Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 5694

Search results for: software security

5694 Influence of Security Attributes in Component-Based Software Development

Authors: Somayeh Zeinali

Abstract:

A component is generally defined as a piece of executable software with a published interface. Component-based software engineering (CBSE) has become recognized as a new sub-discipline of software engineering. In the component-based software development, components cannot be completely secure and thus easily become vulnerable. Some researchers have investigated this issue and proposed approaches to detect component intrusions or protect distributed components. Software security also refers to the process of creating software that is considered secure.The terms “dependability”, “trustworthiness”, and “survivability” are used interchangeably to describe the properties of software security.

Keywords: component-based software development, component-based software engineering , software security attributes, dependability, component

Procedia PDF Downloads 448
5693 Improving Security by Using Secure Servers Communicating via Internet with Standalone Secure Software

Authors: Carlos Gonzalez

Abstract:

This paper describes the use of the Internet as a feature to enhance the security of our software that is going to be distributed/sold to users potentially all over the world. By placing in a secure server some of the features of the secure software, we increase the security of such software. The communication between the protected software and the secure server is done by a double lock algorithm. This paper also includes an analysis of intruders and describes possible responses to detect threats.

Keywords: internet, secure software, threats, cryptography process

Procedia PDF Downloads 213
5692 A Proposal for Systematic Mapping Study of Software Security Testing, Verification and Validation

Authors: Adriano Bessa Albuquerque, Francisco Jose Barreto Nunes

Abstract:

Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study.

Keywords: software test, software security verification validation and test, security test institutionalization, systematic mapping study

Procedia PDF Downloads 298
5691 Extending the AOP Joinpoint Model for Memory and Type Safety

Authors: Amjad Nusayr

Abstract:

Software security is a general term used to any type of software architecture or model in which security aspects are incorporated in this architecture. These aspects are not part of the main logic of the underlying program. Software security can be achieved using a combination of approaches, including but not limited to secure software designs, third part component validation, and secure coding practices. Memory safety is one feature in software security where we ensure that any object in memory has a valid pointer or a reference with a valid type. Aspect-Oriented Programming (AOP) is a paradigm that is concerned with capturing the cross-cutting concerns in code development. AOP is generally used for common cross-cutting concerns like logging and DB transaction managing. In this paper, we introduce the concepts that enable AOP to be used for the purpose of memory and type safety. We also present ideas for extending AOP in software security practices.

Keywords: aspect oriented programming, programming languages, software security, memory and type safety

Procedia PDF Downloads 40
5690 Importance of Hardware Systems and Circuits in Secure Software Development Life Cycle

Authors: Mir Shahriar Emami

Abstract:

Although it is fully impossible to ensure that a software system is quite secure, developing an acceptable secure software system in a convenient platform is not unreachable. In this paper, we attempt to analyze software development life cycle (SDLC) models from the hardware systems and circuits point of view. To date, the SDLC models pay merely attention to the software security from the software perspectives. In this paper, we present new features for SDLC stages to emphasize the role of systems and circuits in developing secure software system through the software development stages, the point that has not been considered previously in the SDLC models.

Keywords: SDLC, SSDLC, software security, software process engineering, hardware systems and circuits security

Procedia PDF Downloads 166
5689 Simple Ways to Enhance the Security of Web Services

Authors: Majid Azarniush, Soroush Mokallaei

Abstract:

Although robust security software, including anti-viruses, anti spy wares, anti-spam and firewalls, are amalgamated with new technologies such as Safe Zone, Hybrid Cloud, Sand Box etc., and it can be said that they have managed to prepare highest level of security against viruses, spy wares and other malwares in 2012, but in fact hackers' attacks to websites are increasingly becoming more and more complicated. Because of security matters and developments, it can be said that it was expected to happen so. Here in this work, we try to point out to some functional and vital notes to enhance security on the web enabling the user to browse safely in no limit web world and to use virtual space securely.

