Search

Your search keyword '"Logical security"' showing total 1,083 results
Start Over Descriptor "Logical security"
1,083 results on '"Logical security"'

201. Protecting You

Author

Charles Campbell Palmer and M. Angela Sasse

Subjects
Cloud computing security, Computer Networks and Communications, business.industry, Computer science, Privacy policy, Internet privacy, Covert channel, Service provider, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security testing, Logical security, Security information and event management, Security service, Security through obscurity, Electrical and Electronic Engineering, business, Law, computer
Abstract

Usable security is often seen as simply an enabler of good security behavior: if the actions required aren't too difficult or effortful, users will do so. But human-centered design of security means enabling users to make informed security choices. First, their preferred choice needs to be available. Authors of privacy policies should take note here, and service providers need to manage their security issues without burdening legitimate customers (solving CAPTCHAs to prove you are human isn't something a customer would choose to do, ever). Second, we need to accept that users sometimes choose to take risks. Protecting users means giving them an accurate understanding of possible consequences, and the likelihood of them occurring.

Published
2014

202. Security Issues in Mobile Agents

Author

Priyanka Dadhich, Mahesh Chandra Govil, and Dr.Kamlesh Dutta

Subjects
Computer science, Mobile computing, Data security, Covert channel, Access control, Intrusion detection system, Internet security, Computer security, computer.software_genre, Asset (computer security), Security testing, Logical security, Security information and event management, Security engineering, Security bug, Authentication, Cloud computing security, business.industry, Information security, Computer security model, Security service, Software security assurance, Network Access Control, Security through obscurity, Network security policy, Mobile agent, business, computer, Computer network
Abstract

Software security to protect mobile agent consists of lots of aspects like cryptography, access control and trust management, intrusion detection and tamper resistance, authentication and privacy, signature schemes, e-commerce, security analysis, mobile computing security etc. So, to design and develop security mechanisms for mobile agents against malicious hosts this paper identifies different kinds of attacks and relationships between them. Security objectives and requirements are analyzed with security measures taken to protect mobile code, state and data.

Published
2010

203. Logical Methods in Security and Privacy

Author

Anupam Datta

Subjects
Information privacy, Privacy by Design, Computer Networks and Communications, Network security, Computer science, Privacy policy, Internet privacy, Covert channel, Data security, Access control, Audit, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Security testing, Logical security, Electrical and Electronic Engineering, Cloud computing security, business.industry, Privacy software, Computer security model, Security service, Information security standards, Security through obscurity, Security convergence, business, Law, Personally identifiable information, computer
Abstract

Computer security and privacy is concerned with the design, implementation, and analysis of mechanisms intended to guarantee that desired policies (or properties) hold in the presence of malicious adversaries. In this article some logical methods for reasoning about system security and for enforcing security and privacy policies are discussed.

Published
2010

204. A Formal Verification Framework for Security Policy Management in Mobile IP Based WLAN

Author

Pallab Dasgupta, Padmalochan Bera, Soumya Maity, and Soumya K. Ghosh

Subjects
Computer access control, business.industry, Computer science, Verification, Mobile IP, Computer security model, Security policy, Computer security, computer.software_genre, Logical security, WLAN, Distributed System Security Architecture, Network Access Control, Role-based access control, Security Policy, Network security policy, business, computer, Computer network
Abstract

The continuous advancement of wireless technologies especially for enterprise Wireless local area networks (LANs), demands well defined security mechanisms with appropriate architectural support to overcome various security loopholes. Implementing security policies on the basis of Role based Access Control (RBAC) models is an emerging field of research in WLAN security. However, verifying the correctness of the implemented policies over the distributed network devices with changes in topology, remains unexplored in the aforesaid domain. The enforcement of organizational security policies in WLANs require protection over the network resources from unauthorized access. Hence, it is required to ensure correct distribution of access control rules to the network access points conforming to the security policy. In WLAN security policy management, the standard IP based access control mechanisms are not sufficient to meet the organizational requirements due to its dynamic topology characteristics. In an enterprise network environments, the role-based access control (RBAC) mechanisms can be deployed to strengthen the security perimeter over the network resources. Further, there is a need to model the time and location dependent access constraints. In this paper, we propose a WLAN security management system supported by a formal spatio-temporal RBAC (STRBAC) model and a Boolean satisfiability (SAT) based verification framework. The concept of mobile IP has been used to ensure fixed layer 3 address mapping for the mobile hosts in a dynamic scenario. The system stems from logical partitioning of the WLAN topology into various security policy zones. It includes a Global Policy Server (GPS) that formalises the organisational access policies and determines the high level policy configurations for different policy zones; a Central Authentication & Role Server (CARS) which authenticates the users (or nodes) and the access points (AP) in various zones and also assigns appropriate roles to the users. Every host has to register their unique MAC address to a Central Authentication and Role Server(CARS). Each policy zone consists of an Wireless Policy Zone Controller (WPZCon) that coordinates with a dedicated Local Role Server (LRS) to extract the low level access configurations corresponding to the zone access router. We also propose a formal spatio-temporal RBAC (STRBAC) model to represent the global security policies formally and a SAT based verification framework to verify the access configurations

Published
2010

205. Securing Object Oriented Design: A Complexity Perspective

Author

Suhel Ahmad Khan and Raees Ahmad Khan

Subjects
Security bug, Authentication, Cloud computing security, Computer science, Authorization, Covert channel, Information security, Computer security model, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Security testing, Logical security, Threat, Security engineering, Security service, Software security assurance, Security through obscurity, Security convergence, Network security policy, computer, Countermeasure (computer)
Abstract

security breaches are responsible for not only financial loss but affect the trustworthiness and integrity of the software design and development industry. The breaches are directly affecting the security attributes like Privacy, Availability, Confidentiality, Authorization, Authentication, and Integrity. The aim of security at design level is to protect software to any damage done to the security attributes. Complexity is one of the major factor affect the security. One way of security improvement is a proper control of complexity factor related to security attributes.

Published
2010

206. Power system DNP3 data object security using data sets

Author

Todd Mander, Richard Cheung, and Farhad Nabhani

Subjects
General Computer Science, Computer science, Data security, Covert channel, Access control, Encryption, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Security testing, Firewall (construction), Distributed System Security Architecture, Authentication, Cloud computing security, business.industry, Authorization, Information security, Computer security model, Application layer, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, business, Law, computer, Computer network
Abstract

Power system cyber security demand is escalating with the increased number of security incidents and the increased stakeholder participation in power system operations, specifically consumers. Rule-based cyber security is proposed for Distributed Network Protocol (DNP3) outstation devices, with a focus on smart distribution system devices. The security utilizes the DNP3 application layer function codes and data objects to determine data access authorization for outstations, augmenting other security solutions that include firewalls, encryption, and authentication. The cyber security proposed in this article protects outstation devices when masters are compromised or attempt unauthorized access that bypass the other security solutions. In this article, non-utility stakeholder data access is limited through DNP3 data sets rather than granting direct access to the data points within an outstation. The data set utilization greatly constrains possible attack methods against a device by reducing the interaction capabilities with an outstation. The data sets also decrease the security complexity through rule reduction, thereby increasing the security applicability for retrofitted or process constrained devices. Temporal security constraints are supported for the data sets, increasing security against denial of service attacks.

