Search results for: hardware security evaluation

Authors: Musaab Hasan, Farkhund Iqbal, Patrick C. K. Hung, Benjamin C. M. Fung, Laura Rafferty

Abstract:

In modern societies, the smart cities concept raised simultaneously with the projection towards adopting smart devices. A smart grid is an essential part of any smart city as both consumers and power utility companies benefit from the features provided by the power grid. In addition to advanced features presented by smart grids, there may also be a risk when the grids are exposed to malicious acts such as security attacks performed by terrorists. Considering advanced security measures in the design of smart meters could reduce these risks. This paper presents a security study for smart metering systems with a prototype implementation of the user interfaces for future works.

Keywords: security design, smart city, smart meter, smart grid, smart metering system

Procedia PDF Downloads 302

Authors: Ondrej Lufinka, Jan Kaderabek, Juraj Prstek, Jiri Skala, Kamil Kosturik

Abstract:

This paper deals with the problem of using Autonomous Robotic Platforms (ARP) for the ADAS (Advanced Driver Assistance Systems) testing in automotive. There are different possibilities of the testing already in development, and lately, the autonomous robotic platforms are beginning to be used more and more widely. Autonomous Robotic Platform discussed in this paper explores the hardware and software design possibilities related to the field of embedded systems. The paper focuses on its chapters on the introduction of the problem in general; then, it describes the proposed prototype concept and its principles from the embedded HW and SW point of view. It talks about the key features that can be used for the innovation of these platforms (e.g., modularity, omnidirectional movement, common and non-traditional sensors used for localization, synchronization of more platforms and cars together, or safety mechanisms). In the end, the future possible development of the project is discussed as well.

Keywords: advanced driver assistance systems, ADAS, autonomous robotic platform, embedded systems, hardware, localization, modularity, multiple robots synchronization, omnidirectional movement, safety mechanisms, software

Procedia PDF Downloads 109

Authors: Kai Qian, Lixin Tao

Abstract:

Mobile devices such as smartphones are getting more and more popular in our daily lives. The security vulnerability and threat attacks become a very emerging and important research and education topic in computing security discipline. There is a need to have an innovative mobile security hands-on laboratory to provide students with real world relevant mobile threat analysis and protection experience. This paper presents an authentic teaching and learning mobile security approach with smartphone devices which covers most important mobile threats in most aspects of mobile security. Each lab focuses on one type of mobile threats, such as mobile messaging threat, and conveys the threat analysis and protection in multiple ways, including lectures and tutorials, multimedia or app-based demonstration for threats analysis, and mobile app development for threat protections. This authentic learning approach is affordable and easily-adoptable which immerse students in a real world relevant learning environment with real devices. This approach can also be applied to many other mobile related courses such as mobile Java programming, database, network, and any security relevant courses so that can learn concepts and principles better with the hands-on authentic learning experience.

Keywords: mobile computing, Android, network, security, labware

Procedia PDF Downloads 370

Authors: Ivayla Trifonova, Naoum Jamous, Holger Schrödl

Abstract:

A good web design is a prerequisite for a successful business nowadays, especially since the internet is the most common way for people to inform themselves. Web design includes the optical composition, the structure, and the user guidance of websites. The importance of each website leads to the question if there is a way to measure its usefulness. The aim of this paper is to suggest a methodology for the evaluation of web design. The desired outcome is to have an evaluation that is concentrated on a specific website and its target group.

Keywords: evaluation methodology, factor analysis, target group, web design

Procedia PDF Downloads 599

Authors: Ahlem Setrallah

Abstract:

Environment has become a phenomenon directly linked to security in recent decades. This security aspect of environment is justified by the challenges that environment problems can have on human life and thus security especially within the scope of human security that is based mainly on the individual rather than on the state. Because Africa is not safe from the global warming and all its consequences on environment, this continent has witnessed many crises related to environment and that have had direct impact on security in Africa. One of those crises is environmental displacement or immigration which was caused by natural disasters like draught, desertification and food shortage to name but a few. This paper aims at shedding light at some important cases in the Africa focusing mainly on the Sahel region. The main research questions that we are trying to answer are the following: 1-What is the relationship between environment and forced immigration in the Sahel region? 2-What is the impact of environmental immigration on Security in the region? 3-How have the states in this region reacted to this crisis? 4-Is the measures taken by those states adequate or not? 5- How to remedy for the limitations of those measures? The paper is based on case study methodology as a way to better understand the relationship between security and environment using library research for data collection and analysis. This paper aims also at presenting some suggesting regarding possible ways of reducing the negative impact of environmental immigration.