Keywords: firewalls, security, web services, software

Procedia PDF Downloads 221
5688 A Review on Factors Influencing Implementation of Secure Software Development Practices

Authors: Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin

Abstract:

More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.

Keywords: secure software development, software development, software security, systematic literature review

Procedia PDF Downloads 269
5687 A Software Engineering Methodology for Developing Secure Obfuscated Software

Authors: Carlos Gonzalez, Ernesto Linan

Abstract:

We propose a methodology to conciliate two apparently contradictory processes in the development of secure obfuscated software and good software engineered software. Our methodology consists first in the system designers defining the type of security level required for the software. There are four types of attackers: casual attackers, hackers, institution attack, and government attack. Depending on the level of threat, the methodology we propose uses five or six teams to accomplish this task. One Software Engineer Team and one or two software Obfuscation Teams, and Compiler Team, these four teams will develop and compile the secure obfuscated software, a Code Breakers Team will test the results of the previous teams to see if the software is not broken at the required security level, and an Intrusion Analysis Team will analyze the results of the Code Breakers Team and propose solutions to the development teams to prevent the detected intrusions. We also present an analytical model to prove that our methodology is no only easier to use, but generates an economical way of producing secure obfuscated software.

Keywords: development methodology, obfuscated software, secure software development, software engineering

Procedia PDF Downloads 169
5686 Safety-Security Co-Engineering of Control Systems

Authors: Elena A. Troubitsyna

Abstract:

Designers of modern safety-critical control systems are increasingly relying on networking to provide the systems with advanced functionality and satisfy customer’s needs. However, networking nature of modern control systems also brings new technological challenges associated with ensuring system safety in the presence of openness and hence, potential security threats. In this paper, we propose a methodology that relies on systems-theoretic analysis to enable an integrated analysis of safety and security requirements of controlling software. We demonstrate how to create a safety case – a structured argument about system safety – with explicit representation of both safety and security goals. Our approach provides the designers with a systematic approach to analysing safety and security interdependencies while designing safety-critical control systems.

Keywords: controlling software, integrated analysis, security, safety-security co-engineering

Procedia PDF Downloads 389
5685 An Effective Route to Control of the Safety of Accessing and Storing Data in the Cloud-Based Data Base

Authors: Omid Khodabakhshi, Amir Rozdel

Abstract:

The subject of cloud computing security research has allocated a number of challenges and competitions because the data center is comprised of complex private information and are always faced various risks of information disclosure by hacker attacks or internal enemies. Accordingly, the security of virtual machines in the cloud computing infrastructure layer is very important. So far, there are many software solutions to develop security in virtual machines. But using software alone is not enough to solve security problems. The purpose of this article is to examine the challenges and security requirements for accessing and storing data in an insecure cloud environment. In other words, in this article, a structure is proposed for the implementation of highly isolated security-sensitive codes using secure computing hardware in virtual environments. It also allows remote code validation with inputs and outputs. We provide these security features even in situations where the BIOS, the operating system, and even the super-supervisor are infected. To achieve these goals, we will use the hardware support provided by the new Intel and AMD processors, as well as the TPM security chip. In conclusion, the use of these technologies ultimately creates a root of dynamic trust and reduces TCB to security-sensitive codes.

Keywords: code, cloud computing, security, virtual machines

Procedia PDF Downloads 103
5684 Towards Security in Virtualization of SDN

Authors: Wanqing You, Kai Qian, Xi He, Ying Qian

Abstract:

In this paper, the potential security issues brought by the virtualization of a Software Defined Networks (SDN) would be analyzed. The virtualization of SDN is achieved by FlowVisor (FV). With FV, a physical network is divided into multiple isolated logical networks while the underlying resources are still shared by different slices (isolated logical networks). However, along with the benefits brought by network virtualization, it also presents some issues regarding security. By examining security issues existing in an OpenFlow network, which uses FlowVisor to slice it into multiple virtual networks, we hope we can get some significant results and also can get further discussions among the security of SDN virtualization.

