Search results for: static application security testing

Authors: Wanqing You, Kai Qian, Xi He, Ying Qian

Abstract:

In this paper, the potential security issues brought by the virtualization of a Software Defined Networks (SDN) would be analyzed. The virtualization of SDN is achieved by FlowVisor (FV). With FV, a physical network is divided into multiple isolated logical networks while the underlying resources are still shared by different slices (isolated logical networks). However, along with the benefits brought by network virtualization, it also presents some issues regarding security. By examining security issues existing in an OpenFlow network, which uses FlowVisor to slice it into multiple virtual networks, we hope we can get some significant results and also can get further discussions among the security of SDN virtualization.

Keywords: SDN, network, virtualization, security

Procedia PDF Downloads 405

Authors: Ebtehal Aljedaani, Maha Aljohani

Abstract:

Privacy and security patterns are both important for developing software that protects users' data and privacy. Privacy patterns are designed to address common privacy problems, such as unauthorized data collection and disclosure. Security patterns are designed to protect software from attack and ensure reliability and trustworthiness. Using privacy and security patterns, software engineers can implement security and privacy by design principles, which means that security and privacy are considered throughout the software development process. These patterns are available to translate "security & privacy-by-design" into practical advice for software engineering. Previous research on privacy and security patterns has typically focused on one category of patterns at a time. This paper aims to bridge this gap by merging the two categories and identifying their similarities and differences. To do this, the authors conducted a systematic literature review of 25 research papers on privacy and security patterns. The papers were analysed based on the category of the pattern, the classification of the pattern, and the security requirements that the pattern addresses. This paper presents the results of a comprehensive review of privacy and security design patterns. The review is intended to help future IT designers understand the relationship between the two types of patterns and how to use them to design secure and privacy-preserving software. The paper provides a clear classification of privacy and security design patterns, along with examples of each type. The authors found that there is only one widely accepted classification of privacy design patterns, while there are several competing classifications of security design patterns. Three types of security design patterns were found to be the most commonly used.

Keywords: design patterns, security, privacy, classification of patterns, security patterns, privacy patterns

Procedia PDF Downloads 110

Authors: H. I. Beloufa, M. Tarfaoui

Abstract:

For many applications, adhesively bonded assemblies have gained an increasing interest in the industry due to several advantages over welding, riveting and bolting, such as reduction of stress concentrations, lightness, low cost and easy manufacturing. This work is largely concerned to show the effects of the loading rate of the adhesively bonded joints under different speed rates. The tensile tests were conducted at four different rates; static (5mm/min, 50mm/min) and dynamic tests (1m/s, and 10m/s). An attempt was made to determine the damage kinetic and a comparison between the use of aluminium and composite laminate substrates is introduced. Aluminum T6082 and glass/vinylester laminated composite Substrates were used to construct aluminum/aluminum and laminate/laminate specimens. The adhesive used in this study was Araldite 2015. The results showed the effects of the loading rate évolution on the double joint strength. The comparison of the results of static and dynamic tests showed a raise of the strength of the specimens while the load velocity is elevated. In the case of composite substrates double joint lap, the stiffness increased by more than 60% between static and dynamic tests. However, in the case of aluminum substrates, the rigidity improved about 28% from static to moderately high velocity loading. For both aluminum and composite double joint lap, the strength increased by approximately 25% when the tensile velocity is increased from 5 mm/min to 50 mm/min (static tests). Nevertheless, the tensile velocity is extended to 1m/s the strength increased by 13% and 25% respectively for composite and aluminum substrates.

Keywords: adhesive, double lap joints, static and dynamic behavior, tensile tests

Procedia PDF Downloads 187

Authors: Mehmet Kargaci

Abstract:

It is more important to access information than to get the correct information and to transform it to the knowledge in a proper way. Every person, organizations or governments who have the knowledge now become the target. Cyber security involves the range of measures to be taken from individual to the national level. The National institutions refer to academic, military and major public and private institutions, which are very important for the national security. Thus they need further cyber security measures. It appears that the traditional cyber security measures in the national level are alone not sufficient, while the individual measures remain in a restricted level. It is evaluated that the most appropriate method for preventing the cyber vulnerabilities rather than existing measures are to develop institutional measures. This study examines the cyber security measures to be taken, especially in the national institutions.