Keywords: environment, refugees, Sahel region, security

Procedia PDF Downloads 431

Authors: Kavitha Thamadharan, Nurazean Maarop

Abstract:

The implementation of e-assessment as tool to support the process of teaching and learning in university has become a popular technological means in universities. E-Assessment provides many advantages to the users especially the flexibility in teaching and learning. The e-assessment system has the capability to improve its quality of delivering education. However, there still exists a drawback in terms of security which limits the user acceptance of the online learning system. Even though there are studies providing solutions for identified security threats in e-learning usage, there is no particular model which addresses the factors that influences the acceptance of e-assessment system by lecturers from security perspective. The aim of this study is to explore security aspects of e-assessment in regard to the acceptance of the technology. As a result a conceptual model of secure acceptance of e-assessment is proposed. Both human and security factors are considered in formulation of this conceptual model. In order to increase understanding of critical issues related to the subject of this study, interpretive approach involving convergent mixed method research method is proposed to be used to execute the research. This study will be useful in providing more insightful understanding regarding the factors that influence the user acceptance of e-assessment system from security perspective.

Keywords: secure technology acceptance, e-assessment security, e-assessment, education technology

Procedia PDF Downloads 432

Authors: Pooja Bakshi

Abstract:

In the following paper, an attempt would be made to engage with the relationship between the state and the imperatives of security from a gendered lens. This will be juxtaposed with the feminist engagement with International Law. Theorizations from the literature on South Asian politics and Global politics would be applied to the manner in which the Indian state has defined and proposed to deal with concerns of internal security pertaining to the ‘Left Wing Extremism’ in 2010-2011. It would be argued that the state needs to be disaggregated into the legislature, executive and the judiciary; since there are times when some institutional parts of the state provide space for progressive democratic engagement whilst other institutions don’t. The specific contours of violence faced by women and children at the hands of the state, in the above-mentioned discourse would also be examined. In the end, implications of the security state discourse on debates in International Law would be elaborated.

Keywords: feminist engagement, human rights, state response to left extremism, security studies in South Asia

Procedia PDF Downloads 465

Authors: Nuzhat Sultana M. B.

Abstract:

Children are high-risk population in terms of food born illnesses. Food safety and security are the most important aspect of the success of midday meal programmes. Improper holding temperatures, cross-contamination and poor personal hygiene of food handlers are the main causes for the prevalence of pathogenic microbes in the food servicing areas. Two hundred and fifty preschool children in the age of 3 to 6 years from urban and rural anganwadies (pre school center) of Beed district were selected. Nutritional status of preschool children were assessed by anthropometrical and clinical measurement. The study assessed the food safety and security with the help of personal hygiene and other safety measures maintained by the food personnel working for midday meal programme, supplying mid meals to children in govt. anganwadies (pre school center). The hygiene level, sanitary condition and microbial quality of food and water, pathological health examination of food handlers were assessed with the help of checklist. A questionnaire was designed to evaluate knowledge, attitude, and practices of food handlers. Results of the study show that the nutritional and health status of rural and urban preschool children was very poor. Many of the food handlers were not aware of general knowledge and hygiene practices to be followed during food preparation areas. An intervention programme of education and importing training at workplaces has shown a positive impact on the outcome of safety and security practices and safe, hygienic practices of food handlers at workplace.

