The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper combines FMEA and n2 approaches in order to create a methodology to determine risks associated with the components of an underwater system. This methodology is based on defining the risk level related to each one of the components and interfaces that belong to a complex underwater system. As far as the authors know, this approach has not been reported before. The resulting information from...
[Background] Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style...
Software security is an important aspect of ensuring software quality. Early detection of vulnerable code during development is essential for the developers to make cost and time effective software testing. The traditional software metrics are used for early detection of software vulnerability, but they are not directly related to code constructs and do not specify any particular granularity level...
Attack graphs constitute a powerful security tool aimed at modelling the many ways in which an attacker may compromise different assets in a network. Despite their usefulness in several security-related activities (e.g. hardening, monitoring, forensics), the complexity of these graphs can massively grow as the network becomes denser and larger, thus defying their practical usability. In this presentation,...
Over the years, system calls (syscalls) have become an increasingly popular data source for host intrusion detection systems (HIDS). This is partly due to their strong security semantic implications. As syscalls conform to a program's control-flow graph, a deviation in a syscall sequence may imply a deviation in a program's control-flow graph. This is useful for detecting the control-flow hijacking...
Detecting software security vulnerabilities and distinguishing vulnerable from non-vulnerable code is anything but simple. Most of the time, vulnerabilities remain undisclosed until they are exposed, for instance, by an attack during the software operational phase. Software metrics are widely-used indicators of software quality, but the question is whether they can be used to distinguish vulnerable...
There are several security requirements identification methods proposed by researchers in up-front requirements engineering (RE). However, in open source software (OSS) projects, developers use lightweight representation and refine requirements frequently by writing comments. They also tend to discuss security aspect in comments by providing code snippets, attachments, and external resource links...
Framing Internet of Things (IoT) applications as a System of Systems (SoS) can help us make sense of complexity associated with interoperability and emergence. However, assessing the risk of SoSs is a challenge due to the independence of component systems, and their differing degrees of control and emergence. This paper presents three components for SoS risk assessment that integrate with existing...
Additive manufacturing of three-dimensional objects are now more and more realised through 3D printing, known as an evolutional paradigm in the manufacturing industry. Artificial intelligence is currently finding wide applications to 3D printing for an intelligent, efficient, high quality, mass customised and service-oriented production process. This paper presents a comprehensive survey of artificial...
Developers frequently rely on free static analysis tools to automatically detect vulnerabilities in the source code of their applications, but it is well-known that the performance of such tools is limited and varies from one software development scenario to another, both in terms of coverage and false positives. Diversity is an obvi-ous direction to take to improve coverage, as different tools usual-ly...
Location-Based Service (LBS) becomes increasingly important for our daily life. However, the localization information in the air is vulnerable to various attacks, which result in serious privacy concerns. To overcome this problem, we formulate a multi-objective optimization problem with considering both the query probability and the practical dummy location region. A low complexity dummy location...
In order to improve the error resistance and security of JPEG2000 standard, a joint source channel and security arithmetic coding/decoding scheme for EBCOT in JPEG2000 is proposed. Based on error resistant arithmetic coding, this scheme inserts multiple forbidden symbols and generates secure two-way decodable bitstream controlled by chaotic maps, improving the security of the scheme. Meanwhile, at...
Due to the increasing complexity of web and client application's structure, security problem has become more and more critical. Among all the threats reported, SQL Injection Attacks (SQLIAs) have always been top-ranked in recent years, and network logs, which are very important for the detection of SQLIA, are often utilized to analyze the user's attacking behaviors. However, the collection of network...
In contrast to the more prominent discrete-variable quantum key distribution (DV-QKD), which requires specialized hardware like single-photon detectors, the continuous-variable version (CV-QKD) promises low-cost and high-performance implementations by leveraging mature telecommunication technology. In this paper we demonstrate a simplified CV-QKD architecture based on analog frontends and digitizers...
Attack graph technique is a common tool for the evaluation of network security. However, attack graphs are generally too large and complex to be understood and interpreted by security administrators. This paper proposes an analysis framework for security attack graphs for a given IT infrastructure system. First, in order to facilitate the discovery of interconnectivities among vulnerabilities in a...
Systems-on-Chips (SoCs) are one of the key enabling technologies for the Internet-of-Things (IoT). Given the continuous distribution of IoT devices, data confidentiality and user privacy are of utmost importance. However, with the growing complexity of SoCs, the risk of malware infections and trojans introduced at design time increases significantly. A vital threat to system security are so-called...
The Big Data revolution has promised to build a data-driven ecosystem where better decisions are supported by enhanced analytics and data management. However, critical issues still need to be solved in the road that leads to commodization of Big Data Analytics, such as the management of Big Data complexity and the protection of data security and privacy. In this paper, we focus on the first issue...
IoT paradigm applies to systems composed by numerous devices sharing information and making cooperative decisions with little or no human intervention. The IoT standard defined by oneM2M intiative furnishes a standardised framework for interoperable services that satisfies most of IoT modelling requirements. Prior standards and also oneM2M, while focusing on achieving interoperability at the communication...
As cloud services using the virtualized technique are emerging and developing rapidly, protection of cloud services is a key issue. Most research efforts focus on reducing the attack surface observed by the external attackers, which is an impractical solution for a complex system like virtualized infrastructure. In order to deceive the attackers and waste their time and efforts, three attack surface...
We study secure RAID, i.e., low-complexity schemes to store information in a distributed manner that is resilient to node failures and resistant to node eavesdropping. We describe a technique to shorten the secure EVENODD scheme in [6], which can optimally tolerate 2 node failures and 2 eavesdropping nodes. The shortening technique allows us to obtain secure EVENODD schemes of arbitrary lengths, which...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.