(B)LOCKBOX -- Secure Software Architecture with Blockchain Verification

According to experts, one third of all IT vulnerabilities today are due to inadequate software verification. Internal program processes are not sufficiently secured against manipulation by attackers, especially if access has been gained. There is a lack of internal control instances that can monitor and control program flows. Especially when a software vulnerability becomes known, quick action is required, whereby the consequences for an individual application are often not foreseeable. With our approach (B)LOCKBOX, software building blocks act as verified entities within a transaction-based blockchain network. Source Code, binaries and application execution become supervised. Unwanted interference and manipulation are prevented by the integrity of the distributed system

Mobile Application Security Platforms Survey

Nowadays Smartphone and other mobile devices have become incredibly important in every aspect of our life. Because they have practically offered same capabilities as desktop workstations as well as come to be powerful in terms of CPU (Central processing Unit), Storage and installing numerous applications. Therefore, Security is considered as an important factor in wireless communication technologies, particularly in a wireless ad-hoc network and mobile operating systems. Moreover, based on increasing the range of mobile application within variety of platforms, security is regarded as on the most valuable and considerable debate in terms of issues, trustees, reliabilities and accuracy. This paper aims to introduce a consolidated report of thriving security on mobile application platforms and providing knowledge of vital threats to the users and enterprises. Furthermore, in this paper, various techniques as well as methods for security measurements, analysis and prioritization within the peak of mobile platforms will be presented. Additionally, increases understanding and awareness of security on mobile application platforms to avoid detection, forensics and countermeasures used by the operating systems. Finally, this study also discusses security extensions for popular mobile platforms and analysis for a survey within a recent research in the area of mobile platform security

After the hype: e-commerce payments grow up

On June 18, 2003, the Payment Cards Center of the Federal Reserve Bank of Philadelphia and the Electronic Commerce Payments Council (eCPC) of the Electronic Funds Transfer Association co-hosted a workshop forum to explore areas of mutual interest related to the proliferation of e-commerce payments. This was the second event jointly sponsored by the groups. ; The first forum, “The Future of e-Commerce Payments,” which was held in June 2002, focused on the possibilities ahead, as various electronic payment channels displace paper checks as a primary payment form. The more recent forum, “After the Hype: e-Commerce Payments Grow Up,” continued the dialog, emphasizing recent economic and marketplace realities that impact ecommerce payments innovation, acceptance, and maturation. ; Participants and speakers included Federal Reserve staff and industry leaders.Electronic commerce

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders linked to it.Comment: 20 pages, 2 Figures, 1 Table. arXiv admin note: substantial text overlap with arXiv:1109.538

Office 365, Azure AD, and Exchange Online audit automation

El present document estudiarà l'actualització dels serveis d'auditoria d'Office 365, Exchange Online i Azure AD d'Ackcent. Dividint-ho en tres passos principals, sent el primer la migració a una solució sense servidor d'una infraestructura d'auditoria de correu electrònic amb l'objectiu de revisar dinàmicament la configuració mitjançant l'enviament de correus electrònics amb diferents indicadors d'amenaça. L'objectiu de la primera part és fer una plataforma independent per auditar sense dependències de proveïdors d'infraestructura de tercers. La segona part serà actualitzar una llista de control de seguretat amb noves comprovacions per revisar la configuració en profunditat. Finalment, s'investigarà la possibilitat d'automatitzar l'anàlisi del control mitjançant eines de tercers i implementacions personalitzades. La segona i tercera fase del projecte tindran com a objectius millorar la qualitat dels controls que s'analitzaran per a l'auditoria i reduir el temps que dediquen els arquitectes de seguretat a realitzar una auditoria.The present document will study the update of Ackcent's Office 365, Exchange Online, and Azure AD audit services. Dividing it into three main steps, being the first one migration to a server-less solution of an email audit infrastructure aimed to dynamically review the configuration by sending emails with different threat indicators. The objective for the first part is to make an independent platform to audit without dependencies on third-party infrastructure providers. The second part will be to upgrade a security control list with new checks to review the configuration deeply. Finally, the possibility of automatizing the control analysis will be investigated using third-party tools and custom implementations. The second and third stages of the project will have objectives to improve the quality of the controls being analyzed for the audit and reduce the amount of time spent by the security architects to perform an audit

A survey on security issues and solutions at different layers of Cloud computing

Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment