The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we study the correlation between passwords across different datasets which quantitatively explains the success of existing training-based password cracking techniques. We also study the correlation between a user's password and his/her social profile. This enabled us to develop the first social profile-aware password strength meter, namely SociaLShield. Our quantification techniques...
Security is still the main obstacle that is preventing businesses from moving towards the Cloud, which makes choosing the right Cloud service provider CSP a critical decision. We propose in this paper a methodology for evaluation and selection of Cloud security services based on a Multi-Criteria Analysis (MCA) process using a set of evaluation criteria and quantitative metrics. We then give a general...
Considering the various security constraints is a primordial task in software development. Dealing with security problems early enable us to not going further in the process and avoid rework. Extract-Transform-Load (ETL) processes are the back stage of data warehouse architectures. Securing the ETL processes development is highly important and helps in mitigating security defects. Defining the right...
Software-Defined Networking (SDN) provides the potential for highly configurable, automated networks by separating the control and forwarding functions of network devices. While SDN appears to have many potential benefits for coalition tactical networking, including rapid reconfigurability and improved network situational awareness, there are significant obstacles to overcome. In particular, the low...
Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services...
The number of web services available on the Internet has grown rapidly. Service consumers face a hard decision over which service to choose among the available ones. Security holds a key after various vulnerabilities have been exploited by attackers on number of notable web services. This paper carries out a survey on how security has been expressed and promised for web services, through both the...
The extensive use of cloud services by both individual users and organizations induces several security risks. The risk perception is higher when Cloud Service Providers (CSPs) do not clearly state their security policies and/or when such policies do not directly match user-defined requirements. Security-oriented Service Level Agreements (Security SLAs) represent a fundamental means to encourage the...
Complexity in modern vehicles has increased dramatically during the last years due to new features and applications. Modern vehicles are connected to the Internet as well as to other vehicles in close proximity and to the environment for different novel comfort services and safety-related applications. Enabling such services and applications requires wireless interfaces to the vehicle and therefore...
In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators...
Defining proper measures for evaluating the effectiveness of an assurance model, which we have developed to ensure cloud security, is vital to ensure the successful implementation and continued running of the model. We need to understand that with security being such an essential component of business processes, responsibility must lie with the board. The board must be responsible for defining their...
Since the inception of cloud computing, security researchers have been active in addressing the question of cloud information security, which has seen the development of a wide range of technical solutions. The same can be said for non-cloud information security research which has been active for a far longer period of time. Yet, year on year, security breaches continue to increase, both in volume...
Research and practice show that the effectiveness of vulnerability detection tools depends on the concrete use scenario. Benchmarking can be used for selecting the most appropriate tool, helping assessing and comparing alternative solutions, but its effectiveness largely depends on the adequacy of the metrics. This paper studies the problem of selecting the metrics to be used in a benchmark for software...
A distributed application may be composed of global services provided by different organizations and have different properties. Providing provisioned services is of primary importance due to the multi-tenant and potentially multi-provider nature of services. When selecting a service from many similar services, it is important to distinguish between them. Quality of service (QoS) has been used as a...
Different aspects of usage of electronic devices significantly vary person to person, and therefore, rigorous usage analysis exhibits its prospect in identifying a user in road to secure the devices. Different state-of-the-art approaches have investigated different aspects of the usage, such as typing speed and dwelling time, in isolation for identifying a user. However, investigation of multiple...
Complex, evolutionary systems operating in an open world can be seen as a composition of components which interact each other in order to fulfill their requirements. Following this vision, Systems of Systems (SoSs) literature aims at supporting the life of such complex systems taking into account key viewpoints such as emergence, time, mobility, evolution, dynamicity. Although different attempts can...
In spite of the benefits that could flow from its adoption, cloud computing brings new challenges associated with potential lack of transparency, trust, and loss of controls. With a growing number of cloud service providers, potential customers will require methods for selecting trustworthy and appropriate providers. We discuss existing tools, methods and frameworks that promote the adoption of cloud...
In this paper, we present a novel scheme for auditing Service Level Agreement (SLA) in a semi-trusted or untrusted cloud. A SLA is a contract formed between a cloud service provider (CSP)and a user which specifies, in measurable terms, what resources a the CSP will provide the user. CSP's being profit based companies have incentive to cheat on the SLA. By providing a user with less resources than...
According to the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)), the US Department of Defense (DoD) recognizes that there is a “persistent lack of a consistent approach … for the certification of software assurance tools, testing and methodologies” [1]. As a result, the ASD(R&E) is seeking “to address vulnerabilities and weaknesses to cyber threats of...
To monitor radioactivity passing through a vehicle such as a pedestrian, a car, a train or a truck, Radiation Portal Monitors (RMP) are commonly employed. These detection systems consist of a large volume detector set close to the potential source path. An alarm is then triggered when the signal rises over a threshold initially estimated in view of the natural background signal. The approach developed...
Web applications and server environments hosting them rely on configuration settings that influence their security, usability, and performance. Misconfiguration results in severe security vulnerabilities. Recent trends show that misconfiguration is among the top critical risks in web applications. While effective at uncovering numerous classes of vulnerabilities, generic web application vulnerability...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.