The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Machine learning has become one of the go-to methods for solving problems in the field of networking. This development is driven by data availability in large-scale networks and the commodification of machine learning frameworks. While this makes it easier for researchers to implement and deploy machine learning solutions on networks quickly, there are a number of vital factors to account for when...
Testing software-intensive systems, for us, has traditionally focused on verifying and validating compliance and conformance to specification, as well as some general non-functional requirements such as performance of different components. In recent years, we have seen a strong move towards more data intensive systems. We have found that these types of systems require a different approach for testing...
Implementing cryptography on Internet-of-Things (IoT) devices, that is resilient against side channel analysis, has so far been a task only suitable for specialist software designers in interaction with access to a sophisticated testing facility. Recently a novel tool has been developed, ELMO, which offers the potential to enable non-specialist software developers to evaluate their code w.r.t. power...
Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security...
With the rapid growth of big-data applications, advanced data processing technologies, e.g., machine learning, are widely adopted in many industry fields. Although these technologies demonstrate powerful data analyzing and processing capability, there exist some security concerns that may potentially expose the user/owner of the services to information safety risk. In particular, the adoption of neuromorphic...
SQL Injection Attack (SQLIA) has been consistently ranked among the top security threats against web applications for more than a decade. Nowadays, attackers use sophisticated tools to launch automated injection attacks. The problem of prevention and detection of SQLIA has been long attended by the research community, but hardly any solution exists for protecting multiple websites in a shared hosting...
Modern society depends on the continuing correct operation of software-based systems. Critical infrastructures — including energy, communication, transportation, and finance — all function within powerful and complex computing environments. The dependability of these systems is increasingly threatened by a wide range of adversaries, and increasing investments are being made to provide and assess sufficient...
The deployment of new security technologies in existing network topologies requires exhaustive testing before usage to avoid down time of the production systems. Nowadays, the required testing is in many cases omitted due to the complexity of creating test cases and experimental set ups. The VISA (Virtual IT Security Architectures) project [1], funded by the German Federal Ministry of Research, aims...
This paper deals with an original approach to automate Model-Based Vulnerability Testing (MBVT) for Web applications, which aims at improving the accuracy and precision of vulnerability testing. Today, Model-Based Testing techniques are mostly used to address functional features. The adaptation of such techniques for vulnerability testing defines novel issues in this research domain. In this paper,...
There exist an abundant number of tools for aiding developers and penetration testers to spot common software security vulnerabilities. However, testers are often confronted with situations where existing tools are of little help because a) they do not account for a particular configuration of the SUT and b) they do not include tests for certain vulnerabilities. To cope with this we propose a tool...
The deployment of new security technologies in existing network topologies requires exhaustive testing before usage to avoid down time of productive systems. Nowadays, the required testing is omitted in many cases due to the complexity of creating test cases and experimental set ups. The VISA (Virtual IT Security Architectures) project, funded by the German Federal Ministry of Research, aims to provide...
In recent years Cloud computing became one of the most aggressively emerging computer paradigms resulting in a growing rate of application in the area of IT outsourcing. However, as recent studies have shown, security most of the time is the one requirement, neglected at all. Yet, especially because of the nature of usage of Cloud computing, security is inevitable. Unfortunately, assuring the security...
This study presents an empirical evidence of benefit of narrative video clips in embedded virtual reality (VR) websites of hotels for relieving travel security concern. Even though it was proven that VR functions do provide some relief in travel security concern, a stronger VR website can be built when narrative video clips that show video clips with narration about important aspects of the hotel...
Contemporary network services don't have any statistical ranking mechanism for proactive security management. Since the emerging threats are actively exploiting the vulnerabilities in network services to compromise the system, not much attention has been paid to rank these services based on their vulnerability history. We argue in this paper that a reliable mechanism could be used to rank these services...
Change management and change propagation across the various models of the system (such as requirements, design and testing models) are well-known problems in software engineering. For such problems a number of solutions have been proposed that are usually based on the integration of model repositories and on the maintenance of traceability links between the models. We propose to manage the mutual...
The European ITEA2 project DIAMONDS (Development and Industrial Application of Multi-Domain Security Testing Technologies) develops under the direction of Fraunhofer FOKUS, Berlin efficient and automated security test methods for security-critical, networked systems in various industrial domains such as industrial automation, banking and telecommunications. DIAMONDS develops methods to design objective,...
This paper reports on ongoing work on SWAT, a new toolkit for security workflow analysis. SWAT provides a platform for the realization and testing of well-founded methods to detect information leaks in workflows, both for the workflow certification and for audit based upon the execution traces. Besides presenting the SWAT's functionality and high-level architecture, an example illustrates its operation.
In e-government evaluation of the validity of the security system, the testing and evaluation data obtained need synthetic evaluation, which will be influenced by human subjectivity and the results of the testing and evaluation will be affected accordingly. This paper presents an integrated AHP and multi-level fuzzy synthetic evaluation method to quantitative evaluation and analysis of safety data,...
Continuous biometric authentication schemes (CBAS) are built around the biometrics supplied by user behavioural characteristics and continuously check the identity of the user throughout the session. The current literature for CBAS primarily focuses on the accuracy of the system in order to reduce false alarms. However, these attempts do not consider various issues that might affect practicality in...
Vulnerability discovery is base technology in information system development, product testing and counterinformation. At present, vulnerability discovery already has been turned into the hot spot of the global security researches. There are so many kinds of vulnerability discovery methods. Many vulnerabilities has been found each year. But the frame work of the vulnerability discovery is out of the...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.