Search results for: OSSIM (Open Source Security Information Management tool)

Authors: Abubakar Ibrahim, Muhammad Garba, Adelusi Oluwaseyi Abiodun

Abstract:

Website development and administration has already become a very critical issue in many organisations due to the fact that most of the organisations have embraced the use of the internet to deliver their services and products seamlessly but even with huge advantages of being present on the internet, and website are very difficult and expensive to develop and maintain. In recent years, a number of open-source web Contents Management System (CMS) have been developed to allow organisations to internally develop and maintain their websites without the need to hire professional web developers to provide such services for them. This study aimed at performing a comparative analysis of the two most widely used open source CMS Joomla and wordpress, based on the following criteria: intuitiveness, responsiveness richness in features, meeting expectation, fill secured, ease of navigation, structure, and performance. Two identical applications were developed using the said CMS. In this study, a purposive sampling technique was adopted to administer the questionnaires, and a total of 50 respondents were selected to surf sites and fill out a questionnaire based on their experience on the two sites. Gt-matrix was used to carry out further analysis of the applications. The result shows that Joomla is the best for developing an e-commerce site due to the fact that it is best in terms of performance, better structure, meeting user expectations, rich features, and functionality. Even though Wordpress is intuitive and easy for navigation. One can still argue that Joomla is superior.

Keywords: open source, content management system, Joomla, WordPress

Procedia PDF Downloads 35

Authors: Vani Chintapally

Abstract:

The expansion of modest and minimized Global Positioning System (GPS) beneficiaries has prompted most Automatic Vehicle Location (AVL) frameworks today depending solely on satellite-based finding frameworks, as GPS is the most stable usage of these. This paper shows the attributes of a proposed framework for following and dissecting open transport in a run of the mill medium-sized city and complexities the qualities of such a framework to those of broadly useful AVL frameworks. Particular properties of the courses broke down by the AVL framework utilized for the examination of open transport in our study incorporate cyclic vehicle courses, the requirement for particular execution reports, and so forth. This paper particularly manages vehicle movement forecasts and the estimation of station landing time, combined with consequently produced reports on timetable conformance and other execution measures. Another side of the watched issue is proficient exchange of information from the vehicles to the control focus. The pervasiveness of GSM bundle information exchange advancements combined with decreased information exchange expenses have brought on today's AVL frameworks to depend predominantly on parcel information exchange administrations from portable administrators as the correspondences channel in the middle of vehicles and the control focus. This methodology brings numerous security issues up in this conceivably touchy application field.

Keywords: automatic vehicle location (AVL), expectation of landing times, AVL security, data administrations, wise transport frameworks (ITS), guide coordinating

Procedia PDF Downloads 360

Authors: Adam Gorine, Faten Spondon

Abstract:

Python is considered the most popular programming language and offers its own ecosystem for archiving and maintaining open-source software packages. This system is called the python package index (PyPI), the repository of this programming language. Unfortunately, one-third of these software packages have vulnerabilities that allow attackers to execute code automatically when a vulnerable or malicious package is installed. This paper contributes to large-scale empirical studies investigating security issues in the python ecosystem by evaluating package vulnerabilities. These provide a series of implications that can help the security of software ecosystems by improving the process of discovering, fixing, and managing package vulnerabilities. The vulnerable dataset is generated using the NVD, the national vulnerability database, and the Snyk vulnerability dataset. In addition, we evaluated 807 vulnerability reports in the NVD and 3900 publicly known security vulnerabilities in Python Package Manager (pip) from the Snyk database from 2002 to 2022. As a result, many Python vulnerabilities appear in high severity, followed by medium severity. The most problematic areas have been improper input validation and denial of service attacks. A hybrid scanning tool that combines the three scanners bandit, snyk and dlint, which provide a clear report of the code vulnerability, is also described.

