Search results for: health data security
31664 Security Analysis of SIMSec Protocol
Authors: Kerem Ok, Cem Cevikbas, Vedat Coskun, Mohammed Alsadi, Busra Ozdenizci
Abstract:
Un-keyed SIM cards do not contain the required security infrastructure to provide end-to-end encryption with Service Providers. Hence, new, emerging, or smart services those require end-to-end encryption between SIM card and a Service Provider is impossible. SIMSec key exchange protocol creates symmetric keys between SIM card and Service Provider. After a successful protocol execution, SIM card and Service Provider creates the symmetric keys and can perform end-to-end data encryption when required. In this paper, our aim is to analyze the SIMSec protocol’s security. According to the results, SIM card and Service Provider can generate keys securely using SIMSec protocol.Keywords: End-to-end encryption, key exchange, SIM card, smart card
Procedia PDF Downloads 28431663 An Exploration of Anti-Terrorism Laws in Nigeria
Authors: Sani Mohammed Adam
Abstract:
This work seeks to review the security challenges facing Nigeria and explore the relevance of laws and policies in tackling the menace. The work looks at the adequacy of available legislations and the functionality of relevant institutions such as the Armed Forces, the Nigeria Police Force, the State Security Service, the Defence Intelligence Agency and the Nigerian Intelligence Agency etc. Comparisons would be made with other jurisdictions, such as inter alia, the Homeland Security in the USA and Counter Terrorism Laws of the United Kingdom. Recommendations would be made on how to strengthen both institutions and laws to curtail the growth of Terrorism in Nigeria.Keywords: legislations, Nigeria, security, terrorism
Procedia PDF Downloads 67931662 Present-Day Transformations and Trends in Rooftop Agriculture and Food Security
Authors: Kiara Lawrence, Nadine Ponnusamy, Clive Greenstone
Abstract:
One of the major challenges facing society today is food security. The risks to food security have increased significantly due to the evolving urban landscape, globalization, and a rising population. The cultivation of food is essential, particularly during times of crisis, such as a recession, and has long been a necessity for urban populations. In contemporary society, many urban residents are confronted with new challenges, including high levels of unemployment, which compel individuals to adopt alternative survival strategies, such as growing their own food. Recently, rooftop agriculture has made significant contributions to urban and national food security and has been utilized as a tool to mitigate the frequent and damaging disasters that many cities encounter. They have the potential to transform unused spaces into green, productive vegetable plots, while also providing urban residents with the opportunity to enjoy the benefits of gardening. Therefore, this study looks to investigate the evolving themes around rooftop agriculture and food security globally. A bibliometric review analysis was carried out on Scopus and Web of Science using the keywords “rooftop agriculture” OR “rooftop farming” OR “rooftop garden” AND “food security” between 2004 and 2024 to ensure a broader scope was covered around the chosen study. Vosviewer software was then utilized to analyze the extracted data to create network visualization maps based on keyword occurrences, co-author analysis, country analysis. There were only 37 relevant documents within the study parameters. Preliminary results indicate that much research focused on urban agriculture, food supply, green roof, sustainability and climate change. By analysing these aspects of rooftop agriculture and food security, the trends can identify gaps in literature and dictate future applications to assist in food security.Keywords: food security, rooftop agriculture, rooftop farming, rooftop garden
Procedia PDF Downloads 1631661 Effect of Cloud Computing on Enterprises
Authors: Amir Rashid
Abstract:
Today is the world of innovations where everyone is looking for a change. Organizations are now looking toward virtualization in order to minimize their computing cost. Cloud Computing has also introduced itself by the means of reducing computing cost. It offers different approach to make computing better by improving utilization and reducing infrastructure and administrative costs. Cloud Computing is basically the amalgamation of Utility Computing and SaaS (Software as a Service). Cloud Computing is quite new to organizations as it is still at its deploying stage. Due to this reason, organizations are not confident whether to adopt it or not. This thesis investigates the problem for organization concerning the security and cost issues. Benefits and drawbacks are being highlighted which organizations can have or suffer in order to adopt Cloud Computing. In Conclusion, Cloud Computing is a better option available for small and medium organizations with a comparison to large companies both in terms of data security and cost.Keywords: cloud computing, security, cost, elasticity, PaaS, IaaS, SaaS
Procedia PDF Downloads 34131660 Qualitative Data Analysis for Health Care Services
Authors: Taner Ersoz, Filiz Ersoz
Abstract:
This study was designed enable application of multivariate technique in the interpretation of categorical data for measuring health care services satisfaction in Turkey. The data was collected from a total of 17726 respondents. The establishment of the sample group and collection of the data were carried out by a joint team from The Ministry of Health and Turkish Statistical Institute (Turk Stat) of Turkey. The multiple correspondence analysis (MCA) was used on the data of 2882 respondents who answered the questionnaire in full. The multiple correspondence analysis indicated that, in the evaluation of health services females, public employees, younger and more highly educated individuals were more concerned and complainant than males, private sector employees, older and less educated individuals. Overall 53 % of the respondents were pleased with the improvements in health care services in the past three years. This study demonstrates the public consciousness in health services and health care satisfaction in Turkey. It was found that most the respondents were pleased with the improvements in health care services over the past three years. Awareness of health service quality increases with education levels. Older individuals and males would appear to have lower expectancies in health services.Keywords: multiple correspondence analysis, multivariate categorical data, health care services, health satisfaction survey
Procedia PDF Downloads 24231659 Botnet Detection with ML Techniques by Using the BoT-IoT Dataset
Authors: Adnan Baig, Ishteeaq Naeem, Saad Mansoor
Abstract:
The Internet of Things (IoT) gadgets have advanced quickly in recent years, and their use is steadily rising daily. However, cyber-attackers can target these gadgets due to their distributed nature. Additionally, many IoT devices have significant security flaws in their implementation and design, making them vulnerable to security threats. Hence, these threats can cause important data security and privacy loss from a single attack on network devices or systems. Botnets are a significant security risk that can harm the IoT network; hence, sophisticated techniques are required to mitigate the risk. This work uses a machine learning-based method to identify IoT orchestrated by botnets. The proposed technique identifies the net attack by distinguishing between legitimate and malicious traffic. This article proposes a hyperparameter tuning model to improvise the method to improve the accuracy of existing processes. The results demonstrated an improved and more accurate indication of botnet-based cyber-attacks.Keywords: Internet of Things, Botnet, BoT-IoT dataset, ML techniques
Procedia PDF Downloads 1131658 A Tutorial on Network Security: Attacks and Controls
Authors: Belbahi Ahlam
Abstract:
With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.Keywords: network security, attacks and controls, computer and information, solutions
Procedia PDF Downloads 45531657 Safeguarding the Cloud: The Crucial Role of Technical Project Managers in Security Management for Cloud Environments
Authors: Samuel Owoade, Zainab Idowu, Idris Ajibade, Abel Uzoka
Abstract:
Cloud computing adoption continues to soar, with 83% of enterprise workloads estimated to be in the cloud by 2022. However, this rapid migration raises security concerns, needing strong security management solutions to safeguard sensitive data and essential applications. This paper investigates the critical role of technical project managers in orchestrating security management initiatives for cloud environments, evaluating their responsibilities, challenges, and best practices for assuring the resilience and integrity of cloud infrastructures. Drawing from a comprehensive review of industry reports and interviews with cloud security experts, this research highlights the multifaceted landscape of security management in cloud environments. Despite the rapid adoption of cloud services, only 25% of organizations have matured their cloud security practices, indicating a pressing need for effective management strategies. This paper proposes a strategy framework adapted to the demands of technical project managers, outlining the important components of effective cloud security management. Notably, 76% of firms identify misconfiguration as a major source of cloud security incidents, underlining the significance of proactive risk assessment and constant monitoring. Furthermore, the study emphasizes the importance of technical project managers in facilitating cross-functional collaboration, bridging the gap between cybersecurity professionals, cloud architects, compliance officers, and IT operations teams. With 68% of firms seeing difficulties integrating security policies into their cloud systems, effective communication and collaboration are critical to success. Case studies from industry leaders illustrate the practical use of security management projects in cloud settings. These examples demonstrate the importance of technical project managers in using their expertise to address obstacles and generate meaningful outcomes, with 92% of firms reporting improved security practices after implementing proactive security management tactics. In conclusion, this research underscores the critical role of technical project managers in safeguarding cloud environments against evolving threats. By embracing their role as guardians of the cloud realm, project managers can mitigate risks, optimize resource utilization, and uphold the trust and integrity of cloud infrastructures in an era of digital transformation.Keywords: cloud security, security management, technical project management, cybersecurity, cloud infrastructure, risk management, compliance
Procedia PDF Downloads 5131656 Analysis of Threats in Interoperability of Medical Devices
Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar
Abstract:
Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.Keywords: interoperability, threats, attacks, medical devices
Procedia PDF Downloads 33331655 Towards an Enhanced Compartmental Model for Profiling Malware Dynamics
Authors: Jessemyn Modiini, Timothy Lynar, Elena Sitnikova
Abstract:
We present a novel enhanced compartmental model for malware spread analysis in cyber security. This paper applies cyber security data features to epidemiological compartmental models to model the infectious potential of malware. Compartmental models are most efficient for calculating the infectious potential of a disease. In this paper, we discuss and profile epidemiologically relevant data features from a Domain Name System (DNS) dataset. We then apply these features to epidemiological compartmental models to network traffic features. This paper demonstrates how epidemiological principles can be applied to the novel analysis of key cybersecurity behaviours and trends and provides insight into threat modelling above that of kill-chain analysis. In applying deterministic compartmental models to a cyber security use case, the authors analyse the deficiencies and provide an enhanced stochastic model for cyber epidemiology. This enhanced compartmental model (SUEICRN model) is contrasted with the traditional SEIR model to demonstrate its efficacy.Keywords: cybersecurity, epidemiology, cyber epidemiology, malware
Procedia PDF Downloads 10831654 Detection and Tracking for the Protection of the Elderly and Socially Vulnerable People in the Video Surveillance System
Authors: Mobarok Hossain Bhuyain
Abstract:
Video surveillance processing has attracted various security fields transforming it into one of the leading research fields. Today's demand for detection and tracking of human mobility for security is very useful for human security, such as in crowded areas. Accordingly, video surveillance technology has seen a rapid advancement in recent years, with algorithms analyzing the behavior of people under surveillance automatically. The main motivation of this research focuses on the detection and tracking of the elderly and socially vulnerable people in crowded areas. Degenerate people are a major health concern, especially for elderly people and socially vulnerable people. One major disadvantage of video surveillance is the need for continuous monitoring, especially in crowded areas. To assist the security monitoring live surveillance video, image processing, and artificial intelligence methods can be used to automatically send warning signals to the monitoring officers about elderly people and socially vulnerable people.Keywords: human detection, target tracking, neural network, particle filter
Procedia PDF Downloads 16631653 Data-Driven Monitoring and Control of Water Sanitation and Hygiene for Improved Maternal Health in Rural Communities
Authors: Paul Barasa Wanyama, Tom Wanyama
Abstract:
Governments and development partners in low-income countries often prioritize building Water Sanitation and Hygiene (WaSH) infrastructure of healthcare facilities to improve maternal healthcare outcomes. However, the operation, maintenance, and utilization of this infrastructure are almost never considered. Many healthcare facilities in these countries use untreated water that is not monitored for quality or quantity. Consequently, it is common to run out of water while a patient is on their way to or in the operating theater. Further, the handwashing stations in healthcare facilities regularly run out of water or soap for months, and the latrines are typically not clean, in part due to the lack of water. In this paper, we present a system that uses Internet of Things (IoT), big data, cloud computing, and AI to initiate WaSH security in healthcare facilities, with a specific focus on maternal health. We have implemented smart sensors and actuators to monitor and control WaSH systems from afar to ensure their objectives are achieved. We have also developed a cloud-based system to analyze WaSH data in real time and communicate relevant information back to the healthcare facilities and their stakeholders (e.g., medical personnel, NGOs, ministry of health officials, facilities managers, community leaders, pregnant women, and new mothers and their families) to avert or mitigate problems before they occur.Keywords: WaSH, internet of things, artificial intelligence, maternal health, rural communities, healthcare facilities
Procedia PDF Downloads 1931652 Can Empowering Women Farmers Reduce Household Food Insecurity? Evidence from Malawi
Authors: Christopher Manyamba
Abstract:
Women in Malawi produce perform between 50-70 percent of all agricultural tasks and yet the majority remain food insecure. The aim of his paper is to build on existing mixed evidence that indicates that empowering women in agriculture is conducive to improving food security. The WEAI is used to provide evidence on the relationship between women’s empowerment in agriculture and household food security. A multinomial logistic regression is applied to the Women Empowerment in Agriculture Index (WEAI) components and the Household Hunger Scale. The overall results show that the WEAI can be used to determine household food insecurity; however it has to be contextually adapted. Assets ownership, credit, group membership and leisure time are positively associated with food security. Contrary to other literature, empowerment in having control and decisions on income indicate negative association with household food security. These results could potentially better inform public, private and civil society stakeholders’ dialogues in creating the most effective and sustainable interventions to help women attain long-term food security.Keywords: food security, gender, empowerment, agriculture index, framework for African food security, household hunger scale
Procedia PDF Downloads 36831651 VANETs: Security Challenges and Future Directions
Authors: Jared Oluoch
Abstract:
Connected vehicles are equipped with wireless sensors that aid in Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication. These vehicles will in the near future provide road safety, improve transport efficiency, and reduce traffic congestion. One of the challenges for connected vehicles is how to ensure that information sent across the network is secure. If security of the network is not guaranteed, several attacks can occur, thereby compromising the robustness, reliability, and efficiency of the network. This paper discusses existing security mechanisms and unique properties of connected vehicles. The methodology employed in this work is exploratory. The paper reviews existing security solutions for connected vehicles. More concretely, it discusses various cryptographic mechanisms available, and suggests areas of improvement. The study proposes a combination of symmetric key encryption and public key cryptography to improve security. The study further proposes message aggregation as a technique to overcome message redundancy. This paper offers a comprehensive overview of connected vehicles technology, its applications, its security mechanisms, open challenges, and potential areas of future research.Keywords: VANET, connected vehicles, 802.11p, WAVE, DSRC, trust, security, cryptography
Procedia PDF Downloads 31331650 Towards a Security Model against Denial of Service Attacks for SIP Traffic
Authors: Arellano Karina, Diego Avila-Pesántez, Leticia Vaca-Cárdenas, Alberto Arellano, Carmen Mantilla
Abstract:
Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization.Keywords: Denial-of-Service SIP attacks, MS-DoS-SIP, security model, VoIP-SIP vulnerabilities
Procedia PDF Downloads 20331649 Security in Cyberspace: A Comprehensive Review of COVID-19 Continued Effects on Security Threats and Solutions in 2021 and the Trajectory of Cybersecurity Going into 2022
Authors: Mojtaba Fayaz, Richard Hallal
Abstract:
This study examines the various types of dangers that our virtual environment is vulnerable to, including how it can be attacked and how to avoid/secure our data. The terrain of cyberspace is never completely safe, and Covid- 19 has added to the confusion, necessitating daily periodic checks and evaluations. Cybercriminals have been able to enact with greater skill and undertake more conspicuous and sophisticated attacks while keeping a higher level of finesse by operating from home. Different types of cyberattacks, such as operation-based attacks, authentication-based attacks, and software-based attacks, are constantly evolving, but research suggests that software-based threats, such as Ransomware, are becoming more popular, with attacks expected to increase by 93 percent by 2020. The effectiveness of cyber frameworks has shifted dramatically as the pandemic has forced work and private life to become intertwined, destabilising security overall and creating a new front of cyber protection for security analysis and personal. The high-rise formats in which cybercrimes are carried out, as well as the types of cybercrimes that exist, such as phishing, identity theft, malware, and DDoS attacks, have created a new front of cyber protection for security analysis and personal safety. The overall strategy for 2022 will be the introduction of frameworks that address many of the issues associated with offsite working, as well as education that provides better information about commercialised software that does not provide the highest level of security for home users, allowing businesses to plan better security around their systems.Keywords: cyber security, authentication, software, hardware, malware, COVID-19, threat actors, awareness, home users, confidentiality, integrity, availability, attacks
Procedia PDF Downloads 11631648 Human Development as an Integral Part of Human Security within the Responsibility to Rebuild
Authors: Themistoklis Tzimas
Abstract:
The proposed paper focuses on a triangular relationship, between human security, human development and responsibility to rebuild. This relationship constitutes the innovative contribution to the debate about human security. Human security constitutes a generic and legally binding notion, which orientates from an integrated approach the UN Charter principles and of the collective security system. Such an approach brings at the forefront of international law and of international relations not only states but non- state actors as well. Several doctrines attempt to implement the fore-mentioned approach among which the Responsibility to Protect- hereinafter R2P- doctrine and its aspect of Responsibility to Rebuild- hereinafter R2R. In this sense, R2P in general and R2R are supposed to be guided by human security imperatives. Human security because of its human- centered approach encompasses as an integral part of it, human development. Human development constitutes part of the backbone of human security, since it deals with the social and economic root- causes of the threats, which human security attempts to confront. In this sense, doctrines which orientate from human security, such as R2P and its R2R aspect should also take into account human development imperatives, in order to improve their efficiency. On the contrary though, R2R is more often linked with market- orientated policies, which are often imposed under transitional authorities, regardless of local needs. The implementation of such policies can be identified as a cause for striking failures in the framework of R2R. In addition it is a misinterpretation of the essence of human security and subsequently of R2P as well. The findings of the article, on the basis of the fore-mentioned argument is that a change must take place from a market- orientated misinterpretation of R2R to an approach attempting to implement human development doctrines, since the latter lie at the heart of human security and can be proven more effective in dealing with the root- causes of conflicts. Methodologically, the article begins with an examination of human security and of its binding nature on the basis of its orientation from the UN Charter. It also examines its significance in the framework of the collective security system. Then, follows the analysis of why and how human development constitutes an integral part of human security. At the next part it is proven that R2P in general and R2R more specifically constitute or should constitute an attempt to implement human security doctrines within the collective security system. Having built this triangular relationship it is argued that human development is proven to be the most suitable notion, so that the spirit of human security and the scopes of R2P are successfully implemented.Keywords: human security, un charter, responsibility to protect, responsibility to rebuild, human development
