Search results for: software security

Authors: Amir Mohtarami, Hadi Kandjani

Abstract:

The amount of business-critical information in enterprises is growing at an extraordinary rate, and the ability to catalog that information and properly protect it using traditional security mechanisms is not keeping pace. Alongside the Information Technology (IT), information security needs a holistic view in enterprise. In other words, a comprehensive architectural approach is required, focusing on the information itself, understanding what the data are, who owns it, and which business and regulatory policies should be applied to the information. Enterprise Architecture Frameworks provide useful tools to grasp different dimensions of IT in organizations. Usually this is done by the layered views on IT architecture, but not requisite security attention has been held in this frameworks. In this paper, after a brief look at the Enterprise Architecture (EA), we discuss the issue of security in the overall enterprise IT architecture. Due to the increasing importance of security, a rigorous EA program in an enterprise should be able to consider security architecture as an integral part of its processes and gives a visible roadmap and blueprint for this aim.

Keywords: enterprise architecture, architecture framework, security architecture, information systems

Procedia PDF Downloads 668

Authors: Mounir Zekkaoui, Abdelhadi Fennan

Abstract:

The software evolution control requires a deep understanding of the changes and their impact on different system heterogeneous artifacts. And an understanding of descriptive knowledge of the developed software artifacts is a prerequisite condition for the success of the evolutionary process. The implementation of an evolutionary process is to make changes more or less important to many heterogeneous software artifacts such as source code, analysis and design models, unit testing, XML deployment descriptors, user guides, and others. These changes can be a source of degradation in functional, qualitative or behavioral terms of modified software. Hence the need for a unified approach for extraction and representation of different heterogeneous artifacts in order to ensure a unified and detailed description of heterogeneous software artifacts, exploitable by several software tools and allowing to responsible for the evolution of carry out the reasoning change concerned.

Keywords: heterogeneous software artifacts, software evolution control, unified approach, meta model, software architecture

Procedia PDF Downloads 412

Authors: Pratyush Vatsala, Sanjay Ahuja

Abstract:

The national security and human rights are related terms as there is nothing like absolute security or absolute human right. If we are committed to security, human right is a problem and also a solution, and if we deliberate on human rights, security is a problem but also part of the solution. Ultimately, we have to maintain a balance between the two co-related terms. As more and more armed forces are being deployed by the government within the nation for maintaining peace and security, using force against its own citizen, the search for a judicious balance between intent and action needs to be emphasized. Notwithstanding that a nation state needs complete political independence; the search for security is a driving force behind unquestioned sovereignty. If security is a human value, it overlaps the value of freedom, order, and solidarity. Now, the question needs to be explored, to what extent human rights can be compromised in the name of security in Kashmir or Mizoram like places. The present study aims to explore the issue of maintaining a balance between the use of power and good governance as human rights, providing security as a human value. This paper has been prepared with an aim of strengthening the understanding of the complex and multifaceted relationship between human rights and security forces operating for conflict management and identifies some of the critical human rights issues raised in the context of security forces operations highlighting the relevant human rights principles and standards in which Security as human value be respected at all times and in particular in the context of security forces operations in India.

Keywords: Kashmir, Mizoram, security, value, human right

Procedia PDF Downloads 247

Authors: Rong Guo, Mengshi Huang, Yujing Bai

Abstract:

With the rapid development of urbanization, the urban population increases and urban sprawl appeared. And these issues led to a sharp deterioration of the ecological environment. So, the urban ecological security evaluation was imminent. The weights identify of index was a key step of the research of ecological security evaluation. The AHP was widely used in the extensive research of weights identify of ecological security index. The characteristics of authority and quantitative can fully reflect the views of relevant experts. On the basis of building the ecological security evaluation index of Harbin, the paper combed and used the basic principle of the AHP, and calculated the weights of Harbin ecological security evaluation index through the process of the expert opinions “summary-feedback-summary”. And lay a foundation of future study of Harbin ecological security index, and guide the quantitative evaluation of Harbin ecological security.