Published
2010

208. COMMUNICATIONS RECONSTRUCTION FOR A NETWORK SECURITY ANALYSIS

Author

Hector Perez-Meana, Mariko Nakano-Miyatake, E. Aguirre-Anaya, and J. Sisniega-Gonzalez

Subjects
Cloud computing security, business.industry, Computer science, Covert channel, Computer security model, Computer security, computer.software_genre, Logical security, Security information and event management, Security service, Network Access Control, Network security policy, Electrical and Electronic Engineering, business, computer, Computer network
Published
2010

209. Outlook: Cloudy with a Chance of Security Challenges and Improvements

Author

Trent Jaeger and Joshua Schiffman

Subjects
Computer Networks and Communications, Network security, Computer science, Data_MISCELLANEOUS, Cloud computing, Access control, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Utility computing, Cloud testing, Electrical and Electronic Engineering, Cloud computing security, business.industry, Information security, Computer security model, ComputingMilieux_GENERAL, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, The Internet, business, Law, computer
Abstract

Cloud computing is the topic in this paper. Cloud computing is the latest wave in systems architectures. The cloud realizes computing as a utility-that is, customers submit their computing tasks to the cloud, which provides the resources necessary to execute those tasks. Security is a major concern that could limit the cloud computing paradigm's impact. The factors affecting security in cloud computing, as well as the improvements made were mentioned and discussed.

Published
2010

210. AUDIT TEKNOLOGIINFORMASIATAS PHYSICAL SECURITY CONTROL DAN LOGICAL SECURITY CONTROL SERTA PENENTUAN KONDISI SECURITY RISK STUDI KASUS: PT TALC INDONESIA

Author

Rizka I. Arfianti, Inggrid, and Viany Utami

Subjects
Password, Engineering, business.industry, Control (management), Information technology, Audit, Computer security, computer.software_genre, lcsh:HF5601-5689, Logical security, Security controls, lcsh:Accounting. Bookkeeping, Data integrity, business, computer, Physical security
Abstract

The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a computer system safeguards assets, maintains data integrity, allows organizational goals to be achieved effectively, and uses resources. efficiently. Security risk is a potential threat which may endanger the company's assets, especially in the case where it is one of the impacts of IT implementation in a company. Physical security control is a security control designed by an organization or company to protect the physical facility of information technology infrastructure. Logical security control is a security control designed by an organization or company to protect the information technology infrastructure that is invisible in character, such as corporate data and computer software by means of logical function (by using ID password, hand key, fingerprint, and retina scan). The research method is descriptive analysis method, a research method which systematically, actually, and accurately describes concerning facts, characteristics, and also the relation between the phenomenon being studied (that is the application of physical and logical security control at PT Talc Indonesia). Data collecting techniques include observation, interviews, questionnaires, and documentation.Research result shows that environmental control is effective (68.75%), physical security control is not effective (26.92%), and logical security control is categorized as effective enough (42.22%). In conclusion, the condition of security risk in PT Talc Indonesia is at a risky level because according to this research, there is still an ineffective control (that is the practice of physical security control). Meanwhile, the practice of logical security control at PT Talc Indonesia is determined as effective enough. Keyword: audit, information technology, security control, security risk

Published
2009

211. Developing a module-based security system for an intelligent home

Author

Kuo-Lan Su, Song-Hiang Chia, Jr-Hung Guo, and Sheng-Ven Shiau

Subjects
Computer science, business.industry, Covert channel, Internet security, Logical security, General Biochemistry, Genetics and Molecular Biology, Security service, Distributed System Security Architecture, Artificial Intelligence, Software security assurance, Home automation, Embedded system, Network Access Control, business
Abstract

The security system in a workplace or home is important to human life. Unlucky events are often caused by the negligence of humans. We have developed a modulebased security system for home automation. The structure of the security system contains many modules. Each module has two types of interface (wireless RF and speech). There are active and passive modules in the security system. The active security module is a smart robot. We have designed many types of smart robot for the security system. The passive security modules include a fire security module, an intruder security module, an environment security module, a gas security module, an AC power security module, and an appliance control module. In the security module, we use multisensor fusion algorithms to decide the exact output. In these modules, we use a two-wire communication method through the wireless RF interface, and a voice alarm for serious events, and transmit the real-time status to the supervised computer. In the smart robot system, we have designed many types of smart robot for the security system. We have designed a general user interface (GUI) for the intelligent security system. The user interface can supervise these modules and the smart robots via the wireless RF device, and supervise the security system via wireless, Internet, and cell phone.

Published
2009

212. The implementation guidance for practicing network isolation by referring to ISO-17799 standard

Author

Yeu-Pong Lai and Ruan-Han Dai

Subjects
Certified Information Security Manager, Computer science, Information security, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Information security audit, Security service, Hardware and Architecture, Network security policy, Law, computer, Software
Abstract

In these years, the company budgets are raised dramatically for eliminating the security problems or mitigating the security risks in companies, but the numbers of incidents happening on computer systems in intranet or internet are still increasing. Many researchers proposed the way-to isolate the computers storing sensitive information for preventing information on these computers revealed or vulnerability on these computers exploited. However, there are few materials available for implementing network isolation. In this paper, we define ways of network isolation, ''physical isolation'' and ''logical isolation''. In ISO-17799, there is no implementation guidance for practicing network logical isolation but auditing network physical isolation. This paper also provides the implementation guidance of network isolation in two aspects. One is for the technique viewpoints. The other aspect is for management viewpoints. These proposed implementation outlines and security measures will be considered in revising the security plan, ''The Implementation Plan for Information Security Level in Government Departments'' [''The implementation plan for information security level in government departments,'' National Information and Communication Security Taskforce, Taiwan R.O.C., Programs, Jul. 20 2005].

Published
2009

213. Programming languages and program analysis for security

Author

Marco Pistoia and Úlfar Erlingsson

Subjects
Computer science, Access control, Asset (computer security), Computer security, computer.software_genre, Logical security, Security testing, Security information and event management, Security engineering, Web application, Resource management, Language-based security, Cloud computing security, business.industry, Programming language, Information security, Computer security model, Web application security, Computer Graphics and Computer-Aided Design, Security service, Software security assurance, Information security standards, Security through obscurity, The Internet, business, computer, Software
Abstract

Software security has been traditionally enforced at the level of operating systems. However, operating systems have become increasingly large and complex, and it is very difficult--if not impossible--to enforce software security solely through them. Moreover, operating-system security allows dealing primarily with access-control policies on resources such as files and network connections. However, attacks may happen at both lower and higher levels of abstraction, and may target the internal behavior of applications, such as today's Web-based applications. Therefore, defenses must offer protection at the level of applications. Language-based security is the area of research that studies how to enforce application-level security using programming-language and program-analysis techniques. This area of research has become very active with the advent of Web applications. In 2006, the ACM SIGPLAN has introduced a new yearly forum entirely dedicated to the discussion of language-based-security research: Programming Languages and Analysis for Security (PLAS). This paper is a three-year survey of PLAS papers that discusses the progress made in the area of language-based security.