Keywords: Python vulnerabilities, bandit, Snyk, Dlint, Python package index, ecosystem, static analysis, malicious attacks

Procedia PDF Downloads 104

Authors: Mohamed Abolgasem Arteimi, Ahlam Al-Tajori

Abstract:

This paper describes an ongoing project at the Libyan Academy. The project aims to build digital library for thesis and dissertations (ETD). The researchers developed a system based on Greenstone open source systems for building ETD digital library. A metadata for theses and dissertations was developed. The paper addresses issues related to project design, development and user satisfaction. Conclusions highlighted some important lessons learned to date.

Keywords: digital library, electronic theses and dissertations, open access, ETD, metadata

Procedia PDF Downloads 288

Authors: Seyed Vahid Kamal Alavi

Abstract:

Italy has experienced a notable quantity and impact of disasters due to natural hazards and technological accidents caused by diverse risk sources on its physical, technological, and human/sociological infrastructures during past decade. This study discusses the frequency and impacts of the most three physical devastating natural hazards in Italy for the period 2000–2013. The approach examines the reliability of a range of open source WebGIS techniques versus a proposed multi-hazard risk management methodology. Spatial and attribute data which include USGS publically available hazard data and thirteen years Munich RE recorded data for Italy with different severities have been processed, visualized in a GIS (Geographic Information System) framework. Comparison of results from the study showed that the multi-hazard risk maps generated using open source techniques do not provide a reliable system to analyze the infrastructures losses in respect to national risk sources while they can be adopted for general international risk management purposes. Additionally, this study establishes the possibility to critically examine and calibrate different integrated techniques in evaluating what better protection measures can be taken in an area.

Keywords: multi-hazard risk mapping, risk management, GIS, Italy

Procedia PDF Downloads 343

Authors: Mehmet Kargaci

Abstract:

It is more important to access information than to get the correct information and to transform it to the knowledge in a proper way. Every person, organizations or governments who have the knowledge now become the target. Cyber security involves the range of measures to be taken from individual to the national level. The National institutions refer to academic, military and major public and private institutions, which are very important for the national security. Thus they need further cyber security measures. It appears that the traditional cyber security measures in the national level are alone not sufficient, while the individual measures remain in a restricted level. It is evaluated that the most appropriate method for preventing the cyber vulnerabilities rather than existing measures are to develop institutional measures. This study examines the cyber security measures to be taken, especially in the national institutions.

Keywords: cyber defence, information, critical infrastructure, security

Procedia PDF Downloads 508

Authors: Da Eun Sung

Abstract:

In today’s world, cyber security has become an important international agenda. As the information age has arrived, the need for cyber defense against cyber attacks is mounting, and the significance of cyber cooperation in the international community is drawing attention. Through the course, international society has agreed that the institutionalization of international norms dealing with cyber space and cyber security is crucial ever. Nevertheless, the West, led by the United States of America, and 'the East', composed of Russia and China, have shown conflicting views on forming international norms and principles which would regulate and ward off the possible threats in cyber space. Thus, the international community hasn’t yet to reach an agreement on cyber security. In other words, the difference between both sides on the approach and understanding of principles, objects, and the definition has rendered such. Firstly, this dissertation will cover the Russia’s perception, strategy, and definition on cyber security through analyzing primary source. Then, it will delve into the two contrasting cyber security strategy between Russia and the US by comparing them. And in the conclusion, it will seek the possible solution for the cooperation in the field of cyber security. It is quite worthwhile to look into Russia’s views, which is the main counterpart to the US in this field, especially when the efforts to institutionalize cyber security by the US-led international community have met with their boundaries, and when the legitimacy of them have been challenged.

Keywords: cyber security, cyber security strategic, international relation in cyberspace, Russia

Procedia PDF Downloads 283

Authors: R. Bernaoui, P. Ohly

Abstract:

Our research shows the use of the mobile phone that consolidates the relationship between veterinarians, and that between breeders and veterinarians. On the other hand it asserts that the tool in question is a means of economic development. The results of our survey reveal a positive return to the veterinary community, which shows that the mobile phone has become an effective means of sustainable development through the transfer of a rapid and punctual information inheritance via social networks; including many Internet applications. Our results show that almost all veterinarians use the mobile phone for interprofessional communication. We therefore believe that the use of the mobile phone by livestock operators has greatly improved the working conditions, just as the use of this tool contributes to a better management of the exploitation as long as it allows limit travel but also save time. These results show that we are witnessing a growth in the use of mobile telephony technologies that impact is as much in terms of sustainable development. Allowing access to information, especially technical information, the mobile phone, and Information and Communication of Technology (ICT) in general, give livestock sector players not only security, by limiting losses, but also an efficiency that allows them a better production and productivity.

Keywords: algeria, breeder-veterinarian, digital heritage, networking

Procedia PDF Downloads 99

Authors: Masese Chuma Benard, Martin Onsiro Ronald

Abstract:

Businesses have been using cloud computing more frequently recently because they wish to take advantage of its advantages. However, employing cloud computing also introduces new security concerns, particularly with regard to data security, potential risks and weaknesses that could be exploited by attackers, and various tactics and strategies that could be used to lessen these risks. This study examines data security issues on cloud computing amongst sme’s in Nairobi county, Kenya. The study used the sample size of 48, the research approach was mixed methods, The findings show that data owner has no control over the cloud merchant's data management procedures, there is no way to ensure that data is handled legally. This implies that you will lose control over the data stored in the cloud. Data and information stored in the cloud may face a range of availability issues due to internet outages; this can represent a significant risk to data kept in shared clouds. Integrity, availability, and secrecy are all mentioned.

Keywords: data security, cloud computing, information, information security, small and medium-sized firms (SMEs)

Procedia PDF Downloads 58

Authors: Hakan Erol, Altan Elibol, Ömer Eryılmaz, Mehmet Şimşek

Abstract:

Organizations aim to manage information in a most possible effective way for sustainment and development. In doing so, they apply various procedures and methods. The very same situation is valid for each service of Armed Forces. During long-lasting endeavors such as shaping and maintaining security environment, supporting and securing peace, knowledge management is a crucial asset. Optimum Balance Model aims to promote the system from a decisive point to a higher decisive point. In this context, this paper analyses the application of optimum balance model to knowledge management in Armed Forces and tries to find answer to the question how Optimum Balance Model is integrated in knowledge management.

Keywords: optimum balance model, knowledge management, security environment, supporting peace

Procedia PDF Downloads 374

Authors: Tahir Mehmood, Mumtaz Akhter

Abstract:

The global need for conflict management is greater now in the early 21st century than ever before. According to UNESCO, half of the world’s 195 countries will have to expand their stock of educationist significantly, some by tens of thousands, if the goal development targets are desired to achieve. Socioeconomic inequities, political instability, demographic changes and crises such as the HIV/AIDs epidemic have engendered huge shortfalls in teacher supply and low teacher quality in many developing countries. Education serves as back bone in development process. Open learning and distance education programs are serving as pivotal part of development process. It is now clear that ‘bricks and mortar’ approaches to expanding teacher education may not be adequate if the current and projected shortfalls in teacher supply and low teacher quality are to be properly addressed. The study is designed to measure the perceptions of teaching learning community about conflict management with special reference to open and distance learning. It was descriptive study which targeted teachers, students, community members and experts. Data analysis was carried out by using statistical techniques served by SPSS. Findings reflected that audience perceives open and distance learning as change agent and as development tool. It is noticed that target audience has driven prominent performance by using facility of open and distance learning.