Keywords: AHP, ecological security, evaluation Index, weights identify, harbin

Procedia PDF Downloads 466

Authors: Vuk M. Popovic, Dunja D. Popovic

Abstract:

Software maintenance phase is started once a software project has been developed and delivered. After that, any modification to it corresponds to maintenance. Software maintenance involves modifications to keep a software project usable in a changed or a changing environment, to correct discovered faults, and modifications, and to improve performance or maintainability. Software maintenance and management of software maintenance are recognized as two most important and most expensive processes in a life of a software product. This research is basing the prediction of maintenance, on risks and time evaluation, and using them as data sets for working with neural networks. The aim of this paper is to provide support to project maintenance managers. They will be able to pass the issues planned for the next software-service-patch to the experts, for risk and working time evaluation, and afterward to put all data to neural networks in order to get software maintenance prediction. This process will lead to the more accurate prediction of the working hours needed for the software-service-patch, which will eventually lead to better planning of budget for the software maintenance projects.

Keywords: laboratory information system, maintenance engineering, neural networks, software maintenance, software maintenance costs

Procedia PDF Downloads 324

Authors: Nor Fazlina Iryani Abdul Hamid, Mohamad Khatim Hasan

Abstract:

Evolution of software quality measurement has been started since McCall introduced his quality model in year 1977. Starting from there, several software quality models and software quality measurement methods had emerged but none of them focused on telecommunication industry. In this paper, the implementation of software quality measurement system for telecommunication industry was compulsory to accommodate the rapid growth of telecommunication industry. The quality value of the telecommunication related software could be calculated using this system by entering the required parameters. The system would calculate the quality value of the measured system based on predefined quality metrics and aggregated by referring to the quality model. It would classify the quality level of the software based on Net Satisfaction Index (NSI). Thus, software quality measurement system was important to both developers and users in order to produce high quality software product for telecommunication industry.

Keywords: software quality, quality measurement, quality model, quality metric, net satisfaction index

Procedia PDF Downloads 556

Authors: Kanita Beširević

Abstract:

Open-source software development activities highly rely on Internet gathering communities volunteering in software development projects. Additionally, the libraries and cultural institutions share their metadata in the form of linked metadata to enable dissemination and enrichment. The open-source software provides free alternatives to traditional software solutions. The article aims to investigate the ever-increasing options for the digital library open source software adoption. The software available is presented and compared to other software solutions as well as to their previous versions. The top three open-source digital library software solutions are presented and compared. The comparison criteria are adopted from the UNESCO study by Bankier, J., & Gleason, K. Institutional Repository Software Comparison comprising of twelve criteria to appraise software, namely: infrastructure, front-end design, content discovery, publication tools, interoperability, and preservation. This article adopts a descriptive methodology based on data and information collected through selected software websites and the literature review.

Keywords: open source software, digital library, DSpace, Fedora, Greenstone

Procedia PDF Downloads 79

Authors: H. Gorine, M. Ramadan Elmezughi

Abstract:

In this paper, we investigate security issues and challenges facing researchers in wireless sensor networks and countermeasures to resolve them. The broadcast nature of wireless communication makes Wireless Sensor Networks prone to various attacks. Due to resources limitation constraint in terms of limited energy, computation power and memory, security in wireless sensor networks creates different challenges than wired network security. We will discuss several attempts at addressing the issues of security in wireless sensor networks in an attempt to encourage more research into this area.

Keywords: wireless sensor networks, network security, light weight encryption, threats

Procedia PDF Downloads 487

Authors: Anthony I. Otuonye, Juliet N. Odii, Perpetual N. Ibe

Abstract:

The obvious challenges faced by most commercial bank customers while using the services of ATMs (Automated Teller Machines) across developing countries have triggered the need for an improved system with better security features. Current ATM systems are password-based, and research has proved the vulnerabilities of these systems to heinous attacks and manipulations. We have discovered by research that the security of current ATM-assisted banking services in most developing countries of the world is easily broken and maneuvered by fraudsters, majorly because it is quite difficult for these systems to identify an impostor with privileged access as against the authentic bank account owner. Again, PIN (Personal Identification Number) code passwords are easily guessed, just to mention a few of such obvious limitations of traditional ATM operations. In this research work also, we have developed a system of fingerprint biometrics with PIN code Authentication that seeks to improve the security features of traditional ATM installations as well as other Banking Services. The aim is to ensure better security at all ATM installations and raise the confidence of bank customers. It is hoped that our system will overcome most of the challenges of the current password-based ATM operation if properly applied. The researchers made use of the OOADM (Object-Oriented Analysis and Design Methodology), a software development methodology that assures proper system design using modern design diagrams. Implementation and coding were carried out using Visual Studio 2010 together with other software tools. Results obtained show a working system that provides two levels of security at the client’s side using a fingerprint biometric scheme combined with the existing 4-digit PIN code to guarantee the confidence of bank customers across developing countries.