Published
2009

214. Static Security Optimization for Real-Time Systems

Author

Nenggan Zheng, Zhaohui Wu, Li Xu, Xiao Qin, Laurence T. Yang, Man Lin, and Meikang Qiu

Subjects
Cloud computing security, Computer science, Distributed computing, Real-time computing, Computer security model, Computer security, computer.software_genre, Logical security, Security testing, Security information and event management, Computer Science Applications, Security engineering, Security service, Control and Systems Engineering, Software security assurance, Data integrity, Electrical and Electronic Engineering, computer, Information Systems
Abstract

An increasing number of real-time applications like railway signaling control systems and medical electronics systems require high quality of security to assure confidentiality and integrity of information. Therefore, it is desirable and essential to fulfill security requirements in security-critical real-time systems. This paper addresses the issue of optimizing quality of security in real-time systems. To meet the needs of a wide variety of security requirements imposed by real-time systems, a group-based security service model is used in which the security services are partitioned into several groups depending on security types. While services within the same security group provide the identical type of security service, the services in the group can achieve different quality of security. Security services from a number of groups can be combined to deliver better quality of security. In this study, we seamlessly integrate the group-based security model with a traditional real-time scheduling algorithm, namely earliest deadline first (EDF). Moreover, we design and develop a security-aware EDF schedulability test. Given a set of real-time tasks with chosen security services, our scheduling scheme aims at optimizing the combined security value of the selected services while guaranteeing the schedulability of the real-time tasks. We study two approaches to solve the security-aware optimization problem. Experimental results show that the combined security values are substantially higher than those achieved by alternatives for real-time tasks without violating real-time constraints.

Published
2009

215. Intelligent OkiKoSenPBX1 Security Patrol Robot via Network and Map-Based Route Planning

Author

Mbaitiga Zacharie

Subjects
Computer Networks and Communications, Computer science, Control (management), Problem statement, Computer security model, Computer security, computer.software_genre, Logical security, Security information and event management, Artificial Intelligence, Software security assurance, Network Access Control, Robot, computer, Software
Abstract

Problem statement: With an increased demand for security and limited numbers of trained security personnel, some security mangers have a lot of ground to police and limited staff to cover it. To compensate for shortages of security staff and to reduce the stress of security managers, we have developed an intelligent patrol robot system called "OkiKoSenPBX1". The system integrates a variety of sensors to gather environmental information and to detect abnormal events including intruders. Approach: In our approach, the route planning procedure was based on determining a sequence of intermediary goal points or coordinates x and y composing the robot trajectory. Results: A qualitative running experimental evaluation had been performed on the 1st floor of the Okinawa national college of technology as a preliminary practical implementation and its real-time performance was excellent, where a student like-guard can take control of the camera pan and tilt functions remotely. Conclusion: The real-time performance of the developed system that can leave security personnel hands-free for other important tasks is an irresistible system that can be put into practical use in a public offices facility, manufacturing facilities and various construction sites-everywhere there's a need for advanced frontline security.

Published
2009

216. Improving wireless security through network diversity

Author

Jean Bolot, Darryl Veitch, and Tao Ye

Subjects
Cloud computing security, Computer Networks and Communications, business.industry, Computer science, Covert channel, Computer security model, Asset (computer security), Encryption, Internet security, Computer security, computer.software_genre, Logical security, Wireless security, Security association, Security service, Network Access Control, Secrecy, business, Mobile device, computer, Software, Computer network
Abstract

Data confidentiality over mobile devices can be difficult to secure due to a lack of computing power and weak supporting encryption components. However, modern devices often have multiple wireless interfaces with diverse channel capacities and security capabilities. We show that the availability of diverse, heterogeneous links (physical or logical) between nodes in a network can be used to increase data confidentiality, on top of the availability or strength of underlying encryption techniques. We introduce a new security approach using multiple channels to transmit data securely, based on the idea of deliberate corruption, and information reduction, and analyze its security using the information theoretic concept of secrecy capacity, and the wiretap channel. Our work introduces the idea of channel design with security in mind.

Published
2008

217. A criterion-based multilayer access control approach for multimedia applications and the implementation considerations

Author

Leon Pan and Chang N. Zhang

Subjects
Computer access control, Computer Networks and Communications, business.industry, Computer science, Access control, Object (computer science), Logical security, Discretionary access control, Hardware and Architecture, Network Access Control, Physical access, Role-based access control, business, Computer network
Abstract

In this article, a novel criterion-based multilayer access control (CBMAC) approach is presented to enhance existing access control models such as Role-Based, Mandatory, and Discretionary Access Control models to support multilayer (multilevel) access control. The proposed approach is based on a set of predefined security criteria which are extracted from authorization rules. The security attributes of objects and users are specified by security criterion expressions (serving as locks) and the elements (serving as keys) of security criterion subsets respectively. An object embedded with a number of security criterion expressions becomes a secure object while a user associated with a security criterion subset is called a secure user. The multilayer access control is achieved by evaluating the embedded security criterion expressions (actuating locks) by the elements (keys) in a user's security criterion subset. The paper also provides the details of integrating the proposed approach with existing access control models and presents the implementation considerations of Criterion-Based Role-Based Multilayer Access Control, the integration of CBMAC and Role-Based Access Control.

Published
2008

218. Design and Implementation of an Authentication Method for Secure Distribution and Use of E-documents in Online Environment

Subjects
Cloud computing security, Security service, Computer science, Information security, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security testing, Logical security, computer, Security information and event management
Abstract

With explosive growth in the area of the Internet and IT services, various types of e-documents are generated and circulated. An e-Document is a sort of electronic records which a organization performs works and goals. In this study, we propose a security algorithm for secure use and distribution of e-documents. Especially, the proposed method can be applied to generate digital signature which can guarantee authenticity, integrity, confidentiality of an e-document and authenticate authorized users. Also, we can get higher security level as using a smart card that provides highly storing capacity and security. We carried out an experiment to verify efficiency and security of the proposed method.

