Parallel Methods for Evidence and Trust based Selection and Recommendation of Software Apps from Online Marketplaces

With the popularity of various online software marketplaces, third-party vendors are creating many instances of software applications ('apps') for mobile and desktop devices targeting the same set of requirements. This abundance makes the task of selecting and recommending (S&R) apps, with a high degree of assurance, for a specific scenario a significant challenge. The S&R process is a precursor for composing any trusted system made out of such individually selected apps. In addition to feature-based information, about these apps, these marketplaces contain large volumes of user reviews. These reviews contain unstructured user sentiments about app features and the onus of using these reviews in the S&R process is put on the user. This approach is ad-hoc, laborious and typically leads to a superficial incorporation of the reviews in the S&R process by the users. However, due to the large volumes of such reviews and associated computing, these two techniques are not able to provide expected results in real-time or near real-time. Therefore, in this paper, we present two parallel versions (i.e., batch processing and stream processing) of these algorithms and empirically validate their performance using publically available datasets from the Amazon and Android marketplaces. The results of our study show that these parallel versions achieve near real-time performance, when measured as the end-to-end response time, while selecting and recommending apps for specific queries

Application Perspective on Cybersecurity Testbed for Industrial Control Systems

The low-power wide-area (LPWA) technologies, which enable cost and energy-efficient wireless connectivity for massive deployments of autonomous machines, have enabled and boosted the development of many new Internet of things (IoT) applications; however, the security of LPWA technologies in general, and specifically those operating in the license-free frequency bands, have received somewhat limited attention so far. This paper focuses specifically on the security and privacy aspects of one of the most popular license-free-band LPWA technologies, which is named LoRaWAN. The paper’s key contributions are the details of the design and experimental validation of a security-focused testbed, based on the combination of software-defined radio (SDR) and GNU Radio software with a standalone LoRaWAN transceiver. By implementing the two practical man-in-the-middle attacks (i.e., the replay and bit-flipping attacks through intercepting the over-the-air activation procedure by an external to the network attacker device), we demonstrate that the developed testbed enables practical experiments for on-air security in real-life conditions. This makes the designed testbed perspective for validating the novel security solutions and approaches and draws attention to some of the relevant security challenges extant in LoRaWAN

Cyber Security of Critical Infrastructures

Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods

Security Management Framework for the Internet of Things

The increase in the design and development of wireless communication technologies offers multiple opportunities for the management and control of cyber-physical systems with connections between smart and autonomous devices, which provide the delivery of simplified data through the use of cloud computing. Given this relationship with the Internet of Things (IoT), it established the concept of pervasive computing that allows any object to communicate with services, sensors, people, and objects without human intervention. However, the rapid growth of connectivity with smart applications through autonomous systems connected to the internet has allowed the exposure of numerous vulnerabilities in IoT systems by malicious users. This dissertation developed a novel ontology-based cybersecurity framework to improve security in IoT systems using an ontological analysis to adapt appropriate security services addressed to threats. The composition of this proposal explores two approaches: (1) design time, which offers a dynamic method to build security services through the application of a methodology directed to models considering existing business processes; and (2) execution time, which involves monitoring the IoT environment, classifying vulnerabilities and threats, and acting in the environment, ensuring the correct adaptation of existing services. The validation approach was used to demonstrate the feasibility of implementing the proposed cybersecurity framework. It implies the evaluation of the ontology to offer a qualitative evaluation based on the analysis of several criteria and also a proof of concept implemented and tested using specific industrial scenarios. This dissertation has been verified by adopting a methodology that follows the acceptance in the research community through technical validation in the application of the concept in an industrial setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados simplificados através do uso da computação em nuvem. Diante dessa relação com a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos. Esta dissertação desenvolveu um novo framework de cibersegurança baseada em ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece um método dinâmico para construir serviços de segurança através da aplicação de uma metodologia dirigida a modelos, considerando processos empresariais existentes; e (2) tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos serviços existentes. Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da implementação do framework de cibersegurança proposto. Isto implica na avaliação da ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios e também uma prova de conceito implementada e testada usando cenários específicos. Esta dissertação foi validada adotando uma metodologia que segue a validação na comunidade científica através da validação técnica na aplicação do nosso conceito em um cenário industrial

IRGC Resource Guide on Resilience (Volume 2)