Keywords: conflict management, open and distance learning, teachers, students

Procedia PDF Downloads 379

Authors: Samuel Owoade, Zainab Idowu, Idris Ajibade, Abel Uzoka

Abstract:

Cloud computing adoption continues to soar, with 83% of enterprise workloads estimated to be in the cloud by 2022. However, this rapid migration raises security concerns, needing strong security management solutions to safeguard sensitive data and essential applications. This paper investigates the critical role of technical project managers in orchestrating security management initiatives for cloud environments, evaluating their responsibilities, challenges, and best practices for assuring the resilience and integrity of cloud infrastructures. Drawing from a comprehensive review of industry reports and interviews with cloud security experts, this research highlights the multifaceted landscape of security management in cloud environments. Despite the rapid adoption of cloud services, only 25% of organizations have matured their cloud security practices, indicating a pressing need for effective management strategies. This paper proposes a strategy framework adapted to the demands of technical project managers, outlining the important components of effective cloud security management. Notably, 76% of firms identify misconfiguration as a major source of cloud security incidents, underlining the significance of proactive risk assessment and constant monitoring. Furthermore, the study emphasizes the importance of technical project managers in facilitating cross-functional collaboration, bridging the gap between cybersecurity professionals, cloud architects, compliance officers, and IT operations teams. With 68% of firms seeing difficulties integrating security policies into their cloud systems, effective communication and collaboration are critical to success. Case studies from industry leaders illustrate the practical use of security management projects in cloud settings. These examples demonstrate the importance of technical project managers in using their expertise to address obstacles and generate meaningful outcomes, with 92% of firms reporting improved security practices after implementing proactive security management tactics. In conclusion, this research underscores the critical role of technical project managers in safeguarding cloud environments against evolving threats. By embracing their role as guardians of the cloud realm, project managers can mitigate risks, optimize resource utilization, and uphold the trust and integrity of cloud infrastructures in an era of digital transformation.

Keywords: cloud security, security management, technical project management, cybersecurity, cloud infrastructure, risk management, compliance

Procedia PDF Downloads 25

Authors: Ma. Rosario Concepcion O. Ang, Luis Caezar Ian K. Panganiban, Charmyne B. Mamador, Oliver Dan G. De Luna, Michael D. Bausas, Joselito P. Cruz

Abstract:

PhilSHORE is a multi-site, multi-device and multi-criteria decision support tool designed to support the development of tidal current energy in the Philippines. Its platform is based on Geographic Information Systems (GIS) which allows for the collection, storage, processing, analyses and display of geospatial data. Combining GIS tools with open source web development applications, PhilSHORE becomes a webGIS-based marine spatial planning tool. To date, PhilSHORE displays output maps and graphs of power and energy density, site suitability and site-device analysis. It enables stakeholders and the public easy access to the results of tidal current energy resource assessments and site suitability analyses. Results of the initial development shows PhilSHORE is a promising decision support tool for ORE project developments.

Keywords: gis, site suitability analysis, tidal current energy resource assessment, webgis

Procedia PDF Downloads 498

Authors: Anna Fowler

Abstract:

When considering assets that may need protection, the mind begins to contemplate homes, cars, and investment funds. In most cases, the protection of those assets can be covered through security systems and insurance. Data is not the first thought that comes to mind that would need protection, even though data is at the core of most supply chain operations. It includes trade secrets, management of personal identifiable information (PII), and consumer data that can be used to enhance the overall experience. Data is considered a critical element of success for supply chains and should be one of the most critical areas to protect. In the supply chain industry, there are two major misconceptions about protecting data: (i) We do not manage or store confidential/personally identifiable information (PII). (ii) Reliance on Third-Party vendor security. These misconceptions can significantly derail organizational efforts to adequately protect data across environments. These statistics can be exciting yet overwhelming at the same time. The first misconception, “We do not manage or store confidential/personally identifiable information (PII)” is dangerous as it implies the organization does not have proper data literacy. Enterprise employees will zero in on the aspect of PII while neglecting trade secret theft and the complete breakdown of information sharing. To circumvent the first bullet point, the second bullet point forges an ideology that “Reliance on Third-Party vendor security” will absolve the company from security risk. Instead, third-party risk has grown over the last two years and is one of the major causes of data security breaches. It is important to understand that a holistic approach should be considered when protecting data which should not involve purchasing a Data Loss Prevention (DLP) tool. A tool is not a solution. To protect supply chain data, start by providing data literacy training to all employees and negotiating the security component of contracts with vendors to highlight data literacy training for individuals/teams that may access company data. It is also important to understand the origin of the data and its movement to include risk identification. Ensure processes effectively incorporate data security principles. Evaluate and select DLP solutions to address specific concerns/use cases in conjunction with data visibility. These approaches are part of a broader solutions framework called Data Security Assurance (DSA). The DSA Framework looks at all of the processes across the supply chain, including their corresponding architecture and workflows, employee data literacy, governance and controls, integration between third and fourth-party vendors, DLP as a solution concept, and policies related to data residency. Within cloud environments, this framework is crucial for the supply chain industry to avoid regulatory implications and third/fourth party risk.