Published
2008

219. A role-based access in a hierarchical sensor network architecture to provide multilevel security

Author

Sanjay Kumar Madria, Biswajit Panja, and Bharat Bhargava

Subjects
Computer Networks and Communications, business.industry, Computer science, Network security, Covert channel, Computer security model, Cryptographic protocol, Logical security, Key distribution in wireless sensor networks, Security association, Security service, Secure communication, Embedded system, Network Access Control, Role-based access control, Multilevel security, business, Wireless sensor network, Computer network
Abstract

Most of the proposed security protocols for wireless sensor networks (WSN) are designed to provide the uniform level of security across the network. There are various multi-sensing applications like sensors monitoring airport runway control system which may also be used to monitor environmental conditions such as wind speed and direction. When these nodes communicate, they may require different levels of security. For example, in case of a highjack event, the secure communication among nodes in a target region in the airport runway control system should be provided as they exchange highly critical data. In this paper, we propose a scheme called role-based access in sensor networks (RBASH) which provides role-based multilevel security in sensor networks. Each group is organized in such a way that they can have different roles based on the context and thus, can provide or have different levels of accesses. RBASH provides the desired security level based on the application need. The multilevel security is based on assigned keys to different nodes at different levels. To achieve this goal, we organize the network using Hasse diagram then compute the key for each individual node and extend it further to construct the key for a group. Based on experimental observations, we conclude that RBASH is energy and communication efficient in providing security compared to some other protocols which provides uniform security for all the nodes.

Published
2008

220. Containing the Ultimate Trojan Horse

Author

Michael Franz

Subjects
Security bug, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Vulnerability, Trojan horse, Vulnerability management, Audit, Computer security, computer.software_genre, Security information and event management, Logical security, Threat, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Software security assurance, Security management, Electrical and Electronic Engineering, business, Security level, Law, computer
Abstract

Security vulnerabilities in software systems are a rapidly growing threat in an increasingly networked world. Unfortunately many systems are now so complex that high-assurance auditing for errors would be prohibitively expensive. In this article, author explains about how some of the potential risks could be contained through security management at the base of the software stack, rather than inside application programs. A Trojan horse is a program that has "read" access to a secret and "write" access to a public channel, and then abuses its simultaneous access to both of these channels to leak the secret downward to a lower security level.

Published
2007

221. Exploring Software Partitions for Fast Security Processing on a Multiprocessor Mobile SoC

Author

Srivaths Ravi, Murugan Sankaradass, Divya Arora, Anand Raghunathan, Srimat Chakradhar, and Niraj K. Jha

Subjects
Transport Layer Security, business.industry, Computer science, Design space exploration, Mobile commerce, Mobile computing, Computer security model, Encryption, Logical security, Software, Secure communication, Security service, Hardware and Architecture, Mobile phone, Software security assurance, Embedded system, Electrical and Electronic Engineering, business, Software architecture, Mobile device
Abstract

The functionality of mobile devices, such as cell phones and personal digital assistants (PDAs), has evolved to include various applications where security is a critical concern (secure web transactions, mobile commerce, download and playback of protected audio/video content, connection to corporate private networks, etc.). Security mechanisms (e.g., secure communication protocols) involve cryptographic algorithms, and are often quite computationally intensive, challenging the constrained processing and battery resources of mobile devices. Extensive design effort and aggressive hardware and software optimizations are required to address this challenge. Previous work has addressed the design of hardware architectures (custom accelerators, domain-specific processors, etc.) to accelerate security processing, and many emerging systems-on-chip (SoCs) feature some form of hardware support for security. In this paper, we address the complementary problem of mapping a complex security software library to an SoC platform with security hardware enhancements. We present a systematic methodology for exploring the software architecture for security processing for a commercial heterogeneous multiprocessor SoC for mobile devices. The SoC contains multiple host processors executing applications and a dedicated programmable security processing engine. We developed an exploration methodology to map the code and data of security software libraries onto the platform, with the objective of maximizing the overall application-visible performance. The salient features of the methodology include: 1) the use of real performance measurements from a prototyping board, which contains the target platform, to drive the exploration; 2) a new data structure access profiling framework that allows us to accurately model the communication overheads involved in off loading a given set of functions to the security processor; and 3) an exact branch-and-bound-based design space exploration algorithm that determines the best mapping of security library functions and data structures to the host and security processors. We used the proposed framework to map a commercial security library to the target mobile application SoC. The resulting optimized software architecture outperformed several manually designed software architectures, resulting in up to 12.5 times speed-up for individual cryptographic operations (encryption, hashing) and 2.2-6.2 times speed-up for applications such as a digital rights management (DRM) agent and secure sockets layer (SSL) client. We also demonstrate the applicability of our framework to software architecture exploration in other multiprocessor scenarios.

Published
2007

222. Evaluating information security tradeoffs: Restricting access can interfere with user tasks

Author

Gerald V. Post and Albert Kagan

Subjects
General Computer Science, Computer science, Internet privacy, Covert channel, Security policy, Asset (computer security), Computer security, computer.software_genre, Security testing, Logical security, Security information and event management, Information security audit, Information security management, Information system, Cloud computing security, business.industry, Information security, Computer security model, Security service, Information security standards, Human-computer interaction in information security, Security through obscurity, Security convergence, Network security policy, business, Law, computer
Abstract

Computer security is a balance between protecting information and enabling authorized access. Tightening security by making systems more inaccessible can hinder employees and make them less productive. It can also result in lower security as workers struggle to find ways around the security conditions to enable them to do their jobs. This study analyzes an information systems user survey to evaluate the tradeoffs between protection and accessibility. Over one-third of the respondents report problems with interference from security provisions. A structural equation model explores the impact of these effects on eventual security levels.

Published
2007

223. Model Driven Development of Security Aspects

Author

Ulrich Lang, Tom Ritter, Rudolf Schreiner, Julia Reznik, and Publica

Subjects
General Computer Science, Computer science, MDA, Access control, Security policy, Computer security, computer.software_genre, Security information and event management, Security testing, Logical security, Theoretical Computer Science, Roles, Security engineering, Application security, Security Aspects, Human security, Cloud computing security, business.industry, Computer security model, Common Object Request Broker Architecture, Security service, Software security assurance, Information security standards, Middleware, Human-computer interaction in information security, Security through obscurity, Software engineering, business, computer, Computer Science(all)
Abstract

The development of security-critical large-scale distributed software systems is a difficult and error prone process. As we learnt from practical experiences, it is especially difficult to manually define security policies, for example for access control. A human security administrator is not able to cope with the high complexity of the interactions of the application and the low level, platform specific security policy. Therefore, a new approach is needed to ease the definition of appropriate security policies. This paper shows how realisation of security aspects of a system can be automated to a great extend by applying model-driven software development techniques not only on functional properties. In the presented approach, UML models of the application's functional properties are flexibly augmented with security relevant information. Together with a high level security policy defined by the security administrator, this augmented functional model is then used in an automatic model transformation to generate the platform specific security policy. With this approach, which supports the separation of concerns in model based software engineering, we can automatically generate security-critical applications for different middleware platforms like SecureMiddleware, which is an extended implementation of the CORBA Component Model with improved support for non functional properties like security. The concepts, platforms and tools presented in the paper are currently used for the development of several large-scale and secure applications, for example for building a Virtual Air-Space Management System with strong security requirements.

