Risk assessment for mobile systems through a multilayered hierarchical Bayesian network.

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security risks posed by each mobile applications (apps), thus gaining a stronger understanding of any vulnerabilities present. This paper aims at developing a three-layer framework that assesses the potential risks which apps introduce within the Android mobile systems. A Bayesian risk graphical model is proposed to evaluate risk propagation in a layered risk architecture. By integrating static analysis, dynamic analysis, and behavior analysis in a hierarchical framework, the risks and their propagation through each layer are well modeled by the Bayesian risk graph, which can quantitatively analyze risks faced to both apps and mobile systems. The proposed hierarchical Bayesian risk graph model offers a novel way to investigate the security risks in mobile environment and enables users and administrators to evaluate the potential risks. This strategy allows to strengthen both app security as well as the security of the entire syste

A model checking-based approach for security policy verification of mobile systems

International audienceThis article describes an approach for the automated verification of mobile systems. Mobile systems are characterized by the explicit notion of (e.g., sites where they run) and the ability to execute at different locations, yielding a number of security issues. To this aim, we formalize mobile systems as Labeled Kripke Structures, encapsulating the notion of that describes the hierarchical nesting of the threads constituting the system. Then, we formalize a generic that includes rules for expressing and manipulating the code location. In contrast to many other approaches, our technique supports both access control and information flow specification. We developed a prototype framework for model checking of mobile systems. It works directly on the program code (in contrast to most traditional process-algebraic approaches that can model only limited details of mobile systems) and uses abstraction-refinement techniques, based also on location abstractions, to manage the program state space. We experimented with a number of mobile code benchmarks by verifying various security policies. The experimental results demonstrate the validity of the proposed mobile system modeling and policy specification formalisms and highlight the advantages of the model checking-based approach, which combines the validation of security properties with other checks, such as the validation of buffer overflows

A Vehicular Trust Blockchain Framework with Scalable Byzantine Consensus

The maturing blockchain technology has gradually promoted decentralized data storage from cryptocurrencies to other applications, such as trust management, resulting in new challenges based on specific scenarios. Taking the mobile trust blockchain within a vehicular network as an example, many users require the system to process massive traffic information for accurate trust assessment, preserve data reliably, and respond quickly. While existing vehicular blockchain systems ensure immutability, transparency, and traceability, they are limited in terms of scalability, performance, and security. To address these issues, this paper proposes a novel decentralized vehicle trust management solution and a well-matched blockchain framework that provides both security and performance. The paper primarily addresses two issues: i) To provide accurate trust evaluation, the trust model adopts a decentralized and peer-review-based trust computation method secured by trusted execution environments (TEEs). ii) To ensure reliable trust management, a multi-shard blockchain framework is developed with a novel hierarchical Byzantine consensus protocol, improving efficiency and security while providing high scalability and performance. The proposed scheme combines the decentralized trust model with a multi-shard blockchain, preserving trust information through a hierarchical consensus protocol. Finally, real-world experiments are conducted by developing a testbed deployed on both local and cloud servers for performance measurements

Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap with arXiv:1111.1933 by other author

The Impact Of Technology Trust On The Acceptance Of Mobile Banking Technology Within Nigeria

With advancement in the use of information technology seen as a key factor in economic development, developed countries are increasingly reviewing traditional systems, in various sectors such as education, health, transport and finance, and identifying how they may be improved or replaced with automated systems. In this study, the authors examine the role of technology trust in the acceptance of mobile banking in Nigeria as the country attempts to transition into a cashless economy. For Nigeria, like many other countries, its economic growth is linked, at least in part, to its improvement in information technology infrastructure, as well as establishing secure, convenient and reliable payments systems. Utilising the Technology Acceptance Model, this study investigates causal relationships between technology trust and other factors influencing user’s intention to adopt technology; focusing on the impact of seven factors contributing to technology trust. Data from 1725 respondents was analysed using confirmatory factor analysis and the results showed that confidentiality, integrity, authentication, access control, best business practices and non-repudiation significantly influenced technology trust. Technology trust showed a direct significant influence on perceived ease of use and usefulness, a direct influence on intention to use as well as an indirect influence on intention to use through its impact on perceived usefulness and perceived ease of use. Furthermore, perceived ease of use and perceived usefulness showed significant influence on consumer’s intention to adopt the technology. With mobile banking being a key driver of Nigeria’s cashless economy goals, this study provides quantitative knowledge regarding technology trust and adoption behaviour in Nigeria as well as significant insight on areas where policy makers and mobile banking vendors can focus strategies engineered to improve trust in mobile banking and increase user adoption of their technology

Hierarchical video surveillance architecture: a chassis for video big data analytics and exploration

There is increasing reliance on video surveillance systems for systematic derivation, analysis and interpretation of the data needed for predicting, planning, evaluating and implementing public safety. This is evident from the massive number of surveillance cameras deployed across public locations. For example, in July 2013, the British Security Industry Association (BSIA) reported that over 4 million CCTV cameras had been installed in Britain alone. The BSIA also reveal that only 1.5% of these are state owned. In this paper, we propose a framework that allows access to data from privately owned cameras, with the aim of increasing the efficiency and accuracy of public safety planning, security activities, and decision support systems that are based on video integrated surveillance systems. The accuracy of results obtained from government-owned public safety infrastructure would improve greatly if privately owned surveillance systems ‘expose’ relevant video-generated metadata events, such as triggered alerts and also permit query of a metadata repository. Subsequently, a police officer, for example, with an appropriate level of system permission can query unified video systems across a large geographical area such as a city or a country to predict the location of an interesting entity, such as a pedestrian or a vehicle. This becomes possible with our proposed novel hierarchical architecture, the Fused Video Surveillance Architecture (FVSA). At the high level, FVSA comprises of a hardware framework that is supported by a multi-layer abstraction software interface. It presents video surveillance systems as an adapted computational grid of intelligent services, which is integration-enabled to communicate with other compatible systems in the Internet of Things (IoT)