Procedia PDF Downloads 28031647 Human Security and Human Trafficking Related Corruption
Authors: Ekin D. Horzum
Abstract:
The aim of the proposal is to examine the relationship between human trafficking related corruption and human security. The proposal suggests that the human trafficking related corruption is about willingness of the states to turn a blind eye to the human trafficking cases. Therefore, it is important to approach human trafficking related corruption in terms of human security and human rights violation to find an effective way to fight against human trafficking. In this context, the purpose of this proposal is to examine the human trafficking related corruption as a safe haven in which trafficking thrives for perpetrators.Keywords: human trafficking, human security, human rights, corruption, organized crime
Procedia PDF Downloads 47531646 Analyzing the Risk Based Approach in General Data Protection Regulation: Basic Challenges Connected with Adapting the Regulation
Authors: Natalia Kalinowska
Abstract:
The adoption of the General Data Protection Regulation, (GDPR) finished the four-year work of the European Commission in this area in the European Union. Considering far-reaching changes, which will be applied by GDPR, the European legislator envisaged two-year transitional period. Member states and companies have to prepare for a new regulation until 25 of May 2018. The idea, which becomes a new look at an attitude to data protection in the European Union is risk-based approach. So far, as a result of implementation of Directive 95/46/WE, in many European countries (including Poland) there have been adopted very particular regulations, specifying technical and organisational security measures e.g. Polish implementing rules indicate even how long password should be. According to the new approach from May 2018, controllers and processors will be obliged to apply security measures adequate to level of risk associated with specific data processing. The risk in GDPR should be interpreted as the likelihood of a breach of the rights and freedoms of the data subject. According to Recital 76, the likelihood and severity of the risk to the rights and freedoms of the data subject should be determined by reference to the nature, scope, context and purposes of the processing. GDPR does not indicate security measures which should be applied – in recitals there are only examples such as anonymization or encryption. It depends on a controller’s decision what type of security measures controller considered as sufficient and he will be responsible if these measures are not sufficient or if his identification of risk level is incorrect. Data protection regulation indicates few levels of risk. Recital 76 indicates risk and high risk, but some lawyers think, that there is one more category – low risk/now risk. Low risk/now risk data processing is a situation when it is unlikely to result in a risk to the rights and freedoms of natural persons. GDPR mentions types of data processing when a controller does not have to evaluate level of risk because it has been classified as „high risk” processing e.g. processing on a large scale of special categories of data, processing with using new technologies. The methodology will include analysis of legal regulations e.g. GDPR, the Polish Act on the Protection of personal data. Moreover: ICO Guidelines and articles concerning risk based approach in GDPR. The main conclusion is that an appropriate risk assessment is a key to keeping data safe and avoiding financial penalties. On the one hand, this approach seems to be more equitable, not only for controllers or processors but also for data subjects, but on the other hand, it increases controllers’ uncertainties in the assessment which could have a direct impact on incorrect data protection and potential responsibility for infringement of regulation.Keywords: general data protection regulation, personal data protection, privacy protection, risk based approach
Procedia PDF Downloads 25231645 Optimizing the Passenger Throughput at an Airport Security Checkpoint
Authors: Kun Li, Yuzheng Liu, Xiuqi Fan
Abstract:
High-security standard and high efficiency of screening seem to be contradictory to each other in the airport security check process. Improving the efficiency as far as possible while maintaining the same security standard is significantly meaningful. This paper utilizes the knowledge of Operation Research and Stochastic Process to establish mathematical models to explore this problem. We analyze the current process of airport security check and use the M/G/1 and M/G/k models in queuing theory to describe the process. Then we find the least efficient part is the pre-check lane, the bottleneck of the queuing system. To improve passenger throughput and reduce the variance of passengers’ waiting time, we adjust our models and use Monte Carlo method, then put forward three modifications: adjust the ratio of Pre-Check lane to regular lane flexibly, determine the optimal number of security check screening lines based on cost analysis and adjust the distribution of arrival and service time based on Monte Carlo simulation results. We also analyze the impact of cultural differences as the sensitivity analysis. Finally, we give the recommendations for the current process of airport security check process.Keywords: queue theory, security check, stochatic process, Monte Carlo simulation
