Search results for: software security attributes
8238 Influence of Security Attributes in Component-Based Software Development
Authors: Somayeh Zeinali
Abstract:
A component is generally defined as a piece of executable software with a published interface. Component-based software engineering (CBSE) has become recognized as a new sub-discipline of software engineering. In the component-based software development, components cannot be completely secure and thus easily become vulnerable. Some researchers have investigated this issue and proposed approaches to detect component intrusions or protect distributed components. Software security also refers to the process of creating software that is considered secure.The terms “dependability”, “trustworthiness”, and “survivability” are used interchangeably to describe the properties of software security.Keywords: component-based software development, component-based software engineering , software security attributes, dependability, component
Procedia PDF Downloads 5598237 Software Quality Assurance in Component Based Software Development – a Survey Analysis
Authors: Abeer Toheed Quadri, Maria Abubakar, Mehreen Sirshar
Abstract:
Component Based Software Development (CBSD) is a new trend in software development. Selection of quality components is not enough to ensure software quality in Component Based Software System (CBSS). A software product is considered to be a quality product if it satisfies its customer’s needs and has minimum defects. Authors’ survey different research papers and analyzes various techniques which ensure software quality in component based software development. This paper includes an investigation about how to improve the quality of a component based software system without effecting quality attributes. The reported information is identified from literature survey. The developments of component based systems are rising as they reduce the development time, effort and cost by means of reuse. After analysis, it has been explored that in order to achieve the quality in a CBSS we need to have the components that are certified through software measure because the predictability of software quality attributes of system depend on the quality attributes of the constituent components, integration process and the framework used.Keywords: CBSD (component based software development), CBSS (component based software system), quality components, SQA (software quality assurance)
Procedia PDF Downloads 4138236 Software Architecture Optimization Using Swarm Intelligence Techniques
Authors: Arslan Ellahi, Syed Amjad Hussain, Fawaz Saleem Bokhari
Abstract:
Optimization of software architecture can be done with respect to a quality attributes (QA). In this paper, there is an analysis of multiple research papers from different dimensions that have been used to classify those attributes. We have proposed a technique of swarm intelligence Meta heuristic ant colony optimization algorithm as a contribution to solve this critical optimization problem of software architecture. We have ranked quality attributes and run our algorithm on every QA, and then we will rank those on the basis of accuracy. At the end, we have selected the most accurate quality attributes. Ant colony algorithm is an effective algorithm and will perform best in optimizing the QA’s and ranking them.Keywords: complexity, rapid evolution, swarm intelligence, dimensions
Procedia PDF Downloads 2618235 Improving Security by Using Secure Servers Communicating via Internet with Standalone Secure Software
Authors: Carlos Gonzalez
Abstract:
This paper describes the use of the Internet as a feature to enhance the security of our software that is going to be distributed/sold to users potentially all over the world. By placing in a secure server some of the features of the secure software, we increase the security of such software. The communication between the protected software and the secure server is done by a double lock algorithm. This paper also includes an analysis of intruders and describes possible responses to detect threats.Keywords: internet, secure software, threats, cryptography process
Procedia PDF Downloads 3338234 A Proposal for Systematic Mapping Study of Software Security Testing, Verification and Validation
Authors: Adriano Bessa Albuquerque, Francisco Jose Barreto Nunes
Abstract:
Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study.Keywords: software test, software security verification validation and test, security test institutionalization, systematic mapping study
Procedia PDF Downloads 4098233 A Systematic Literature Review on Security and Privacy Design Patterns
Authors: Ebtehal Aljedaani, Maha Aljohani
Abstract:
Privacy and security patterns are both important for developing software that protects users' data and privacy. Privacy patterns are designed to address common privacy problems, such as unauthorized data collection and disclosure. Security patterns are designed to protect software from attack and ensure reliability and trustworthiness. Using privacy and security patterns, software engineers can implement security and privacy by design principles, which means that security and privacy are considered throughout the software development process. These patterns are available to translate "security & privacy-by-design" into practical advice for software engineering. Previous research on privacy and security patterns has typically focused on one category of patterns at a time. This paper aims to bridge this gap by merging the two