Keywords: fingerprint biometrics, banking operations, verification, ATMs, PIN code

Procedia PDF Downloads 6

Authors: Tshegofatso Rambau, Tonderai Muchenje

Abstract:

Zero-day attacks (ZDA) are increasing day by day; there are many vulnerabilities in systems and software that date back decades. Companies keep discovering vulnerabilities in their systems and software and work to release patches and updates. A zero-day vulnerability is a software fault that is not widely known and is unknown to the vendor; attackers work very quickly to exploit these vulnerabilities. These are major security threats with a high success rate because businesses lack the essential safeguards to detect and prevent them. This study focuses on the factors and techniques that can help us detect zero-day attacks. There are various methods and techniques for detecting vulnerabilities. Various companies like edges can offer penetration testing and smart vulnerability management solutions. We will undertake literature studies on zero-day attacks and detection methods, as well as modeling approaches and simulations, as part of the study process.

Keywords: zero-day attacks, exploitation, vulnerabilities

Procedia PDF Downloads 69

Authors: Mehmet Kargaci

Abstract:

It is more important to access information than to get the correct information and to transform it to the knowledge in a proper way. Every person, organizations or governments who have the knowledge now become the target. Cyber security involves the range of measures to be taken from individual to the national level. The National institutions refer to academic, military and major public and private institutions, which are very important for the national security. Thus they need further cyber security measures. It appears that the traditional cyber security measures in the national level are alone not sufficient, while the individual measures remain in a restricted level. It is evaluated that the most appropriate method for preventing the cyber vulnerabilities rather than existing measures are to develop institutional measures. This study examines the cyber security measures to be taken, especially in the national institutions.

Keywords: cyber defence, information, critical infrastructure, security

Procedia PDF Downloads 502

Authors: Fawad Zaidi

Abstract:

This paper discusses a variety of challenges and solutions involved with creating computer games and the issues faced by the software engineers working in this field. This review further investigates the articles coverage of project scope and the problem of feature creep that appears to be inherent with game development. The paper tries to answer the following question: Is this a problem caused by a shortage, or bad software engineering practices, or is this outside the control of the software engineering component of the game production process?

Keywords: software engineering, computer games, software applications, development

Procedia PDF Downloads 451

Authors: Gaoussou Doukoure Abdel Kader, Mnkandla Ernest

Abstract:

This research aims to investigate the usage of a personal software process oriented information system in order to facilitate the promotion of software quality and its improvement in organizations. In this light, at the term of a literature review on software quality and related concepts, the personal software process is discussed, more particularly in terms of software quality. Semi-structured interviews will be conducted with a team of software engineers on the first hand to establish a baseline on their understanding of what quality entails for them. The PSP methodology will then be presented to the engineers in its most basic aspects. The research will then proceed to practical case study where a PSP oriented information system is submitted to engineers for usage throughout their development process. Reports from the PSP information system as well as feedback from the engineers will be used in conjunction with the theoretical foundation to establish a PSP inspired framework for software quality promotion and improvement.

Keywords: information communication technology, personal software process, software quality, process quality, software engineering

Procedia PDF Downloads 446

Authors: Stefan Bauer, Josef Frysak

Abstract:

According to the scientific information management literature, the improper use of information technology (e.g. personal computers) by employees are one main cause for operational and information security loss events. Therefore, organizations implement information security awareness programs to increase employees’ awareness to further prevention of loss events. However, in many cases these information security awareness programs consist of conventional delivery methods like posters, leaflets, or internal messages to make employees aware of information security policies. We assume that a viral information security awareness video might be more effective medium than conventional methods commonly used by organizations. The purpose of this research is to develop a viral video artifact to improve employee security behavior concerning information technology.