Keywords: cyber defence, information, critical infrastructure, security

Procedia PDF Downloads 525

Authors: Albatool Al Abdulwahid, Bayan Shakally, Mariam Mohamed, Wed Almokri

Abstract:

Artificial intelligence has infiltrated every part of our life and every field we can think of. With technical developments, artificial intelligence applications are becoming more prevalent. We chose ELSA speak because it is a magnificent example of Artificial intelligent applications, ELSA speak is a smartphone application that is free to download on both IOS and Android smartphones. ELSA speak utilizes artificial intelligence to help non-native English speakers pronounce words and phrases similar to a native speaker, as well as enhance their English skills. It employs speech-recognition technology that aids the application to excel the pronunciation of its users. This remarkable feature distinguishes ELSA from other voice recognition algorithms and increase the efficiency of the application. This study focused on evaluating ELSA speak application, by testing the degree of effectiveness based on survey questions. The results of the questionnaire were variable. The generality of the participants strongly agreed that ELSA has helped them enhance their pronunciation skills. However, a few participants were unconfident about the application’s ability to assist them in their learning journey.

Keywords: ELSA speak application, artificial intelligence, speech-recognition technology, language learning, english pronunciation

Procedia PDF Downloads 95

Authors: Stefan Bauer, Josef Frysak

Abstract:

According to the scientific information management literature, the improper use of information technology (e.g. personal computers) by employees are one main cause for operational and information security loss events. Therefore, organizations implement information security awareness programs to increase employees’ awareness to further prevention of loss events. However, in many cases these information security awareness programs consist of conventional delivery methods like posters, leaflets, or internal messages to make employees aware of information security policies. We assume that a viral information security awareness video might be more effective medium than conventional methods commonly used by organizations. The purpose of this research is to develop a viral video artifact to improve employee security behavior concerning information technology.

Keywords: information security awareness, delivery methods, viral videos, employee security behavior

Procedia PDF Downloads 531

Authors: H.-G. Herrmann, M. Schwarz, J. Summa, F. Grossmann

Abstract:

In this work, different non-destructive testing methods for the characterization of defects and interfaces are presented. It is shown that, by means of active thermography, defects in the interface and in the carbon fiber reinforced polymer (CFRP) itself can be detected and determined. The bonding of metal and thermoplastic can be characterized very well by ultrasonic testing with electromagnetic acoustic transducers (EMAT). Mechanical testing is combined with passive thermography to correlate mechanical values with the defect-size. There is also a comparison between active and passive thermography. Mechanical testing shows the influence of different defects. Furthermore, a correlation of defect-size and loading to rupture was performed.

 

Keywords: defect evaluation, EMAT, mechanical testing, thermography

Procedia PDF Downloads 410

Authors: Shruti Kohli

Abstract:

The sophistication and pervasiveness of cyber-attacks are constantly growing, driven partly by technological progress, profitable applications in organized crime and state-sponsored innovation. The modernization of rail control systems has resulted in an increasing reliance on digital technology and increased the potential for security breaches and cyber-attacks. This research track showcases the need for developing a secure reusable scalable framework for enhancing cyber security of rail assets. A cyber security framework has been proposed that is being developed to detect the tell-tale signs of cyber-attacks against industrial assets.

Keywords: cyber security, rail asset, security threat, cyber ontology

Procedia PDF Downloads 419

Authors: Thomas Adi Purnomo Sidhi

Abstract:

Nowadays, network is an essential need in almost every part of human daily activities. People now can seamlessly connect to others through the Internet. With advanced technology, our personal data now can be more easily accessed. One of many components we are concerned for delivering the best network is a security issue. This paper is proposing a method that provides more options for security. This research aims to improve network security by focusing on the physical layer which is the first layer of the OSI model. The layer consists of the basic networking hardware transmission technologies of a network. With the use of observation method, the research produces a schematic design for enhancing the network security through the gray code converter.

