4,616 research outputs found
System Security Assurance: A Systematic Literature Review
System security assurance provides the confidence that security features,
practices, procedures, and architecture of software systems mediate and enforce
the security policy and are resilient against security failure and attacks.
Alongside the significant benefits of security assurance, the evolution of new
information and communication technology (ICT) introduces new challenges
regarding information protection. Security assurance methods based on the
traditional tools, techniques, and procedures may fail to account new
challenges due to poor requirement specifications, static nature, and poor
development processes. The common criteria (CC) commonly used for security
evaluation and certification process also comes with many limitations and
challenges. In this paper, extensive efforts have been made to study the
state-of-the-art, limitations and future research directions for security
assurance of the ICT and cyber-physical systems (CPS) in a wide range of
domains. We conducted a systematic review of requirements, processes, and
activities involved in system security assurance including security
requirements, security metrics, system and environments and assurance methods.
We highlighted the challenges and gaps that have been identified by the
existing literature related to system security assurance and corresponding
solutions. Finally, we discussed the limitations of the present methods and
future research directions
An Assurance Framework for Independent Co-assurance of Safety and Security
Integrated safety and security assurance for complex systems is difficult for
many technical and socio-technical reasons such as mismatched processes,
inadequate information, differing use of language and philosophies, etc.. Many
co-assurance techniques rely on disregarding some of these challenges in order
to present a unified methodology. Even with this simplification, no methodology
has been widely adopted primarily because this approach is unrealistic when met
with the complexity of real-world system development.
This paper presents an alternate approach by providing a Safety-Security
Assurance Framework (SSAF) based on a core set of assurance principles. This is
done so that safety and security can be co-assured independently, as opposed to
unified co-assurance which has been shown to have significant drawbacks. This
also allows for separate processes and expertise from practitioners in each
domain. With this structure, the focus is shifted from simplified unification
to integration through exchanging the correct information at the right time
using synchronisation activities
Recommended from our members
Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective
Security demands are increasing for all types of organisations, due to the ever-closer integration of computing infrastructures and smart devices into all aspects of the organisational operations. Consequently, the need for security-aware employees in every role of an organisation increases in accordance. Cyber Range training emerges as a promising solution, allowing employees to train in both realistic environments and scenarios and gaining hands-on experience in security aspects of varied complexity, depending on their role and level of expertise. To that end, this work introduces a model-driven approach for Cyber Range training that facilitates the generation of tailor-made training scenarios based on a comprehensive model-based description of the organisation and its security posture. Additionally, our approach facilitates the auto- mated deployment of such training environments, tailored to each defined scenario, through simulation and emulation means. To further highlight the usability of the proposed approach, this work also presents scenarios focusing on phishing threats, with increasing level of complexity and difficulty
CyberGuarder: a virtualization security assurance architecture for green cloud computing
Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation
Secure Biometric Cryptosystem for Distributed System
Information (biometric) security is concerned with the assurance of confidentiality, integrity, and availability of information in all forms, biometric information is very sophisticated in terms of all, in this work we are focusing on data pattern along with all security assurance, so that we can improve the matching performance with good security assurance, here one of the most effective RSA algorithm use with biometric (fingerprint) data. Our work includes the determination of appropriate key sizes with security issues and determines the matching performance using MATLAB and JDK1.6, performance of this system is more than 86.7% and when combines this with blind authentication techniques then we get all security assurance with high performance biometric cryptosystem
Evaluating Security Assurance Case Adaptation
Security certification processes for information systems involve expressing security controls as functional and non-functional requirements, monitoring deployed mechanisms that satisfy the requirements, and measuring the degree of confidence in system compliance. With the potential for systems to perform runtime self-adaptation, functional changes to remedy system performance may impact security control compliance. This impact can extend throughout a network of related controls causing significant degradation to the system’s overall compliance status. We represent security controls as security assurance cases and implement them in XML for management and evaluation. The approach maps security controls to softgoals, introducing achievement weights to the assurance case structure as the foundation for determining security softgoal satisficing levels. Potential adaptations adjust the achievement weights to produce different satisficing levels. We show how the levels can be propagated within the network of related controls to assess the overall security control compliance of a potential adaptation
Quantum Cryptography
Quantum cryptography is a new method for secret communications offering the
ultimate security assurance of the inviolability of a Law of Nature. In this
paper we shall describe the theory of quantum cryptography, its potential
relevance and the development of a prototype system at Los Alamos, which
utilises the phenomenon of single-photon interference to perform quantum
cryptography over an optical fiber communications link.Comment: 36 pages in compressed PostScript format, 10 PostScript figures
compressed tar fil
Recommended from our members
Security Assurance for Web Device APIs
There are currently proposals for web access to devices. The security threats are obvious. We propose design principles intended to ensure that the user actually controls access, despite potential errors in judgment, tricky web pages, or flaws in browsers
- …