Keywords: information security awareness, delivery methods, viral videos, employee security behavior

Procedia PDF Downloads 517

Authors: Shruti Kohli

Abstract:

The sophistication and pervasiveness of cyber-attacks are constantly growing, driven partly by technological progress, profitable applications in organized crime and state-sponsored innovation. The modernization of rail control systems has resulted in an increasing reliance on digital technology and increased the potential for security breaches and cyber-attacks. This research track showcases the need for developing a secure reusable scalable framework for enhancing cyber security of rail assets. A cyber security framework has been proposed that is being developed to detect the tell-tale signs of cyber-attacks against industrial assets.

Keywords: cyber security, rail asset, security threat, cyber ontology

Procedia PDF Downloads 404

Authors: Thomas Adi Purnomo Sidhi

Abstract:

Nowadays, network is an essential need in almost every part of human daily activities. People now can seamlessly connect to others through the Internet. With advanced technology, our personal data now can be more easily accessed. One of many components we are concerned for delivering the best network is a security issue. This paper is proposing a method that provides more options for security. This research aims to improve network security by focusing on the physical layer which is the first layer of the OSI model. The layer consists of the basic networking hardware transmission technologies of a network. With the use of observation method, the research produces a schematic design for enhancing the network security through the gray code converter.

Keywords: network, network security, grey code, physical layer

Procedia PDF Downloads 470

Authors: Sarah K. Amer, Nagwa Badr, Osman Ibrahim, Ahmed Hamad

Abstract:

This paper surveys the effectiveness of software process quality assurance frameworks, with some focus on Capability Maturity Model Integration (CMMI) - a framework that has become widely adopted in software organizations. The importance of quality improvement in software development, and the differences in the outcomes of quality framework implementation between Middle Eastern and North African (MENA-region) countries and non-MENA-region countries are discussed. The greatest challenges met in the MENA region are identified, with particular focus on Egypt and its rising software development industry.

Keywords: software quality, software process improvement, software development methodologies, capability maturity model integration

Procedia PDF Downloads 317

Authors: Arenca Trashani

Abstract:

20 years after its first entrance in a General Assembly of the United Nation’s Resolution, human security has became a very important tool in a global debate affecting directly the whole main rules and regulations in international law and more closely in international human rights law. This paper will cover a very important issue of today at how the human security has its impact to the development of international human rights law, not as far as a challenge as it is seen up now but a tool of moving toward development and globalization. In order to analyze the impact of human security to the global agenda, we need to look to the main pillars of the international legal order which are affected by the human security in itself and its application in the policy making for this international legal order global and regional ones. This paper will focus, also, on human security, as a new and very important tool of measuring development, stability and the level of democratic consolidation and the respect for human rights especially in developing countries such as Albania. The states are no longer capable to monopolize the use of human security just within their boundaries and separated from the other principles of a functioning democracy. In this context, human security would be best guaranteed under the respect of the rule of law and democratization. During the last two decades the concept security has broadly developed, from a state-centric to a more human-centric approach: from state security to respect for human rights, to economic security, to environmental security as well. Last but not least we would see that human rights could be affected by human security not just at their promotion but also at their enforcement and mainly at the international institutions, which are entitled to promote and to protect human rights.

Keywords: human security, international human rights law, development, Albania, international law

Procedia PDF Downloads 721

Authors: Raúl González Muñoz, Essam Shehab, Martin Weinitzke, Chris Fowler, Paul Baguley

Abstract:

Software applications have become crucial for the aerospace industry, providing a wide range of functionalities and capabilities. However, due to the considerable time difference between aircraft and software life cycles, obsolescence has turned into a major challenge for industry in last decades. This paper aims to provide a view on the different causes of software obsolescence within aerospace industry, as well as a perception on the importance of each of them. The key research question addressed is what drives software obsolescence in the aerospace industry, managing large software application portfolios. This question has been addressed by conducting firstly an in depth review of current literature and secondly by arranging an industry workshop with professionals from aerospace and consulting companies. The result is a set of drivers of software obsolescence, distributed among three different environments and several domains. By incorporating monitoring methodologies to assess those software obsolescence drivers, benefits in maintenance efforts and operations disruption avoidance are expected.

