computing security, business.industry, Enterprise information security architecture, Computer security model, Security controls, Security service, Software security assurance, Security through obscurity, Security convergence, Network security policy, 020201 artificial intelligence & image processing, business, computer
Abstract

In the era of Big Data, software systems can be affected by its growing complexity, both with respect to functional and non-functional requirements. As more and more people use software applications over the web, the ability to recognize if some of this traffic is malicious or legitimate is a challenge. The traffic load of security controllers, as well as the complexity of security rules to detect attacks can grow to levels where current solutions may not suffice. In this work, we propose a hierarchical distributed architecture for security control in order to partition responsibility and workload among many security controllers. In addition, our architecture proposes a more simplified way of defining security rules to allow security to be enforced on an operational level, rather than a development level.

Published
2017

39. Security requirements modelling for virtualized 5G small cell networks

Author

Emmanouil Panaousis, Haralambos Mouratidis, Michael D. Logothetis, Ioannis D. Moscholios, and Vassilios G. Vassilakis

Subjects
Edge device, Computer science, 02 engineering and technology, computer.software_genre, Computer security, Logical security, Security information and event management, Security engineering, Security association, Server, 0202 electrical engineering, electronic engineering, information engineering, Mobile edge computing, Cloud computing security, Wireless network, business.industry, 020206 networking & telecommunications, Computer security model, Virtualization, Security service, Software security assurance, Network Access Control, 020201 artificial intelligence & image processing, Small cell, business, computer, Computer network
Abstract

It is well acknowledged that one of the key enabling factors for the realization of future 5G networks will be the small cell (SC) technology. Furthermore, recent advances in the fields of network functions virtualization (NFV) and software-defined networking (SDN) open up the possibility of deploying advanced services at the network edge. In the context of mobile/cellular networks this is referred to as mobile edge computing (MEC). Within the scope of the EU-funded research project SESAME we perform a comprehensive security modelling of MEC-assisted quality-of-experience (QoE) enhancement of fast moving users in a virtualized SC wireless network, and demonstrate it through a representative scenario toward 5G. Our modelling and analysis is based on a formal security requirements engineering methodology called Secure Tropos which has been extended to support MEC-based SC networks. In the proposed model, critical resources which need protection, and potential security threats are identified. Furthermore, we identify appropriate security constraints and suitable security mechanisms for 5G networks. Thus, we reveal that existing security mechanisms need adaptation to face emerging security threats in 5G networks.

Published
2017

40. A Game of Things

Author

Elisa Bertino, Daniele Midi, Antonino Rullo, and Edoardo Serra

Subjects
Computer science, Network security, 0211 other engineering and technologies, Covert channel, 02 engineering and technology, Internet security, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Security engineering, Security association, 0202 electrical engineering, electronic engineering, information engineering, 021110 strategic, defence & security studies, Cloud computing security, business.industry, 020206 networking & telecommunications, Computer security model, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, The Internet, business, computer
Abstract

In many Internet of Thing (IoT) application domains security is a critical requirement, because malicious parties can undermine the effectiveness of IoT-based systems by compromising single components and/or communication channels. Thus, a security infrastructure is needed to ensure the proper functioning of such systems even under attack. However, it is also critical that security be at a reasonable resource and energy cost, as many IoT devices may not have sufficient resources to host expensive security tools. In this paper, we focus on the problem of efficiently and effectively securing IoT networks by carefully allocating security tools. We model our problem according to game theory, and provide a Pareto-optimal solution, in which the cost of the security infrastructure, its energy consumption, and the probability of a successful attack, are minimized. Our experimental evaluation shows that our technique improves the system robustness in terms of packet delivery rate for different network topologies.

