172 research outputs found

    Risk in the Age of Software Security

    Get PDF
    For general applications, it is way too costly to aim for 100 % secure software; for complex systems it may even be impossible. To achieve effective software security at reasonable cost, it is thus necessary to identify which parts of the software are more critical regarding security, and determine which activities will be most efficient and effective in securing the software product.publishedVersio

    A Checklist for Supply Chain Security for Critical Infrastructure Operators

    Get PDF
    Critical infrastructure applications do not emerge fully formed, but generally rely on components and services from third-party vendors. This paper presents a brief survey on good practice for security requirements to be put on vendors delivering products and services to power distribution system operators and other critical infrastructure operators.acceptedVersio

    Putting the "Account" into Cloud Accountability

    Get PDF
    Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. On the other hand, some users might understand the risk, and yet have inadequate means to address it. In order to make the Cloud a viable alternative for all, accountability of the service providers is key, and with the advent of the EU General Data Protection Regulation (GDPR), ignoring accountability is something providers in the EU market will do at their peril. To be able to hold cloud service providers accountable for how they manage personal, sensitive and confidential information, there is a need for mechanisms that can mitigate risk, identify emerging risks, monitor policy violations, manage any incidents, and provide redress. We believe that being able to offer accountability as part of the service provision will represent a competitive edge for service providers catering to discerning cloud customers, also outside the GDPR sphere of influence. This paper will outline the fundamentals of accountability, and provide more details on what the actual "account'' is all about.publishedVersio

    A method for threat modelling of industrial control systems

    Get PDF
    In this paper, we propose a new method for threat modelling of industrial control systems (ICS). The method is designed to be flexible and easy to use. Model elements inspired by IEC 62443 and Data Flow Diagrams (DFD) are used to create a model of the ICS under consideration. Starting from this model, threats are identified by investigating how the confidentiality, integrity and availability of different functions in the ICS can be attacked. Finally, threats are prioritised and mitigations are proposed for those threats that are not accepted by the ICS owner. We briefly illustrate the use of the method on a simplified and fictitious power grid secondary substation case.acceptedVersio

    Exploring the need for a CERT for the Norwegian Construction Sector

    Get PDF
    This paper presents an empirical study on the need for sector-specific CERT capacity in the Norwegian construction sector. Findings from the interviews demonstrate a need for developing competence in ICT security in this sector. The actors express a desire for a forum for sharing information and learning from other actors within the industry. In our estimation, there is insufficient support in the industry to create a “full-blown” CERT/CSIRT. However, it seems that all the interviewees are positive about the idea of creating an ISAC-like forum.acceptedVersio

    Five Things You Should Not Use Blockchain For

    Get PDF
    The Bitcoin fever notwithstanding, the underlying blockchain technology cannot solve all data exchange and product needs, as some seem to believe. This paper provides examples of problems that we believe are poorly suited to a blockchain solution.acceptedVersio

    A Survey on Infrastructure-as-Code Solutions for Cloud Development

    Get PDF
    Cloud software is increasingly written according to the DevOps paradigm, where use of virtualization and Infrastructure-as-Code is prevalent. This paper surveys the state of the art of IaC cloud development, and proposes a combination of Cloud-Native software to build an on-premise PaaS for a Security Lab.acceptedVersio

    Automating Security in a Continuous Integration Pipeline

    Get PDF
    Traditional approaches to software security are based on manual methods, which tend to stall development, leading to inefficiency. To speed up a software development lifecycle, security needs to be integrated and automated into the development process. This paper will identify solutions for automating the security phase into a continuous software delivery process, integrating security tools into a Github repository by using Github Actions to create automated vulnerability scanning workflows for a software project.acceptedVersio

    GENERATOR DENAH MEJA UJIAN DENGAN IMPLEMENTASI ALGORITMA BACKTRACKING

    Get PDF
    Beberapa penelitian mengidentifikasikan bahwa teknik menyontek yang paling umum digunakan adalah bertukar jawaban dengan peserta didik yang berada pada posisi terdekat atau melihat jawaban tanpa sepengetahuan orang yang bersangkutan. (Davis, et al, 1998). Pada penelitian ini dibangun sebuah sistem generator denah meja ujian agar setiap meja ujian memiliki kode soal yang berbeda dari meja tetangganya baik secara vertikal, horizontal dan diagonal dengan mengimplementasikan algoritma backtracking. Pengujian kemudian dilakukan pada matriks dengan berbagai dimensi dimulai dari jumlah kode soal 1 hingga 9. Dari hasil pengujian disimpulkan bahwa untuk kode soal < 4, persoalan dinyatakan tidak akan memiliki solusi kecuali jumlah baris atau kolom pada matriks juga < 4. Untuk jumlah kode soal ≥ 4, persoalan pastilah memiliki solusi berapapun dimensi matriksnya. Kata Kunci: menyontek, algoritma backtracking, generator denah meja ujian, matriks, pembagian kode soal ujian. Some research have identified that the most commonly cheating technique used while exam are exchanging the exam answers with other classmates who sit at the closest range then copying their answer sheet without being noticed (Davis, et al, 1998). In this paper, exam class generator was built by implementing backtracking algorithm in order to arrange exam sheets, so each cell has different code with the cell around. The testing of system then performed on some matrix variety which have sum of exams code within 1 to 9. The results shows, for sum of code < 4, each case will never has any solution unless row or column of the matrix is also < 4. And for sum of code ≥ 4, every case will have solution regardless of the matrix dimension. Keyword: cheat in exam, backtracking algorithm, exam class generator, matrix, distribution of exams sheets
    corecore