Keywords: aerospace industry, obsolescence drivers, software lifecycle, software obsolescence

Procedia PDF Downloads 377

Authors: S. M. Tavakoli Sani, M. Sabbet Moghadam, Y. Khorram Farhadi, Iraj Rezayi Nejad

Abstract:

The concept of national security in Iran is a permanently effective factor in acceptance or rejection of many international obligations. These obligations had been defined according to the type of legislation of Iran in many aspects. Therefore, there are several treaties at international level which requires Iran’s security to come in contact with obligations in these treaties in a way that an obstacle to join to them and their passage in parliament. This issue is a typical category which every country pays attention to be accepted in treaties or to include their national security in that treaties and also they can see the related treaties from this perspective, but this issue that 'what is the concept of Iran’s national security', and 'To what extent it is changed in recent years, especially after Islamic Revolution' are important issues that can be criticized. Thus, this study is trying to assess singed treaties from the perspective of Iran’s national security according of the true meaning of treaty and to investigate how the international treaties may be in conflict with Iran’s national security.

Keywords: treaties, national security, Iran, Islamic Revolution

Procedia PDF Downloads 439

Authors: Surafel Demissie, Frank Keenan, Fergal McCaffery

Abstract:

Emerging medical devices are highly relying on embedded software that runs on the specific platform in real time. The development of embedded software is different from ordinary software development due to the hardware-software dependency. MDevSPICE^® has been developed to provide guidance to support such development. To increase the flexibility of this framework agile practices have been introduced. This paper outlines the challenges for embedded medical device software development and the structure of MDevSPICE^® and suggests a suitable combination of agile practices that will help to add flexibility and address corresponding challenges of embedded medical device software development.

Keywords: agile practices, challenges, embedded software, MDevSPICE®, medical device

Procedia PDF Downloads 237

Authors: Nur Imroatun Sholihat, Gresika Bunga Sylvana

Abstract:

Currently, cyber attack became an incredibly serious problem due to its increasing trend all over the world. Therefore, information security becomes prominent for every organization including public sector organization. In Indonesia, unfortunately, Ministry of Finance (MoF) is the only public sector organization that has already formally established procedure to assess its information security adequacy by performing information security audits (November 2017). We assess the implementation of information security audits in the MoF using qualitative data obtained by interviewing IT auditors and by analysis of related documents. For this reason, information security audit practice in the MoF could become the acceptable benchmark for all other public sector organizations in Indonesia. This study is important because, to the best of the author’s knowledge, our research into information security audits practice in Indonesia’s public sector have not been found yet. Results showed that information security audits performed mostly by doing pentest (penetration testing) to MoF’s critical applications.

Keywords: information security audit, information technology, Ministry of Finance of Indonesia, public sector organization

Procedia PDF Downloads 197

Authors: Tamil Chelvi Vadivelu, Nurazean Maarop, Rasimah Che Yusoff, Farhana Aini Saludin

Abstract:

Implementing a remote healthcare system needs to consider many security features. Therefore, before any deployment of the remote healthcare system, a feasibility study from the security perspective is crucial. Remote healthcare system using WBAN technology has been used in other countries for medical purposes but in Malaysia, such projects are still not yet implemented. This study was conducted qualitatively. The interview results involving five healthcare practitioners are further elaborated. The study has addressed four important security features in order to incorporate remote healthcare system using WBAN in Malaysian government hospitals.

Keywords: remote healthcare, IT security, security features, wireless sensor application

Procedia PDF Downloads 272

Authors: Ekrem Aksoy, Nihat Adar, Selçuk Canbek

Abstract:

Ambient Computing or Ambient Intelligence (AmI) is emerging area in computer science aiming to create intelligently connected environments and Internet of Things. In this paper, we propose communication middleware architecture for AmI. This middleware architecture addresses problems of communication, networking, and abstraction of applications, although there are other aspects (e.g. HCI and Security) within general AmI framework. Within this middleware architecture, any application developer might address HCI and Security issues with extensibility features of this platform.

Keywords: AmI, ambient computing, middleware, distributed-systems, software-defined networking

Procedia PDF Downloads 242

Authors: Sujit K. Basak

Abstract:

This paper presents a comparison of reference management software between RefWorks and Zotero. The results were drawn by comparing two software and the novelty of this paper is the comparative analysis of software and it has shown that ReftWorks can import more information from the Google Scholar for the researchers. This finding could help to know researchers to use the reference management software.