Published
2017

41. Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks

Author

Zhenji Wang, Zhaowen Lin, and Dan Tao

Subjects
Computer science, 02 engineering and technology, computer.software_genre, Biochemistry, Logical security, Article, Analytical Chemistry, RETE, 0202 electrical engineering, electronic engineering, information engineering, service composition, security service, Orchestration (computing), Electrical and Electronic Engineering, Instrumentation, software defined network, Cloud computing security, business.industry, 020206 networking & telecommunications, Computer security model, Virtualization, Atomic and Molecular Physics, and Optics, Security service, Software security assurance, Software deployment, Network Access Control, 020201 artificial intelligence & image processing, business, Software-defined networking, computer, Computer network
Abstract

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

Published
2017

42. New access control policies for private network and protocol security

Author

Jalal Laassiri and Yousra Hafid

Subjects
Computer access control, Network security, Computer science, Covert channel, Access control, 02 engineering and technology, Asset (computer security), Internet security, Computer security, computer.software_genre, Security policy, Logical security, Security information and event management, Discretionary access control, Firewall (construction), Distributed System Security Architecture, 0202 electrical engineering, electronic engineering, information engineering, Information system, Role-based access control, Cloud computing security, business.industry, 020206 networking & telecommunications, Information security, Computer security model, Security service, Network Access Control, Physical access, Network security policy, 020201 artificial intelligence & image processing, business, computer
Abstract

Access control is a means to implement within an information system to ensure its security. The development of two distinct themes which are: Access control and networking, to improve one by using the other. It is a vision that motivated us to look for existing methods to combine the two for the benefit of computer security [5, 23, 28, 31]. In fact, our work focuses on the paradigm of access control and its application. First, we studied the best-known access control models existing in the literature. Moreover, we defined the security concept network and protocol, by choosing a cloud system as a case study in order to apply a policy Access control at the level of a firewall to secure our system. Finally, the most appropriate model is presented for implementation based on the security policies and requirements of organizations and the specifications of each access control model.

Published
2017

43. Security auditing in the fog

Author

Yongrui Qin, Mauro Vallati, Saad Khan, and Simon Parkinson

Subjects
Security bug, Cloud computing security, business.industry, Computer science, Vulnerability, 020206 networking & telecommunications, Access control, 02 engineering and technology, Information security, Audit, Computer security model, Computer security, computer.software_genre, Security policy, Logical security, Information security audit, Security service, 0202 electrical engineering, electronic engineering, information engineering, Security through obscurity, 020201 artificial intelligence & image processing, The Internet, business, computer
Abstract

Technology specific expert knowledge is often required to analyse security configurations and determine potential vulnerabilities, but it becomes difficult when it is a new technology such as Fog computing. Furthermore, additional knowledge is also required regarding how the security configuration has been constructed in respect to an organisation's security policies. Traditionally, organisations will often manage their access control permissions relative to their employees needs, posing challenges to administrators. This problem is even exacerbated in Fog computing systems where security configurations are implemented on a large amount of devices at the edges of Internet, and the administrators are required to retain adequate knowledge on how to perform complex administrative tasks. In this paper, a novel approach of translating object-based security configurations in to a graph model is presented. A technique is then developed to autonomously identify vulnerabilities and perform security auditing of large systems without the need for expert knowledge. Throughout the paper, access control configuration data is used as a case study, and empirical analysis is performed on synthetically generated access control permissions.

Published
2017

44. Design of Network Security Distributed Pre-Warning System

Author

Kun Han, Ya-Lin Ye, Wei-Feng Sun, Ning Shan, Ke-Li Yang, and Quan Yuan

Subjects
Computer science, Network security, business.industry, Computer security model, Computer security, computer.software_genre, Logical security, Security service, Distributed System Security Architecture, Software security assurance, Network Access Control, Network security policy, business, computer
Published
2017

45. Research and realization of info-net security controlling system

Author

Xia Wang, Xuhong Li, Wei Zhang, Wenwen Pan, and Tao Xu

Subjects
Engineering, Cloud computing security, business.industry, Computer security model, Computer security, computer.software_genre, Security information and event management, Security testing, Logical security, Security service, Network Access Control, Security management, business, computer
Abstract

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

Published
2017

46. Survey on security in Internet of Things: State of the art and challenges

Author

Hoon-Jae Lee, Mangal Sain, and Young-Jin Kang

Subjects
Computer science, Data security, 02 engineering and technology, Computer security, computer.software_genre, Internet security, Logical security, Security information and event management, Security association, Home automation, 0202 electrical engineering, electronic engineering, information engineering, Cloud computing security, business.industry, 020206 networking & telecommunications, Information security, Computer security model, Web application security, Security service, Security through obscurity, Human-computer interaction in information security, Network security policy, 020201 artificial intelligence & image processing, The Internet, business, Communications protocol, computer
Abstract