Published
2007

224. Securing Access in Network Operations — Emerging Tools for Simplifying a Carrier's Network Security Administration

Author

Costa Constantakis

Subjects
Information Systems and Management, Cloud computing security, business.industry, Network security, Internet privacy, Computer security model, Computer security, computer.software_genre, Security information and event management, Logical security, Computer Science Applications, Security service, Network Access Control, Network security policy, business, computer, Software
Abstract

Security administrators at the global communications service providers have traditionally experienced difficulties in enforcing access security policies in their network operations. It has not, however, been for lack of trying. Whether security breaches have been intentional (hackers) or inadvertent (well-intentioned network operators misusing commands), network outages and intrusions due to an inability to enforce access security policies have been a serious problem, often resulting in tens of millions of dollars in foregone revenues while impairing a service provider's ability to provide continuous service to its customers. This article reviews the challenges that have existed to date for security administrators while exploring a 4-step approach, using newly available security administration automation tools, to overcome these challenges for network operating environments that involve many hundreds of network operators administering tens of thousands of network elements in a global network.

Published
2007

225. Toward Application-Aware Security and Reliability

Author

Reza Farivar, William Healey, Ravishankar K. Iyer, Karthik Pattabiraman, Zbigniew Kalbarczyk, Peter Klemperer, and Wen-mei W. Hwu

Subjects
medicine.medical_specialty, Computer Networks and Communications, Computer science, Covert channel, Computer security compromised by hardware failure, Computer security, computer.software_genre, Asset (computer security), Internet security, Security information and event management, Logical security, Security testing, Security engineering, Application security, medicine, Electrical and Electronic Engineering, Security bug, Cloud computing security, business.industry, Information security, Computer security model, Web application security, Security service, Software deployment, Software security assurance, Security through obscurity, The Internet, business, Law, computer
Abstract

Two trends - the increasing complexity of computer systems and their deployment in mission- and life-critical applications - are driving the need to provide applications with security and reliability support. Compounding the situation, the Internet's ubiquity has made systems much more vulnerable to malicious attacks that can have far-reaching implications on our daily lives. Clearly, the traditional one-size-fits-all approach to security and reliability is no longer sufficient or acceptable from the user perspective. In this article, we introduce the concept of application-aware checking as an alternative. By extracting application via recent breakthroughs in compiler analysis and enforcing the characteristics at runtime with the hardware modules embedded in the reliability and security engine (RSE), it's possible to achieve security and reliability with low overheads and false-positive rates

Published
2007

226. The security challenges for mobile ubiquitous services

Author

Haitham Cruickshank, Yingli Sheng, and Adrian Leung

Subjects
Cloud computing security, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Security engineering, Security service, Human-computer interaction in information security, Security through obscurity, Safety, Risk, Reliability and Quality, business, computer, Software
Abstract

It is envisaged that in future mobile ubiquitous environments, users will be able to seamlessly, search, access and consume a rich offering of services and content from an array of Service/Content Providers, whilst they are on the move, anytime, anywhere. Unfortunately, this new computing paradigm also brings along new and unique security challenges. Novel security solutions are therefore required. But, in order for appropriate security solutions to be devised, all possible security threats must first be thoroughly analysed, and the corresponding security requirements be identified. In this paper, we examine the security issues germane to a mobile ubiquitous environment. We then suggest some possible solutions which may be employed to address these security issues. Open research issues are also highlighted.

Published
2007

227. A Dynamic Trust Model Enforcing Security Policies

Author

Kambiz Ghazinour and Mehdi Ghayoumi

Subjects
Cloud computing security, business.industry, Computer science, Internet privacy, Computer security model, Computer security, computer.software_genre, Logical security, Security service, Information security standards, Security through obscurity, Network security policy, Computational trust, business, computer
Abstract

Security policies are placed to control and prevent unauthorized or accidental access to data. Furthermore, building a proper user interface that reflects one's privileges is a cumbersome task. Each modification of a security policy causes many potential and unpredictable side effects which results in rule conflicts or security breaches that affect the corresponding user interfaces as well. On the other hand, nowadays there has been more attention towards trust in user behavior. This work, presents an improved dynamic model that adjusts users' security policies based on the level of trust that they hold. In this model, the trust manager can revoke/reduce the access level of users based on their unnecessary access to data items. The model demonstrates the effect of changes in the level of trust in users to security administrators.

Published
2015

228. Behavioral and Dynamic Security Functions Chaining For Android Devices

Author

Rémi Badonnel, Abdelkader Lahmadi, Olivier Festor, Gaetan Hurel, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), European Project: 318488,EC:FP7:ICT,FP7-ICT-2011-8,FLAMINGO(2012), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Badonnel, Rémi, and Management of the Future Internet - FLAMINGO - - EC:FP7:ICT2012-11-01 - 2016-10-31 - 318488 - VALID

Subjects
Cloud computing security, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], Computer science, business.industry, Mobile computing, Computer security model, Security information and event management, Logical security, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Security service, Software security assurance, Network Access Control, business, Computer network
Abstract

International audience; —We present an approach for dynamically outsourc-ing and composing security functions for mobile devices, according to the network behavior of their running applications. Applications are characterized from a network point of view using data mining and clustering techniques with the aim to select their appropriate security functions. Software-defined networking mechanisms are employed to chain the selected functions and to redirect mobile apps traffic through the resulting security compositions. Those ones can be fully outsourced or split between in-cloud and on-device. Both a prototype and extensive simulations demonstrate the feasibility of the approach and assess its benefits.

Published
2015

229. Protecting services from security mis-configuration

Author

Ron Addie, Luke Drury, and Nabeel Hadaad

Subjects
Cloud computing security, Security service, Information security standards, Computer science, Security through obscurity, Network security policy, Computer security model, Computer security, computer.software_genre, Logical security, computer, Security information and event management
Abstract

It is understood that ICT security can be defined and enforced through rules. In this paper, the concept of rules which define and ensure users' access to services is introduced. Examples of how service is hindered by otherwise sensible security rules are presented. Service protection policies are then described which can help to prevent these compromises to service and assist us to measure this impact where it occurs. These examples include demonstration in some cases of how the combined collection of rules (security and service protection) can be enforced and maintained. The concept of service protection policies is introduced. We use ns3 and Click in simulations to check the consistency of aggregate security policy by checking that service protection rules are valid. We show that these can improve the performance of the network experienced by users and increase network security.

Published
2015

230. Experience report: A field analysis of user-defined security configurations of Android devices

Author

Eliane Martins and Daniel Vecchiato

Subjects
Engineering, Cloud computing security, business.industry, Internet privacy, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Security service, Security through obscurity, Human-computer interaction in information security, business, computer
Abstract

The wide spreading of mobile devices, such as smart phones and tablets, and their always-advancing capabilities, ranging from taking photos to accessing banking accounts, makes them an attractive target for attackers. This, together with the fact that users frequently store critical personal information in such devices and that many organizations currently allow employees to use their personal devices to access the enterprise information infrastructure and applications, turns assessing the security of mobile devices into a key issue. In order to understand the common misconfiguration problems, this practical experience report presents a held analysis of 41 user-defined security settings of more than 500 Android devices. Findings suggest that most users neglect basic security configurations such as login mechanisms and (bat manufacturers should rethink their policies in terms of the security settings that can be modified by the users. The paper also proposes concrete security countermeasures to mitigate some of the identified misconfigurations.