Keywords: food, health, preschool children, safety, security

Procedia PDF Downloads 172

Authors: Sani Mohammed Adam

Abstract:

This work seeks to review the security challenges facing Nigeria and explore the relevance of laws and policies in tackling the menace. The work looks at the adequacy of available legislations and the functionality of relevant institutions such as the Armed Forces, the Nigeria Police Force, the State Security Service, the Defence Intelligence Agency and the Nigerian Intelligence Agency etc. Comparisons would be made with other jurisdictions, such as inter alia, the Homeland Security in the USA and Counter Terrorism Laws of the United Kingdom. Recommendations would be made on how to strengthen both institutions and laws to curtail the growth of Terrorism in Nigeria.

Keywords: legislations, Nigeria, security, terrorism

Procedia PDF Downloads 635

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 301

Authors: Mubarak Saadu Nabunkari, Abdullahi Abdu Ibrahim, Muhammad Ilyas

Abstract:

This study looks at how Internet of Things (IoT) devices are used in healthcare to monitor and treat patients better. However, using these devices in healthcare comes with security problems. The research explores using Security Information and Event Management (SIEM) systems with healthcare IoT devices to solve these security challenges. Reviewing existing literature shows the current state of IoT security and emphasizes the need for better protection. The main worry is that healthcare IoT devices can be easily hacked, putting patient data and device functionality at risk. To address this, the research suggests a detailed security framework designed for these devices. This framework, based on literature and best practices, includes important security measures like authentication, data encryption, access controls, and anomaly detection. Adding SIEM systems to this framework helps detect threats in real time and respond quickly to incidents, making healthcare IoT devices more secure. The study highlights the importance of this integration and offers guidance for implementing healthcare IoT securely, efficiently, and effectively.

Keywords: cyber security, threat intelligence, forensics, heath care

Procedia PDF Downloads 14

Authors: Panwasn Mahalawalert

Abstract:

The objective of this study was to meta-evaluation of Master Degree theses in Science Program of Evaluation Methodology at Srinakharinwirot University, published during 2008-2011. This study was summative meta-evaluation that evaluated all theses of Master Degree in Science Program of Evaluation Methodology. Data were collected using the theses characteristics recording form and the evaluation meta-evaluation checklist. The collected data were analyzed by two parts: 1) Quantitative data were analyzed by descriptive statistics presented in frequency, percentages, mean, and standard deviation and 2) Qualitative data were analyzed by content analysis. The results of this study were found the theses characteristics was results revealed that most of theses were published in 2011. The largest group of theses researcher were female and were from the government office. The evaluation model of all theses were Decision-Oriented Evaluation Model. The objective of all theses were evaluate the project or curriculum. The most sampling technique were used the multistage random sampling technique. The most tool were used to gathering the data were questionnaires. All of the theses were analysed by descriptive statistics. The meta-evaluation results revealed that most of theses had fair on Utility Standards and Feasibility Standards, good on Propriety Standards and Accuracy Standards.

Keywords: meta-evaluation, evaluation, master degree theses, Srinakharinwirot University

Procedia PDF Downloads 498

Authors: Shuaibu Umar Abdul

Abstract:

The essence of any state as well as government is to ensure and advance the security of lives and property of its citizens. As a result, providing security in all spheres ranging from safeguarding the territorial integrity, security of lives and property of the citizens as well as economic emancipation have constitute the core objectives cum national interest of virtually all country’s foreign policy in the world. In view of this imperative above, Nigeria has enshrined in the early part of her 1999 constitution as amended, as its duty and responsibility as a state, to ensure security of lives and property of its citizens. Yet, it does not make any significant shift as it relates to the country’s fundamental security needs as exemplified by the current enormous security challenges that reduced the country’s fortune to the background in all ramifications. The study chooses realist paradigm as theoretical underpinning which emphasizes that exigency of the moment should always take priority in the pursuit of foreign policy. The study is historical, descriptive and narrative in method and character. Data for the study was sourced from secondary sources and analysed via content analysis. The study found out that it is lack of political will on the side of the government to guarantee a just and egalitarian society that will be of benefit to all citizens. This could be more appreciated when looking at the gaps between the theory in Nigerian foreign policy and the practice as exemplified by the action or inaction of the government to ensure security in the state. On this account, the study recommends that until the leaderships in Nigerian foreign policy recognized the need for political will and respect for constitutionalism to ensure security of its citizens and territory, otherwise achieving great Nigeria will remain an illusion.