Keywords: SDN, network, virtualization, security

Procedia PDF Downloads 241
5683 Software-Defined Networking: A New Approach to Fifth Generation Networks: Security Issues and Challenges Ahead

Authors: Behrooz Daneshmand

Abstract:

Software Defined Networking (SDN) is designed to meet the future needs of 5G mobile networks. The SDN architecture offers a new solution that involves separating the control plane from the data plane, which is usually paired together. Network functions traditionally performed on specific hardware can now be abstracted and virtualized on any device, and a centralized software-based administration approach is based on a central controller, facilitating the development of modern applications and services. These plan standards clear the way for a more adaptable, speedier, and more energetic network beneath computer program control compared with a conventional network. We accept SDN gives modern inquire about openings to security, and it can significantly affect network security research in numerous diverse ways. Subsequently, the SDN architecture engages systems to effectively screen activity and analyze threats to facilitate security approach modification and security benefit insertion. The segregation of the data planes and control and, be that as it may, opens security challenges, such as man-in-the-middle attacks (MIMA), denial of service (DoS) attacks, and immersion attacks. In this paper, we analyze security threats to each layer of SDN - application layer - southbound interfaces/northbound interfaces - controller layer and data layer. From a security point of see, the components that make up the SDN architecture have a few vulnerabilities, which may be abused by aggressors to perform noxious activities and hence influence the network and its administrations. Software-defined network assaults are shockingly a reality these days. In a nutshell, this paper highlights architectural weaknesses and develops attack vectors at each layer, which leads to conclusions about further progress in identifying the consequences of attacks and proposing mitigation strategies.

Keywords: software-defined networking, security, SDN, 5G/IMT-2020

Procedia PDF Downloads 6
5682 Software Quality Assurance in Network Security using Cryptographic Techniques

Authors: Sidra Shabbir, Ayesha Manzoor, Mehreen Sirshar

Abstract:

The use of the network communication has imposed serious threats to the security of assets over the network. Network security is getting more prone to active and passive attacks which may result in serious consequences to data integrity, confidentiality and availability. Various cryptographic techniques have been proposed in the past few years to combat with the concerned problem by ensuring quality but in order to have a fully secured network; a framework of new cryptosystem was needed. This paper discusses certain cryptographic techniques which have shown far better improvement in the network security with enhanced quality assurance. The scope of this research paper is to cover the security pitfalls in the current systems and their possible solutions based on the new cryptosystems. The development of new cryptosystem framework has paved a new way to the widespread network communications with enhanced quality in network security.

Keywords: cryptography, network security, encryption, decryption, integrity, confidentiality, security algorithms, elliptic curve cryptography

Procedia PDF Downloads 427
5681 Security in Cyberspace: A Comprehensive Review of COVID-19 Continued Effects on Security Threats and Solutions in 2021 and the Trajectory of Cybersecurity Going into 2022

Authors: Mojtaba Fayaz, Richard Hallal

Abstract:

This study examines the various types of dangers that our virtual environment is vulnerable to, including how it can be attacked and how to avoid/secure our data. The terrain of cyberspace is never completely safe, and Covid- 19 has added to the confusion, necessitating daily periodic checks and evaluations. Cybercriminals have been able to enact with greater skill and undertake more conspicuous and sophisticated attacks while keeping a higher level of finesse by operating from home. Different types of cyberattacks, such as operation-based attacks, authentication-based attacks, and software-based attacks, are constantly evolving, but research suggests that software-based threats, such as Ransomware, are becoming more popular, with attacks expected to increase by 93 percent by 2020. The effectiveness of cyber frameworks has shifted dramatically as the pandemic has forced work and private life to become intertwined, destabilising security overall and creating a new front of cyber protection for security analysis and personal. The high-rise formats in which cybercrimes are carried out, as well as the types of cybercrimes that exist, such as phishing, identity theft, malware, and DDoS attacks, have created a new front of cyber protection for security analysis and personal safety. The overall strategy for 2022 will be the introduction of frameworks that address many of the issues associated with offsite working, as well as education that provides better information about commercialised software that does not provide the highest level of security for home users, allowing businesses to plan better security around their systems.