Volume 2 of the IRGC Resource Guide on Resilience provides an in-depth and pragmatic evaluation of concepts and methods for resilience-based approaches in contrast to risk-based approaches, as proposed and practised in different domains of science and practice. Adequate articulation of risk and resilience is key to ensure security in systems. The guide also considers possible drawbacks of resilience, such as if efforts to improve resilience diverts attention from core functions of risk management, or from the need to discourage inappropriate risk-seeking behaviour. Some of the papers in Volume 2 also discuss the relevance and role of resilience as a strategy to address the challenges posed by systemic risks that develop in complex adaptive systems (CAS). Such systems are interconnected, with the result that risks can cascade within and between systems. Resilience can help navigate dynamic changes in CAS, as those evolve in response to internal and external shocks and stresses

Towards a standardised attack graph visual syntax

More research needs to focus on developing effective methods of aiding the understanding and perception of cyber-attacks. Attack modelling techniques (AMTs) - such as attack graphs, attack trees and fault trees, are popular methods of mathematically and visually representing the sequence of events that lead to a successful cyber-attack. Although useful in aiding cyber-attack perception, there is little empirical or comparative research which evaluates the effectiveness of these methods. Furthermore, there is no standardised attack graph visual syntax configuration, currently more than seventy-five self-nominated attack graph and twenty attack tree configurations have been described in the literature - each of which presents attributes such as preconditions and exploits in a different way. This research analyses methods of presenting cyber-attacks and reveals that attack graphs and attack trees are the dominant methods. The research proposes an attack graph visual syntax which is designed using evidence based principles. The proposed attack graph is compared with the fault tree - which is a standard method of representing events such as cyber-attacks. This comparison shows that the proposed attack graph visual syntax is more effective than the fault tree method at aiding cyber-attack perception and that the attack graph can be an effective tool for aiding cyber-attack perception - particularly in educational contexts. Although the proposed attack graph visual syntax is shown to be cognitively effective, this is no indication of practitioner acceptance. The research proceeds to identify a preferred attack graph visual syntax from a range of visual syntaxes - one of which is the proposed attack graph visual syntax. The method used to perform the comparison is conjoint analysis which is innovative for this field. The results of the second study reveal that the proposed attack graph visual syntax is one of the preferred configurations. This attack graph has the following attributes. The flow of events is represented top-down, preconditions are represented as rectangles, and exploits are represented as ellipses. The key contribution of this research is the development of an attack graph visual syntax which is effective in aiding the understanding of cyber-attacks particularly in educational contexts. The proposed method is a significant step towards standardising the attack graph visual syntax

Data bases and data base systems related to NASA's aerospace program. A bibliography with indexes

This bibliography lists 1778 reports, articles, and other documents introduced into the NASA scientific and technical information system, 1975 through 1980

Multikonferenz Wirtschaftsinformatik (MKWI) 2016: Technische Universität Ilmenau, 09. - 11. März 2016; Band II

Übersicht der Teilkonferenzen Band II • eHealth as a Service – Innovationen für Prävention, Versorgung und Forschung • Einsatz von Unternehmenssoftware in der Lehre • Energieinformatik, Erneuerbare Energien und Neue Mobilität • Hedonische Informationssysteme • IKT-gestütztes betriebliches Umwelt- und Nachhaltigkeitsmanagement • Informationssysteme in der Finanzwirtschaft • IT- und Software-Produktmanagement in Internet-of-Things-basierten Infrastrukturen • IT-Beratung im Kontext digitaler Transformation • IT-Sicherheit für Kritische Infrastrukturen • Modellierung betrieblicher Informationssysteme – Konzeptuelle Modelle im Zeitalter der digitalisierten Wirtschaft (d!conomy) • Prescriptive Analytics in I

Un nuevo concepto de información y documentación en los periódicos electrónicos

Tesis de la Universidad Complutense de Madrid,Facultad de Ciencias de la Información, Periodismo, Departamento de Biblioteconomía y Documentación, leída el 02-12-1998La importancia de la Documentación en los nuevos medios electrónicos, fundamentalmente los periódicos online, forma parte de este trabajo, en el que además se ofrece un amplio y detallado estudio de la Documentación en general, y de la Documentación periodística en particular. Se hace un análisis de las fuentes documentales, con especial detenimiento en los existentes dentro de Internet, para uso de profesionales de la información. La presencia de ideas sobre la globalización de la comunicación, concretadas en la información personalizada, desembocan en el periódico personal o "Diario Yo". Se presenta una importante relación de medios online en la Red Internet, así como un estudio minucioso de los más importantes, además de una valoración de los periódicos online españoles con mayor número de lectores y un caso práctico, en el estudio y la plasmación de todas estas ideas en "El Periódico de Cataluña", al que hemos aplicado los aspectos teóricos utilizados en la investigaciónUnidad Deptal. de Biblioteconomía y DocumentaciónFac. de Ciencias de la InformaciónTRUEpu