Security Management System for 4G Heterogeneous Networks

There is constant demand for the development of mobile networks to meet the service requirements of users, and their development is a significant topic of research. The current fourth generation (4G) of mobile networks are expected to provide high speed connections anywhere at any time. Various existing 4G architectures such as LTE and WiMax support only wireless technologies, while an alternative architecture, Y-Comm, has been proposed to combine both existing wired and wireless networks. Y-Comm seeks to meet the main service requirements of 4G by converging the existing networks, so that the user can get better service anywhere and at any time. One of the major characteristics of Y-Comm is heterogeneity, which means that networks with different topologies work together to provide seamless communication to the end user. However, this heterogeneity leads to technical issues which may compromise quality of service, vertical handover and security. Due to the convergence characteristic of Y-Comm, security is considered more significant than in the existing LTE and WiMax networks. These security concerns have motivated this research study to propose a novel security management system. The research aims to meet the security requirements of 4G mobile networks, e.g. preventing end user devices from being used as attack tools. This requirement has not been met clearly in previous studies of Y-Comm, but this study proposes a security management system which does this. This research follows the ITU-T recommendation M.3400 dealing with security violations within Y-Comm networks. It proposes a policy-based security management system to deal with events that trigger actions in the system and uses Ponder2 to implement it. The proposed system, located in the top layer of the Y-Comm architecture, interacts with components of Y-Comm to enforce the appropriate policies. Its four main components are the Intelligent Agent, the Security Engine, the Security Policies Database and the Security Administrator. These are represented in this research as managed objects to meet design considerations such as extensibility and modifiability. This research demonstrates that the proposed system meets the security requirements of the Y-Comm environment. Its deployment is possible with managed objects built with Ponder2 for all of the components of Y-Comm, which means that the security management system is able to prevent end user devices from being used as attack tools. It can also achieve other security goals of Y-Comm networks

Systemunterstützung für moderne Speichertechnologien

Trust and scalability are the two significant factors which impede the dissemination of clouds. The possibility of privileged access to customer data by a cloud provider limits the usage of clouds for processing security-sensitive data. Low latency cloud services rely on in-memory computations, and thus, are limited by several characteristics of Dynamic RAM (DRAM) such as capacity, density, energy consumption, for example. Two technological areas address these factors. Mainstream server platforms, such as Intel Software Guard eXtensions (SGX) und AMD Secure Encrypted Virtualisation (SEV) offer extensions for trusted execution in untrusted environments. Various technologies of Non-Volatile RAM (NV-RAM) have better capacity and density compared to DRAM and thus can be considered as DRAM alternatives in the future. However, these technologies and extensions require new programming approaches and system support since they add features to the system architecture: new system components (Intel SGX) and data persistence (NV-RAM). This thesis is devoted to the programming and architectural aspects of persistent and trusted systems. For trusted systems, an in-depth analysis of new architectural extensions was performed. A novel framework named EActors and a database engine named STANlite were developed to effectively use the capabilities of trusted~execution. For persistent systems, an in-depth analysis of prospective memory technologies, their features and the possible impact on system architecture was performed. A new persistence model, called the hypervisor-based model of persistence, was developed and evaluated by the NV-Hypervisor. This offers transparent persistence for legacy and proprietary software, and supports virtualisation of persistent memory.Vertrauenswürdigkeit und Skalierbarkeit sind die beiden maßgeblichen Faktoren, die die Verbreitung von Clouds behindern. Die Möglichkeit privilegierter Zugriffe auf Kundendaten durch einen Cloudanbieter schränkt die Nutzung von Clouds bei der Verarbeitung von sicherheitskritischen und vertraulichen Informationen ein. Clouddienste mit niedriger Latenz erfordern die Durchführungen von Berechnungen im Hauptspeicher und sind daher an Charakteristika von Dynamic RAM (DRAM) wie Kapazität, Dichte, Energieverbrauch und andere Aspekte gebunden. Zwei technologische Bereiche befassen sich mit diesen Faktoren: Etablierte Server Plattformen wie Intel Software Guard eXtensions (SGX) und AMD Secure Encrypted Virtualisation (SEV) stellen Erweiterungen für vertrauenswürdige Ausführung in nicht vertrauenswürdigen Umgebungen bereit. Verschiedene Technologien von nicht flüchtigem Speicher bieten bessere Kapazität und Speicherdichte verglichen mit DRAM, und können daher in Zukunft als Alternative zu DRAM herangezogen werden. Jedoch benötigen diese Technologien und Erweiterungen neuartige Ansätze und Systemunterstützung bei der Programmierung, da diese der Systemarchitektur neue Funktionalität hinzufügen: Systemkomponenten (Intel SGX) und Persistenz (nicht-flüchtiger Speicher). Diese Dissertation widmet sich der Programmierung und den Architekturaspekten von persistenten und vertrauenswürdigen Systemen. Für vertrauenswürdige Systeme wurde eine detaillierte Analyse der neuen Architekturerweiterungen durchgeführt. Außerdem wurden das neuartige EActors Framework und die STANlite Datenbank entwickelt, um die neuen Möglichkeiten von vertrauenswürdiger Ausführung effektiv zu nutzen. Darüber hinaus wurde für persistente Systeme eine detaillierte Analyse zukünftiger Speichertechnologien, deren Merkmale und mögliche Auswirkungen auf die Systemarchitektur durchgeführt. Ferner wurde das neue Hypervisor-basierte Persistenzmodell entwickelt und mittels NV-Hypervisor ausgewertet, welches transparente Persistenz für alte und proprietäre Software, sowie Virtualisierung von persistentem Speicher ermöglicht

Automatic Software Repair: a Bibliography

This article presents a survey on automatic software repair. Automatic software repair consists of automatically finding a solution to software bugs without human intervention. This article considers all kinds of repairs. First, it discusses behavioral repair where test suites, contracts, models, and crashing inputs are taken as oracle. Second, it discusses state repair, also known as runtime repair or runtime recovery, with techniques such as checkpoint and restart, reconfiguration, and invariant restoration. The uniqueness of this article is that it spans the research communities that contribute to this body of knowledge: software engineering, dependability, operating systems, programming languages, and security. It provides a novel and structured overview of the diversity of bug oracles and repair operators used in the literature

EEG/ERP Portal Security in New Technologies

Bezpečnost dat musí být zajištěna v EEG/ERP Portálu jak z technických, tak právních důvodů. Aplikace ukládá citlivé informace a musí být odolná proti neoprávněným akcím. Tato práce popisuje vylepšení bezpečnosti s použitím mechanismů zavedených v nových technologiích a pomocí odstraňování bezpečnostních slabin. Teoretická část zajišťuje uvedení do problematiky, popisuje jak právní aspekty, tak samotný projekt a principy zabezpečení. Poté je popsán proces migrace technologií, včetně nástrojů zavedených k umožnění tohoto kroku. Na základě analýzy bezpečnosti je poté přepracován proces autentizace a jsou opraveny nedostatky v autorizaci. Konečný stav je poté testován a vyhodnocen pro ověření způsobilosti portálu k veřejnému provozu.Katedra informatiky a výpočetní technikyObhájenoSecurity needs to be assured in EEG/ERP Portal for technical and legal reasons. The application stores sensitive data and has to be resistant against malicious actions. This thesis describes improving security by using features introduced in new technologies and by patching exploitable weaknesses. First, background information including legal aspects, project description and security principles are provided. Then the process of technology migration is described, including tools introduced to enable the transition. Following a security analysis, the authentication process is restructured and revealed authorization shortcomings are fixed. The final configuration is tested and evaluated to make sure the portal is suitable for wide use

SPAWN: Service Provision in Ad-hoc Wireless Networks

The increasing ubiquity of wireless mobile computing platforms has opened up the potential for unprecedented levels of communication, coordination and collaboration among mobile computing devices, most of which will occur in an ad hoc, on-demand manner. This paper describes SPAWN, a middleware supporting service provision in ad-hoc wireless networks. The aim of SPAWN is to provide the software resources on mobile devices that facilitate electronic collaboration. This is achieved by applying the principles of service oriented computing (SOC), an emerging paradigm that has seen success in wired settings. SPAWN is an adaptation and extension of the Jini model of SOC to ad-hoc networks. The key contributions of SPAWN are (1) a completely decentralized service advertisement and request system that is geared towards handling the unpredictability and dynamism of mobile ad-hoc networks, (2) an automated code management system that can fetch, use and dispose of binaries on an on-demand basis, (3) a mechanism supporting the logical mobility of services, (4) an upgrade mechanism to extend the life cycle of services, and (5) a lightweight security model that secures all interactions, which is essential in an open environment. We discuss the software architecture, a Java implementation, sample applications and an empirical evaluation of the system

