3,181 research outputs found
Security Enhanced Applications for Information Systems
Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments
Recommended from our members
Security challenges and solutions for e-business
The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated
A Framework for Preserving Privacy and Cybersecurity in Brain-Computer Interfacing Applications
Brain-Computer Interfaces (BCIs) comprise a rapidly evolving field of
technology with the potential of far-reaching impact in domains ranging from
medical over industrial to artistic, gaming, and military. Today, these
emerging BCI applications are typically still at early technology readiness
levels, but because BCIs create novel, technical communication channels for the
human brain, they have raised privacy and security concerns. To mitigate such
risks, a large body of countermeasures has been proposed in the literature, but
a general framework is lacking which would describe how privacy and security of
BCI applications can be protected by design, i.e., already as an integral part
of the early BCI design process, in a systematic manner, and allowing suitable
depth of analysis for different contexts such as commercial BCI product
development vs. academic research and lab prototypes. Here we propose the
adoption of recent systems-engineering methodologies for privacy threat
modeling, risk assessment, and privacy engineering to the BCI field. These
methodologies address privacy and security concerns in a more systematic and
holistic way than previous approaches, and provide reusable patterns on how to
move from principles to actions. We apply these methodologies to BCI and data
flows and derive a generic, extensible, and actionable framework for
brain-privacy-preserving cybersecurity in BCI applications. This framework is
designed for flexible application to the wide range of current and future BCI
applications. We also propose a range of novel privacy-by-design features for
BCIs, with an emphasis on features promoting BCI transparency as a prerequisite
for informational self-determination of BCI users, as well as design features
for ensuring BCI user autonomy. We anticipate that our framework will
contribute to the development of privacy-respecting, trustworthy BCI
technologies
Privacy-Protecting Techniques for Behavioral Data: A Survey
Our behavior (the way we talk, walk, or think) is unique and can be used as a biometric trait. It also correlates with sensitive attributes like emotions. Hence, techniques to protect individuals privacy against unwanted inferences are required. To consolidate knowledge in this area, we systematically reviewed applicable anonymization techniques. We taxonomize and compare existing solutions regarding privacy goals, conceptual operation, advantages, and limitations. Our analysis shows that some behavioral traits (e.g., voice) have received much attention, while others (e.g., eye-gaze, brainwaves) are mostly neglected. We also find that the evaluation methodology of behavioral anonymization techniques can be further improved
Transdisciplinary AI Observatory -- Retrospective Analyses and Future-Oriented Contradistinctions
In the last years, AI safety gained international recognition in the light of
heterogeneous safety-critical and ethical issues that risk overshadowing the
broad beneficial impacts of AI. In this context, the implementation of AI
observatory endeavors represents one key research direction. This paper
motivates the need for an inherently transdisciplinary AI observatory approach
integrating diverse retrospective and counterfactual views. We delineate aims
and limitations while providing hands-on-advice utilizing concrete practical
examples. Distinguishing between unintentionally and intentionally triggered AI
risks with diverse socio-psycho-technological impacts, we exemplify a
retrospective descriptive analysis followed by a retrospective counterfactual
risk analysis. Building on these AI observatory tools, we present near-term
transdisciplinary guidelines for AI safety. As further contribution, we discuss
differentiated and tailored long-term directions through the lens of two
disparate modern AI safety paradigms. For simplicity, we refer to these two
different paradigms with the terms artificial stupidity (AS) and eternal
creativity (EC) respectively. While both AS and EC acknowledge the need for a
hybrid cognitive-affective approach to AI safety and overlap with regard to
many short-term considerations, they differ fundamentally in the nature of
multiple envisaged long-term solution patterns. By compiling relevant
underlying contradistinctions, we aim to provide future-oriented incentives for
constructive dialectics in practical and theoretical AI safety research
Vulnerabilities detection using attack recognition technique in multi-factor authentication
Authentication is one of the essentials components of information security. It has become one of the most basic security requirements for network communication. Today, there is a necessity for a strong level of authentication to guarantee a significant level of security is being conveyed to the application. As such, it expedites challenging issues on security and efficiency. Security issues such as privacy and data integrity emerge because of the absence of control and authority. In addition, the bigger issue for multi-factor authentication is on the high execution time that leads to overall performance degradation. Most of existing studies related to multi-factor authentication schemes does not detect weaknesses based on user behavior. Most recent research does not look at the efficiency of the system by focusing only on improving the security aspect of authentication. Hence, this research proposes a new multi-factor authentication scheme that can withstand attacks, based on user behavior and maintaining optimum efficiency. Experiments have been conducted to evaluate this scheme. The results of the experiment show that the processing time of the proposed scheme is lower than the processing time of other schemes. This is particularly important after additional security features have been added to the scheme
TAS: Risk Analysis & Clustered Sensors
This paper briefly introduces a general view on tomorrow’s border control system and EU inter-BCP real time information sharing, exploring and proposing new operational methods and solutions for border control procedures to increase the efficacy and efficiency of the whole security screening system at the same time reducing the efforts (costs/resources). The general description of the system logic and architecture introduces the core of the solution, the Trust Assessment System. A “black box” based on risk analysis and advanced machine learning algorithms aimed to assign a Traveller Trust Score to each single individual intentioned to cross the border. Main benefits are: improved checkpoint throughput, improved situational awareness and level of security, better traveller experience, optimisation of resources. The concept is that the traveller risk evaluation starts as soon as she/he applies for a visa, a passport or books a trip by whatever means of transport
Perceptions of ICT practitioners regarding software privacy
During software development activities, it is important for Information and Communication
Technology (ICT) practitioners to know and understand practices and guidelines regarding
information privacy, as software requirements must comply with data privacy laws and members of
development teams should know current legislation related to the protection of personal data. In order
to gain a better understanding on how industry ICT practitioners perceive the practical relevance
of software privacy and privacy requirements and how these professionals are implementing
data privacy concepts, we conducted a survey with ICT practitioners from software development
organizations to get an overview of how these professionals are implementing data privacy concepts
during software design. We performed a systematic literature review to identify related works with
software privacy and privacy requirements and what methodologies and techniques are used to
specify them. In addition, we conducted a survey with ICT practitioners from different organizations.
Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and
privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados
Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data
privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with
the importance of knowledge of software privacy and privacy requirements, as well as to address
them during software development, since LGPD must change the way teams work, as a number of
features and controls regarding consent, documentation, and privacy accountability will be required
Algorithmic Jim Crow
This Article contends that current immigration- and security-related vetting protocols risk promulgating an algorithmically driven form of Jim Crow. Under the “separate but equal” discrimination of a historic Jim Crow regime, state laws required mandatory separation and discrimination on the front end, while purportedly establishing equality on the back end. In contrast, an Algorithmic Jim Crow regime allows for “equal but separate” discrimination. Under Algorithmic Jim Crow, equal vetting and database screening of all citizens and noncitizens will make it appear that fairness and equality principles are preserved on the front end. Algorithmic Jim Crow, however, will enable discrimination on the back end in the form of designing, interpreting, and acting upon vetting and screening systems in ways that result in a disparate impact
- …