Keywords: network, network security, grey code, physical layer

Procedia PDF Downloads 488

Authors: S. M. Tavakoli Sani, M. Sabbet Moghadam, Y. Khorram Farhadi, Iraj Rezayi Nejad

Abstract:

The concept of national security in Iran is a permanently effective factor in acceptance or rejection of many international obligations. These obligations had been defined according to the type of legislation of Iran in many aspects. Therefore, there are several treaties at international level which requires Iran’s security to come in contact with obligations in these treaties in a way that an obstacle to join to them and their passage in parliament. This issue is a typical category which every country pays attention to be accepted in treaties or to include their national security in that treaties and also they can see the related treaties from this perspective, but this issue that 'what is the concept of Iran’s national security', and 'To what extent it is changed in recent years, especially after Islamic Revolution' are important issues that can be criticized. Thus, this study is trying to assess singed treaties from the perspective of Iran’s national security according of the true meaning of treaty and to investigate how the international treaties may be in conflict with Iran’s national security.

Keywords: treaties, national security, Iran, Islamic Revolution

Procedia PDF Downloads 457

Authors: Sherine Farrag

Abstract:

Magnetic resonance imaging (MRI) presents safety hazards, with the general physical environment. The principal hazard of the MRI is the presence of static magnetic fields. Proper architectural design of MRI’s room ensure environment and health care staff safety. This research paper presents an easy approach for numerical computation of fringe static magnetic fields. Iso-gauss line of different MR intensities (0.3, 0.5, 1, 1.5 Tesla) was mapped and a polynomial function of the 7th degree was generated and tested. Matlab script was successfully applied for MRI SMF mapping. This method can be valid for any kind of commercial scanner because it requires only the knowledge of the MR scanner room map with iso-gauss lines. Results help to develop guidelines to guide healthcare architects to design of a safer Magnetic resonance imaging suite.

Keywords: designing MRI suite, MRI safety, radiology occupational exposure, static magnetic fields

Procedia PDF Downloads 477

Authors: Syamsul Syafiq, Maslina Daud, Hafizah Hasan, Ahmad Zairi, Shazil Imri, Ezaini Akmar, Norbazilah Rahim

Abstract:

Over recent years, web development has changed significantly. Driven largely by the rise of trends like mobiles, the world of development is rapidly evolving. The rise of the Internet makes web applications crucial nowadays. The web application has been an interface for a company and one of the ways they present their portfolio to the client. On the other hand, the web has become part of the file management system which takes over the role of paper. Due to high demand in web applications, developers are required to develop a web application that are cost-effective, secure and well coded. A framework has been proposed to develop an application rather than using library style development. The framework is helping the developer in creating the structure of a web automatically. This paper will compare the advantages and disadvantages of web development using framework against library-style development. This comparison is based on a previous research paper focusing on two main indicators, which are the impact to management and impact to the developer.

Keywords: framework, library style development, web application development, traditional web, static web, dynamic web

Procedia PDF Downloads 214

Authors: Sidra Shabbir, Ayesha Manzoor, Mehreen Sirshar

Abstract:

The use of the network communication has imposed serious threats to the security of assets over the network. Network security is getting more prone to active and passive attacks which may result in serious consequences to data integrity, confidentiality and availability. Various cryptographic techniques have been proposed in the past few years to combat with the concerned problem by ensuring quality but in order to have a fully secured network; a framework of new cryptosystem was needed. This paper discusses certain cryptographic techniques which have shown far better improvement in the network security with enhanced quality assurance. The scope of this research paper is to cover the security pitfalls in the current systems and their possible solutions based on the new cryptosystems. The development of new cryptosystem framework has paved a new way to the widespread network communications with enhanced quality in network security.