categories and identifying their similarities and differences. To do this, the authors conducted a systematic literature review of 25 research papers on privacy and security patterns. The papers were analysed based on the category of the pattern, the classification of the pattern, and the security requirements that the pattern addresses. This paper presents the results of a comprehensive review of privacy and security design patterns. The review is intended to help future IT designers understand the relationship between the two types of patterns and how to use them to design secure and privacy-preserving software. The paper provides a clear classification of privacy and security design patterns, along with examples of each type. The authors found that there is only one widely accepted classification of privacy design patterns, while there are several competing classifications of security design patterns. Three types of security design patterns were found to be the most commonly used.Keywords: design patterns, security, privacy, classification of patterns, security patterns, privacy patterns
Procedia PDF Downloads 1328232 Applications for Accounting of Inherited Object-Oriented Class Members
Authors: Jehad Al Dallal
Abstract:
A class in an Object-Oriented (OO) system is the basic unit of design, and it encapsulates a set of attributes and methods. In OO systems, instead of redefining the attributes and methods that are included in other classes, a class can inherit these attributes and methods and only implement its unique attributes and methods, which results in reducing code redundancy and improving code testability and maintainability. Such mechanism is called Class Inheritance. However, some software engineering applications may require accounting for all the inherited class members (i.e., attributes and methods). This paper explains how to account for inherited class members and discusses the software engineering applications that require such consideration.Keywords: class flattening, external quality attribute, inheritance, internal quality attribute, object-oriented design
Procedia PDF Downloads 2728231 Extending the AOP Joinpoint Model for Memory and Type Safety
Authors: Amjad Nusayr
Abstract:
Software security is a general term used to any type of software architecture or model in which security aspects are incorporated in this architecture. These aspects are not part of the main logic of the underlying program. Software security can be achieved using a combination of approaches, including but not limited to secure software designs, third part component validation, and secure coding practices. Memory safety is one feature in software security where we ensure that any object in memory has a valid pointer or a reference with a valid type. Aspect-Oriented Programming (AOP) is a paradigm that is concerned with capturing the cross-cutting concerns in code development. AOP is generally used for common cross-cutting concerns like logging and DB transaction managing. In this paper, we introduce the concepts that enable AOP to be used for the purpose of memory and type safety. We also present ideas for extending AOP in software security practices.Keywords: aspect oriented programming, programming languages, software security, memory and type safety
Procedia PDF Downloads 1278230 Importance of Hardware Systems and Circuits in Secure Software Development Life Cycle
Authors: Mir Shahriar Emami
Abstract:
Although it is fully impossible to ensure that a software system is quite secure, developing an acceptable secure software system in a convenient platform is not unreachable. In this paper, we attempt to analyze software development life cycle (SDLC) models from the hardware systems and circuits point of view. To date, the SDLC models pay merely attention to the software security from the software perspectives. In this paper, we present new features for SDLC stages to emphasize the role of systems and circuits in developing secure software system through the software development stages, the point that has not been considered previously in the SDLC models.Keywords: SDLC, SSDLC, software security, software process engineering, hardware systems and circuits security
Procedia PDF Downloads 2618229 Multi-Dimension Threat Situation Assessment Based on Network Security Attributes
Authors: Yang Yu, Jian Wang, Jiqiang Liu, Lei Han, Xudong He, Shaohua Lv
Abstract:
As the increasing network attacks become more and more complex, network situation assessment based on log analysis cannot meet the requirements to ensure network security because of the low quality of logs and alerts. This paper addresses the lack of consideration of security attributes of hosts and attacks in the network. Identity and effectiveness of Distributed Denial of Service (DDoS) are hard to be proved in risk assessment based on alerts and flow matching. This paper proposes a multi-dimension threat situation assessment method based on network security attributes. First, the paper offers an improved Common Vulnerability Scoring System (CVSS) calculation, which includes confident risk, integrity risk, availability risk and a weighted risk. Second, the paper introduces deterioration rate of properties collected by sensors in hosts and network, which aimed at assessing the time and level of DDoS attacks. Third, the paper introduces distribution of asset value in security attributes considering features of attacks and network, which aimed at assessing and show the whole situation. Experiments demonstrate that the approach reflects effectiveness and level of DDoS attacks, and the result can show the primary threat in network and security requirement of network. Through comparison and analysis, the method reflects more in security requirement and security risk situation than traditional methods based on alert and flow analyzing.Keywords: DDoS evaluation, improved CVSS, network security attribute, threat situation assessment