Professional English. Fundamentals of Software Engineering

Посібник містить оригінальні тексти фахового змісту, які супроводжуються термінологічним тематичним вокабуляром та вправами різного методичного спрямування. Для студентів, які навчаються за напрямами підготовки: «Програмна інженерія», «Комп’ютерні науки» «Комп’ютерна інженерія»

Modeling of Security Measurement (Metrics) in an Information System

Security metrics and measurement is a sub-field of broader information security field. This field is not new but it got very least and sporadic attention as a result of which it is still in its early stages. The measurement and evaluation of security now became a long standing challenge to the research community. Much of the focus remained towards devising and the application of new and updated protection mechanisms. Measurements in general act as a driving force in decision making. As stated by Lord Kelvin “if you cannot measure it then you cannot improve it”. This principle is also applicable to security measurement of information systems. Even if the necessary and required protection mechanisms are in place still the level of security remains unknown, which limits the decision making capabilities to improve the security of a system. With the increasing reliance on these information systems in general and software systems in particular security measurement has become the most pressing requirement in order to promote and develop the security critical systems in the current networked environment. The resultant indicators of security measurement preferably the quantative indicators act as a basis for the decision making to enhance the security of overall system. The information systems are comprised of various components such as people, hardware, data, network and software. With the fast growing reliance on the software systems, the research reported in this thesis aims to provide a framework using mathematical modeling techniques for evaluation of security of the software systems at the architectural and design phase of the system lifecycle and the derived security metrics on a controlled scale from the proposed framework. The proposed security evaluation framework is independent of the programing language and the platform used in developing the system and also is applicable from small desktop application to large complex distributed software. The validation process of security metrics is the most challenging part of the security metrics field. In this thesis we have conducted the exploratory empirical evaluation on a running system to validate the derived security metrics and the measurement results. To make the task easy we have transformed the proposed security evaluation into algorithmic form which increased the applicability of the proposed framework without requiring any expert security knowledge. The motivation of the research is to provide the software development team with a tool to evaluate the level of security of each of the element of the system and the overall system at the early development stages of the system life cycle. In this regard three question “What is to be measured?”, “where (in the system life cycle) to measure?” and “how to measure?” have been answered in the thesis. Since the field of security metrics and measurements is still in the its early stages, the first part of the thesis investigates and analyzes the basic terminologies , taxonomies and major efforts made towards security metrics based on the literature survey. Answering the second question “Where (in the system life cycle) to measure security”, the second part of the thesis analyzes the secure software development processes (SSDPs) followed and identifies the key stages of the system’s life cycle where the evaluation of security is necessary. Answering the question 1 and 2, “What is to be measured “and “How to measure”, third part of the thesis presents a security evaluation framework aimed at the software architecture and design phase using mathematical modeling techniques. In the proposed framework, the component based architecture and design (CBAD) using UML 2.0 component modeling techniques has been adopted. Further in part 3 of the thesis present the empirical evaluation of the proposed framework to validate and analyze the applicability and feasibility of the proposed security metrics. Our effort is to get the focus of the software development community to focus on the security evaluation in the software development process in order to take the early decisions regarding the security of the overall system

Trust-Based Service Selection

Service Oriented Architecture (SOA) is an architectural style that builds enterprise solutions based on services. In SOA, the lack of trust between different parties affects the adoption of such architecture. Trust is as significant a factor for successful online interactions as it is in real life communities, and consequently, it is an important factor that is used as a criterion for service selection. In the context of online services and SOA, the literature shows that the field of trust is not mature. Trust definition and the consideration of the essentials of trust aspects do not reflect the true nature of trust online. This thesis proposes a trust-based service selection solution, which requires establishing trust for services and supporting service selection based on trust. This work considers building trust for service providers besides rating services, an area that is neglected in the literature. This work follows progressive steps to arrive at a solution. First, this work develops a trust definition and identifies trust principles, which cover different aspects of trust. Next, SOA is extended to build a trust-based SOA that supports trust-based service selection. In particular, a new component, the trust mediator, which is responsible for trust establishment is added to the architecture. Accordingly, a trust mediator framework is built according to the trust definition and principles to identify its main components. Subsequently, this work identifies the trust information, or metrics, for services and service providers. Accordingly, trust models are built to evaluate trust rates for the applicable metrics, services, and service providers. Moreover, this work addresses the trust bootstrapping challenge. The proposed trust bootstrapping approach addresses different challenges in the literature such as whitewashing and cold start. This approach is implemented through experiments, evaluations, and scenarios