1,361 research outputs found

    SecREP : A Framework for Automating the Extraction and Prioritization of Security Requirements Using Machine Learning and NLP Techniques

    Get PDF
    Gathering and extracting security requirements adequately requires extensive effort, experience, and time, as large amounts of data need to be analyzed. While many manual and academic approaches have been developed to tackle the discipline of Security Requirements Engineering (SRE), a need still exists for automating the SRE process. This need stems mainly from the difficult, error-prone, and time-consuming nature of traditional and manual frameworks. Machine learning techniques have been widely used to facilitate and automate the extraction of useful information from software requirements documents and artifacts. Such approaches can be utilized to yield beneficial results in automating the process of extracting and eliciting security requirements. However, the extraction of security requirements alone leaves software engineers with yet another tedious task of prioritizing the most critical security requirements. The competitive and fast-paced nature of software development, in addition to resource constraints make the process of security requirements prioritization crucial for software engineers to make educated decisions in risk-analysis and trade-off analysis. To that end, this thesis presents an automated framework/pipeline for extracting and prioritizing security requirements. The proposed framework, called the Security Requirements Extraction and Prioritization Framework (SecREP) consists of two parts: SecREP Part 1: Proposes a machine learning approach for identifying/extracting security requirements from natural language software requirements artifacts (e.g., the Software Requirement Specification document, known as the SRS documents) SecREP Part 2: Proposes a scheme for prioritizing the security requirements identified in the previous step. For the first part of the SecREP framework, three machine learning models (SVM, Naive Bayes, and Random Forest) were trained using an enhanced dataset the “SecREP Dataset” that was created as a result of this work. Each model was validated using resampling (80% of for training and 20% for validation) and 5-folds cross validation techniques. For the second part of the SecREP framework, a prioritization scheme was established with the aid of NLP techniques. The proposed prioritization scheme analyzes each security requirement using Part-of-speech (POS) and Named Entity Recognition methods to extract assets, security attributes, and threats from the security requirement. Additionally, using a text similarity method, each security requirement is compared to a super-sentence that was defined based on the STRIDE threat model. This prioritization scheme was applied to the extracted list of security requirements obtained from the case study in part one, and the priority score for each requirement was calculated and showcase

    Reinforcing Digital Trust for Cloud Manufacturing Through Data Provenance Using Ethereum Smart Contracts

    Get PDF
    Cloud Manufacturing(CMfg) is an advanced manufacturing model that caters to fast-paced agile requirements (Putnik, 2012). For manufacturing complex products that require extensive resources, manufacturers explore advanced manufacturing techniques like CMfg as it becomes infeasible to achieve high standards through complete ownership of manufacturing artifacts (Kuan et al., 2011). CMfg, with other names such as Manufacturing as a Service (MaaS) and Cyber Manufacturing (NSF, 2020), addresses the shortcoming of traditional manufacturing by building a virtual cyber enterprise of geographically distributed entities that manufacture custom products through collaboration. With manufacturing venturing into cyberspace, Digital Trust issues concerning product quality, data, and intellectual property security, become significant concerns (R. Li et al., 2019). This study establishes a trust mechanism through data provenance for ensuring digital trust between various stakeholders involved in CMfg. A trust model with smart contracts built on the Ethereum blockchain implements data provenance in CMfg. The study covers three data provenance models using Ethereum smart contracts for establishing digital trust in CMfg. These are Product Provenance, Order Provenance, and Operational Provenance. The models of provenance together address the most important questions regarding CMfg: What goes into the product, who manufactures the product, who transports the products, under what conditions the products are manufactured, and whether regulatory constraints/requisites are met

    Wearable and Implantable Wireless Sensor Network Solutions for Healthcare Monitoring

    Get PDF
    Wireless sensor network (WSN) technologies are considered one of the key research areas in computer science and the healthcare application industries for improving the quality of life. The purpose of this paper is to provide a snapshot of current developments and future direction of research on wearable and implantable body area network systems for continuous monitoring of patients. This paper explains the important role of body sensor networks in medicine to minimize the need for caregivers and help the chronically ill and elderly people live an independent life, besides providing people with quality care. The paper provides several examples of state of the art technology together with the design considerations like unobtrusiveness, scalability, energy efficiency, security and also provides a comprehensive analysis of the various benefits and drawbacks of these systems. Although offering significant benefits, the field of wearable and implantable body sensor networks still faces major challenges and open research problems which are investigated and covered, along with some proposed solutions, in this paper