Keywords: security by design, data security architecture, cybersecurity framework, data security assurance

Procedia PDF Downloads 63

Authors: Mohammad A. Alia

Abstract:

With the rapid evolution of the internet applications, cloud computing becomes one of today’s hottest research areas due to its ability to reduce costs associated with computing. Cloud is, therefore, increasing flexibility and scalability for computing services in the internet. Cloud computing is Internet based computing due to shared resources and information which are dynamically delivered to consumers. As cloud computing share resources via the open network, hence cloud outsourcing is vulnerable to attack. Therefore, this paper will explore data security of cloud computing by implementing chaotic cryptography. The proposal scenario develops a problem transformation technique that enables customers to secretly transform their information. This work proposes the chaotic cryptographic algorithms have been applied to enhance the security of the cloud computing accessibility. However, the proposed scenario is secure, easy and straightforward process. The chaotic encryption and digital signature systems ensure the security of the proposed scenario. Though, the choice of the key size becomes crucial to prevent a brute force attack.

Keywords: chaos, cloud computing, security, cryptography

Procedia PDF Downloads 317

Authors: Amir Ngah, Masita Abdul Jalil, Zailani Abdullah

Abstract:

The aim of software maintenance is to maintain the software system in accordance with advancement in software and hardware technology. One of the early works on software maintenance is to extract information at higher level of abstraction. In this paper, we present the process of how to design an information extraction tool for software maintenance. The tool can extract the basic information from old program such as about variables, based classes, derived classes, objects of classes, and functions. The tool have two main part; the lexical analyzer module that can read the input file character by character, and the searching module which is user can get the basic information from existing program. We implemented this tool for a patterned sub-C++ language as an input file.

Keywords: extraction tool, software maintenance, reverse engineering, C++

Procedia PDF Downloads 464

Authors: Ngo the Bach

Abstract:

Information technology and communications are growing strongly and penetrated almost the entire Vietnamese economy and society. The article presents an overview of information technology and application communications in the management the Central Sector of the Imperial Citadel of Thang Long (Hanoi, Vietnam) - A World Heritage Site. The author also points out the opportunities and challenges of the information technology and communications in the sectors of culture and heritage; the use of information technology as an effective tool to develop mass and interactive communications. The article emphasizes on the advantage of information technology and communications in supporting effectively the management reform with respect to the Imperial Citadel of Thang Long in particular and the management of world heritage sites in Vietnam in general.

Keywords: information technology, communications, management, culture, heritage

Procedia PDF Downloads 300

Authors: Amjad F. Alharbi, Bashayer A. Alotaibi, Fahd S. Alotaibi

Abstract:

The emergence of Internet of Things (IoT) technology provides capabilities for a huge number of smart devices, services and people to be communicate with each other for exchanging data and information over existing network. While as IoT is progressing, it provides many opportunities for new ways of communications as well it introduces many security and privacy threats and challenges which need to be considered for the future of IoT development. In this survey paper, an IoT security issues as threats and current challenges are summarized. The security architecture for IoT are presented from four main layers. Based on these layers, the IoT security requirements are presented to insure security in the whole system. Furthermore, some researches initiatives related to IoT security are discussed as well as the future direction for IoT security are highlighted.