Keywords: cyber security, authentication, software, hardware, malware, COVID-19, threat actors, awareness, home users, confidentiality, integrity, availability, attacks

Procedia PDF Downloads 10
5680 Four Phase Methodology for Developing Secure Software

Authors: Carlos Gonzalez-Flores, Ernesto Liñan-García

Abstract:

A simple and robust approach for developing secure software. A Four Phase methodology consists in developing the non-secure software in phase one, and for the next three phases, one phase for each of the secure developing types (i.e. self-protected software, secure code transformation, and the secure shield). Our methodology requires first the determination and understanding of the type of security level needed for the software. The methodology proposes the use of several teams to accomplish this task. One Software Engineering Developing Team, a Compiler Team, a Specification and Requirements Testing Team, and for each of the secure software developing types: three teams of Secure Software Developing, three teams of Code Breakers, and three teams of Intrusion Analysis. These teams will interact among each other and make decisions to provide a secure software code protected against a required level of intruder.

Keywords: secure software, four phases methodology, software engineering, code breakers, intrusion analysis

Procedia PDF Downloads 299
5679 A Novel Software Model for Enhancement of System Performance and Security through an Optimal Placement of PMU and FACTS

Authors: R. Kiran, B. R. Lakshmikantha, R. V. Parimala

Abstract:

Secure operation of power systems requires monitoring of the system operating conditions. Phasor measurement units (PMU) are the device, which uses synchronized signals from the GPS satellites, and provide the phasors information of voltage and currents at a given substation. The optimal locations for the PMUs must be determined, in order to avoid redundant use of PMUs. The objective of this paper is to make system observable by using minimum number of PMUs & the implementation of stability software at 22OkV grid for on-line estimation of the power system transfer capability based on voltage and thermal limitations and for security monitoring. This software utilizes State Estimator (SE) and synchrophasor PMU data sets for determining the power system operational margin under normal and contingency conditions. This software improves security of transmission system by continuously monitoring operational margin expressed in MW or in bus voltage angles, and alarms the operator if the margin violates a pre-defined threshold.

Keywords: state estimator (SE), flexible ac transmission systems (FACTS), optimal location, phasor measurement units (PMU)

Procedia PDF Downloads 332
5678 Multi-Level Security Measures in Cloud Computing

Authors: Shobha G. Ranjan

Abstract:

Cloud computing is an emerging, on-demand and internet- based technology. Varieties of services like, software, hardware, data storage and infrastructure can be shared though the cloud computing. This technology is highly reliable, cost effective and scalable in nature. It is a must only the authorized users should access these services. Further the time granted to access these services should be taken into account for proper accounting purpose. Currently many organizations do the security measures in many different ways to provide the best cloud infrastructure to their clients, but that’s not the limitation. This paper presents the multi-level security measure technique which is in accordance with the OSI model. In this paper, details of proposed multilevel security measures technique are presented along with the architecture, activities, algorithms and probability of success in breaking authentication.

Keywords: cloud computing, cloud security, integrity, multi-tenancy, security

Procedia PDF Downloads 413
5677 Design and Realization of Computer Network Security Perception Control System

Authors: El Miloudi Djelloul

Abstract:

Based on analysis on applications by perception control technology in computer network security status and security protection measures, from the angles of network physical environment and network software system environmental security, this paper provides network security system perception control solution using Internet of Things (IOT), telecom and other perception technologies. Security Perception Control System is in the computer network environment, utilizing Radio Frequency Identification (RFID) of IOT and telecom integration technology to carry out integration design for systems. In the network physical security environment, RFID temperature, humidity, gas and perception technologies are used to do surveillance on environmental data, dynamic perception technology is used for network system security environment, user-defined security parameters, security log are used for quick data analysis, extends control on I/O interface, by development of API and AT command, Computer Network Security Perception Control based on Internet and GSM/GPRS is achieved, which enables users to carry out interactive perception and control for network security environment by WEB, E-MAIL as well as PDA, mobile phone short message and Internet. In the system testing, through middle ware server, security information data perception in real time with deviation of 3-5% was achieved; it proves the feasibility of Computer Network Security Perception Control System.