Keywords: foreign policy, nation, national security, Nigeria, security

Procedia PDF Downloads 476

Authors: Joanne Sin Wei Yeoh, Quynh Lê, Rosa McManamey

Abstract:

Food security indicates the ability of individuals, households and communities to acquire food that is healthy, sustainable, affordable, appropriate and accessible. Despite Australia’s current ability to produce enough food to feed a population larger than its current population, there has been substantial evidence over the last decades to demonstrate many Australians struggle to feed themselves, including those from a cultural and linguistically diverse (CALD) background. The study aimed to investigate migrants’ perceptions and experiences on food security in Tasmania. Semi-structured interviews were conducted with 33 migrants residing in North, South and North West Tasmania, who were recruited through purposive sampling. Thematic analysis was employed to analyse the interview data. Four main themes were identified from the interview data: (1) Understanding of food security; (2) Experiences with the food security in Tasmania; (3) Factors that influence migrants’ food security in Tasmania; and (4) Acculturation strategies. Various sub-themes have emerged under each of these four major themes. Though the findings indicate participants are satisfied with their current food security in Tasmania, they still encounter some challenges in food availability, accessibility, and affordability in Tasmania. Factors that influence migrants’ food security were educational background, language barrier, socioeconomic status, geographical isolation, and cultural background. By using different acculturation strategies, migrants managed to adapt to the new food culture. In addition, social and cultural capitals were also treated as vital roles in improving migrants’ food security. The findings indicate migrants residing in Tasmania face different challenges on food security. They use different strategies for food security while acculturating into a new environment. The findings may provide useful information for migrants in Australia and various private organisations or relevant government departments that address food security for migrants.

Keywords: experiences, food security, migrants, perceptions

Procedia PDF Downloads 392

Authors: Christopher Manyamba

Abstract:

Women in Malawi produce perform between 50-70 percent of all agricultural tasks and yet the majority remain food insecure. The aim of his paper is to build on existing mixed evidence that indicates that empowering women in agriculture is conducive to improving food security. The WEAI is used to provide evidence on the relationship between women’s empowerment in agriculture and household food security. A multinomial logistic regression is applied to the Women Empowerment in Agriculture Index (WEAI) components and the Household Hunger Scale. The overall results show that the WEAI can be used to determine household food insecurity; however it has to be contextually adapted. Assets ownership, credit, group membership and leisure time are positively associated with food security. Contrary to other literature, empowerment in having control and decisions on income indicate negative association with household food security. These results could potentially better inform public, private and civil society stakeholders’ dialogues in creating the most effective and sustainable interventions to help women attain long-term food security.

Keywords: food security, gender, empowerment, agriculture index, framework for African food security, household hunger scale

Procedia PDF Downloads 334

Authors: Rebecca Zahra, Joseph G. Vella, Ernest Cachia

Abstract:

The notion of cloud computing is rapidly gaining ground in the IT industry and is appealing mostly due to making computing more adaptable and expedient whilst diminishing the total cost of ownership. This paper focuses on the software as a service (SaaS) architecture of cloud computing which is used for the outsourcing of databases with their associated business processes. One approach for offering SaaS is basing the system’s architecture on multi-tenancy. Multi-tenancy allows multiple tenants (users) to make use of the same single application instance. Their requests and configurations might then differ according to specific requirements met through tenant customisation through the software. Despite the known advantages, companies still feel uneasy to opt for the multi-tenancy with data security being a principle concern. The fact that multiple tenants, possibly competitors, would have their data located on the same server process and share the same database tables heighten the fear of unauthorised access. Security is a vital aspect which needs to be considered by application developers, database administrators, data owners and end users. This is further complicated in cloud-based multi-tenant system where boundaries must be established between tenants and additional access control models must be in place to prevent unauthorised cross-tenant access to data. Moreover, when altering the database state, the transactions need to strictly adhere to the tenant’s known business processes. This paper focuses on the fact that security in cloud databases should not be considered as an isolated issue. Rather it should be included in the initial phases of the database design and monitored continuously throughout the whole development process. This paper aims to identify a number of the most common security risks and threats specifically in the area of multi-tenant cloud systems. Issues and bottlenecks relating to security risks in cloud databases are surveyed. Some techniques which might be utilised to overcome them are then listed and evaluated. After a description and evaluation of the main security threats, this paper produces a list of software requirements to ensure that proper security policies are implemented by a software development team when designing and implementing a multi-tenant based SaaS. This would then assist the cloud service providers to define, implement, and manage security policies as per tenant customisation requirements whilst assuring security for the customers’ data.

