106,451 research outputs found
How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems
Recently security researchers have started to look into automated generation
of attack trees from socio-technical system models. The obvious next step in
this trend of automated risk analysis is automating the selection of security
controls to treat the detected threats. However, the existing socio-technical
models are too abstract to represent all security controls recommended by
practitioners and standards. In this paper we propose an attack-defence model,
consisting of a set of attack-defence bundles, to be generated and maintained
with the socio-technical model. The attack-defence bundles can be used to
synthesise attack-defence trees directly from the model to offer basic
attack-defence analysis, but also they can be used to select and maintain the
security controls that cannot be handled by the model itself.Comment: GraMSec 2015, 16 page
Towards business integration as a service 2.0 (BIaaS 2.0)
Cloud Computing Business Framework (CCBF) is a framework for designing and implementation of Could Computing solutions. This proposal focuses on how CCBF can help to address linkage in Cloud Computing implementations. This leads to the development of Business Integration as a Service 1.0 (BIaaS 1.0) allowing different services, roles and functionalities to work together in a linkage-oriented framework where the outcome of one service can be input to another, without the need to translate between domains or languages. BIaaS 2.0 aims to allow automation, enhanced security, advanced risk modelling and improved collaboration between processes in BIaaS 1.0. The benefits from adopting BIaaS 1.0 and developing BIaaS 2.0 are illustrated using a case study from the University of Southampton and several collaborators including IBM US. BIaaS 2.0 can work with mainstream technologies such as scientific workflows, and the proposal and demonstration of BIaaS 2.0 will be aimed to certainly benefit industry and academia. © 2011 IEEE
Towards Business Integration as a Service 2.0
Cloud Computing Business Framework (CCBF) is a framework for designing and implementation of Could Computing solutions. This proposal focuses on how CCBF can help to address linkage in Cloud Computing implementations. This leads to the development of Business Integration as a Service 1.0 (BIaS 1.0) allowing different services, roles and functionalities to work together in a linkage-oriented framework where the outcome of one service can be input to another, without the need to translate between domains or languages. BIaS 2.0 aims to allow full automation, enhanced security, advanced risk modelling and improved collaboration between processes in BIaaS 1.0. The benefits from adopting BIaS 1.0 and developing BIaS 2.0 are illustrated using a case study from the University of Southampton and several collaborators including IBM US. BIaS 2.0 can work with mainstream technologies such as scientific workflows, and the proposal and demonstration of BIaaS 2.0 will certainly benefit industry and academia
Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption
Nowadays, advanced security mechanisms exist to protect data, systems, and
networks. Most of these mechanisms are effective, and security experts can
handle them to achieve a sufficient level of security for any given system.
However, most of these systems have not been designed with focus on good
usability for the average end user. Today, the average end user often struggles
with understanding and using security mecha-nisms. Other security mechanisms
are simply annoying for end users. As the overall security of any system is
only as strong as the weakest link in this system, bad usability of IT security
mechanisms may result in operating errors, resulting in inse-cure systems.
Buying decisions of end users may be affected by the usability of security
mechanisms. Hence, software provid-ers may decide to better have no security
mechanism then one with a bad usability. Usability of IT security mechanisms is
one of the most underestimated properties of applications and sys-tems. Even IT
security itself is often only an afterthought. Hence, usability of security
mechanisms is often the after-thought of an afterthought. This paper presents
some guide-lines that should help software developers to improve end user
usability of security-related mechanisms, and analyzes com-mon applications
based on these guidelines. Based on these guidelines, the usability of email
encryption is analyzed and an email encryption solution with increased
usability is presented. The approach is based on an automated key and trust
man-agement. The compliance of the proposed email encryption solution with the
presented guidelines for usable security mechanisms is evaluated
Recommended from our members
Urban Air Mobility Market Study
The Booz Allen Team explored market size and potential barriers to Urban Air Mobility (UAM) by focusing on three potential markets – Airport Shuttle, Air Taxi, and Air Ambulance. We found that the Airport Shuttle and Air Taxi markets are viable, with a significant total available market value in the U.S. of 2.5 billion, in the near term. However, we determined that these constraints can be addressed through ongoing intra-governmental partnerships, government and industry collaboration, strong industry commitment, and existing legal and regulatory enablers. We found that the Air Ambulance market is not a viable market if served by electric vertical takeoff and landing (eVTOL) vehicles due to technology constraints but may potentially be viable if a hybrid VTOL aircraft are utilized
Ethical and Social Aspects of Self-Driving Cars
As an envisaged future of transportation, self-driving cars are being
discussed from various perspectives, including social, economical, engineering,
computer science, design, and ethics. On the one hand, self-driving cars
present new engineering problems that are being gradually successfully solved.
On the other hand, social and ethical problems are typically being presented in
the form of an idealized unsolvable decision-making problem, the so-called
trolley problem, which is grossly misleading. We argue that an applied
engineering ethical approach for the development of new technology is what is
needed; the approach should be applied, meaning that it should focus on the
analysis of complex real-world engineering problems. Software plays a crucial
role for the control of self-driving cars; therefore, software engineering
solutions should seriously handle ethical and social considerations. In this
paper we take a closer look at the regulative instruments, standards, design,
and implementations of components, systems, and services and we present
practical social and ethical challenges that have to be met, as well as novel
expectations for software engineering.Comment: 11 pages, 3 figures, 2 table
- …