Keywords: computer network, perception control system security strategy, Radio Frequency Identification (RFID)

Procedia PDF Downloads 337
5676 Cyber Security Enhancement via Software Defined Pseudo-Random Private IP Address Hopping

Authors: Andre Slonopas, Zona Kostic, Warren Thompson

Abstract:

Obfuscation is one of the most useful tools to prevent network compromise. Previous research focused on the obfuscation of the network communications between external-facing edge devices. This work proposes the use of two edge devices, external and internal facing, which communicate via private IPv4 addresses in a software-defined pseudo-random IP hopping. This methodology does not require additional IP addresses and/or resources to implement. Statistical analyses demonstrate that the hopping surface must be at least 1e3 IP addresses in size with a broad standard deviation to minimize the possibility of coincidence of monitored and communication IPs. The probability of breaking the hopping algorithm requires a collection of at least 1e6 samples, which for large hopping surfaces will take years to collect. The probability of dropped packets is controlled via memory buffers and the frequency of hops and can be reduced to levels acceptable for video streaming. This methodology provides an impenetrable layer of security ideal for information and supervisory control and data acquisition systems.

Keywords: moving target defense, cybersecurity, network security, hopping randomization, software defined network, network security theory

Procedia PDF Downloads 49
5675 A Three Tier Secure KQML Interface with Novel Performatives

Authors: Dimple Juneja, Aarti Singh, Renu Hooda

Abstract:

Knowledge Query Manipulation Language (KQML) and FIPA ACL are two prime communication languages existing in multi agent systems (MAS). Both languages are more or less similar in terms of semantics (based on speech act theory) and offer cutting edge competition while establishing agent communication across Internet. In contrast to the fact that software agents operating on the internet are required to be more safeguarded from their counter-peer, both protocols lack security performatives. The paper proposes a three tier security interface with few novel security related performatives enhancing the basic architecture of KQML. The three levels are attestation, certification and trust establishment which enforces a tight security and hence reduces the security breeches.

Keywords: multiagent systems, KQML, FIPA ACL, performatives

Procedia PDF Downloads 343
5674 Legal Issues of Food Security in Republic of Kazakhstan

Authors: G. T. Aigarinova

Abstract:

This article considers the legal issues of food security as a major component of national security of the republic. The problem of food security is the top priority of the economic policy strategy of any state, the effectiveness of this solution influences social, political, and ethnic stability in society. Food security and nutrition is everyone’s business. Food security exists when all people, at all times, have physical, social and economic access to sufficient safe and nutritious food that meets their dietary needs and food preferences for an active and healthy life. By analyzing the existing legislation in the area of food security, the author identifies weaknesses and gaps, suggesting ways to improve it.

Keywords: food security, national security, agriculture, public resources, economic security

Procedia PDF Downloads 262
5673 Security of Internet of Things: Challenges, Requirements and Future Directions

Authors: Amjad F. Alharbi, Bashayer A. Alotaibi, Fahd S. Alotaibi

Abstract:

The emergence of Internet of Things (IoT) technology provides capabilities for a huge number of smart devices, services and people to be communicate with each other for exchanging data and information over existing network. While as IoT is progressing, it provides many opportunities for new ways of communications as well it introduces many security and privacy threats and challenges which need to be considered for the future of IoT development. In this survey paper, an IoT security issues as threats and current challenges are summarized. The security architecture for IoT are presented from four main layers. Based on these layers, the IoT security requirements are presented to insure security in the whole system. Furthermore, some researches initiatives related to IoT security are discussed as well as the future direction for IoT security are highlighted.

