A New Fuzzy MCDM Framework to Evaluate E-Government Security Strategy

Ensuring security of e-government applications and infrastructures is crucial to maintain trust among stakeholders to store, process and exchange information over the e-government systems. Due to dynamic and continuous threats on e-government information security, policy makers need to perform evaluation on existing information security strategy as to deliver trusted e-government services. This paper presents an information security evaluation framework based on new fuzzy multi criteria decision making (MCDM) to help policy makers conduct comprehensive assessment of e-government security strategy.Comment: IEEE 4th International Conference on Application of Information and Communication Technologies AICT201

Defining Security Requirements with the Common Criteria: Applications, Adoptions, and Challenges

Advances of emerging Information and Communications Technology (ICT) technologies push the boundaries of what is possible and open up new markets for innovative ICT products and services. The adoption of ICT products and systems with security properties depends on consumers' confidence and markets' trust in the security functionalities and whether the assurance measures applied to these products meet the inherent security requirements. Such confidence and trust are primarily gained through the rigorous development of security requirements, validation criteria, evaluation, and certification. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for cyber security certification. In this paper, we conduct a systematic review of the CC standards and its adoptions. Adoption barriers of the CC are also investigated based on the analysis of current trends in security evaluation. Specifically, we share the experiences and lessons gained through the recent Development of Australian Cyber Criteria Assessment (DACCA) project that promotes the CC among stakeholders in ICT security products related to specification, development, evaluation, certification and approval, procurement, and deployment. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented

Fedora Commons 3.0 Versus DSpace 1.5 : Selecting an Enterprise-Grade Repository System for FAO of the United Nations

4th International Conference on Open RepositoriesThis presentation was part of the session : Conference PostersAn extensive evaluation of the Fedora Commons 3.0 and DSpace 1.5 digital document repository systems has been conducted. The evaluation aimed at selecting an open source software package that best satisfies the FAO Open Archive and FAO organizational requirements and the requirements for the storage, dissemination and preservation of documents and bibliographic metadata. Both repository systems were evaluated against thirty-two criteria chosen from nine core categories of requirements: community, security, functionality, integration, modularity, metadata, statistics and reports, preservation, and outputs. These criteria were selected with the merger of the FAODOC and FAO Corporate Document Repository (CDR) into the FAO Open Archive in mind.Food and Agriculture Organization of the United Nation

TrustE-VC: Trustworthy Evaluation Framework for Industrial Connected Vehicles in the Cloud

The integration between cloud computing and vehicular ad hoc networks, namely, vehicular clouds (VCs), has become a significant research area. This integration was proposed to accelerate the adoption of intelligent transportation systems. The trustworthiness in VCs is expected to carry more computing capabilities that manage large-scale collected data. This trend requires a security evaluation framework that ensures data privacy protection, integrity of information, and availability of resources. To the best of our knowledge, this is the first study that proposes a robust trustworthiness evaluation of vehicular cloud for security criteria evaluation and selection. This article proposes three-level security features in order to develop effectiveness and trustworthiness in VCs. To assess and evaluate these security features, our evaluation framework consists of three main interconnected components: 1) an aggregation of the security evaluation values of the security criteria for each level; 2) a fuzzy multicriteria decision-making algorithm; and 3) a simple additive weight associated with the importance-performance analysis and performance rate to visualize the framework findings. The evaluation results of the security criteria based on the average performance rate and global weight suggest that data residency, data privacy, and data ownership are the most pressing challenges in assessing data protection in a VC environment. Overall, this article paves the way for a secure VC using an evaluation of effective security features and underscores directions and challenges facing the VC community. This article sheds light on the importance of security by design, emphasizing multiple layers of security when implementing industrial VCsThis work was supported in part by the Ministry of Education, Culture, and Sport, Government of Spain under Grant TIN2016-76373-P, in part by the Xunta de Galicia Accreditation 2016–2019 under Grant ED431G/08 and Grant ED431C 2018/2019, and in part by the European Union under the European Regional Development FundS