Keywords: Internet of Things (IoT), IoT security challenges, IoT security requirements, IoT security architecture

Procedia PDF Downloads 345

Authors: Patraporn Kaewkhanitarak, Suchada Srichuar, Narawat Kanjanapan

Abstract:

This research is the survey research. The purpose of this research is to study information uses behavior and problem of tourists in Songkhla Province. The tool used in this study include structure questioner standardize in 5 levels rating scale. The 400 participants selected by convenience sampling (allowable error 5%) by Taro Yamane method. The collecting data period is 6 months from January-June 2014. The result of this study found that the type of information that the tourists often use to plan their trip is internet (x̅ = 3.81) and the most popular text is restaurant (x̅ = 3.77). The tourists found that booking or buying service from internet provided more affordable price and they could select appropriate plan by themselves. The most convenience source of information that the tourists often use is internet and website (x̅ = 3.69). Nevertheless, they explained that most of tourist information source in Songkhla province are lack and insufficient of tourist organization that provide information and service related to tourism.

Keywords: information, behavior, tourists, Thailand

Procedia PDF Downloads 229

Authors: Paulina Solórzano Salgado, Luis Rodrigo Valencia Pérez, Alberto de Jesús Pastrana Palma

Abstract:

In this research, it is presented a digital maturity framework, which contributes to the development of small and medium-sized enterprises (SMEs) in the commercial sector. This proposal is based on three important concepts: Marketing activities in the enterprise, information and communication technologies ICT, as well as Innovation. Prior to the development of this framework, was formulated a quantitative assessment tool through a literature review, and was validated with a method used by experts, and which determines the relationship of digital marketing and innovation activities in companies. The instrument was applied to 64 Mexican companies from the Made in Mexico database, which allowed both descriptive results and correlation results. These contributed to the development of the methodology, and confirming that the management of digital marketing has a positive relation with innovation activities of companies. Also, that analytics in digital marketing is a source for its development. In this paper, the management stages and activities are presented to be developed by companies in order to generate knowledge, which will allow them to reach its digital maturity.

Keywords: digital marketing, digital maturity, innovation, SMEs

Procedia PDF Downloads 420

Authors: Mahawish Masud, Muhammad Iqbal, M. U. Khan, Farooque Azam

Abstract:

Manual writing of test cases from functional requirements is a time-consuming task. Such test cases are not only difficult to write but are also challenging to maintain. Test cases can be drawn from the functional requirements that are expressed in natural language. However, manual test case generation is inefficient and subject to errors.  In this paper, we have presented a systematic procedure that could automatically derive test cases from user stories. The user stories are specified in a restricted natural language using a well-defined template.  We have also presented a detailed methodology for writing our test ready user stories. Our tool “Test-o-Matic” automatically generates the test cases by processing the restricted user stories. The generated test cases are executed by using open source Selenium IDE.  We evaluate our approach on a case study, which is an open source web based application. Effectiveness of our approach is evaluated by seeding faults in the open source case study using known mutation operators.  Results show that the test case generation from restricted user stories is a viable approach for automated testing of web applications.

Keywords: automated testing, natural language, restricted user story modeling, software engineering, software testing, test case specification, transformation and automation, user story, web application testing

Procedia PDF Downloads 364

Authors: Omar Imhemed Alramli

Abstract:

As Transmission Control Protocol (TCP), User Datagram Protocol (UDP) is transfer protocol in the transportation layer in Open Systems Interconnection model (OSI model) or in TCP/IP model of networks. The UDP aspects evaluation were not recognized by using the pcattcp tool on the windows operating system platform like TCP. The study has been carried out to find a tool which supports UDP aspects evolution. After the information collection about different tools, iperf tool was chosen and implemented on Cygwin tool which is installed on both Windows XP platform and also on Windows XP on virtual box machine on one computer only. Iperf is used to make experimental evaluation of UDP and to see what will happen during the sending the packets between the Host and Guest in wired and wireless networks. Many test scenarios have been done and the major UDP aspects such as jitter, packet losses, and throughput are evaluated.