Keywords: cloud computing, data management, multi-tenancy, requirements, security

Procedia PDF Downloads 124

Authors: Se-Han Lee, Kwang-Woo Go, Gwang-Hyun Ahn, Hee-Sung Park, Cheol-Kyu Han, Jun-Bo Shim, Geun-Chul Kang, Hyun-Jung Lee

Abstract:

In recent years, with the advent of smart cars and the expansion of the market, the announcement of 'Adventures in Automotive Networks and Control Units' at the DEFCON21 conference in 2013 revealed that cars are not safe from hacking. As a result, the HEAVENS model considering not only the functional safety of the vehicle but also the security has been suggested. However, the HEAVENS model only presents a simple process, and there are no detailed procedures and activities for each process, making it difficult to apply it to the actual vehicle security vulnerability check. In this paper, we propose an automated attack database that systematically summarizes attack vectors, attack types, and vulnerable vehicle models to prepare for various car hacking attacks, and data flow diagrams that can detect various vulnerabilities and suggest a way to materialize the HEAVENS model.

Keywords: automotive security, HEAVENS, car hacking, security model, information security

Procedia PDF Downloads 319

Authors: Jared Oluoch

Abstract:

Connected vehicles are equipped with wireless sensors that aid in Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication. These vehicles will in the near future provide road safety, improve transport efficiency, and reduce traffic congestion. One of the challenges for connected vehicles is how to ensure that information sent across the network is secure. If security of the network is not guaranteed, several attacks can occur, thereby compromising the robustness, reliability, and efficiency of the network. This paper discusses existing security mechanisms and unique properties of connected vehicles. The methodology employed in this work is exploratory. The paper reviews existing security solutions for connected vehicles. More concretely, it discusses various cryptographic mechanisms available, and suggests areas of improvement. The study proposes a combination of symmetric key encryption and public key cryptography to improve security. The study further proposes message aggregation as a technique to overcome message redundancy. This paper offers a comprehensive overview of connected vehicles technology, its applications, its security mechanisms, open challenges, and potential areas of future research.

Keywords: VANET, connected vehicles, 802.11p, WAVE, DSRC, trust, security, cryptography

Procedia PDF Downloads 271

Authors: Arellano Karina, Diego Avila-Pesántez, Leticia Vaca-Cárdenas, Alberto Arellano, Carmen Mantilla

Abstract:

Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization.

Keywords: Denial-of-Service SIP attacks, MS-DoS-SIP, security model, VoIP-SIP vulnerabilities

Procedia PDF Downloads 167

Authors: C. U. Om Kumar, S. Kishore, A. Geetha

Abstract:

An Operating system (OS) is software that manages computer hardware and software resources by providing services to computer programs. One of the important user expectations of the operating system is to provide the practice of defending information from unauthorized access, disclosure, modification, inspection, recording or destruction. Operating system is always vulnerable to the attacks of malwares such as computer virus, worm, Trojan horse, backdoors, ransomware, spyware, adware, scareware and more. And so the anti-virus software were created for ensuring security against the prominent computer viruses by applying a dictionary based approach. The anti-virus programs are not always guaranteed to provide security against the new viruses proliferating every day. To clarify this issue and to secure the computer system, our proposed expert system concentrates on authorizing the processes as wanted and unwanted by the administrator for execution. The Expert system maintains a database which consists of hash code of the processes which are to be allowed. These hash codes are generated using MD5 message-digest algorithm which is a widely used cryptographic hash function. The administrator approves the wanted processes that are to be executed in the client in a Local Area Network by implementing Client-Server architecture and only the processes that match with the processes in the database table will be executed by which many malicious processes are restricted from infecting the operating system. The add-on advantage of this proposed Expert system is that it limits CPU usage and minimizes resource utilization. Thus data and information security is ensured by our system along with increased performance of the operating system.

