摘要 :
Cloud computing is considered as a new paradigm shift in distributed computing. Due to its increasing popularity, it has gotten increasing attention in the research community. In the last few years, the usage of cloud computing ha...
展开
Cloud computing is considered as a new paradigm shift in distributed computing. Due to its increasing popularity, it has gotten increasing attention in the research community. In the last few years, the usage of cloud computing has increased because of its user-friendly services. However, as the number of users increases in the cloud, the service complexity and new security challenges take place. Data security is one of the major issues, which blocks users from adopting cloud. In this paper, we conducted a detailed literature review divided into two categories i.e. Single/multi-cloud data security issues and data security techniques used to secure the data in cloud virtual environment. We worked hard to find out the limitations of the existing data security solutions. This effort may help the research community to analyze single and multi-cloud in more details.
收起
摘要 :
Thousands of new threats and threat categories emerge every second in cyberspace, even as known threats keep adapting robustly to existing solutions, thus challenging modern approaches to threat detection. While many contemporary ...
展开
Thousands of new threats and threat categories emerge every second in cyberspace, even as known threats keep adapting robustly to existing solutions, thus challenging modern approaches to threat detection. While many contemporary detection solutions continue to rely largely on flow-level packet analysis by monitoring trends and patterns of activity in supporting flow features of interest, little attention has been paid to whether such supporting flow features still present an effective means of reaching accurate conclusions regarding imminent or occurrent cyber threat incidents, especially in light of the rapidly evolving threat landscape. Hence, this pilot study reinvestigates four commonly-used supporting flow features in modern threat detection solutions, viz.: flow packet count, flow packet throughput (bytes/s). flow packet throughput (packets/s) and average flow packet size (bytes), to ascertain/verify their continued relevance for cyber threat detection. The study adopts the methodology of data simulation with descriptive infographic analysis using the UNSW-NB15dataset.
收起
摘要 :
Companies face increasing pressure to protect themselves and their customers from security threats. Security by design is a proactive approach that builds security into all aspects of a system from the ground up, rather than addin...
展开
Companies face increasing pressure to protect themselves and their customers from security threats. Security by design is a proactive approach that builds security into all aspects of a system from the ground up, rather than adding it on as an afterthought. By taking security into account at every stage of development, organizations can create systems that are more resistant to attacks and better able to recover from them if they do occur. One of the most relevant practices is threat modelling, i.e. the process of identifying and analysing the security threat to an information system, application, or network. These processes require security experts with high skills to anticipate possible issues: therefore, it is a costly task and requires a lot of time. To face these problems, many different automated threat modelling methodologies are emerging. This paper first carries out a systematic literature review (SLR) aimed at both having an overview of the automated threat modelling techniques used in literature and enumerating all the tools that implement these techniques. Then, an analysis was carried out considering four open-source tools and a comparison with our threat modelling approach using a simple, but significant case study: an e-commerce site developed on top of WordPress.
收起
摘要 :
IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Ta...
展开
IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries.
收起
摘要 :
As the penetration of smartphones increases rapidly, in the occurrence of security threats in smartphones, smartphone security technologies are not sufficient, and moreover, the security technologies and measures that can be appli...
展开
As the penetration of smartphones increases rapidly, in the occurrence of security threats in smartphones, smartphone security technologies are not sufficient, and moreover, the security technologies and measures that can be applied to smartphones remain limited. This, as a result, creates a problem that smartphones are easily exposed to security attacks. Gradually, the studies on smartphone security are progressing and the development of security technologies is underway. However, such efforts remain inadequate in view of the vulnerabilities that lie in smartphone security. Therefore, studies are necessary on enhanced information security measures that can ensure the safe usage of smartphones in a real environment. In this paper, a Smartphone-information security management system (ISMS) model based on ISMS is proposed. Firstly, this study defines the elements of smartphone security threats, which can occur in the smartphone environment, and the requirements for smartphone security. Based on the results, this work derives seven relevant control items by combining existing ISMS-based information security models with the smartphone environment, and thereby proposes a Smartphone-ISMS model through the materialization of each control item. Additionally, the results of the comparison of characteristics between existing ISMS models and the proposed Smartphone-ISMS are presented.