Procedia PDF Downloads 20031644 A Framework for Security Risk Level Measures Using CVSS for Vulnerability Categories
Authors: Umesh Kumar Singh, Chanchala Joshi
Abstract:
With increasing dependency on IT infrastructure, the main objective of a system administrator is to maintain a stable and secure network, with ensuring that the network is robust enough against malicious network users like attackers and intruders. Security risk management provides a way to manage the growing threats to infrastructures or system. This paper proposes a framework for risk level estimation which uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). The proposed framework measures the frequency of vulnerability exploitation; converges this measured frequency with standard CVSS score and estimates the security risk level which helps in automated and reasonable security management. In this paper equation for the Temporal score calculation with respect to availability of remediation plan is derived and further, frequency of exploitation is calculated with determined temporal score. The frequency of exploitation along with CVSS score is used to calculate the security risk level of the system. The proposed framework uses the CVSS vectors for risk level estimation and measures the security level of specific network environment, which assists system administrator for assessment of security risks and making decision related to mitigation of security risks.Keywords: CVSS score, risk level, security measurement, vulnerability category
Procedia PDF Downloads 32131643 Legal Issues of Collecting and Processing Big Health Data in the Light of European Regulation 679/2016
Authors: Ioannis Iglezakis, Theodoros D. Trokanas, Panagiota Kiortsi
Abstract:
This paper aims to explore major legal issues arising from the collection and processing of Health Big Data in the light of the new European secondary legislation for the protection of personal data of natural persons, placing emphasis on the General Data Protection Regulation 679/2016. Whether Big Health Data can be characterised as ‘personal data’ or not is really the crux of the matter. The legal ambiguity is compounded by the fact that, even though the processing of Big Health Data is premised on the de-identification of the data subject, the possibility of a combination of Big Health Data with other data circulating freely on the web or from other data files cannot be excluded. Another key point is that the application of some provisions of GPDR to Big Health Data may both absolve the data controller of his legal obligations and deprive the data subject of his rights (e.g., the right to be informed), ultimately undermining the fundamental right to the protection of personal data of natural persons. Moreover, data subject’s rights (e.g., the right not to be subject to a decision based solely on automated processing) are heavily impacted by the use of AI, algorithms, and technologies that reclaim health data for further use, resulting in sometimes ambiguous results that have a substantial impact on individuals. On the other hand, as the COVID-19 pandemic has revealed, Big Data analytics can offer crucial sources of information. In this respect, this paper identifies and systematises the legal provisions concerned, offering interpretative solutions that tackle dangers concerning data subject’s rights while embracing the opportunities that Big Health Data has to offer. In addition, particular attention is attached to the scope of ‘consent’ as a legal basis in the collection and processing of Big Health Data, as the application of data analytics in Big Health Data signals the construction of new data and subject’s profiles. Finally, the paper addresses the knotty problem of role assignment (i.e., distinguishing between controller and processor/joint controllers and joint processors) in an era of extensive Big Health data sharing. The findings are the fruit of a current research project conducted by a three-member research team at the Faculty of Law of the Aristotle University of Thessaloniki and funded by the Greek Ministry of Education and Religious Affairs.Keywords: big health data, data subject rights, GDPR, pandemic
Procedia PDF Downloads 12931642 Extending the AOP Joinpoint Model for Memory and Type Safety
Authors: Amjad Nusayr
Abstract:
Software security is a general term used to any type of software architecture or model in which security aspects are incorporated in this architecture. These aspects are not part of the main logic of the underlying program. Software security can be achieved using a combination of approaches, including but not limited to secure software designs, third part component validation, and secure coding practices. Memory safety is one feature in software security where we ensure that any object in memory has a valid pointer or a reference with a valid type. Aspect-Oriented Programming (AOP) is a paradigm that is concerned with capturing the cross-cutting concerns in code development. AOP is generally used for common cross-cutting concerns like logging and DB transaction managing. In this paper, we introduce the concepts that enable AOP to be used for the purpose of memory and type safety. We also present ideas for extending AOP in software security practices.Keywords: aspect oriented programming, programming languages, software security, memory and type safety