Keywords: virus, worm, Trojan horse, back doors, Ransomware, Spyware, Adware, Scareware, sticky software, process table, MD5, CPU usage and resource utilization

Procedia PDF Downloads 383

Authors: Themistoklis Tzimas

Abstract:

The proposed paper focuses on a triangular relationship, between human security, human development and responsibility to rebuild. This relationship constitutes the innovative contribution to the debate about human security. Human security constitutes a generic and legally binding notion, which orientates from an integrated approach the UN Charter principles and of the collective security system. Such an approach brings at the forefront of international law and of international relations not only states but non- state actors as well. Several doctrines attempt to implement the fore-mentioned approach among which the Responsibility to Protect- hereinafter R2P- doctrine and its aspect of Responsibility to Rebuild- hereinafter R2R. In this sense, R2P in general and R2R are supposed to be guided by human security imperatives. Human security because of its human- centered approach encompasses as an integral part of it, human development. Human development constitutes part of the backbone of human security, since it deals with the social and economic root- causes of the threats, which human security attempts to confront. In this sense, doctrines which orientate from human security, such as R2P and its R2R aspect should also take into account human development imperatives, in order to improve their efficiency. On the contrary though, R2R is more often linked with market- orientated policies, which are often imposed under transitional authorities, regardless of local needs. The implementation of such policies can be identified as a cause for striking failures in the framework of R2R. In addition it is a misinterpretation of the essence of human security and subsequently of R2P as well. The findings of the article, on the basis of the fore-mentioned argument is that a change must take place from a market- orientated misinterpretation of R2R to an approach attempting to implement human development doctrines, since the latter lie at the heart of human security and can be proven more effective in dealing with the root- causes of conflicts. Methodologically, the article begins with an examination of human security and of its binding nature on the basis of its orientation from the UN Charter. It also examines its significance in the framework of the collective security system. Then, follows the analysis of why and how human development constitutes an integral part of human security. At the next part it is proven that R2P in general and R2R more specifically constitute or should constitute an attempt to implement human security doctrines within the collective security system. Having built this triangular relationship it is argued that human development is proven to be the most suitable notion, so that the spirit of human security and the scopes of R2P are successfully implemented.

Keywords: human security, un charter, responsibility to protect, responsibility to rebuild, human development

Procedia PDF Downloads 250

Authors: Ekin D. Horzum

Abstract:

The aim of the proposal is to examine the relationship between human trafficking related corruption and human security. The proposal suggests that the human trafficking related corruption is about willingness of the states to turn a blind eye to the human trafficking cases. Therefore, it is important to approach human trafficking related corruption in terms of human security and human rights violation to find an effective way to fight against human trafficking. In this context, the purpose of this proposal is to examine the human trafficking related corruption as a safe haven in which trafficking thrives for perpetrators.

Keywords: human trafficking, human security, human rights, corruption, organized crime

Procedia PDF Downloads 434

Authors: Yanmin Zhao, Siu Ming Yiu

Abstract:

To claim the ownership for an executable program is a non-trivial task. An emerging direction is to add a watermark to the program such that the watermarked program preserves the original program’s functionality and removing the watermark would heavily destroy the functionality of the watermarked program. In this paper, the first watermarking signature scheme with the watermark and the constraint function hidden in the symmetric key setting is constructed. The scheme uses well-known techniques of lattice trapdoors and a lattice evaluation. The watermarking signature scheme is unforgeable under the Short Integer Solution (SIS) assumption and satisfies other security requirements such as the unremovability security property.

