Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

SPEIR: Scottish Portals for Education, Information and Research. Final Project Report: Elements and Future Development Requirements of a Common Information Environment for Scotland

The SPEIR (Scottish Portals for Education, Information and Research) project was funded by the Scottish Library and Information Council (SLIC). It ran from February 2003 to September 2004, slightly longer than the 18 months originally scheduled and was managed by the Centre for Digital Library Research (CDLR). With SLIC's agreement, community stakeholders were represented in the project by the Confederation of Scottish Mini-Cooperatives (CoSMiC), an organisation whose members include SLIC, the National Library of Scotland (NLS), the Scottish Further Education Unit (SFEU), the Scottish Confederation of University and Research Libraries (SCURL), regional cooperatives such as the Ayrshire Libraries Forum (ALF)1, and representatives from the Museums and Archives communities in Scotland. Aims; A Common Information Environment For Scotland The aims of the project were to: o Conduct basic research into the distributed information infrastructure requirements of the Scottish Cultural Portal pilot and the public library CAIRNS integration proposal; o Develop associated pilot facilities by enhancing existing facilities or developing new ones; o Ensure that both infrastructure proposals and pilot facilities were sufficiently generic to be utilised in support of other portals developed by the Scottish information community; o Ensure the interoperability of infrastructural elements beyond Scotland through adherence to established or developing national and international standards. Since the Scottish information landscape is taken by CoSMiC members to encompass relevant activities in Archives, Libraries, Museums, and related domains, the project was, in essence, concerned with identifying, researching, and developing the elements of an internationally interoperable common information environment for Scotland, and of determining the best path for future progress

Cyber-security of Cyber-Physical Systems (CPS)

This master's thesis reports on security of a Cyber-Physical System (CPS) in the department of industrial engineering at UiT campus Narvik. The CPS targets connecting distinctive robots in the laboratory in the department of industrial engineering. The ultimate objective of the department is to propose such a system for the industry. The thesis focuses on the network architecture of the CPS and the availability principle of security. This report states three research questions that are aimed to be answered. The questions are: what a secure CPS architecture for the purpose of the existing system is, how far the current state of system is from the defined secure architecture, and how to reach the proposed architecture. Among the three question, the first questions has absorbed the most attention of this project. The reason is that a secure and robust architecture would provide a touchstone that makes answering the second and third questions easier. In order to answer the questions, Cisco SAFE for IoT threat defense for manufacturing approach is chosen. The architectural approach of Cisco SAFE for IoT, with similarities to the Cisco SAFE for secure campus networks, provides a secure network architecture based on business flows/use cases and defining related security capabilities. This approach supplies examples of scenarios, business flows, and security capabilities that encouraged selecting it. It should be noted that Cisco suggests its proprietary technologies for security capabilities. According to the need of the project owners and the fact that allocating funds are not favorable for them, all the suggested security capabilities are intended to be open-source, replacing the costly Cisco-proprietary suggestions. Utilizing the approach and the computer networking fundamentals resulted in the proposed secure network architecture. The proposed architecture is used as a touchstone to evaluate the existing state of the CPS in the department of industrial engineering. Following that, the required security measures are presented to approach the system to the proposed architecture. Attempting to apply the method of Cisco SAFE, the identities using the system and their specific activities are presented as the business flow. Based on the defined business flow, the required security capabilities are selected. Finally, utilizing the provided examples of Cisco SAFE documentations, a complete network architecture is generated. The architecture consists of five zones that include the main components, security capabilities, and networking devices (such as switches and access points). Investigating the current state of the CPS and evaluating it by the proposed architecture and the computer networking fundamentals, helped identifying six important shortcomings. Developing on the noted shortcomings, and identification of open-source alternatives for the Cisco-proprietary technologies, nine security measures are proposed. The goal is to perform all the security measures. Thus, the implementations and solutions for each security measure is noted at the end of the presented results. The security measures that require purchasing a device were not considered in this project. The reasons for this decision are the time-consuming process of selecting an option among different alternatives, and the prior need for grasping the features of the network with the proposed security capabilities; features such as amount and type of traffic inside the network, and possible incidents detected using an Intrusion Detection Prevention System. The attempts to construct a secure cyber-physical system is an everlasting procedure. New threats, best practices, guidelines, and standards are introduced on a daily basis. Moreover, business needs could vary from time to time. Therefore, the selected security life-cycle is required and encouraged to be used in order to supply a robust lasting cyber-physical system

Cascading the use of Web 2.0 technology in secondary schools in the United Kingdom: identifying the barriers beyond pre-service training

This paper reports on research that took place at Nottingham Trent University and Sheffield Hallam University, United Kingdom, over two years. The research focuses on the use of Web 2.0 technology, specifically web logs, with pre-service teachers, both during their university programme and the first year of teaching as full-time newly qualified teachers (NQTs). The purpose of this research was to add a developing body of knowledge by identifying whether technology used by pre-service teachers during their training course can be cascaded into their practice once qualified. Key findings identify a number of enablers and barriers to cascading technology in the classroom; these include curriculum time, pupil skills and support. The research concludes that early professional support and development should be on-going and assumptions about new teachers as champions of cascading innovative use of Web 2 technologies into their practice as NQTs may be over optimisti