The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Machine learning has become one of the go-to methods for solving problems in the field of networking. This development is driven by data availability in large-scale networks and the commodification of machine learning frameworks. While this makes it easier for researchers to implement and deploy machine learning solutions on networks quickly, there are a number of vital factors to account for when...
Advanced Persistent Threat (APT) and traditional cyber attacks are different in kinds of aspects, which make the traditional defense is difficult to detect APT and protect the network. Therefore, an APT detection framework based on OpenIOC is established for the characteristics of APT system attack. Firstly, real-time attack data related to APT from massive fragmented threat data is output. Secondly,...
Security protection is usually thought to be a separate process in web application development phases but the external security protection mechanisms are not effective to control threats and vulnerabilities in web applications. As a consequence, researchers have realized security development should be an integral part of System Development Lifecycle of web applications. This article presents a universal...
This talk presents results recently published in Software Testing, Verification and Reliability. In recent years, important efforts have been made for offering a dedicated language for modelling and verifying/proving security protocols. However, verifying the security protocol model does not guarantee that the actual implementation of the protocol will fulfil these properties. In this talk we present...
With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper...
Software security evaluation is considered as a significant and indispensible activity in all phases of software development lifecycle, and there are also many factors that should be taken into account such as the environment, risks, and development documents. Despite the achievements of the past several decades, there is still a lack of methodology in evaluating software security systematically....
Software Maintainability is the business issue in large scale applications and it must be given adequate focus during software development process to minimize the downtime. Inculcating the maintainability features in the software application during its development can minimize the maintainability efforts during its real time use. In that view, this paper presents a new, Maintainable-Software Development...
This paper argues about a new conceptual modeling language for the White-Box (WB) security analysis. In the WB security domain, an attacker may have access to the inner structure of an application or even the entire binary code. It becomes pretty easy for attackers to inspect, reverse engineer, and tamper the application with the information they steal. The basis of this paper is the 14 patterns developed...
The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One...
The Multi-Source Signatures for Nuclear Programs project, part of Pacific Northwest National Laboratory's (PNNL's) Signature Discovery Initiative, seeks to computationally capture expert assessment of multi-type information to assess nuclear activities through a series of Bayesian network (BN) models. Information types may include text, sensor output, imagery, or audio/video files. The BN models incorporate...
Due to extensive use of various network services and web based applications and heterogeneous organizational security requirements, enterprise network configuration is becoming very complex that imposes high operational workload on both regular and experienced administrators. This complexity extensively reduces overall network assurability and usability which in turn make the network vulnerable to...
We describe the SPaCIoS project, illustrating its main objectives, the results obtained so far and those that we expect to achieve, in particular, the development of the SPaCIoS Tool, an integrated platform that takes as input a formal description of the system under validation, the expected security goals, and a description of the capabilities of the attacker, and automatically generates and executes...
Security of web-based systems still remains a key challenge for most IT executives, for software is vulnerable at various stages and most severely weakened in the operational environment. In the past, models and tools or even design techniques have been devised to tackle this challenge. But we still see the reemergence of the same security issues that afflict both traditional and modern web-based...
Formal specification is usually employed to avoid ambiguity of security requirements. However, it is hard to assure correctness of this formal model and its conformance with security implementation. In this paper, a framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure. Formal requirements are verified following...
We propose a novel approach that merges implied scenarios and race condition analysis techniques, to systematically detect and analyse security-related vulnerabilities at the architectural level. We apply our approach to an industrial case related to architecting systems interfacing the cloud. The application demonstrates an effective use of the approach, where the approach has detected securityrelated...
The increased deployment of service centric systems in security critical application contexts poses new challenges to properly test such a system's security. If taking a closer look at the inherent complexity of such applications, sophisticated approaches to testing security are indispensable. In our paper we propose a novel model -- based methodology for the risk -- driven security testing of service...
In recent years Cloud computing became one of the most aggressively emerging computer paradigms resulting in a growing rate of application in the area of IT outsourcing. However, as recent studies have shown, security most of the time is the one requirement, neglected at all. Yet, especially because of the nature of usage of Cloud computing, security is inevitable. Unfortunately, assuring the security...
With the large-scale distributed system plays an increasingly important role in such fields as national security, critical infrastructure and social life, its vulnerability analysis problem has become a growing focus nowadays. As a vulnerability analysis object, a multi-layer model is put forward firstly, and then a multi-dimension vulnerability analysis framework of large-scale distributed system...
This study presents an empirical evidence of benefit of narrative video clips in embedded virtual reality (VR) websites of hotels for relieving travel security concern. Even though it was proven that VR functions do provide some relief in travel security concern, a stronger VR website can be built when narrative video clips that show video clips with narration about important aspects of the hotel...
Change management and change propagation across the various models of the system (such as requirements, design and testing models) are well-known problems in software engineering. For such problems a number of solutions have been proposed that are usually based on the integration of model repositories and on the maintenance of traceability links between the models. We propose to manage the mutual...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.