The Internet of Things (IoT) refers to the physical devices that are embedded with Internet, electronics, software, sensors, actuators, and network connectivity. This includes many different systems, for instance, healthcare, wellbeing, smart home, building, smart meters, and so on. The Internet-based technical architecture, IP-based communication protocols, and technologies are facilitating the exchange of smart object services over the insecure channels, therefore, security and privacy of the involved stakeholder is the prime concern. In this paper we analyse available IoT security in three forms: (i) security in communication, (ii) security at application interface, and (iii) data security. This paper reviews the current IoT technologies, approaches and models and finds the security gap in existing communication technologies, application interfaces, and data security. Another focus of the paper is to provide an overview of the related work in IoT, together with the open challenges and future research directions me”.

Published
2017

47. How Does Computer Security Work?

Author

Marvin Waschke

Subjects
Cloud computing security, Security service, Software security assurance, Computer science, Security through obscurity, Covert channel, Computer security model, Computer security, computer.software_genre, Logical security, Security information and event management, computer
Abstract

Cybersecurity is a highly technical subject that uses many tools. It starts with the protection rings built into the chips that power the computer. The basic hardware rules enforce more complex security policies. Security also depends on the way the software is deployed and used. Hackers attempt to exploit flaws in the security system to circumvent or penetrate barriers to their access to valuable resources. This chapter explains some of the basic tools and principles that are used in secure computing.

Published
2017

48. Physical Security Essentials

Author

William Stallings

Subjects
Engineering, Cloud computing security, Emergency management, Computer science, business.industry, Network security, Control (management), Plan (drawing), Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Security service, Software security assurance, Security through obscurity, Information system, business, Natural disaster, computer, Physical security
Abstract

Most people think about locks, bars, alarms, and uniformed guards when they think about security. While these countermeasures are by no means the only precautions that need to be considered when trying to secure an information system, they are a perfectly logical place to begin. This chapter discusses physical security and with some overlapping areas of premises security. Physical security is a vital part of any security plan and is fundamental to all security efforts–without it, cyber security, software security, user access security, and network security are considerably more difficult, if not impossible, to initiate. Physical security refers to the protection of building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, manmade catastrophes, and accidental damage (from electrical surges, extreme temperatures, and spilled coffee). It requires solid building construction, suitable emergency preparedness, reliable power supplies, adequate climate control, and appropriate protection from intruders.

Published
2017

49. Automatically Enforcing Security SLAs in the Cloud

Author

Madalina Erascu, Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Jolanda Modic, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Modic, Jolanda, Erascu, Madalina, and DE BENEDICTIS, Alessandra

Subjects
Information Systems and Management, Cloud security security service level agreement optimal resource allocation, Computer Networks and Communications, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Logical security, Security information and event management, Security engineering, 0202 electrical engineering, electronic engineering, information engineering, 020203 distributed computing, Cloud computing security, optimal resource allocation, security service level agreement, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security model, Computer Science Applications, Computer Networks and Communication, Security service, Software security assurance, Hardware and Architecture, Cloud security, Network security policy, 020201 artificial intelligence & image processing, computer
Abstract

Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.

Published
2017

50. Toward Securing Cyber-Physical Systems Using Exact Cover Set

Author

Hassan Reza and Sameer Kumar Bisoyi

Subjects
business.industry, Computer science, Cyber-physical system, Information security, Computer security, computer.software_genre, Logical security, Security service, Software security assurance, Network Access Control, Information system, Physical access, Software engineering, business, computer
Abstract

Cyber physical systems (CPS) are computer systems that integrate computing, coordination and communication systems in order to monitor physical entities in the physical world. As they interact with the critical systems and infrastructure that may impact real life. There are many issues in design and constructions of these types of systems. One of the key issue that receives so many attention is the security of such systems. Although security solutions for Information Systems handle the security issues associated with Traditional IT security, but the impact of a failure in a cyber-physical system demands a different approach to handle security issues related to the cyber world. In this work, we focus on using a key agreement technique known as Physical Signal Key Agreement (PSKA) technique using the Exact Cover method to generate the random key which will be embedded into an access control model known as the Modified Context-Aware Security The feasibility of our framework (MCASF) to handle both normal and critical situation on demand is demonstrated via a Pervasive Health Monitoring Systems (PHMS).

Published
2017

Catalog

Books, media, physical & digital resources
See catalog results