Published
2015

231. Towards security assurance for heterogeneous industrial networks

Author

Mikael Gidlund, Mats Björkman, Johan Akerberg, and Apala Ray

Subjects
Network architecture, Cloud computing security, business.industry, Network security, Computer science, Covert channel, Computer security model, Internet security, Computer security, computer.software_genre, Security information and event management, Telecommunications network, Logical security, Network simulation, Intelligent computer network, Security association, Security service, Software security assurance, Network Access Control, Network security policy, business, computer, Heterogeneous network, Computer network
Abstract

Industrial networks have a mix of devices with different security properties. If a mix of devices with various degrees of security features and capabilities communicate, the overall network dynamics with respect to device trust and security of message exchange will be complex. Therefore, there is a need to understand the trust and risk probabilities of devices in a heterogeneous network. This is required for heterogeneous network where the network configuration has to be made based on how trustworthy they are. In this work we focus on assessing security risks for devices and message exchanges. We define the term assurance value to denote the resilience of a device to security attacks. We study the behavior of a communication network when devices with various degrees of security features exchange messages. We aim to identify the network security properties based on the network architecture. From the study, we propose a model to estimate and predict network security properties in a heterogeneous communication network.

Published
2015

232. Development of the Security Evaluation Methodology and Criteria for a Ubiquitous Healthcare System

Author

Gil Hong Park, Su Jin Park, Dong Min Kim, Myung Gon Kim, Joon Tae Ahn, and Junghan Lee

Subjects
Authentication, Multidisciplinary, Cloud computing security, Certified Information Security Manager, Computer science, Standard of Good Practice, Authorization, Certified Information Systems Security Professional, Information security, Computer security model, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Logical security, Information security audit, Risk analysis (engineering), Security service, Information security standards, Security convergence, computer, Information security management system
Abstract

The present study aimed to develop a security evaluation methodology and criteria for a ubiquitous healthcare (u health) system. For this purpose, first, we classified the components of a u-health system. Second, security core technologies were selected that could be applied to a u-health system in three aspects, such as administrative safeguards dealing with the operator, policies, documents, systems, and user education, physical safeguards, dealing with control of entrance and exit, and screens or shared instruments, and technical safeguards, dealing with computer system-related technological elements. Then, each security core technology was assigned to each component of a u-health system, and the relative significance of each was determined. Finally, a methodology and criteria for the evaluation of security and privacy were developed. In conclusion, the outcome can be used for enhancing the security level in the design of a u-health system and setting authentication standards for authorization processes for security.

Published
2015

233. Enabling Convergence of Physical and Logical Security Through Intelligent Event Correlation

Author

Bruno Ragucci, Gaetano Papale, Luigi Coppolino, Valerio Formicola, Salvatore D'Antonio, and Gianfranco Cerullo

Subjects
Computer science, Network security, business.industry, Interoperability, Intrusion detection system, Misuse case, Computer security, computer.software_genre, Logical security, Critical infrastructure, Artificial Intelligence, Physical access, Attack patterns, business, computer, Computer network
Abstract

Until now, in most organizations, physical access systems and logical security systems have operated as two independent elements, and have been managed by completely separate departments. The lack of interoperability between the two sectors often resulted in a security hole of the overall infrastructure. An attacker who has physical access can not only steal a PC or confidential data, but can also compromise network security. Therefore, a combination of physical and logical security definitively allows for a more effective protection of the organization. In this work we present a correlation system which aims at bringing a significant advancement in the convergence of physical and logical security technologies. By “convergence” we mean effective cooperation (i.e. a coordinated and results-oriented effort to work together) among previously disjointed functions. The holistic approach and enhanced awareness technology of our solution allows dependable (i.e. accurate, timely, and trustworthy) detection and diagnosis of attacks. This ultimately results in the achievement of two goals of paramount importance, and precisely guaranteeing the protection of citizens and assets, and improving the perception of security by citizens. The effectiveness of the proposed solution is demonstrated in a scenario that deals with the protection of a real Critical Infrastructure. Three misuse cases have been implemented in a simulation environment in order to show how the correlation system allows for the detection of different attack patterns.

Published
2015

234. Context-aware Role-based Access Control Using Security Levels

Author

Tomas Cerny and Michal Trnka

Subjects
World Wide Web, Cloud computing security, Software security assurance, Computer science, Role-based access control, Security through obscurity, Security convergence, Computer security model, Computer security, computer.software_genre, computer, Security information and event management, Logical security
Abstract

Security of software applications is a very challenging and extensive topic. to keep up with the trend of personalized context aware applications the security design must adapt to it. this paper presents context awareness into the role based access control. it will describe already existing solutions, point out their key ideas and propose our rbac lightweight extension. it is universal and allows instant enhancement of current rbac even in current applications. the proposed solution is based on security levels which are assigned to users based on context. security levels represent how the users can be trusted and they are determined during the login procedure. the levels are used as additional security constraints to access resources. in application, the user needs to possesses not only the right permission granted through rbac roles, but also have a corresponding level.

Published
2015

235. A study on attacker agent in virtual machine-based network security learning system

Author

Nobukazu Iguchi, Kazuki Fukuyama, and Yoshiaki Taniguchi

Subjects
Network architecture, Cloud computing security, Network security, business.industry, Computer science, Covert channel, Computer security model, Computer security, computer.software_genre, Asset (computer security), Internet security, Logical security, Network simulation, Computer network programming, Intelligent computer network, Security service, Virtual machine, Server, Network Access Control, Enterprise private network, business, computer, Virtual network, Network management station, Computer network
Abstract

Education of network security has attracted a lot of attentions due to increasing unauthorized access, lack of engineers who have network security skills, and so on. Although practice using actual computer networks is highly important for network security education, it requires costs to prepare a computer network for practice. We have proposed a network security learning system by constructing a virtual network on one PC so that low-cost, easy and safe practice can be accomplished. In this paper, we introduce an attacker agent that automatically attacks servers in a fixed pattern for supporting practical learning of defense techniques safely on a virtual network.

Published
2015

236. SDN-based security services using interface to network security functions

Author

Hyoungshick Kim, Mahdi Daghmehchi Firoozjaei, Jung-Soo Park, Jaehoon Jeong, and Jinyong Kim

Subjects
Network security, Computer science, Covert channel, Network virtualization, Access control, Asset (computer security), Internet security, Computer security, computer.software_genre, Logical security, Security information and event management, Firewall (construction), Distributed System Security Architecture, Server, Cloud computing security, business.industry, Computer security model, Networking hardware, Intelligent computer network, Security service, Software security assurance, Network Access Control, Network security policy, Application firewall, business, computer, Computer network
Abstract

This paper proposes a framework for security services using Software-Defined Networking (SDN) and Interface to Network Security Functions (I2NSF). It specifies requirements for such a framework for security services based on network virtualization. It describes two representative security systems, such as (i) centralized firewall system and (ii) DDoS-attack mitigation system. For each service, this paper discusses the limitations of existing systems and presents a possible SDN-based system to protect network resources by controlling suspicious and dangerous network traffic.