Procedia PDF Downloads 2098228 Simple Ways to Enhance the Security of Web Services
Authors: Majid Azarniush, Soroush Mokallaei
Abstract:
Although robust security software, including anti-viruses, anti spy wares, anti-spam and firewalls, are amalgamated with new technologies such as Safe Zone, Hybrid Cloud, Sand Box etc., and it can be said that they have managed to prepare highest level of security against viruses, spy wares and other malwares in 2012, but in fact hackers' attacks to websites are increasingly becoming more and more complicated. Because of security matters and developments, it can be said that it was expected to happen so. Here in this work, we try to point out to some functional and vital notes to enhance security on the web enabling the user to browse safely in no limit web world and to use virtual space securely.Keywords: firewalls, security, web services, software
Procedia PDF Downloads 5128227 A Review on Factors Influencing Implementation of Secure Software Development Practices
Authors: Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin
Abstract:
More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.Keywords: secure software development, software development, software security, systematic literature review
Procedia PDF Downloads 3778226 A Software Engineering Methodology for Developing Secure Obfuscated Software
Authors: Carlos Gonzalez, Ernesto Linan
Abstract:
We propose a methodology to conciliate two apparently contradictory processes in the development of secure obfuscated software and good software engineered software. Our methodology consists first in the system designers defining the type of security level required for the software. There are four types of attackers: casual attackers, hackers, institution attack, and government attack. Depending on the level of threat, the methodology we propose uses five or six teams to accomplish this task. One Software Engineer Team and one or two software Obfuscation Teams, and Compiler Team, these four teams will develop and compile the secure obfuscated software, a Code Breakers Team will test the results of the previous teams to see if the software is not broken at the required security level, and an Intrusion Analysis Team will analyze the results of the Code Breakers Team and propose solutions to the development teams to prevent the detected intrusions. We also present an analytical model to prove that our methodology is no only easier to use, but generates an economical way of producing secure obfuscated software.Keywords: development methodology, obfuscated software, secure software development, software engineering
Procedia PDF Downloads 2508225 Safety-Security Co-Engineering of Control Systems
Authors: Elena A. Troubitsyna
Abstract:
Designers of modern safety-critical control systems are increasingly relying on networking to provide the systems with advanced functionality and satisfy customer’s needs. However, networking nature of modern control systems also brings new technological challenges associated with ensuring system safety in the presence of openness and hence, potential security threats. In this paper, we propose a methodology that relies on systems-theoretic analysis to enable an integrated analysis of safety and security requirements of controlling software. We demonstrate how to create a safety case – a structured argument about system safety – with explicit representation of both safety and security goals. Our approach provides the designers with a systematic approach to analysing safety and security interdependencies while designing safety-critical control systems.Keywords: controlling software, integrated analysis, security, safety-security co-engineering
Procedia PDF Downloads 4978224 Hardware Implementation on Field Programmable Gate Array of Two-Stage Algorithm for Rough Set Reduct Generation
Authors: Tomasz Grzes, Maciej Kopczynski, Jaroslaw Stepaniuk
Abstract:
The rough sets theory developed by Prof. Z. Pawlak is one of the tools that can be used in the intelligent systems for data analysis and processing. Banking, medicine, image recognition and security are among the possible fields of utilization. In all these fields, the amount of the collected data is increasing quickly, but with the increase of the data, the computation speed becomes the critical factor. Data reduction is one of the solutions to this problem. Removing the redundancy in the rough sets can be achieved with the reduct. A lot of algorithms of generating the reduct were developed, but most of them are only software implementations, therefore have many limitations. Microprocessor uses the fixed word length, consumes a lot of time for either fetching as well as processing of the instruction and data; consequently, the software based implementations are relatively slow. Hardware systems don’t have these limitations and can process the data faster than a software. Reduct is the subset of the decision attributes that provides the discernibility of the objects. For the given decision table there can be more than one reduct. Core is the set of all indispensable condition attributes. None of its