143,792 research outputs found
A Framework for Analyzing Composition of Security Aspects
The methodology of aspect-oriented software engineering has
been proposed to factor out concerns that are orthogonal to the core
functionality of a system. In particular, this is a useful approach to handling
the difficulties of integrating non-functional requirements such as
security into complex software systems. Doing so correctly and securely,
however, still remains a non-trivial task. For example, one has to make
sure that the "weaving" process actually enforces the aspects needed.
This is highly non-obvious especially in the case of security, since different
security aspects may actually contradict each other, in which case
they cannot be woven in a sequential way without destroying each other.
To address these problems, this paper introduces a framework for the
aspect-oriented development of secure software using composition filters
at the model level. Using an underlying foundation based on streamprocessing
functions, we explore under which conditions security properties
are preserved when composed as filters. Thanks to this foundation
we may also rely on model level verification tools and on code and model
weaving to remedy security failures. Our approach is explained using as
case-studies a web banking application developed by a major German
bank and a webstore design
Considering Human Aspects on Strategies for Designing and Managing Distributed Human Computation
A human computation system can be viewed as a distributed system in which the
processors are humans, called workers. Such systems harness the cognitive power
of a group of workers connected to the Internet to execute relatively simple
tasks, whose solutions, once grouped, solve a problem that systems equipped
with only machines could not solve satisfactorily. Examples of such systems are
Amazon Mechanical Turk and the Zooniverse platform. A human computation
application comprises a group of tasks, each of them can be performed by one
worker. Tasks might have dependencies among each other. In this study, we
propose a theoretical framework to analyze such type of application from a
distributed systems point of view. Our framework is established on three
dimensions that represent different perspectives in which human computation
applications can be approached: quality-of-service requirements, design and
management strategies, and human aspects. By using this framework, we review
human computation in the perspective of programmers seeking to improve the
design of human computation applications and managers seeking to increase the
effectiveness of human computation infrastructures in running such
applications. In doing so, besides integrating and organizing what has been
done in this direction, we also put into perspective the fact that the human
aspects of the workers in such systems introduce new challenges in terms of,
for example, task assignment, dependency management, and fault prevention and
tolerance. We discuss how they are related to distributed systems and other
areas of knowledge.Comment: 3 figures, 1 tabl
Portunes: analyzing multi-domain insider threats
The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties
Competences of IT Architects
The field of architecture in the digital world uses a plethora of terms to refer to different kinds of architects, and recognises a confusing variety of competences that these architects are required to have. Different service providers use different terms for similar architects and even if they use the same term, they may mean something different. This makes it hard for customers to know what competences an architect can be expected to have.\ud
\ud
This book combines competence profiles of the NGI Platform for IT Professionals, The Open Group Architecture Framework (TOGAF), as well as a number of Dutch IT service providers in a comprehensive framework. Using this framework, the book shows that notwithstanding a large variety in terminology, there is convergence towards a common set of competence profiles. In other words, when looking beyond terminological differences by using the framework, one sees that organizations recognize similar types of architects, and that similar architects in different organisations have similar competence profiles. The framework presented in this book thus provides an instrument to position architecture services as offered by IT service providers and as used by their customers.\ud
\ud
The framework and the competence profiles presented in this book are the main results of the special interest group “Professionalisation” of the Netherlands Architecture Forum for the Digital World (NAF). Members of this group, as well as students of the universities of Twente and Nijmegen have contributed to the research on which this book is based
Markov modeling of moving target defense games
We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multi-level composition of MTD strategies can be analyzed by a straightforward combination of the analysis for each one of these strategies. Within the proposed framework we define the concept of security capacity which measures the strength or effectiveness of an MTD strategy: the security capacity depends on MTD specific parameters and more general system parameters. We apply our framework to two concrete MTD strategies
- …