Keywords: analysis, comparative analysis, reference management software, researchers

Procedia PDF Downloads 496

Authors: J. Liebenberg, M. Huisman, E. Mentz

Abstract:

It is widely acknowledged that there is a shortage of software developers, not only in South Africa, but also worldwide. Despite reports on a gap between industry needs and software education, the gap has mostly been explored in quantitative studies. This paper reports on the qualitative data of a mixed method study of the perceptions of professional software developers regarding what topics they learned from their formal education and the importance of these topics to their actual work. The analysis suggests that there is a gap between industry’s needs and software development education and the following recommendations are made: 1) Real-life projects must be included in students’ education; 2) Soft skills and business skills must be included in curricula; 3) Universities must keep the curriculum up to date; 4) Software development education must be made accessible to a diverse range of students.

Keywords: software development education, software industry, IT workforce, computing curricula

Procedia PDF Downloads 435

Authors: Vishnu Pratap Singh Kirar

Abstract:

Wireless sensor network (WSN) is a network of many interconnected networked systems, they equipped with energy resources and they are used to detect other physical characteristics. On WSN, there are many researches are performed in past decades. WSN applicable in many security systems govern by military and in many civilian related applications. Thus, the security of WSN gets attention of researchers and gives an opportunity for many future aspects. Still, there are many other issues are related to deployment and overall coverage, scalability, size, energy efficiency, quality of service (QoS), computational power and many more. In this paper we discus about various applications and security related issue and requirements of WSN.

Keywords: wireless sensor network (WSN), wireless network attacks, wireless network security, security requirements

Procedia PDF Downloads 454

Authors: Luna Shamieh

Abstract:

Various players are part of the game in an asymmetric war, all making efforts to provide human security to their own adherents. Although a fragile state is not able to provide sufficient and comprehensive services, it still provides special services and security to the elite; the insurgents as well provide services and security to their associates. The humanitarian organisations, on the other hand, provide some fundamental elements of human security, but only in the regions, they are able to access when possible (if possible). The counterinsurgents (security forces of the state and intervention forces) operate within a narrow band defined by the vision of the responsibility to protect and the perspective of the resolution of the conflict through combat; hence, the possibility to provide human security is shaken at this end. This article examines how each player provides human security from the perspective of freedom from want in order to secure basic and strategic needs, freedom from fear through providing protection against all kinds of violence, and the freedom to live in dignity. It identifies a vicious cycle caused by the intervention of the different players causing a centrifugal force that may lead to disintegration of the nation under war.

Keywords: asymmetric war, counterinsurgency, fragile state, human security, insurgency

Procedia PDF Downloads 309

Authors: Irfan Mohiuddin, Ahmad Al Mogren

Abstract:

In recent years, cloud computing has earned substantial attention in the Oil and Gas Industry and provides services in all the phases of the industry lifecycle. Oil and gas supply infrastructure, in particular, is more vulnerable to accidental, natural and intentional threats because of its widespread distribution. Numerous surveys have been conducted on cloud security and privacy. However, to the best of our knowledge, hardly any survey is carried out that reviews cyber security in all phases with a cloud computing perspective. Moreover, a distinctive classification is performed for all the cloud-based cyber security measures based on the cloud component in use. The classification approach will enable researchers to identify the required technique used to enhance the security in specific cloud components. Also, the limitation of each component will allow the researchers to design optimal algorithms. Lastly, future directions are given to point out the imminent challenges that can pave the way for researchers to further enhance the resilience to cyber security threats in the oil and gas industry.

Keywords: cyber security, cloud computing, safety and security, oil and gas industry, security threats, oil and gas pipelines

Procedia PDF Downloads 115

Authors: Nada Mouchfiq, Ahmed Habbani, Chaimae Benjbara

Abstract:

The security aspect of the IoT occupies a place of great importance especially after the evolution that has known this field lastly because it must take into account the transformations and the new applications .Blockchain is a new technology dedicated to the data sharing. However, this does not work the same way in the different systems with different operating principles. This article will discuss network security using the Blockchain to facilitate the sending of messages and information, enabling the use of new processes and enabling autonomous coordination of devices. To do this, we will discuss proposed solutions to ensure a high level of security in these networks in the work of other researchers. Finally, our article will propose a method of security more adapted to our needs as a team working in the ad hoc networks, this method is based on the principle of the Blockchain and that we named ”MPR Blockchain”.

Keywords: Ad hocs networks, blockchain, MPR, security

Procedia PDF Downloads 147