Keywords: short integer solution (SIS) problem, symmetric-key setting, watermarking schemes, watermarked signatures

Procedia PDF Downloads 100

Authors: Chanchai Supaartagorn

Abstract:

E-retailing is the sale of goods online that takes place over the Internet. The Internet has shrunk the entire World. The world e-retailing is growing at an exponential rate in the Americas, Europe, and Asia. However, e-retailing costs require expensive investment, such as hardware, software, and security systems. Cloud computing technology is internet-based computing for the management and delivery of applications and services. Cloud-based e-retailing application models allow enterprises to lower their costs with their effective implementation of e-retailing activities. In this paper, we describe the concept of cloud computing and present the architecture of cloud computing, combining the features of e-retailing. In addition, we propose a strategy for implementing cloud computing with e-retailing. Finally, we explain the benefits from the architecture.

Keywords: architecture, cloud computing, e-retailing, internet-based

Procedia PDF Downloads 353

Authors: Kun Li, Yuzheng Liu, Xiuqi Fan

Abstract:

High-security standard and high efficiency of screening seem to be contradictory to each other in the airport security check process. Improving the efficiency as far as possible while maintaining the same security standard is significantly meaningful. This paper utilizes the knowledge of Operation Research and Stochastic Process to establish mathematical models to explore this problem. We analyze the current process of airport security check and use the M/G/1 and M/G/k models in queuing theory to describe the process. Then we find the least efficient part is the pre-check lane, the bottleneck of the queuing system. To improve passenger throughput and reduce the variance of passengers’ waiting time, we adjust our models and use Monte Carlo method, then put forward three modifications: adjust the ratio of Pre-Check lane to regular lane flexibly, determine the optimal number of security check screening lines based on cost analysis and adjust the distribution of arrival and service time based on Monte Carlo simulation results. We also analyze the impact of cultural differences as the sensitivity analysis. Finally, we give the recommendations for the current process of airport security check process.

Keywords: queue theory, security check, stochatic process, Monte Carlo simulation

Procedia PDF Downloads 159

Authors: Umesh Kumar Singh, Chanchala Joshi

Abstract:

With increasing dependency on IT infrastructure, the main objective of a system administrator is to maintain a stable and secure network, with ensuring that the network is robust enough against malicious network users like attackers and intruders. Security risk management provides a way to manage the growing threats to infrastructures or system. This paper proposes a framework for risk level estimation which uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). The proposed framework measures the frequency of vulnerability exploitation; converges this measured frequency with standard CVSS score and estimates the security risk level which helps in automated and reasonable security management. In this paper equation for the Temporal score calculation with respect to availability of remediation plan is derived and further, frequency of exploitation is calculated with determined temporal score. The frequency of exploitation along with CVSS score is used to calculate the security risk level of the system. The proposed framework uses the CVSS vectors for risk level estimation and measures the security level of specific network environment, which assists system administrator for assessment of security risks and making decision related to mitigation of security risks.

Keywords: CVSS score, risk level, security measurement, vulnerability category

Procedia PDF Downloads 293

Authors: Roman Kulikov, Svetlana Kolesnikova

Abstract:

Last decade Cloud Computing technologies have been rapidly becoming ubiquitous. Each year more and more organizations, corporations, internet services and social networks trust their business sensitive information to Public Cloud. The data storage in Public Cloud is protected by security mechanisms such as firewalls, cryptography algorithms, backups, etc.. In this way, however, only outsider attacks can be prevented, whereas virtualization tools can be easily compromised by insider. The protection of Public Cloud’s critical elements from internal intruder remains extremely challenging. A hypervisor, also called a virtual machine manager, is a program that allows multiple operating systems (OS) to share a single hardware processor in Cloud Computing. One of the hypervisor's functions is to enforce access control policies. Furthermore, it prevents guest OS from disrupting each other and from accessing each other's memory or disk space. Hypervisor is the one of the most critical and vulnerable elements in Cloud Computing infrastructure. Nevertheless, it has been poorly protected from being compromised by insider. By exploiting certain vulnerabilities, privilege escalation can be easily achieved in insider attacks on hypervisor. In this way, an internal intruder, who has compromised one process, is able to gain control of the entire virtual machine. Thereafter, the consequences of insider attacks in Public Cloud might be more catastrophic and significant to virtual tools and sensitive data than of outsider attacks. So far, almost no preventive security countermeasures have been developed. There has been little attention paid for developing models to assist risks mitigation strategies. In this paper formal model of insider attacks on hypervisor is designed. Our analysis identifies critical hypervisor`s vulnerabilities that can be easily compromised by internal intruder. Consequently, possible conditions for successful attacks implementation are uncovered. Hence, development of preventive security countermeasures can be improved on the basis of the proposed model.

