Security Issues in Component-based Design

Abstract We propose a behavioural extension of the concept of interface of components. We aim to uniformly reason about correctness properties of both closed and open component-based systems. The characterizing feature of our approach is that we perform a local analysis over finite fragments of interactions naturally modeling mobility and coordination aspects. We present a semi-automatic technique that reduces the verification of security properties of protocols to the verification of correctness in component-based systems

Classification of logical vulnerability based on group attacking method

New advancement in the field of e-commerce software technology has also brought many benefits, at the same time developing process always face different sort of problems from design phase to implement phase. Software faults and defects increases the issues of reliability and security, that’s reason why a solution of this problem is required to fortify these issues. The paper addresses the problem associated with lack of clear component-based web application related classification of logical vulnerabilities through identifying Attack Group Method by categorizing two different types of vulnerabilities in component-based web applications. A new classification scheme of logical group attack method is proposed and developed by using a Posteriori Empirically methodology

Concepts of Safety Critical Systems Unification Approach & Security Assurance Process

The security assurance of computer-based systems that rely on safety and security assurance, such as consistency, durability, efficiency and accessibility, require or need resources. This targets the System-of-Systems (SoS) problems with the exception of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large information system. This research addresses security and information assurance for safety-critical systems, where security and safety are addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems

Building an End-To-End Security Infrastructure for Web-Based Aerospace Components E-Trading

The research paper focuses on the development of a generic framework and architecture for building an integrated end-to-end security infrastructure and closedloop solution to secure e-commerce and m-commerce. As an integral component, an intelligent decision support mechanism is developed in helping systems designers and managers make architectural, design, implementation, and deployment decisions on employing particular security solutions to issues and requirements arising in various e-commerce and m-commerce scenarios. In addition, this research identifies the key features, options and benefits of several security technologies as well as provide guidelines in managing the costs and complexities involved in the deployment of those security solutions. As an important groundwork for building a prototype based on the proposed research work, a study has been conducted to investigate the current B2B ecommerce operations between Pratt & Whitney (P&W) [15] (a division of United Technologies Corporation (UTC) [17]) and its partnering e-business and supply chain players in the aviation industry

CMOS detectors for space applications: from R&D to operational program with large volume foundry

Nowadays, CMOS image sensors are widely considered for space applications. The use of CIS (CMOS Image sensor) processes has significantly enhanced their performances such as dark current, quantum efficiency and conversion gain. However, in order to fulfil specific space mission requirements, dedicated research and development work has to be performed to address specific detector performance issues. This is especially the case for dynamic range improvement through output voltage swing optimisation, control of conversion gain and noise reduction. These issues have been addressed in a 0.35μm CIS process, based on a large volume CMOS foundry, by several joint ISAE- EADS Astrium R&D programs. These results have been applied to the development of the visible and near-infrared multi-linear imager for the SENTINEL 2 mission (LEO Earth observation mission for the Global Measurement Environment and Security program). For this high performance multi-linear device, output voltage swing improvement is achieved by process optimisation done in collaboration with foundry. Conversion gain control is also achieved for each spectral band by managing photodiode capacitance. A low noise level at sensor output is reached by the use of an architecture allowing Correlated Double Sampling readout in order to eliminate reset noise (KTC noise). KTC noise elimination reveals noisy pixels due to RTS noise. Optimisation of transistors’s dimensions, taking into account conversion gain constraints, is done to minimise these noisy pixels. Additional features have been also designed: 1) Due to different integration times between spectral bands required by mission, a specific readout mode was developed in order to avoid electrical perturbations during the integration time and readout. This readout mode leads to specific power supply architecture. 2)Post processing steps can be achieved by alignment marks design allowing a very good accuracy. These alignment marks can be used for a black coating deposition between spectral bands (pixel line) in order to minimise straight lighteffects. In conclusion a review of design improvements and performances of the final component is performed