Keywords: cryptography, network security, encryption, decryption, integrity, confidentiality, security algorithms, elliptic curve cryptography

Procedia PDF Downloads 723

Authors: S. C. Gupta

Abstract:

The wind flow over several buildings lying in close vicinity in urban areas generates flow interference effects causing problems related to pedestrian comfort and ventilation within the buildings. This promoted a lot of research interest in the recent years. Airflow over a building creates a positive pressure zone on the upstream side and negative pressure zones (cavities or eddy zones) on the roof and all other sides. Large eddy simulation model is used along with sub-grid-scale model to numerically simulate turbulence for this purpose. The basis of flow outside the building is the pressure difference (between the wind and building interior). Wind Tunnel models are fabricated and tested in the subsonic wind tunnel. Theoretical results are compared with the experimental data. Newer configuration is tried for favorable effects in recovering static pressure values. Results obtained are seen very encouraging. The proposed exhaustive research investigation through numerical simulations and the experimental work are described and some interesting findings are brought out.

Keywords: wind flow, buildings, static pressure wind tunnel testing, CFD

Procedia PDF Downloads 488

Authors: Chungyu Chen, Hui-Ju Chang, Pei-Shan Guo, Huei-Ling Jhan, Yi-Ping Lin

Abstract:

The purpose of this study was to investigate the effect of the amount of acutely static stretching on muscular strength and power. There were 15 males, and 7 females recruited voluntarily as the participants in the study. The mean age, body height, and weight of participants were 23.4 ± 2.8 years old, 171.0 ± 7.2 cm, and 65.7 ± 8.7 kg, respectively. Participants were repeated to stretch hamstring muscles 2 or 6 30-s bouts randomly on a separate day spaced 5-7 days apart in a passive, static, sit-and-reach stretching exercise. Before and after acutely static stretching, the Biodex System 4 Pro was used to acquire the peak torque, power, total work, and range of motion for right knee under the loading of 180 deg/s. The 2 (test-retest) × 2 (number of stretches) repeated measures two-way analysis of variance were used to compare the parameters of muscular strength/power (α = .05). The results showed that the peak torque, power, and total work increased significantly after acutely passive static stretching (ps < .05) in flexor and extensor of knee. But there were no significant differences found between the 2 and 6 30-s bouts hamstring muscles stretching (ps > .05). It indicated that the performance of muscular strength and power in knee flexion and extension do not inhibit following the increase of amount of stretching.

Keywords: knee, power, flexibility, strength

Procedia PDF Downloads 266

Authors: Jae Young Park, Hwansu Jung, Jong Tae Kim

Abstract:

Whether the data has been well parallelized is an important factor in the Solid-State-Drive (SSD) performance. SSD parallelization is affected by allocation scheme and it is directly connected to SSD performance. There are dynamic allocation and static allocation in representative allocation schemes. Dynamic allocation is more adaptive in exploiting write operation parallelism, while static allocation is better in read operation parallelism. Therefore, it is hard to select the appropriate allocation scheme when the workload is mixed read and write operations. We simulated conditions on a few mixed data patterns and analyzed the results to help the right choice for better performance. As the results, if data arrival interval is long enough prior operations to be finished and continuous read intensive data environment static allocation is more suitable. Dynamic allocation performs the best on write performance and random data patterns.

Keywords: dynamic allocation, NAND flash based SSD, SSD parallelism, static allocation

Procedia PDF Downloads 330

Authors: Gopikrishnan, Bharathiraja, Boopalan, Jensin Joshua

Abstract:

The Pitot static tube has proven their values and practicability in measuring velocity of fluids for many years. With the aim of extensive usage of such Pitot tube systems, one of the major enabling technologies is to use the design and fabricate a high sensitive pitot tube for the purpose of calibration of the subsonic wind tunnel. Calibration of wind tunnel is carried out by using different instruments to measure variety of parameters. Using too many instruments inside the tunnel may not only affect the fluid flow but also lead to drag or losses. So, it is essential to replace the different system with a single system that would give all the required information. This model of high sensitive Pitot tube has been designed to ease the calibration process. It minimizes the use of different instruments and this single system is capable of calibrating the wind tunnel test section. This Pitot static tube is completely digitalized and so that the velocity data`s can be collected directly from the instrument. Since the turbulence factors are dependent on velocity, the data’s that are collected from the pitot static tube are then processed and the level of turbulence in the fluid flow is calculated. It is also capable of measuring the pressure distribution inside the wind tunnel and the flow angularity of the fluid. Thus, the well-designed high sensitive Pitot static tube is utilized in calibrating the tunnel and also for the measurement of turbulence.