Published
2015

237. Mobile security technology for smart devices

Author

Seungyong Yoon, Jeong-Nyeo Kim, and Yong-Sung Jeon

Subjects
Authentication, Cloud computing security, business.industry, Computer science, Mobile computing, Data security, Access control, Mobile Web, Computer security, computer.software_genre, Security information and event management, Logical security, Security service, Software security assurance, Mobile station, Network Access Control, Application security, Mobile search, Smart environment, Mobile technology, Mobile telephony, business, Mobile device, computer, Computer network
Abstract

While the number of smartphones increased, the security threats such as violating privacy and malicious code in smart environment increased. In general, the software security scheme is mainly used to protect mobile device from the security threat. However, this security scheme can be easily manipulated and changed. In this paper, we propose MTM hardware based mobile device security technology to prevent data leakage and unauthorized access.

Published
2015

238. Towards an Integration of Usability and Security for User Authentication

Author

Julio Ariel Hurtado, César A. Collazos, Paulo C. Realpe, and Antoni Granollers

Subjects
Computer science, Vulnerability, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Security testing, Security engineering, Distributed System Security Architecture, Usability engineering, Security management, Authentication, Cloud computing security, business.industry, Usability, Information security, Computer security model, Security service, Software security assurance, Network Access Control, Human-computer interaction in information security, Security through obscurity, Design process, User interface, business, computer
Abstract

Computer security is one of the more important tasks currently in the digital world. However, to the best of our knowledge, there is little research for designing effective interfaces in the context of security management systems. Security problems for these systems include vulnerabilities due to hard to use systems and poor user interfaces due to security constraints. Nowadays, finding a good trade-off between security and usability is a challenge, mainly for user authentication services. This paper presents a systematic review about usability principles, evaluation methods and development processes for security systems. Moreover, a research approach to integrate usability and security for user authentication systems is proposed.

Published
2015

239. Automatic detection of vulnerabilities for advanced security analytics

Author

Feng Cheng, Marian Gawron, and Christoph Meinel

Subjects
Security bug, Trusted computing base, Computer science, Vulnerability management, Attack, Computer security model, Computer security, computer.software_genre, Security testing, computer, Logical security, Secure coding
Abstract

The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.

Published
2015

240. The Design and Implement of Security Access Device Centralized Supervision System for Power Grid Enterprises

Author

Guolong Han, Yayun Zhu, and Kehe Wu

Subjects
Cloud computing security, Security service, Distributed System Security Architecture, Computer science, Network Access Control, Network security policy, Computer security model, Computer security, computer.software_genre, Logical security, computer, Security information and event management
Abstract

With the development of Mobile Internet, the power grid enterprises are confronted with a growing demand for mobile devices' security access. In order to solve the lack of monitoring and management in security access process, this paper establishes a completely device supervision model to unified supervise all kinds of devices. After designing and implementing by a four-layer architecture, the Security Access Device Centralized Supervision System (called SADCSS) has been built and passed the pressure test, which fully meets the actual requirements of enterprises. This system makes up for the lack of supervision in the process of security access, and is of great practical significance and using value.

Published
2015

241. Software as a service: Understanding security issues

Author

Feng Yao, Sakir Sezer, and Pushpinder Kaur Chouhan

Subjects
Cloud computing security, business.industry, Computer science, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, Software as a service, Computer security model, Computer security, computer.software_genre, Logical security, Security information and event management, Security service, Software security assurance, Application security, business, computer
Abstract

Our life has been significantly enhanced and improved by a wide range of multifarious software services. Technological advancements and availability of high speed Internet connection has enabled software providers to transform traditional on-premise software deployment model to off-premise centralized deployment model. Providers and users are attracted by the software as a service (SaaS) paradigm due to the appealing features such as pay-as-you-go and optimal hardware utilization it can offer. However, lots of enterprises are still reluctant to move their business into SaaS because of the security concerns. Security issues plaguing the SaaS environment cuts across various areas which could lead to increased attack surface for potential security threats. This article first introduces the architecture of SaaS and highlights its utility and applicability in different environments like cloud computing, mobile cloud computing, software defined network and Internet of things. Then elaborate the SaaS security challenges spanning across data security, application security to SaaS deployment security and how security issues might affect different layers in the SaaS architecture.

Published
2015

242. Security aware network controllers for next generation automotive embedded systems

Author

Shanker Shreejith and Suhaib A. Fahmy

Subjects
Control system security, Authentication, Security service, business.industry, Computer science, Software security assurance, Network Access Control, Computer security model, Encryption, business, Internet security, Logical security, Computer network
Abstract

Modern cars incorporate complex distributed computing systems that manage all aspects of vehicle dynamics, comfort, and safety. Increased automation has demanded more complex networking in vehicles, that now contain a hundred or more compute units. As these networks were developed as silos, little attention was given to security early on. However, this has become a key challenge in the automotive domain, as these systems have been shown to be susceptible to various attacks, with sometimes catastrophic consequences. Addressing security in such systems requires consideration of the network and compute units, both hardware and software, and complex real-time constraints. We present an approach that integrates application authentication, message encryption and network access control into a smart network interface, without compromising network determinism. A custom interface with partial reconfiguration support on FPGAs enables seamless integration of security at the interface, offering a level of security not possible with standard layered approaches.

Published
2015

243. SDSecurity: A Software Defined Security experimental framework

Author

Ala' Darabseh, Yaser Jararweh, Andy Rindos, Mladen A. Vouk, Elhadj Benkhelifa, and Mahmoud Al-Ayyoub

Subjects
Computer science, business.industry, Distributed computing, Testbed, Software development, Computer security model, computer.software_genre, Logical security, Software framework, Software, Security service, Software security assurance, Backporting, Software system, Software engineering, business, computer
Abstract

The emerging Software Defined Systems (SDSys) is a recent paradigm, which has been introduced to reduce the overhead in the control and management operations of complex computing systems. The main concept behind this technology is around isolating the data plane from the control plane. Traditional security mechanisms are facing more challenges in providing sufficient levels of protection and efficiency. SDSys for security has been proposed to address these challenges. Software Defined Security (SDSec) provides a flexible and centralized security solution by abstracting the security mechanisms from the hardware layer to a software layer. In this paper we present a novel experimental framework to provide a novel virtualized testbed environment for SDSec systems. This work builds on the Mininet simulator, where its core components, the host, switch and the controller, are customized to build the proposed experimental simulation framework for SDSec. To the best of the authors' knowledge, this is the first experimental framework and simulator for SDSec solutions. The developed simulator, will not only support the development and testing of SDSecurity solutions, it will also serve as an experimentation tool for researchers and for benchmarking purposes. The developed simulator could also be used as an educational tool to train students and novice researchers.