Keywords: TCP, UDP, IPERF, wireless LAN

Procedia PDF Downloads 329

Authors: Amel Ltifi, Ahmed Zouinkhi, Mohamed Salim Bouhlel

Abstract:

Security and trust management in Vehicular Ad-hoc NETworks (VANET) is a crucial research domain which is the scope of many researches and domains. Although, the majority of the proposed trust management systems for VANET are based on specific road infrastructure, which may not be present in all the roads. Therefore, road security should be managed by vehicles themselves. In this paper, we propose a new Self Organized Trust Management system (SOTM). This system has the responsibility to cut with the spread of false warnings in the network through four principal components: cooperation, trust management, communication and security.

Keywords: ative vehicle, cooperation, trust management, VANET

Procedia PDF Downloads 399

Authors: Antonio Horta, Renato Marinho, Raimir Holanda

Abstract:

Considered as an evolution of the Blockchain, the Ethereum platform, besides allowing transactions of its cryptocurrency named Ether, it allows the programming of decentralised applications (DApps) and smart contracts. However, this functionality into blockchains has raised other types of threats, and the exploitation of smart contracts vulnerabilities has taken companies to experience big losses. This research intends to figure out the number of contracts that are under risk of being drained. Through a deep investigation, more than two hundred thousand smart contracts currently available in the Ethereum platform were scanned and estimated how much money is at risk. The experiment was based in a query run on Google Big Query in July 2022 and returned 50,707,133 contracts published on the Ethereum platform. After applying the filtering criteria, the experimentgot 430,584 smart contracts to download and analyse. The filtering criteria consisted of filtering out: ERC20 and ERC721 contracts, contracts without transactions, and contracts without balance. From this amount of 430,584 smart contracts selected, only 268,103 had source codes published on Etherscan, however, we discovered, using a hashing process, that there were contracts duplication. Removing the duplicated contracts, the process ended up with 20,417 source codes, which were analysed using the open source SAST tool smartbugswith oyente and securify algorithms. In the end, there was nearly $100,000 at risk of being drained from the potentially vulnerable smart contracts. It is important to note that the tools used in this study may generate false positives, which may interfere with the number of vulnerable contracts. To address this point, our next step in this research is to develop an application to test the contract in a parallel environment to verify the vulnerability. Finally, this study aims to alert users and companies about the risk on not properly creating and analysing their smart contracts before publishing them into the platform. As any other application, smart contracts are at risk of having vulnerabilities which, in this case, may result in direct financial losses.

Keywords: blockchain, reentrancy, static application security testing, smart contracts

Procedia PDF Downloads 66

Authors: Jared Oluoch

Abstract:

Connected vehicles are equipped with wireless sensors that aid in Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication. These vehicles will in the near future provide road safety, improve transport efficiency, and reduce traffic congestion. One of the challenges for connected vehicles is how to ensure that information sent across the network is secure. If security of the network is not guaranteed, several attacks can occur, thereby compromising the robustness, reliability, and efficiency of the network. This paper discusses existing security mechanisms and unique properties of connected vehicles. The methodology employed in this work is exploratory. The paper reviews existing security solutions for connected vehicles. More concretely, it discusses various cryptographic mechanisms available, and suggests areas of improvement. The study proposes a combination of symmetric key encryption and public key cryptography to improve security. The study further proposes message aggregation as a technique to overcome message redundancy. This paper offers a comprehensive overview of connected vehicles technology, its applications, its security mechanisms, open challenges, and potential areas of future research.

Keywords: VANET, connected vehicles, 802.11p, WAVE, DSRC, trust, security, cryptography

Procedia PDF Downloads 279

Authors: Raninder Kaur Dhillon, Mayur Jethwa, Hardeep Singh Rai

Abstract:

Information technology has made a pivotal progress across disparate disciplines, one of which is AEC (Architecture, Engineering and Construction) industry. CAD is a form of computer-aided building modulation that architects, engineers and contractors use to create and view two- and three-dimensional models. The AEC industry also uses building information modeling (BIM), a newer computerized modeling system that can create four-dimensional models; this software can greatly increase productivity in the AEC industry. BIM models generate open source IFC (Industry Foundation Classes) files which aim for interoperability for exchanging information throughout the project lifecycle among various disciplines. The methods developed in previous studies require either an IFC schema or MVD and software applications, such as an IFC model server or a Building Information Modeling (BIM) authoring tool, to extract a partial or complete IFC instance model. This paper proposes an efficient algorithm for extracting a partial and total model from an Industry Foundation Classes (IFC) instance model without an IFC schema or a complete IFC model view definition (MVD).