Procedia PDF Downloads 12731641 Impact of the Government Ghana Block Farm Program on Rural Households in Northern Ghana
Authors: Antwi Kwaku Dei, Lyford Conrad Power
Abstract:
This paper investigates the outcome of participating in the government of Ghana block farm program on rural households’ farm productivity, income, food security and nutritional status in Northern Ghana using cross-sectional data. Data analysis was done using the Instrumental Variable and the Heckman Selection Bias procedures. Our analysis indicates that participation in the block farm program significantly increased directly the productivity of maize, rice, and soybean by 21.3 percent, 15.8 percent, and 12.3 percent respectively. Also, the program participation was found to increase households’ farm income by 20 percent in northern Ghana. Furthermore, program participation was found to improve household food security and nutrition by 19 percent and 14 percent respectively through income effect. Based on the benefit-cost ratio of 1.59 the results from the study recommends that the program is expanded to other communities in the northern region. Further analysis indicates that rural households’ decision to participate in food security intervention programs is significantly influenced by factors including the gender of the household head, the age of the household head, and household size. Results of the study further show that gender of household head, household size, household monthly income, household assets, women educational status, the age of women, marital status of women, are significant determinants of food security and nutrition status in Northern Ghana.Keywords: block farm program, farm productivity, , household food security, Northern Ghana
Procedia PDF Downloads 28131640 Data Confidentiality in Public Cloud: A Method for Inclusion of ID-PKC Schemes in OpenStack Cloud
Authors: N. Nalini, Bhanu Prakash Gopularam
Abstract:
The term data security refers to the degree of resistance or protection given to information from unintended or unauthorized access. The core principles of information security are the confidentiality, integrity and availability, also referred as CIA triad. Cloud computing services are classified as SaaS, IaaS and PaaS services. With cloud adoption the confidential enterprise data are moved from organization premises to untrusted public network and due to this the attack surface has increased manifold. Several cloud computing platforms like OpenStack, Eucalyptus, Amazon EC2 offer users to build and configure public, hybrid and private clouds. While the traditional encryption based on PKI infrastructure still works in cloud scenario, the management of public-private keys and trust certificates is difficult. The Identity based Public Key Cryptography (also referred as ID-PKC) overcomes this problem by using publicly identifiable information for generating the keys and works well with decentralized systems. The users can exchange information securely without having to manage any trust information. Another advantage is that access control (role based access control policy) information can be embedded into data unlike in PKI where it is handled by separate component or system. In OpenStack cloud platform the keystone service acts as identity service for authentication and authorization and has support for public key infrastructure for auto services. In this paper, we explain OpenStack security architecture and evaluate the PKI infrastructure piece for data confidentiality. We provide method to integrate ID-PKC schemes for securing data while in transit and stored and explain the key measures for safe guarding data against security attacks. The proposed approach uses JPBC crypto library for key-pair generation based on IEEE P1636.3 standard and secure communication to other cloud services.Keywords: data confidentiality, identity based cryptography, secure communication, open stack key stone, token scoping
Procedia PDF Downloads 38431639 A Framework for Secure Information Flow Analysis in Web Applications
Authors: Ralph Adaimy, Wassim El-Hajj, Ghassen Ben Brahim, Hazem Hajj, Haidar Safa
Abstract:
Huge amounts of data and personal information are being sent to and retrieved from web applications on daily basis. Every application has its own confidentiality and integrity policies. Violating these policies can have broad negative impact on the involved company’s financial status, while enforcing them is very hard even for the developers with good security background. In this paper, we propose a framework that enforces security-by-construction in web applications. Minimal developer effort is required, in a sense that the developer only needs to annotate database attributes by a security class. The web application code is then converted into an intermediary representation, called Extended Program Dependence Graph (EPDG). Using the EPDG, the provided annotations are propagated to the application code and run against generic security enforcement rules that were carefully designed to detect insecure information flows as early as they occur. As a result, any violation in the data’s confidentiality or integrity policies is reported. As a proof of concept, two PHP web applications, Hotel Reservation and Auction, were used for testing and validation. The proposed system was able to catch all the existing insecure information flows at their source. Moreover and to highlight the simplicity of the suggested approaches vs. existing approaches, two professional web developers assessed the annotation tasks needed in the presented case studies and provided a very positive feedback on the simplicity of the annotation task.Keywords: web applications security, secure information flow, program dependence graph, database annotation