收起
摘要 :
To uniquely identify physical objects, Radio Frequency Identification (RFID) systems are used with its limitless possibilities and low cost. RFID is a method of remotely storing and retrieving data using devices called RFID tags. ...
展开
To uniquely identify physical objects, Radio Frequency Identification (RFID) systems are used with its limitless possibilities and low cost. RFID is a method of remotely storing and retrieving data using devices called RFID tags. An RFID tag is a small object, such as an adhesive sticker, that can be attached to or incorporated into a product. But with this common scenario involving numerous tags and present in the interrogation zone of a single reader at the same time. RFID is prone to security threat as well, which is the main focus of this paper. In this paper we present an anti-collision protocol existing and applied in the RFID dilemma, sited vulnerabilities and suggested general security solutions.
收起
摘要 :
Learning how to think about security means adopting a different mindset than we've had in the past. As a community, software developers have been thinking too much like "good guys" and thus ended up developing insecure software be...
展开
Learning how to think about security means adopting a different mindset than we've had in the past. As a community, software developers have been thinking too much like "good guys" and thus ended up developing insecure software because they failed to predict attack scenarios. The only way to effectively develop good security in software is to learn to think like the "bad guys." Thinking like the adversary helps us to better identify and mitigate threats.
收起
摘要 :
This paper employs a behavioral science perspective of airport security to, examine security related decision behaviors using exploratory ethnographic observations. Sampling employees from a broad spectrum of departments and occup...
展开
This paper employs a behavioral science perspective of airport security to, examine security related decision behaviors using exploratory ethnographic observations. Sampling employees from a broad spectrum of departments and occupations in several major airports across Europe, over 700 descriptive items are transcribed into story scripts that are analyzed. The results demonstrate that both formal and informal behavioral factors are present when security decisions are made. The repetitive patterns of behavior allowed us to develop a generic model applicable to a wide range of security related situations. What the descriptions suggest is that even within the formal regulatory administrative framework of airports, actual real-time security behaviors may deviate from rules and regulations to adapt to local situations.
收起
摘要 :
Cloud computing is a transpiring way of computing in computer science. Cloud computing is a technology that uses a network of remote servers hosted on internet to store, manage and process data on demand and pay as per use. It pro...
展开
Cloud computing is a transpiring way of computing in computer science. Cloud computing is a technology that uses a network of remote servers hosted on internet to store, manage and process data on demand and pay as per use. It provides access to shared resources. As cloud computing do not acquire the things physically, it saves managing cost and time for the organizations. Today it is used in both industrial field and academic field. Cloud facilitates its users through virtual resources via internet. There are some security issues while using services over the cloud. As users of cloud save their data in the cloud hence the lack of security in cloud can lose the user's trust. In this paper, we presents a review on the cloud computing concepts as well as security issues within the context of cloud computing. This paper also analyses the key research and challenges that are present in cloud computing.
收起
摘要 :
This paper presents Requirement Analysis of cloud Security in Distributed Systems, particularly looking at trust, confidentiality and privacy issues. The novelty of cloud is its ability to perform automated tasks in a way that was...
展开
This paper presents Requirement Analysis of cloud Security in Distributed Systems, particularly looking at trust, confidentiality and privacy issues. The novelty of cloud is its ability to perform automated tasks in a way that was never envisaged. However, security and safety issues have been identified as key barriers, especially in distributed environments. Requirement Analysis of cloud Security in Distributed Systems. Cloud security is often seen as a technical problem. We argue that its solution needs both technical and management input. We find that cloud computing offers reliability and flexibility and its low cost makes it attractive, particularly to small and medium sized enterprises. We note that security technology must be adopted universally and often promptly. It requires both an organizational commitment and an individual commitment, which is most readily obtained if the technology places a low knowledge burden on users: that is, it is transparent or adds only a few, often-repeated, tasks. We note that providers have already achieved this in many cloud services. Organizations need clarity of what security is provided and who is responsible for breaches. They also need cloud providers to help them identify and recover from breaches. We consider why breaches have now become a hot topic, and provide a suggestion of how to mitigate the impact of these whilst meeting our management objectives and complying with the forthcoming EU General Data Protection Regulation.
收起