Keywords: pitot static tube, turbulence, wind tunnel, velocity

Procedia PDF Downloads 516

Authors: Vishnu Pratap Singh Kirar

Abstract:

Wireless sensor network (WSN) is a network of many interconnected networked systems, they equipped with energy resources and they are used to detect other physical characteristics. On WSN, there are many researches are performed in past decades. WSN applicable in many security systems govern by military and in many civilian related applications. Thus, the security of WSN gets attention of researchers and gives an opportunity for many future aspects. Still, there are many other issues are related to deployment and overall coverage, scalability, size, energy efficiency, quality of service (QoS), computational power and many more. In this paper we discus about various applications and security related issue and requirements of WSN.

Keywords: wireless sensor network (WSN), wireless network attacks, wireless network security, security requirements

Procedia PDF Downloads 472

Authors: Luna Shamieh

Abstract:

Various players are part of the game in an asymmetric war, all making efforts to provide human security to their own adherents. Although a fragile state is not able to provide sufficient and comprehensive services, it still provides special services and security to the elite; the insurgents as well provide services and security to their associates. The humanitarian organisations, on the other hand, provide some fundamental elements of human security, but only in the regions, they are able to access when possible (if possible). The counterinsurgents (security forces of the state and intervention forces) operate within a narrow band defined by the vision of the responsibility to protect and the perspective of the resolution of the conflict through combat; hence, the possibility to provide human security is shaken at this end. This article examines how each player provides human security from the perspective of freedom from want in order to secure basic and strategic needs, freedom from fear through providing protection against all kinds of violence, and the freedom to live in dignity. It identifies a vicious cycle caused by the intervention of the different players causing a centrifugal force that may lead to disintegration of the nation under war.

Keywords: asymmetric war, counterinsurgency, fragile state, human security, insurgency

Procedia PDF Downloads 323

Authors: Irfan Mohiuddin, Ahmad Al Mogren

Abstract:

In recent years, cloud computing has earned substantial attention in the Oil and Gas Industry and provides services in all the phases of the industry lifecycle. Oil and gas supply infrastructure, in particular, is more vulnerable to accidental, natural and intentional threats because of its widespread distribution. Numerous surveys have been conducted on cloud security and privacy. However, to the best of our knowledge, hardly any survey is carried out that reviews cyber security in all phases with a cloud computing perspective. Moreover, a distinctive classification is performed for all the cloud-based cyber security measures based on the cloud component in use. The classification approach will enable researchers to identify the required technique used to enhance the security in specific cloud components. Also, the limitation of each component will allow the researchers to design optimal algorithms. Lastly, future directions are given to point out the imminent challenges that can pave the way for researchers to further enhance the resilience to cyber security threats in the oil and gas industry.

Keywords: cyber security, cloud computing, safety and security, oil and gas industry, security threats, oil and gas pipelines

Procedia PDF Downloads 132

Authors: Nada Mouchfiq, Ahmed Habbani, Chaimae Benjbara

Abstract:

The security aspect of the IoT occupies a place of great importance especially after the evolution that has known this field lastly because it must take into account the transformations and the new applications .Blockchain is a new technology dedicated to the data sharing. However, this does not work the same way in the different systems with different operating principles. This article will discuss network security using the Blockchain to facilitate the sending of messages and information, enabling the use of new processes and enabling autonomous coordination of devices. To do this, we will discuss proposed solutions to ensure a high level of security in these networks in the work of other researchers. Finally, our article will propose a method of security more adapted to our needs as a team working in the ad hoc networks, this method is based on the principle of the Blockchain and that we named ”MPR Blockchain”.