Published
2015

244. Information security trades in tactical wireless networks

Author

Michael T. Kurdziel and John Alvermann

Subjects
Transport Layer Security, Cloud computing security, business.industry, Wireless network, Network security, Computer science, Covert channel, Information security, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security testing, Logical security, Security information and event management, Protocol stack, Wireless Transport Layer Security, Information security management, Security service, Network Access Control, Security through obscurity, Wireless, Network security policy, business, computer
Abstract

Wireless networks are now ubiquitous across the tactical environment. They offer unprecedented communications and data access capabilities. However, providing information security to wireless transmissions without impacting performance is a challenge. The information security requirement for each operational scenario presents a large trade space for functionality versus performance. One aspect of this trade space pertains to where information security services are integrated into the protocol stack. This paper will present an overview of the various options that exist and will discuss the advantages and disadvantages of each option.

Published
2015

245. Network systems security analysis

Author

İsmail Yilmaz

Subjects
Computer science, Network security, Data management, Data security, Covert channel, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Security testing, Logical security, Security engineering, Information security audit, Cloud computing security, business.industry, Information security, Computer security model, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, business, computer, Countermeasure (computer)
Abstract

Network Systems Security Analysis has utmost importance in today’s world. Many companies, like banks which give priority to data management, test their own data security systems with “Penetration Tests” by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems’ security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

Published
2015

246. Optimal placement of sequentially ordered virtual security appliances in the cloud

Author

Chamseddine Talhi, Alireza Shameli-Sendi, Makan Pourzandi, Mohamed Fekih-Ahmed, Mohamed Cheriet, and Yosr Jarraya

Subjects
Cloud computing security, Security service, business.industry, Computer science, Software security assurance, Enterprise private network, Data center, Cloud computing, Computer security model, business, Logical security, Computer network
Abstract

Traditional enterprise network security is based on the deployment of security appliances placed on some specific locations filtering, monitoring the traffic going through them. In this perspective, security appliances are chained in specific order to perform different security functions on the traffic. In the cloud, the same approach is often adopted using virtual security appliances to protect traffic for different virtual applications with the challenge of dealing with the flexible and elastic nature of the cloud. In this paper, we investigate the problem of placing virtual security appliances within the data center in order to minimize network latency and computing costs for security functions while maintaining the required sequential order of traversing virtual security appliances. We propose a new algorithm computing the best place to deploy these virtual security appliances in the data center. We further integrated our placement algorithm in an open source cloud framework, i.e. Openstack, in our test laboratory. The preliminary results show that we are placing the virtual security appliances in the required sequential order while improving the efficiency compared to the current default placement algorithm in Openstack.

Published
2015

247. User Security in e-Learning System

Author

Mohammad Ubaidullah Bokhari, Hatem S. A. Hamatta, and Hassan Faisal Aldheleai

Subjects
Cloud computing security, business.industry, Computer science, Internet privacy, Information security, Computer security, computer.software_genre, Asset (computer security), Logical security, Security information and event management, Security service, Security through obscurity, Security convergence, business, computer
Abstract

Security considerations play a very crucial role specially in the field of ICT, like banking sector, railways reservation system, education etc. These areas of information, Internet as well as academic area are the biggest medium. Due to the growth of educating technology, the use of online learning has become more important and comes into practice. However E-Learning systems are being distributed and interconnected. Consequently, the security becomes a very crucial issue to provide the facilities to the authentic users and maintaining E-Learning confidentiality, integrity and availability for the authorized users. The main purpose of this paper is to give in depth understanding of the security issues in E-Learning domain along with security standards and possible threats.

Published
2015

248. Information Security Considerations for Protecting NASA Mission Operations Centers (MOCs)

Author

Francis Wasiak, Eduardo Takamura, Carlos Gomez-Rosa, and Kevin Mangum

Subjects
Engineering, Network security, business.industry, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Information security, Information assurance, Computer security, computer.software_genre, Logical security, Security controls, Risk analysis (engineering), Information system, business, computer, Mission assurance, Physical security
Abstract

In NASA space flight missions, the Mission Operations Center (MOC) is often considered “the center of the (ground segment) universe,” at least by those involved with ground system operations. It is at and through the MOC that spacecraft is commanded and controlled, and science data acquired. This critical element of the ground system must be protected to ensure the confidentiality, integrity and availability of the information and information systems supporting mission operations. This paper identifies and highlights key information security aspects affecting MOCs that should be taken into consideration when reviewing and/or implementing protecting measures in and around MOCs. It stresses the need for compliance with information security regulation and mandates, and the need for the reduction of IT security risks that can potentially have a negative impact to the mission if not addressed. This compilation of key security aspects was derived from numerous observations, findings, and issues discovered by IT security audits the authors have conducted on NASA mission operations centers in the past few years. It is not a recipe on how to secure MOCs, but rather an insight into key areas that must be secured to strengthen the MOC, and enable mission assurance. Most concepts and recommendations in the paper can be applied to non-NASA organizations as well. Finally, the paper emphasizes the importance of integrating information security into the MOC development life cycle as configuration, risk and other management processes are tailored to support the delicate environment in which mission operations take place.

Published
2015

249. Overview of security on mobile devices

Author

Petr Hanacek and Lukas Aron

Subjects
Engineering, Security bug, Cloud computing security, business.industry, Computer security model, Computer security, computer.software_genre, Security information and event management, Logical security, Security service, Software security assurance, Application security, business, computer
Abstract

This paper contains depth description of security models of modern mobile operating system like Android, iOS and Windows Phone. These security models are cornerstones of security on current platforms. Despite of different approaches of security they have a lot of in common. This paper also contains the most discussed security problem of nowadays, Malware. Description of malicious software is from Application-based view. However, modern operating system has strong protection against viruses and other types of infection through its security model, the weakest point of mobile devices are still users. These users usually install additional software into their devices. This paper focuses on Android malware infection and provides a few protection methods against this type security threat.

Published
2015

250. A Survey on Interfaces to Network Security Functions in Network Virtualization

Author

Hyoungshick Kim, Hyunsu Jang, Jaehoon Jeong, and Jung-Soo Park

Subjects
Cloud computing security, business.industry, Network security, Computer science, Mobile computing, Network virtualization, Information security, Computer security model, Computer security, computer.software_genre, Virtualization, Internet security, Security information and event management, Logical security, Security service, Security association, Dynamic circuit network, Software security assurance, Network Access Control, The Internet, business, computer, Computer network
Abstract

Network Functions Virtualization (NFV) opens new opportunities and challenges for security community. Unlike existing physical network infrastructure, in a virtualized network platform, security services can be dynamically deployed and maintained to cope with the threat of sophisticated network attacks that are increasing over time. This paper surveys the activity that many security vendors and Internet service providers are trying to define common interfaces for NFV-based security services through the analysis of use cases and related technologies. This activity is currently lead by Internet Engineering Task Force (IETF) that is an international Internet standardization organization.

Published
2015

Catalog

Books, media, physical & digital resources
See catalog results