Keywords: Internet of Things (IoT), IoT security challenges, IoT security requirements, IoT security architecture

Procedia PDF Downloads 205
5672 Multi-Agent TeleRobotic Security Control System: Requirements Definitions of Multi-Agent System Using The Behavioral Patterns Analysis (BPA) Approach

Authors: Assem El-Ansary

Abstract:

This paper illustrates the event-oriented Behavioral Pattern Analysis (BPA) modeling approach in developing an Multi-Agent TeleRobotic Security Control System (MTSCS). The event defined in BPA is a real-life conceptual entity that is unrelated to any implementation. The major contributions of this research are the Behavioral Pattern Analysis (BPA) modeling methodology, and the development of an interactive software tool (DECISION), which is based on a combination of the Analytic Hierarchy Process (AHP) and the ELECTRE Multi-Criteria Decision Making (MCDM) methods.

Keywords: analysis, multi-agent, TeleRobotics control, security, modeling methodology, software modeling, event-oriented, behavioral pattern, use cases

Procedia PDF Downloads 362
5671 A Tutorial on Network Security: Attacks and Controls

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 224
5670 Network Security Attacks and Defences

Authors: Ranbir Singh, Deepinder Kaur

Abstract:

Network security is an important aspect in every field like government offices, Educational Institute and any business organization. Network security consists of the policies adopted to prevent and monitor forbidden access, misuse, modification, or denial of a computer network. Network security is very complicated subject and deal by only well trained and experienced people. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world. The history of the network security included an introduction to the TCP/IP and interworking. Network security starts with authenticating, commonly with a username and a password. In this paper, we study about various types of attacks on network security and how to handle or prevent this attack.

Keywords: network security, attacks, denial, authenticating

Procedia PDF Downloads 268
5669 Diversity for Safety and Security of Autonomous Vehicles against Accidental and Deliberate Faults

Authors: Anil Ranjitbhai Patel, Clement John Shaji, Peter Liggesmeyer

Abstract:

Safety and security of autonomous vehicles (AVs) is a growing concern, first, due to the increased number of safety-critical functions taken over by automotive embedded systems; second, due to the increased exposure of the software-intensive systems to potential attackers; third, due to dynamic interaction in an uncertain and unknown environment at runtime which results in changed functional and non-functional properties of the system. Frequently occurring environmental uncertainties, random component failures, and compromise security of the AVs might result in hazardous events, sometimes even in an accident, if left undetected. Beyond these technical issues, we argue that the safety and security of AVs against accidental and deliberate faults are poorly understood and rarely implemented. One possible way to overcome this is through a well-known diversity approach. As an effective approach to increase safety and security, diversity has been widely used in the aviation, railway, and aerospace industries. Thus, the paper proposes fault-tolerance by diversity model takes into consideration the mitigation of accidental and deliberate faults by application of structure and variant redundancy. The model can be used to design the AVs with various types of diversity in hardware and software-based multi-version system. The paper evaluates the presented approach by employing an example from adaptive cruise control, followed by discussing the case study with initial findings.

Keywords: autonomous vehicles, diversity, fault-tolerance, adaptive cruise control, safety, security

Procedia PDF Downloads 45
5668 Software Cloning and Agile Environment

Authors: Ravi Kumar, Dhrubajit Barman, Nomi Baruah

Abstract:

Software Cloning has grown an active area in software engineering research community yielding numerous techniques, various tools and other methods for clone detection and removal. The copying, modifying a block of code is identified as cloning as it is the most basic means of software reuse. Agile Software Development is an approach which is currently being used in various software projects, so that it helps to respond the unpredictability of building software through incremental, iterative, work cadences. Software Cloning has been introduced to Agile Environment and many Agile Software Development approaches are using the concept of Software Cloning. This paper discusses the various Agile Software Development approaches. It also discusses the degree to which the Software Cloning concept is being introduced in the Agile Software Development approaches.