Keywords: Ad hocs networks, blockchain, MPR, security

Procedia PDF Downloads 165

Authors: Sherine Farrag

Abstract:

Currently-used MRI scanners in Cairo City possess static magnetic field (SMF) that varies from 0.25 up to 3T. More than half of them possess SMF of 1.5T. The SMF of the magnet determine the diagnostic power of a scanner, but not worker's exposure profile. This research paper presents an approach for numerical computation of induced electric fields and SAR values by estimation of fringe static magnetic fields. Iso-gauss line of MR was mapped and a polynomial function of the 7th degree was generated and tested. Induced current field due to worker motion in the SMF and SAR values for organs and tissues have been calculated. Results illustrate that the computation tool used permits quick accurate MRI iso-gauss mapping and calculation of SAR values which can then be used for assessment of occupational exposure profile of MRI operators.

Keywords: MRI occupational exposure, MRI safety, induced current density, specific absorption rate, static magnetic fields

Procedia PDF Downloads 415

Authors: Farhad Arian Far, Anjanette Q. Eleazar, Francis Aldrine A. Uy, Mary Joyce Anne V. Uy

Abstract:

The Unified Philippine Accident Reporting and Database System (UPARDS), is a newly developed system by Dr. Francis Aldrine Uy of the Mapua Institute of Technology. The main purpose is to provide an advanced road accident investigation tool, record keeping and analysis system for stakeholders such as Philippine National Police (PNP), Metro Manila Development Authority (MMDA), Department of Public Works and Highways (DPWH), Department of Health (DOH), and insurance companies. The system is composed of 2 components, the mobile application for road accident investigators that takes advantage of available technology to advance data gathering and the web application that integrates all accident data for the use of all stakeholders. The researchers with the cooperation of PNP’s Vehicle Traffic Investigation Sector of the City of Manila, conducted the field-testing of the application in fifteen (15) accident cases. Simultaneously, the researchers also distributed surveys to PNP, Manila Doctors Hospital, and Charter Ping An Insurance Company to gather their insights regarding the web application. The survey was designed on information systems theory called Technology Acceptance Model. The results of the surveys revealed that the respondents were greatly satisfied with the visualization and functions of the applications as it proved to be effective and far more efficient in comparison with the conventional pen-and-paper method. In conclusion, the pilot study was able to address the need for improvement of the current system.

Keywords: accident, database, investigation, mobile application, pilot testing

Procedia PDF Downloads 426

Authors: Vahid Bayrami Rad

Abstract:

Ever since humans developed a collective way of life to the development of urbanization, the concern of security has always been considered one of the most important challenges of life. To protect property, locks have always been a practical tool. With the advancement of technology, the form of locks has changed from mechanical to electric. One of the most widely used fields of using artificial intelligence is its application in the technology of surveillance security systems. Currently, the technologies used in smart anti-theft door handles are one of the most potential fields for using artificial intelligence. Artificial intelligence has the possibility to learn, calculate, interpret and process by analyzing data with the help of algorithms and mathematical models and make smart decisions. We will use Arduino board to process data.

Keywords: arduino board, artificial intelligence, image processing, solenoid lock

Procedia PDF Downloads 59

Authors: Abdulqader Rasool Feqi Mohammed, Ergun Erçelebi̇

Abstract:

A large number of hospitals from developed countries are adopting hospital information system to bring efficiency in hospital information system. The purpose of this project is to research on new network security techniques in order to enhance the current network security structure of save a hospital information system (HIS). This is very important because, it will avoid the system from suffering any attack. Security architecture was optimized but there are need to keep researching on best means to protect the network from future attacks. In this final project research, security techniques were uncovered to produce best network security results when implemented in an integrated framework.

Keywords: hospital information system, HIS, network security techniques, internet protocol, IP, network

Procedia PDF Downloads 423

Authors: Ibtissem Talbi

Abstract:

During the last decade, a variety of chaos-based cryptosystems have been investigated. Most of them are based on the structure of Fridrich, which is based on the traditional confusion-diffusion architecture proposed by Shannon. Compared with traditional cryptosystems (DES, 3DES, AES, etc.), the chaos-based cryptosystems are more flexible, more modular and easier to be implemented, which make them suitable for large scale-data encyption, such as images and videos. The heart of any chaos-based cryptosystem is the chaotic generator and so, a part of the efficiency (robustness, speed) of the system depends greatly on it. In this talk, we give an overview of the state of the art of chaos-based block ciphers and we describe some of our schemes already proposed. Also we will focus on the essential characteristics of the digital chaotic generator, The needed performance of a chaos-based block cipher in terms of security level and speed of calculus depends on the considered application. There is a compromise between the security and the speed of the calculation. The security of these block block ciphers will be analyzed.