Procedia PDF Downloads 47131638 Managing Education through, Effective School Community Relationships/Participation for National Security
Authors: Shehu S. Janguza
Abstract:
The need for national security cannot be over Emphasis, which should be pursued by any means. Thus the need for effective management of education through effective school community Relationship/participation. In preparing and implementing only effort to promote community involvement in manning Education, it is importance to understand the whole picture of community participation, how it works, what forms are used, what benefit it can yield and what we should expect in the process of carrying out the efforts finally emphasis will be made on how effective school community relationship/participation and lead to national security.Keywords: community participation, managing, school community, national security
Procedia PDF Downloads 59531637 The Implementation of Strengthening Institutional Model of Women Farmers Group in Developing Household Food Security
Authors: Rahmadanih, Sitti Bulkis, A. Amrullah, R. M. Rukka, N. M. Viantika
Abstract:
Food security is still a global issue, including in Indonesia. In South Sulawesi, this issue also occurs in members of farmer groups/women farmer groups. This study aims to (1) describe the implementation of strengthening institutional model of Women Farmer Groups (WFG) and (2) analyzing the capacity building of WFG members in order to develop food security after the implementations on institutional model. The research was conducted in Bulukumba and Luwu Utara District, South Sulawesi, Indonesia. The research was designed with qualitative and quantitative (mixed) method. Qualitative data were collected through in-depth interview and Focus Group Discussion (FGD); while quantitative data collected through a household survey of WGF members. Two WGF were selected they are WFG in Bulukumba and WGF in Luwu Utara District. Both WGF has been selected as the case unit, which consisting of 60 households. Institutional strengthening model that been implemented is a combination model of (1) institutional support and (2) capacity development of WGF members. The model of institutional support aim is to develop food security could be achieved through facilitation on produce banana chips (initiate a business group formation) and preparation of institution rule (AD/ART). (2) The developing Model of WFG members capacity building are (a) technical training of banana chips producing process, also food and nutrition counseling as well as the utilization of the yard, (b) processing of food products from their yards. Food and nutrition knowledge of WFG members was increased about 30% - 60% and accompanied by the development of households’ food security by 6.7% - 10.0%.; when compared to last year percentage.Keywords: food security, institutional strengthening, model implementation, women farmer group
Procedia PDF Downloads 18131636 A Next-Generation Blockchain-Based Data Platform: Leveraging Decentralized Storage and Layer 2 Scaling for Secure Data Management
Authors: Kenneth Harper
Abstract:
The rapid growth of data-driven decision-making across various industries necessitates advanced solutions to ensure data integrity, scalability, and security. This study introduces a decentralized data platform built on blockchain technology to improve data management processes in high-volume environments such as healthcare and financial services. The platform integrates blockchain networks using Cosmos SDK and Polkadot Substrate alongside decentralized storage solutions like IPFS and Filecoin, and coupled with decentralized computing infrastructure built on top of Avalanche. By leveraging advanced consensus mechanisms, we create a scalable, tamper-proof architecture that supports both structured and unstructured data. Key features include secure data ingestion, cryptographic hashing for robust data lineage, and Zero-Knowledge Proof mechanisms that enhance privacy while ensuring compliance with regulatory standards. Additionally, we implement performance optimizations through Layer 2 scaling solutions, including ZK-Rollups, which provide low-latency data access and trustless data verification across a distributed ledger. The findings from this exercise demonstrate significant improvements in data accessibility, reduced operational costs, and enhanced data integrity when tested in real-world scenarios. This platform reference architecture offers a decentralized alternative to traditional centralized data storage models, providing scalability, security, and operational efficiency.Keywords: blockchain, cosmos SDK, decentralized data platform, IPFS, ZK-Rollups
Procedia PDF Downloads 2831635 Optimized Approach for Secure Data Sharing in Distributed Database
Authors: Ahmed Mateen, Zhu Qingsheng, Ahmad Bilal
Abstract:
In the current age of technology, information is the most precious asset of a company. Today, companies have a large amount of data. As the data become larger, access to data for some particular information is becoming slower day by day. Faster data processing to shape it in the form of information is the biggest issue. The major problems in distributed databases are the efficiency of data distribution and response time of data distribution. The security of data distribution is also a big issue. For these problems, we proposed a strategy that can maximize the efficiency of data distribution and also increase its response time. This technique gives better results for secure data distribution from multiple heterogeneous sources. The newly proposed technique facilitates the companies for secure data sharing efficiently and quickly.Keywords: ER-schema, electronic record, P2P framework, API, query formulation
Procedia PDF Downloads 333