CRM: a new dynamic cross-layer reputation computation model in wireless networks

This is the author accepted manuscript. The final version is available from University Press (OUP) via the DOI in this record.Multi-hop wireless networks (MWNs) have been widely accepted as an indispensable component of next-generation communication systems due to their broad applications and easy deployment without relying on any infrastructure. Although showing huge benefits, MWNs face many security problems, especially the internal multi-layer security threats being one of the most challenging issues. Since most security mechanisms require the cooperation of nodes, characterizing and learning actions of neighboring nodes and the evolution of these actions over time is vital to construct an efficient and robust solution for security-sensitive applications such as social networking, mobile banking, and teleconferencing. In this paper, we propose a new dynamic cross-layer reputation computation model named CRM to dynamically characterize and quantify actions of nodes. CRM couples uncertainty based conventional layered reputation computation model with cross-layer design and multi-level security technology to identify malicious nodes and preserve security against internal multi-layer threats. Simulation results and performance analyses demonstrate that CRM can provide rapid and accurate malicious node identification and management, and implement the security preservation against the internal multi-layer and bad mouthing attacks more effectively and efficiently than existing models.The authors would like to thank anonymous reviewers and editors for their constructive comments. This work is supported by: 1. Changjiang Scholars and Innovative Research Team in University (IRT1078), 2. the Key Program of NSFC-Guangdong Union Foundation (U1135002), 3. National Natural Science Foundation of China (61202390), 4. Fujian Natural Science Foundation：2013J01222, 5. the open research fund of Key Lab of Broadband Wireless Communication and Sensor Network Technology (Nanjing University of Posts and Telecommunications, Ministry of Education)

Enabling Trustworthiness in Sustainable Energy Infrastructure Through Blockchain and AI-Assisted Solutions

Network trustworthiness is a critical component of network security, as it builds on positive inter-actions, guarantees, transparency, and accountability. And with the growth of smart city services and applications, trustworthiness is becoming more important. Most current network trustworthiness solutions are insufficient, particularly for critical infrastructures where end devices are vulnerable and easily hacked. In terms of the energy sector, blockchain technology transforms all currencies into digital modes, thereby allowing one person to manage and exchange energy with others. This has drawn the attention of experts in many fields as a safe, low-cost platform to track billions of transactions in a distributed energy economy. Security and trust issues are still relatively new in the current centralized energy management scheme. With blockchain technology, a decentralized energy infrastructure enables parties to establish micro- grid trading energy transactions and apply artificial intelligence (AI). Using AI in energy systems enables machines to learn various parameters, such as predicted required amounts, excess amounts, and trusted partners. In this article, we envision a cooperative and distributed framework based on cutting-edge computing, communication, and intelligence capabilities such as AI and blockchain in the energy sector to enable secure energy trading, remote monitoring, and trustworthiness. The proposed framework can also enable secure energy trading at the edge devices and among multiple devices. There are also discussions on difficulties, issues, and design principles, as well as spotlights on some of the more popular solutions

Middleware Technologies for Cloud of Things - a survey

The next wave of communication and applications rely on the new services provided by Internet of Things which is becoming an important aspect in human and machines future. The IoT services are a key solution for providing smart environments in homes, buildings and cities. In the era of a massive number of connected things and objects with a high grow rate, several challenges have been raised such as management, aggregation and storage for big produced data. In order to tackle some of these issues, cloud computing emerged to IoT as Cloud of Things (CoT) which provides virtually unlimited cloud services to enhance the large scale IoT platforms. There are several factors to be considered in design and implementation of a CoT platform. One of the most important and challenging problems is the heterogeneity of different objects. This problem can be addressed by deploying suitable "Middleware". Middleware sits between things and applications that make a reliable platform for communication among things with different interfaces, operating systems, and architectures. The main aim of this paper is to study the middleware technologies for CoT. Toward this end, we first present the main features and characteristics of middlewares. Next we study different architecture styles and service domains. Then we presents several middlewares that are suitable for CoT based platforms and lastly a list of current challenges and issues in design of CoT based middlewares is discussed.Comment: http://www.sciencedirect.com/science/article/pii/S2352864817301268, Digital Communications and Networks, Elsevier (2017