Keywords: chaos-based cryptosystems, chaotic generator, security analysis, structure of Fridrich

Procedia PDF Downloads 673

Authors: Mustapha Hedabou, Ali Azougaghe, Ahmed Bentajer, Hicham Boukhris, Mourad Eddiwani, Zakaria Igarramen

Abstract:

Software-as-a-service (SaaS) is emerging as a dominant approach to delivering software. It encompasses a range of business, technical opportunities, issue, and challenges. Trustiness in the cloud services regarding the security and the privacy of the delivered data is the most critical issue with the SaaS model. In this paper, we survey the security concerns related to the SaaS model, and we propose the design of a trusted SaaS model that gives users more confidence into SaaS services by leveraging a trust in a neutral source code certifying authority. The proposed design is based on the use of the multisignature mechanism for signing the source code of the application service. In our model, the cloud provider acts as a root of trust by ensuring the integrity of the application service when it was running on its platform. The proposed design prevents insider attacks from tampering with application service before and after it was launched in a cloud provider platform.

Keywords: cloud computing, SaaS Platform, TPM, trustiness, code source certification, multi-signature schemes

Procedia PDF Downloads 262

Authors: Mohsen Rezaee

Abstract:

Although robust security softwares, including anti-viruses, anti-spywares, anti-spam and firewalls are amalgamated with new technologies such as safe zone, hybrid cloud, sand box and etc., and although it can be said that they have managed to prepare highest level of security against viruses, spywares and other malwares in 2012, in fact, hacker attacks to websites are increasingly becoming more and more complicated. Because of security matters developments it can be said it was expected to happen so. Here in this work we try to point out some functional and vital notes to enhance security on the web, enabling the user to browse safely in unlimited web world and to use virtual space securely.

Keywords: firewalls, security, web services, computer science

Procedia PDF Downloads 387

Authors: Nam-Uk Kim, Sung-Hwan Kim, Tai-Myoung Chung

Abstract:

Typical security management systems are not suitable for detecting APT attack, because they cannot draw the big picture from trivial events of security solutions. Although SIEM solutions have security analysis engine for that, their security analysis mechanisms need to be verified in academic field. Although this paper proposes merely an architectural model for APT detection, we will keep studying on correlation analysis mechanism in the future.

Keywords: advanced persistent threat, anomaly detection, data mining

Procedia PDF Downloads 512

Authors: Yu Qin, Wanjiaman Li

Abstract:

The widespread use of mobile electronic devices increases the complexities of mobile security. This thesis aims to provide a secure communication environment for smartphone users. Some research proves that the one-time pad is one of the securest encryption methods, and that the key distribution problem can be solved by using the QKD (quantum key distribution). The objective of this project is to design an Android APP (application) to exchange several random keys between mobile phones. Inspired by QKD, the developed APP uses the quick response (QR) code as a carrier to dispatch large amounts of one-time keys. After evaluating the performance of APP, it allows the mobile phone to capture and decode 1800 bytes of random data in 600ms. The continuous scanning mode of APP is designed to improve the overall transmission performance and user experience, and the maximum transmission rate of this mode is around 2200 bytes/s. The omnidirectional readability and error correction capability of QR code gives it a better real-life application, and the features of adequate storage capacity and quick response optimize overall transmission efficiency. The security of this APP is guaranteed since QR code is exchanged face-to-face, eliminating the risk of being eavesdropped. Also, the id of QR code is the only message that would be transmitted through the whole communication. The experimental results show this project can achieve superior transmission performance, and the correlation between the transmission rate of the system and several parameters, such as the QR code size, has been analyzed. In addition, some existing technologies and the main findings in the context of the project are summarized and critically compared in detail.

Keywords: one-time pad, QKD (quantum key distribution), QR code, application

Procedia PDF Downloads 137