Keywords: insider attack, public cloud, cloud computing, hypervisor

Procedia PDF Downloads 334

Authors: Kenny Onayemi

Abstract:

In an era where academic institutions increasingly rely on information technology, the security of academic networks has emerged as a paramount concern. This comprehensive study delves into the effectiveness of security practices, including network mapping, vulnerability scanning, and penetration testing, within academic networks. Leveraging data from surveys administered to faculty, staff, IT professionals and IT students in the university, the study assesses their familiarity with these practices, perceived effectiveness, and frequency of implementation. The findings reveal that a significant portion of respondents exhibit a strong understanding of network mapping, vulnerability scanning, and penetration testing, highlighting the presence of knowledgeable professionals within academic institutions. Additionally, active scanning using network scanning tools and automated vulnerability scanning tools emerge as highly effective methods. However, concerns arise as the respondents show that the academic institutions conduct these practices rarely or never. Notably, many respondents have reported significant vulnerabilities or security incidents through these security measures within their institution. This study concludes with recommendations to enhance network security awareness and practices among faculty, staff, IT personnel, and students, ultimately fortifying the security posture of academic networks in the digital age.

Keywords: network security, academic networks, vulnerability scanning, penetration testing, information security

Procedia PDF Downloads 17

Authors: Amjad Nusayr

Abstract:

Software security is a general term used to any type of software architecture or model in which security aspects are incorporated in this architecture. These aspects are not part of the main logic of the underlying program. Software security can be achieved using a combination of approaches, including but not limited to secure software designs, third part component validation, and secure coding practices. Memory safety is one feature in software security where we ensure that any object in memory has a valid pointer or a reference with a valid type. Aspect-Oriented Programming (AOP) is a paradigm that is concerned with capturing the cross-cutting concerns in code development. AOP is generally used for common cross-cutting concerns like logging and DB transaction managing. In this paper, we introduce the concepts that enable AOP to be used for the purpose of memory and type safety. We also present ideas for extending AOP in software security practices.

Keywords: aspect oriented programming, programming languages, software security, memory and type safety

Procedia PDF Downloads 94

Authors: Lindelwa Mngomezulu, Tonderai Muchenje

Abstract:

Over the decades, E-mails provide easy, fast and timely communication enabling businesses and state owned agencies to communicate with their stakeholders and with their own employees in real-time. Moreover, since the launch of Microsoft office 365 and many other clouds based E-mail services, many businesses have been migrating from the on premises E-mail services to the cloud and more precisely since the beginning of the Covid-19 pandemic, there has been a significant increase of E-mails utilization, which then leads to the increase of cyber-attacks. In that regard, E-mail security has become very important in the E-mail transportation to ensure that the E-mail gets to the recipient without the data integrity being compromised. The classification of the features to enhance E-mail security for further from the enhanced cyber-attacks as we are aware that since the technology is advancing so at the cyber-attacks. Therefore, in order to maximize the data integrity we need to also maximize security of the E-mails such as enhanced E-mail authentication. The successful enhancement of E-mail security in the future may lessen the frequency of information thefts via E-mails, resulting in the data of South African State-owned agencies not being compromised.

Keywords: e-mail security, cyber-attacks, data integrity, authentication

Procedia PDF Downloads 98