839 research outputs found
CYCLONE Unified Deployment and Management of Federated, Multi-Cloud Applications
Various Cloud layers have to work in concert in order to manage and deploy
complex multi-cloud applications, executing sophisticated workflows for Cloud
resource deployment, activation, adjustment, interaction, and monitoring. While
there are ample solutions for managing individual Cloud aspects (e.g. network
controllers, deployment tools, and application security software), there are no
well-integrated suites for managing an entire multi cloud environment with
multiple providers and deployment models. This paper presents the CYCLONE
architecture that integrates a number of existing solutions to create an open,
unified, holistic Cloud management platform for multi-cloud applications,
tailored to the needs of research organizations and SMEs. It discusses major
challenges in providing a network and security infrastructure for the
Intercloud and concludes with the demonstration how the architecture is
implemented in a real life bioinformatics use case
The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux
The increasing availability of cloud computing and scientific super computers
brings great potential for making R accessible through public or shared
resources. This allows us to efficiently run code requiring lots of cycles and
memory, or embed R functionality into, e.g., systems and web services. However
some important security concerns need to be addressed before this can be put in
production. The prime use case in the design of R has always been a single
statistician running R on the local machine through the interactive console.
Therefore the execution environment of R is entirely unrestricted, which could
result in malicious behavior or excessive use of hardware resources in a shared
environment. Properly securing an R process turns out to be a complex problem.
We describe various approaches and illustrate potential issues using some of
our personal experiences in hosting public web services. Finally we introduce
the RAppArmor package: a Linux based reference implementation for dynamic
sandboxing in R on the level of the operating system
Cybersecurity Logging & Monitoring Security Program
With ubiquitous computing becoming pervasive in every aspect of societies around the world and the exponential rise in cyber-based attacks, cybersecurity teams within global organizations are spending a massive amount of human and financial capital on their logging and monitoring security programs. As a critical part of global organizational security risk management processes, it is important that log information is aggregated in a timely, accurate, and relevant manner. It is also important that global organizational security operations centers are properly monitoring and investigating the security use-case alerting based on their log data. In this paper, the author proposes a model for security logging and monitoring which details the inception, implementation, and operations of the program. This entails providing an overview of the logging and monitoring program, its purpose, and structure
XML Schema-based Minification for Communication of Security Information and Event Management (SIEM) Systems in Cloud Environments
XML-based communication governs most of today's systems communication, due to
its capability of representing complex structural and hierarchical data.
However, XML document structure is considered a huge and bulky data that can be
reduced to minimize bandwidth usage, transmission time, and maximize
performance. This contributes to a more efficient and utilized resource usage.
In cloud environments, this affects the amount of money the consumer pays.
Several techniques are used to achieve this goal. This paper discusses these
techniques and proposes a new XML Schema-based Minification technique. The
proposed technique works on XML Structure reduction using minification. The
proposed technique provides a separation between the meaningful names and the
underlying minified names, which enhances software/code readability. This
technique is applied to Intrusion Detection Message Exchange Format (IDMEF)
messages, as part of Security Information and Event Management (SIEM) system
communication hosted on Microsoft Azure Cloud. Test results show message size
reduction ranging from 8.15% to 50.34% in the raw message, without using
time-consuming compression techniques. Adding GZip compression to the proposed
technique produces 66.1% shorter message size compared to original XML
messages.Comment: XML, JSON, Minification, XML Schema, Cloud, Log, Communication,
Compression, XMill, GZip, Code Generation, Code Readability, 9 pages, 12
figures, 5 tables, Journal Articl
Linux Networking Cookbook
If you want a book that lays out the steps for specific Linux networking tasks, one that clearly explains the commands and configurations, this is the book for you. Linux Networking Cookbook is a soup-to-nuts collection of recipes that covers everything you need to know to perform your job as a Linux network administrator. You'll dive straight into the gnarly hands-on work of building and maintaining a computer networ