elements can be removed without affecting the classification power of all condition attributes. Moreover, every reduct consists of all the attributes from the core. In this paper, the hardware implementation of the two-stage greedy algorithm to find the one reduct is presented. The decision table is used as an input. Output of the algorithm is the superreduct which is the reduct with some additional removable attributes. First stage of the algorithm is calculating the core using the discernibility matrix. Second stage is generating the superreduct by enriching the core with the most common attributes, i.e., attributes that are more frequent in the decision table. Described above algorithm has two disadvantages: i) generating the superreduct instead of reduct, ii) additional first stage may be unnecessary if the core is empty. But for the systems focused on the fast computation of the reduct the first disadvantage is not the key problem. The core calculation can be achieved with a combinational logic block, and thus add respectively little time to the whole process. Algorithm presented in this paper was implemented in Field Programmable Gate Array (FPGA) as a digital device consisting of blocks that process the data in a single step. Calculating the core is done by the comparators connected to the block called 'singleton detector', which detects if the input word contains only single 'one'. Calculating the number of occurrences of the attribute is performed in the combinational block made up of the cascade of the adders. The superreduct generation process is iterative and thus needs the sequential circuit for controlling the calculations. For the research purpose, the algorithm was also implemented in C language and run on a PC. The times of execution of the reduct calculation in a hardware and software were considered. Results show increase in the speed of data processing.Keywords: data reduction, digital systems design, field programmable gate array (FPGA), reduct, rough set
Procedia PDF Downloads 2198223 An Effective Route to Control of the Safety of Accessing and Storing Data in the Cloud-Based Data Base
Authors: Omid Khodabakhshi, Amir Rozdel
Abstract:
The subject of cloud computing security research has allocated a number of challenges and competitions because the data center is comprised of complex private information and are always faced various risks of information disclosure by hacker attacks or internal enemies. Accordingly, the security of virtual machines in the cloud computing infrastructure layer is very important. So far, there are many software solutions to develop security in virtual machines. But using software alone is not enough to solve security problems. The purpose of this article is to examine the challenges and security requirements for accessing and storing data in an insecure cloud environment. In other words, in this article, a structure is proposed for the implementation of highly isolated security-sensitive codes using secure computing hardware in virtual environments. It also allows remote code validation with inputs and outputs. We provide these security features even in situations where the BIOS, the operating system, and even the super-supervisor are infected. To achieve these goals, we will use the hardware support provided by the new Intel and AMD processors, as well as the TPM security chip. In conclusion, the use of these technologies ultimately creates a root of dynamic trust and reduces TCB to security-sensitive codes.Keywords: code, cloud computing, security, virtual machines
Procedia PDF Downloads 1918222 Visualizing Class Metrics and Object Calls for Software Systems
Authors: Mohammad Alnabhan, Awni Hammouri, Mustafa Hammad, Anas Al-Badareen, Omamah Al-Thnebat
Abstract:
Software visualization is one of the main techniques used to simplify the presentation of software systems and enhance their understandability. It is used to present the software system in a visual manner using simple, clear and meaningful symbols. This study proposes a new 2D software visualization approach. In this approach, each class is represented by rectangle, the name of the class placed above the rectangle, the size of class (Line of Code) represented by the height of the rectangle. The methods and the attributes are represented by circles and triangles respectively. The relationships among classes correspond to arrows. The proposed visualization approach was evaluated in terms of applicability and efficiency. Results have confirmed successful implementation of the proposed approach, and its ability to provide a simple and effective graphical presentation of extracted software components and properties.Keywords: software visualization, software metrics, calling relationships, 2D graphs
Procedia PDF Downloads 2048221 Analysis on Cyber Threat Actors Targeting Automated Border Security Systems
Authors: Mirko Sailio
Abstract:
Border crossing automatization reduces required human resources in handling people crossing borders. As technology replaces and augments the work done by border officers, new cyber threats arise to threaten border security. This research analyses the current cyber threat actors and their capabilities. The analysis is conducted by gathering the threat actor data from a wide range of public sources. A model for a general border automatization system is presented, and its most significant cyber-security attributes are then compared to threat actor activity and capabilities in order to predict priorities in securing such systems. Organized crime and nation-state actors present the clearest threat to border cyber-security, and additional focus is given to their motivations and activities.Keywords: border automation, cyber-security, threat actors, border cyber-security