Keywords: BIM, CAD, IFC, MVD

Procedia PDF Downloads 273

Authors: Andrew John Zeller, Francis Pouatcha

Abstract:

Working according to the DevOps principle has gained in popularity over the past decade. While its extension DevSecOps started to include elements of cybersecurity, most real-life projects do not focus risk and security until the later phases of a project as teams are often more familiar with engineering and infrastructure services. To help bridge the gap between security and engineering, this paper will take six building blocks of cybersecurity and apply them to the DevOps approach. After giving a brief overview of the stages in the DevOps lifecycle, the main part discusses to what extent six cybersecurity blocks can be utilized in various stages of the lifecycle. The paper concludes with an outlook on how to stay up to date in the dynamic world of cybersecurity.

Keywords: information security, data security, cybersecurity, devOps, IT management

Procedia PDF Downloads 77

Authors: Ercan Eker, Muhammer Karaman, Akif Aslan, Hakan Tanrikuluoglu

Abstract:

Deficiency of institutional memory and knowledge management can result in information security breaches, loss of prestige and trustworthiness and the worst the loss of know-how and institutional knowledge. Traditional learning management within organizations is generally handled by personal efforts. That kind of struggle mostly depends on personal desire, motivation and institutional belonging. Even if an organization has highly motivated employees at a certain time, the institutional knowledge and memory life cycle will generally remain limited to these employees’ spending time in this organization. Having a learning management system in an organization can sustain the institutional memory, knowledge and know-how in the organization. Learning management systems are much more needed especially in public organizations where the job rotation is frequently seen and managers are appointed periodically. However, a learning management system should not be seen as an organizations’ website. It is a more comprehensive, interactive and user-friendly knowledge management tool for organizations. In this study, the importance of using learning management systems in the process of emerging tacit knowledge is underlined.

Keywords: knowledge management, learning management systems, tacit knowledge, institutional memory

Procedia PDF Downloads 351

Authors: K. Hema Shankari, R. Thirumalaiselvi, N. V. Balasubramanian

Abstract:

The present paper addresses to the research in the area of regression testing with emphasis on automated tools as well as prioritization of test cases. The uniqueness of regression testing and its cyclic nature is pointed out. The difference in approach between industry, with business model as basis, and academia, with focus on data mining, is highlighted. Test Metrics are discussed as a prelude to our formula for prioritization; a case study is further discussed to illustrate this methodology. An industrial case study is also described in the paper, where the number of test cases is so large that they have to be grouped as Test Suites. In such situations, a genetic algorithm proposed by us can be used to reconfigure these Test Suites in each cycle of regression testing. The comparison is made between a proprietary tool and an open source tool using the above-mentioned metrics. Our approach is clarified through several tables.

Keywords: APFD metric, genetic algorithm, regression testing, RFT tool, test case prioritization, selenium tool

Procedia PDF Downloads 404

Authors: Fumihiko Isada, Yuriko Isada

Abstract:

The aim of this research is to clarify the difference by industry segment or product characteristics as regards organisation management for an open innovation to raise R&D performance. In particular, the trait of the pharmaceutical industry is defined in comparison with IT component industry segment. In considering open innovation, both inter-organisational relation and the management in an organisation are important issues. As methodology, a questionnaire was conducted. In conclusion, suitable organisation management according to the difference in industry segment or product characteristics became clear.

Keywords: empirical study, industry segment, open innovation, product-development organisation pattern

Procedia PDF Downloads 395