Keywords: agile environment, refactoring, reuse, software cloning

Procedia PDF Downloads 419
5667 Specification of Requirements to Ensure Proper Implementation of Security Policies in Cloud-Based Multi-Tenant Systems

Authors: Rebecca Zahra, Joseph G. Vella, Ernest Cachia

Abstract:

The notion of cloud computing is rapidly gaining ground in the IT industry and is appealing mostly due to making computing more adaptable and expedient whilst diminishing the total cost of ownership. This paper focuses on the software as a service (SaaS) architecture of cloud computing which is used for the outsourcing of databases with their associated business processes. One approach for offering SaaS is basing the system’s architecture on multi-tenancy. Multi-tenancy allows multiple tenants (users) to make use of the same single application instance. Their requests and configurations might then differ according to specific requirements met through tenant customisation through the software. Despite the known advantages, companies still feel uneasy to opt for the multi-tenancy with data security being a principle concern. The fact that multiple tenants, possibly competitors, would have their data located on the same server process and share the same database tables heighten the fear of unauthorised access. Security is a vital aspect which needs to be considered by application developers, database administrators, data owners and end users. This is further complicated in cloud-based multi-tenant system where boundaries must be established between tenants and additional access control models must be in place to prevent unauthorised cross-tenant access to data. Moreover, when altering the database state, the transactions need to strictly adhere to the tenant’s known business processes. This paper focuses on the fact that security in cloud databases should not be considered as an isolated issue. Rather it should be included in the initial phases of the database design and monitored continuously throughout the whole development process. This paper aims to identify a number of the most common security risks and threats specifically in the area of multi-tenant cloud systems. Issues and bottlenecks relating to security risks in cloud databases are surveyed. Some techniques which might be utilised to overcome them are then listed and evaluated. After a description and evaluation of the main security threats, this paper produces a list of software requirements to ensure that proper security policies are implemented by a software development team when designing and implementing a multi-tenant based SaaS. This would then assist the cloud service providers to define, implement, and manage security policies as per tenant customisation requirements whilst assuring security for the customers’ data.

Keywords: cloud computing, data management, multi-tenancy, requirements, security

Procedia PDF Downloads 73
5666 Improving the Security of Internet of Things Using Encryption Algorithms

Authors: Amirhossein Safi

Abstract:

Internet of things (IOT) is a kind of advanced information technology which has drawn societies’ attention. Sensors and stimulators are usually recognized as smart devices of our environment. Simultaneously, IOT security brings up new issues. Internet connection and possibility of interaction with smart devices cause those devices to involve more in human life. Therefore, safety is a fundamental requirement in designing IOT. IOT has three remarkable features: overall perception, reliable transmission, and intelligent processing. Because of IOT span, security of conveying data is an essential factor for system security. Hybrid encryption technique is a new model that can be used in IOT. This type of encryption generates strong security and low computation. In this paper, we have proposed a hybrid encryption algorithm which has been conducted in order to reduce safety risks and enhancing encryption's speed and less computational complexity. The purpose of this hybrid algorithm is information integrity, confidentiality, non-repudiation in data exchange for IOT. Eventually, the suggested encryption algorithm has been simulated by MATLAB software, and its speed and safety efficiency were evaluated in comparison with conventional encryption algorithm.

Keywords: internet of things, security, hybrid algorithm, privacy

Procedia PDF Downloads 323
5665 The Benefits of Security Culture for Improving Physical Protection Systems at Detection and Radiation Measurement Laboratory

Authors: Ari S. Prabowo, Nia Febriyanti, Haryono B. Santosa

Abstract:

Security function that is called as Physical Protection Systems (PPS) has functions to detect, delay and response. Physical Protection Systems (PPS) in Detection and Radiation Measurement Laboratory needs to be improved continually by using internal resources. The nuclear security culture provides some potentials to support this research. The study starts by identifying the security function’s weaknesses and its strengths of security culture as a purpose. Secondly, the strengths of security culture are implemented in the laboratory management. Finally, a simulation was done to measure its effectiveness. Some changes were happened in laboratory personnel behaviors and procedures. All became more prudent. The results showed a good influence of nuclear security culture in laboratory security functions.

Keywords: laboratory, physical protection system, security culture, security function

Procedia PDF Downloads 81