Recommended from our members
WebISMS: (Web-Based Information Security Management System): A prevention information security tool
The impetus for this project came from five years of experience working as a system and network administrator in the California State University, San Bernardino\u27s (CSUSB\u27s) College of Natural Sciences. The college and campus in general are under continual cyber attack, usually by direct-penetration methods and all kinds of viruses, worms, and spywares. This project developed WebISMS as a prevention approach in information security. WebISMS is now deployed in the CSUSB Institute of Applied Supercomputing lab, where it is working efficiently as an information security assessment / audit tool
NETWORK DEVICE SYSTEM LOGGING SUMMARIZATION BASED ON LOW-RANK ADAPTATION AND CONTRASTIVE LEARNING
Techniques are presented herein that support the automatic generation of refined and summarized text from a system logging (syslog) message sequence. Aspects of the presented techniques employ an abstractive syslog summarization large language model (LLM) that is trained with contrastive learning and then fine-tuned using a Low-Rank Adaptation (LoRA) methodology. Under further aspects of the presented techniques, auxiliary text (such as network incident reports and application incident reports) is added to the prompt of the input of the LLM model to help the model generate a richer syslog summarization
Recommended from our members
Network syslog monitor
The purpose of this project to develope a network syslog monitoring system to monitor network devices like printers, switches, etc. and to help the network technical help desk personnel to handle issues promptly and effectively based on the syslog messages captured by the syslog server
Managing Network Security with Snort Open Source Intrusion Detection Tools
Organizations both large and small are constantly looking to improve their posture on security. Hackers and intruders have made many successful attempts to bring down high-profile company networks and web services for lack of adequate security. Many methods have been developed to secure the network infrastructure and communication over the Internet such as the firewall and intrusion detection systems. While most organizations deploy security equipment, they still encounter the challenge of monitoring and reviewing the security events. There are various intrusion detection tools in the market for free. Also, there are multiple ways to detect these attacks and vulnerabilities from being exploited and leaking corporate data on the internet. One method involves using intrusion detection systems to detect the attack and block or alert the appropriate staff of the attack. Snort contains a suite of tools that aids the administrators in detecting these events. In this paper, Snort IDS was analysed on how it manages the network from installation to deployment with additional tools that helps to analyse the security data. The components and rules to operate Snort were also discussed. As with other IDS it has advantages and disadvantages
Research and Proof of Concept of Selected ISKE Highest Level Integrity Requirements
Informatsiooni turvalisus on saamas üha olulisemaks tänapäeva ühiskonnas, kus üha rohkem protsesse ja tegevusi digitaliseeritakse ja andmed liiguvad paberilt bittideks ja baitideks digitaalsele kujule. Eesti riigi- ja avalikud asutused koguvad ja töötlevad informatsiooni, et tagada kõrgetasemelisi teenuseid, täita põhiseaduse kohustusi või rahvusvahelisi lepinguid. Avalik sektor Eestis peab täitma andmete käitlemisel informatsiooni turvalisuse standardi Infosüsteemide turvameetmete süsteemi ISKE nõudeid kolmes teguris: käideldavus, terviklus ja konfidentsiaalsus.Käesolev töö võtab tervikluse valdkonna detailsema uurimise alla, et saavutada ISKE meetmete täitmine ja turvaeesmärkide saavutamine, millised on nõutud kõrgeima terviklusega andmetele. Analüüsides ISKE tervikluse valdkonda ja luues mitmekülgse kontseptsiooni teostuse tõestamise projekti turvanõuete realiseerimise meetmetele on võimalik suurendada arendajate ja ISKE rakendamise partnerite teadlikkust saavutamaks parem informatsiooni turvalisus.Information security becomes more and more important in today's society, where more processes and operations will be digitised and data moves from paper to bits and bytes and receive digital form. In Estonia state and public institutions are collecting and processing information for providing high level services, fulfilling state needs on constitutional tasks or international contracts. Public sector in Estonia must apply information security standard IT Baseline Security System ISKE requirements in three factors: availability, integrity and confidentiality of processed data.This work takes integrity domain under detail research to meet ISKE requirements and security objectives demanded for data with highest integrity needs. By analysing integrity domain of ISKE and providing versatile proof of concept about solution for implementing security controls, it is possible to increase awareness of software developers and ISKE implementation participants to achieve better security of information
- …