11,349 research outputs found
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Automated Security Analysis of IoT Software Updates
IoT devices often operate unsupervised in ever-changing environments for several years. Therefore, they need to be updated on a regular basis. Current approaches for software updates on IoT, like the recent SUIT proposal, focus on granting integrity and confidentiality but do not analyze the content of the software update, especially the IoT application which is deployed to IoT devices. To this aim, in this paper, we present IoTAV, an automated software analysis framework for systematically verifying the security of the applications contained in software updates w.r.t. a given security policy. Our proposal can be adopted transparently by current IoT software updates workflows. We prove the viability of IoTAV by testing our methodology on a set of actual RIOT OS applications. Experimental results indicate that the approach is viable in terms of both reliability and performance, leading to the identification of 26 security policy violations in 31 real-world RIOT applications
An Exploratory Study of the Approach to Bring Your Own Device (BYOD) in Assuring Information Security
The availability of smart device capabilities, easy to use apps, and collaborative capabilities has increased the expectations for the technology experience of employees. In addition, enterprises are adopting SaaS cloud-based systems that employees can access anytime, anywhere using their personal, mobile device. BYOD could drive an IT evolution for powerful device capabilities and easy to use apps, but only if the information security concerns can be addressed. This research proposed to determine the acceptance rate of BYOD in organizations, the decision making approach, and significant factors that led to the successful adoption of BYOD using the expertise of experienced internal control professionals. The approach and factors leading to the decision to permit the use of BYOD was identified through survey responses, which was distributed to approximately 5,000 members of the Institute for Internal Controls (IIC). The survey participation request was opened by 1,688 potential respondents, and 663 total responses were received for a response rate of 39%. Internal control professionals were targeted by this study to ensure a diverse population of organizations that have implemented or considered implementation of a BYOD program were included. This study provided an understanding of how widely the use of BYOD was permitted in organizations and identified effective approaches that were used in making the decision. In addition, the research identified the factors that were influential in the decision making process. This study also explored the new information security risks introduced by BYOD. The research argued that there were several new risks in the areas of access, compliance, compromise, data protection, and control that affect a company’s willingness to support BYOD. This study identified new information security concerns and risks associated with BYOD and suggested new elements of governance, risk management, and control systems that were necessary to ensure a secure BYOD program. Based on the initial research findings, future research areas were suggested
Current Cyber Security Challenges
We have experienced exponential technical improvement during the last ten years. Cybersecurity issues are a result of the cyber world\u27s increasing growth. Due to the way cybercriminals have adjusted their tactics to the new environment, there are now significant CS challenges.
More than 20 years later, the quantity and severity of cybercrimes have skyrocketed in just a few years as a result of previously unheard-of occurrences like the COVID-19 epidemic, contested elections, and rising geopolitical upheaval. Over time, it is likely that security risks will advance in sophistication and cost us more money: according to analysts, the worldwide cost of cybercrime will rise from 10.5 trillion in 2025, a 15% increase.
The secret to averting a CS assault is proactive protection. Discover the top CS risks that, according to experts, the globe will face in 2022, along with what you can do to prevent yourself and your company from becoming a target.
As a result, the sector is seeing an increase in demand for specialists who can decisively address security issues, creating the foundation for a safer cyberspace. If you are interested in developing a career in this field, you might think about checking out these CS courses. You could also look at the premium selection of CS courses
Keeping ubiquitous computing to yourself: a practical model for user control of privacy
As with all the major advances in information and communication technology, ubiquitous computing (ubicomp) introduces new risks to individual privacy. Our analysis of privacy protection in ubicomp has identified four layers through which users must navigate: the regulatory regime they are currently in, the type of ubicomp service required, the type of data being disclosed, and their personal privacy policy. We illustrate and compare the protection afforded by regulation and by some major models for user control of privacy. We identify the shortcomings of each and propose a model which allows user control of privacy levels in a ubicomp environment. Our model balances the user's privacy preferences against the applicable privacy regulations and incorporates five types of user controlled 'noise' to protect location privacy by introducing ambiguities. We also incorporate an economics-based approach to assist users in balancing the trade-offs between giving up privacy and receiving ubicomp services. We conclude with a scenario and heuristic evaluation which suggests that regulation can have both positive and negative influences on privacy interfaces in ubicomp and that social translucence is an important heuristic for ubicomp privacy interface functionality
ACUTA Journal of Telecommunications in Higher Education
In This Issue
President\u27s Message
From the ACUTA CEO
Wireless Challenges on Campus
Snapshot: And Then There\u27s Mass Notification
Time to Deploy Wireless Security Cameras?
Five Steps to Simplify and Secure BYOD
Where Wireless Rules
Coming Soon to Your Campus: Wireless loT
The Federal Reserve Research Grant and FISMA Compliance
Managing Privacy and Security in the Age of loT
2014 Institutional Excellence Awar
- …