Procedia PDF Downloads 2038220 Policy Compliance in Information Security
Authors: R. Manjula, Kaustav Bagchi, Sushant Ramesh, Anush Baskaran
Abstract:
In the past century, the emergence of information technology has had a significant positive impact on human life. While companies tend to be more involved in the completion of projects, the turn of the century has seen importance being given to investment in information security policies. These policies are essential to protect important data from adversaries, and thus following these policies has become one of the most important attributes revolving around information security models. In this research, we have focussed on the factors affecting information security policy compliance in two models : The theory of planned behaviour and the integration of the social bond theory and the involvement theory into a single model. Finally, we have given a proposal of where these theories would be successful.Keywords: information technology, information security, involvement theory, policies, social bond theory
Procedia PDF Downloads 3708219 Modeling Metrics for Monitoring Software Project Performance Based on the GQM Model
Authors: Mariayee Doraisamy, Suhaimi bin Ibrahim, Mohd Naz’ri Mahrin
Abstract:
There are several methods to monitor software projects and the objective for monitoring is to ensure that the software projects are developed and delivered successfully. A performance measurement is a method that is closely associated with monitoring and it can be scrutinized by looking at two important attributes which are efficiency and effectiveness both of which are factors that are important for the success of a software project. Consequently, a successful steering is achieved by monitoring and controlling a software project via the performance measurement criteria and metrics. Hence, this paper is aimed at identifying the performance measurement criteria and the metrics for monitoring the performance of a software project by using the Goal Question Metrics (GQM) approach. The GQM approach is utilized to ensure that the identified metrics are reliable and useful. These identified metrics are useful guidelines for project managers to monitor the performance of their software projects.Keywords: component, software project performance, goal question metrics, performance measurement criteria, metrics
Procedia PDF Downloads 3568218 Towards Security in Virtualization of SDN
Authors: Wanqing You, Kai Qian, Xi He, Ying Qian
Abstract:
In this paper, the potential security issues brought by the virtualization of a Software Defined Networks (SDN) would be analyzed. The virtualization of SDN is achieved by FlowVisor (FV). With FV, a physical network is divided into multiple isolated logical networks while the underlying resources are still shared by different slices (isolated logical networks). However, along with the benefits brought by network virtualization, it also presents some issues regarding security. By examining security issues existing in an OpenFlow network, which uses FlowVisor to slice it into multiple virtual networks, we hope we can get some significant results and also can get further discussions among the security of SDN virtualization.Keywords: SDN, network, virtualization, security
Procedia PDF Downloads 4288217 Software-Defined Networking: A New Approach to Fifth Generation Networks: Security Issues and Challenges Ahead
Authors: Behrooz Daneshmand
Abstract:
Software Defined Networking (SDN) is designed to meet the future needs of 5G mobile networks. The SDN architecture offers a new solution that involves separating the control plane from the data plane, which is usually paired together. Network functions traditionally performed on specific hardware can now be abstracted and virtualized on any device, and a centralized software-based administration approach is based on a central controller, facilitating the development of modern applications and services. These plan standards clear the way for a more adaptable, speedier, and more energetic network beneath computer program control compared with a conventional network. We accept SDN gives modern inquire about openings to security, and it can significantly affect network security research in numerous diverse ways. Subsequently, the SDN architecture engages systems to effectively screen activity and analyze threats to facilitate security approach modification and security benefit insertion. The segregation of the data planes and control and, be that as it may, opens security challenges, such as man-in-the-middle attacks (MIMA), denial of service (DoS) attacks, and immersion attacks. In this paper, we analyze security threats to each layer of SDN - application layer - southbound interfaces/northbound interfaces - controller layer and data layer. From a security point of see, the components that make up the SDN architecture have a few vulnerabilities, which may be abused by aggressors to perform noxious activities and hence influence the network and its administrations. Software-defined network assaults are shockingly a reality these days. In a nutshell, this paper highlights architectural weaknesses and develops attack vectors at each layer, which leads to conclusions about further progress in identifying the consequences of attacks and proposing mitigation strategies.Keywords: software-defined networking, security, SDN, 5G/IMT-2020
Procedia PDF Downloads 998216 Automated Detection of Related Software Changes by Probabilistic Neural Networks Model
Authors: Yuan Huang, Xiangping Chen, Xiaonan Luo
Abstract:
Current software are continuously updating. The change between two versions usually involves multiple program entities (e.g., packages, classes, methods, attributes) with multiple purposes (e.g., changed requirements, bug fixing). It is hard for developers to understand which changes are made for the same purpose. Whether two changes are related is not decided by the relationship between this two entities in the program. In this paper, we summarized 4 coupling rules(16 instances) and 4 state-combination types at the class, method and attribute levels for software change. Related Change Vector (RCV) are defined based on coupling rules and state-combination types, and applied to classify related software changes by using Probabilistic Neural Network during a software updating.Keywords: PNN, related change, state-combination, logical coupling, software entity
Procedia PDF Downloads 4378215 Enhancing Code Security with AI-Powered Vulnerability Detection
Authors: Zzibu Mark Brian
Abstract:
As software systems become increasingly complex, ensuring code security is a growing concern. Traditional vulnerability detection methods often rely on manual code reviews or static analysis tools, which can be time-consuming and prone to errors. This paper presents a distinct approach to enhancing code security by leveraging artificial intelligence (AI) and machine learning (ML) techniques. Our proposed system utilizes a combination of natural language processing (NLP) and deep learning algorithms to identify and classify vulnerabilities in real-world codebases. By analyzing vast amounts of open-source code data, our AI-powered tool learns to recognize patterns and anomalies indicative of security weaknesses. We evaluated our system on a dataset of over 10,000 open-source projects, achieving an accuracy rate of 92% in detecting known vulnerabilities. Furthermore, our tool identified previously unknown vulnerabilities in popular libraries and frameworks, demonstrating its potential for improving software security.Keywords: AI, machine language, cord security, machine leaning
Procedia PDF Downloads 368214 Four Phase Methodology for Developing Secure Software
Authors: Carlos Gonzalez-Flores, Ernesto Liñan-García
Abstract:
A simple and robust approach for developing secure software. A Four Phase methodology consists in developing the non-secure software in phase one, and for the next three phases, one phase for each of the secure developing types (i.e. self-protected software, secure code transformation, and the secure shield). Our methodology requires first the determination and understanding of the type of security level needed for the software. The methodology proposes the use of several teams to accomplish this task. One Software Engineering Developing Team, a Compiler Team, a Specification and Requirements Testing Team, and for each of the secure software developing types: three teams of Secure Software Developing, three teams of Code Breakers, and three teams of Intrusion Analysis. These teams will interact among each other and make decisions to provide a secure software code protected against a required level of intruder.Keywords: secure software, four phases methodology, software engineering, code breakers, intrusion analysis
Procedia PDF Downloads 3998213 Smart Security Concept in the East Mediterranean: Anti Asymmetrical Area Denial (A3D)
Authors: Serkan Tezgel
Abstract:
The two qualities of the sea, as a medium of transportation and as a resource, necessitate maritime security for economic stability and good order at sea. The borderless nature of the sea makes it one of the best platforms to contribute to regional peace and international order. For this reason, the establishment of maritime security in East Mediterranean will enhance the security-peace-democracy triangle in the region. This paper proposes the application of the Smart Security Concept in the East Mediterranean. Smart Security aims to secure critical infrastructure, such as hydrocarbon platforms, against asymmetrical threats. The concept is based on Anti Asymmetrical Area Denial (A3D) which necessitates limiting freedom of action of maritime terrorists and piracy by founding safe and secure maritime areas through sea lines of communication using short range capabilities. Smart Security is a regional maritime cooperation concept for the narrow seas. Cooperation and interoperability are essential attributes of this regional security concept. Therefore, multinational excellence centers such as Multinational Maritime Security Center of Excellence-Aksaz in Turkey, which will determine necessary capabilities and plan/coordinate workshops, training and exercises, are bound to be the principal characteristic of Smart Security concept and similar regional concepts. Smart Security, a crucial enabler of energy and regional security, can provide an enduring approach for operating in the challenging environment of narrow seas and for countering asymmetrical threats.Keywords: security, cooperation, asymmetrical, area denial
Procedia PDF Downloads 8038212 Software Quality Assurance in Network Security using Cryptographic Techniques
Authors: Sidra Shabbir, Ayesha Manzoor, Mehreen Sirshar
Abstract:
The use of the network communication has imposed serious threats to the security of assets over the network. Network security is getting more prone to active and passive attacks which may result in serious consequences to data integrity, confidentiality and availability. Various cryptographic techniques have been proposed in the past few years to combat with the concerned problem by ensuring quality but in order to have a fully secured network; a framework of new cryptosystem was needed. This paper discusses certain cryptographic techniques which have shown far better improvement in the network security with enhanced quality assurance. The scope of this research paper is to cover the security pitfalls in the current systems and their possible solutions based on the new cryptosystems. The development of new cryptosystem framework has paved a new way to the widespread network communications with enhanced quality in network security.Keywords: cryptography, network security, encryption, decryption, integrity, confidentiality, security algorithms, elliptic curve cryptography
Procedia PDF Downloads 7338211 Detecting Heartbeat Architectural Tactic in Source Code Using Program Analysis
Authors: Ananta Kumar Das, Sujit Kumar Chakrabarti
Abstract:
Architectural tactics such as heartbeat, ping-echo, encapsulate, encrypt data are techniques that are used to achieve quality attributes of a system. Detecting architectural tactics has several benefits: it can aid system comprehension (e.g., legacy systems) and in the estimation of quality attributes such as safety, security, maintainability, etc. Architectural tactics are typically spread over the source code and are implicit. For large codebases, manual detection is often not feasible. Therefore, there is a need for automated methods of detection of architectural tactics. This paper presents a formalization of the heartbeat architectural tactic and a program analytic approach to detect this tactic in source code. The experiment of the proposed method is done on a set of Java applications. The outcome of the experiment strongly suggests that the method compares well with a manual approach in terms of its sensitivity and specificity, and far supersedes a manual exercise in terms of its scalability.Keywords: software architecture, architectural tactics, detecting architectural tactics, program analysis, AST, alias analysis
Procedia PDF Downloads 1608210 Programming Systems in Implementation of Process Safety at Chemical Process Industry
Authors: Maryam Shayan
Abstract:
Programming frameworks have been utilized as a part of chemical industry process safety operation and configuration to enhance its effectiveness. This paper gives a brief survey and investigation of the best in class and effects of programming frameworks in process security. A study was completed by talking staff accountable for procedure wellbeing practices in the Iranian chemical process industry and diving into writing of innovation for procedure security. This article investigates the useful and operational attributes of programming frameworks for security and endeavors to sort the product as indicated by its level of effect in the administration chain of importance. The study adds to better comprehension of the parts of Information Communication Technology in procedure security, the future patterns and conceivable gaps for innovative work.Keywords: programming frameworks, chemical industry process, process security, administration chain, information communication technology
Procedia PDF Downloads 3728209 Security in Cyberspace: A Comprehensive Review of COVID-19 Continued Effects on Security Threats and Solutions in 2021 and the Trajectory of Cybersecurity Going into 2022
Authors: Mojtaba Fayaz, Richard Hallal
Abstract:
This study examines the various types of dangers that our virtual environment is vulnerable to, including how it can be attacked and how to avoid/secure our data. The terrain of cyberspace is never completely safe, and Covid- 19 has added to the confusion, necessitating daily periodic checks and evaluations. Cybercriminals have been able to enact with greater skill and undertake more conspicuous and sophisticated attacks while keeping a higher level of finesse by operating from home. Different types of cyberattacks, such as operation-based attacks, authentication-based attacks, and software-based attacks, are constantly evolving, but research suggests that software-based threats, such as Ransomware, are becoming more popular, with attacks expected to increase by 93 percent by 2020. The effectiveness of cyber frameworks has shifted dramatically as the pandemic has forced work and private life to become intertwined, destabilising security overall and creating a new front of cyber protection for security analysis and personal. The high-rise formats in which cybercrimes are carried out, as well as the types of cybercrimes that exist, such as phishing, identity theft, malware, and DDoS attacks, have created a new front of cyber protection for security analysis and personal safety. The overall strategy for 2022 will be the introduction of frameworks that address many of the issues associated with offsite working, as well as education that provides better information about commercialised software that does not provide the highest level of security for home users, allowing businesses to plan better security around their systems.Keywords: cyber security, authentication, software, hardware, malware, COVID-19, threat actors, awareness, home users, confidentiality, integrity, availability, attacks
Procedia PDF Downloads 116