Terahertz Security Image Quality Assessment by No-reference Model Observers

To provide the possibility of developing objective image quality assessment (IQA) algorithms for THz security images, we constructed the THz security image database (THSID) including a total of 181 THz security images with the resolution of 127*380. The main distortion types in THz security images were first analyzed for the design of subjective evaluation criteria to acquire the mean opinion scores. Subsequently, the existing no-reference IQA algorithms, which were 5 opinion-aware approaches viz., NFERM, GMLF, DIIVINE, BRISQUE and BLIINDS2, and 8 opinion-unaware approaches viz., QAC, SISBLIM, NIQE, FISBLIM, CPBD, S3 and Fish_bb, were executed for the evaluation of the THz security image quality. The statistical results demonstrated the superiority of Fish_bb over the other testing IQA approaches for assessing the THz image quality with PLCC (SROCC) values of 0.8925 (-0.8706), and with RMSE value of 0.3993. The linear regression analysis and Bland-Altman plot further verified that the Fish__bb could substitute for the subjective IQA. Nonetheless, for the classification of THz security images, we tended to use S3 as a criterion for ranking THz security image grades because of the relatively low false positive rate in classifying bad THz image quality into acceptable category (24.69%). Interestingly, due to the specific property of THz image, the average pixel intensity gave the best performance than the above complicated IQA algorithms, with the PLCC, SROCC and RMSE of 0.9001, -0.8800 and 0.3857, respectively. This study will help the users such as researchers or security staffs to obtain the THz security images of good quality. Currently, our research group is attempting to make this research more comprehensive.Comment: 13 pages, 8 figures, 4 table

A Low-Cost Unified Experimental FPGA Board for Cryptography Applications

This paper describes the evaluation of available experimental boards, the comparison of their supported set of experiments and other aspects. The second part of this evaluation is focused on the design process of the PCB (Printed Circuit Board) for an FPGA (Field Programmable Gate Array) based cryptography environment suitable for evaluating the latest trends in the IC (Integrated Circuit) security like Side–Channel Attacks (SCA) or Physically Unclonable Function (PUF). It leads to many criteria affecting the design process and also the suitability for evaluating and measuring results of the attacks and their countermeasures. The developed system should be open, versatile and unrestricted by the U.S. law [1]

A NEW APPROACH TO RISK ASSESSMENT BASED ON THE SEMANTIC VALUE OF EXPRESSIONS

The framework takes into account non-quantifiable decision variables and dilemmas, and uncertainties related to input data. The RISKMAN model scheme consists of process description and a range of suggested evaluation criteria as well as guidelines on how is possible to perform the evaluation. In addition to guidelines on prioritizing and evaluating the different criteria, the interpretation and use of the numerical results is discussed. The framework also shows the follow-up management strategies based on the outcome of the evaluation. In short, it describes a possible way of following up the output of security risk assessments and the identified size of security risks. It involves different stakeholders and offers a transparent process for prioritizing, and finally, selecting security measures. In its simplest form, the whole evaluation should be conducted by security experts within the decision making procedures, making qualitative assessments according the offered criteria. This can be necessary as a first screening for choosing capacities for further decisions. The use of and the strengths and weaknesses of the framework should be pre-tested within the stage of planning process and simulation of predictable threats

A stochastic multi-criteria assessment of security of transportation assets

Transportation project evaluation and prioritization use traditional performance measures including travel time, safety, user costs, economic efficiency, and environmental quality. The project impacts in terms of enhancing the infrastructure resilience or mitigating the consequences of infrastructure damage in the event of disaster occurrence are rarely considered in project evaluation. This dissertation presents a methodology to address this issue so that in evaluating and prioritizing investments, infrastructure with low security can receive the attention they deserve. Secondly, the methodology can be used for evaluating and prioritizing candidate investments dedicated specifically to security enhancement. In defining security as a function of threat likelihood, asset resilience and damage consequences, this dissertation uses security-related considerations in investment prioritization thus adding further robustness in traditional evaluations. As this leads to an increase in the number of performance criteria in the evaluation, the dissertation adopts a multiple-criteria analysis approach. The methodology quantifies the overall security level for an infrastructure in terms of the threats it faces, its resilience to damage, and the consequences in the event of the infrastructure damage. The dissertation demonstrates that it is feasible to develop a security-related measure that can be used as a performance criterion in the evaluation of general transportation projects or projects dedicated specifically towards security improvement. Through a case study, the dissertation applies the methodology by measuring the risk (and hence, security) of each for bridge infrastructure in Indiana. The method was also fuzzified and a Monte Carlo simulation was run to account for unknown data and uncertainty. On the basis of the multiple types of impacts including risk impacts such as the increase in security due to each candidate investment, this dissertation shows how to prioritize security investments across the multiple infrastructure assets using multiple-criteria analysis