    Disruption Response Support For Inland Waterway Transportation

    Get PDF
    Motivated by the critical role of the inland waterways in the United States\u27 transportation system, this dissertation research focuses on pre- and post- disruption response support when the inland waterway navigation system is disrupted by a natural or manmade event. Following a comprehensive literature review, four research contributions are achieved. The first research contribution formulates and solves a cargo prioritization and terminal allocation problem (CPTAP) that minimizes total value loss of the disrupted barge cargoes on the inland waterway transportation system. It is tailored for maritime transportation stakeholders whose disaster response plans seek to mitigate negative economic and societal impacts. A genetic algorithm (GA)-based heuristic is developed and tested to solve realistically-sized instances of CPTAP. The second research contribution develops and examines a tabu search (TS) heuristic as an improved solution approach to CPTAP. Different from GA\u27s population search approach, the TS heuristic uses the local search to find improved solutions to CPTAP in less computation time. The third research contribution assesses cargo value decreasing rates (CVDRs) through a Value-focused Thinking based methodology. The CVDR is a vital parameter to the general cargo prioritization modeling as well as specifically for the CPTAP model for inland waterways developed here. The fourth research contribution develops a multi-attribute decision model based on the Analytic Hierarchy Process that integrates tangible and intangible factors in prioritizing cargo after an inland waterway disruption. This contribution allows for consideration of subjective, qualitative attributes in addition to the pure quantitative CPTAP approach explored in the first two research contributions

    Options for state chemicals policy reform:A resource guide

    Get PDF

    Ethics and Morality in AI - A Systematic Literature Review and Future Research

    Get PDF
    Artificial intelligence (AI) has become an integral part of our daily lives in recent years. At the same time, the topic of ethics and morality in the context of AI has been discussed in both practical and scientific discourse. Either it deals with ethical concerns, concrete application areas, the programming of AI or its moral status. However, no article can be found that provides an overview of the combination of ethics, morality and AI and systematizes them. Thus, this paper provides a systematic literature review on ethics and morality in the context of AI examining the scientific literature between the years 2017 and 2021. The search resulted in 1,641 articles across five databases of which 224 articles were included in the evaluation. Literature was systematized into seven topics presented in this paper. Implications of this review can be valuable not only for academia, but also for practitioners

    Security of systems: modeling and analysis methodology

    Get PDF
    Die Security-Bewertung eines Systems erfordert eine Systembeschreibung. Die Beschreibung bestimmt die Qualität der Analyse und die Qualität der entsprechenden Security-Lösung. In der Arbeit wird eine Methodik zur Bewertung der Security von Systemen entwickelt. Es wird mit einem einfachen Modell begonnen und dieses iterativ verfeinert. Das resultierende Modell repräsentiert eine möglichst vollständige Sicht auf das zu evaluierende System, wobei die einzelnen Schritte überschaubar bleiben. In der Praxis variiert der Grad der verfügbaren Informationen. Der Ansatz kann mit fehlenden Informationen über Teile des Systems umgehen. Das Modell beinhaltet schließlich Teilsysteme auf verschiedenen Abstraktionsebenen. Nach jedem atomaren Schritt der Modellierung kann eine Analyse durchgeführt werden, um die Security des modellierten Systems zu bewerten. Die Analyse ermittelt die Pfade, die ein Angreifer durch das System nehmen könnte. Da sich bei einem komplexen System eine große Anzahl an Pfaden ergibt, können diese für eine detailliertere Betrachtung priorisiert werden. Die Methodik kann in allen Phasen des Systemlebenszyklus eingesetzt werden. Sie ist erweiterbar gehalten, um zusätzliche Informationen und Konzepte einbeziehen zu können.The evaluation of security of a system requires a system description. The description determines the quality of the analysis and the quality of the corresponding security solution. The thesis introduces a methodology for evaluating the security of systems. By starting with a simple model and iteratively refining it, the resulting model represents an as complete as needed view on the system under evaluation by keeping the single steps manageable. In real world scenarios, it is a common case that the degree of information available varies. The approach can deal with missing information on parts of the system. Finally, it leads to a model of different levels of abstraction for each subsystem. After each atomic step of modeling, an analysis can be executed to evaluate the security of the modeled system. The analysis determines the paths an attacker could take through the system. As there will be a large number of paths for a complex system, they can be sorted for prioritized in depth inspection. The methodology is intended to be used at all steps of system life cycle. Additionally, it is extendable to allow inclusion of further information and concepts

    All in the Family: Exploring Design Personas of Systems for Remote Communication with Preschoolers

    Get PDF
    Although there have been recent advances in remote communication technologies that foster connectedness and intimacy over a distance, systems designed for communicating with preliterate preschoolers—a desired use case—are not yet prevalent, nor are there clear guidelines for their design. We conducted a mixed-methods study to characterize the current practices, goals, and needs of people who wish to use remote communication systems with young children. We present quantitative and qualitative findings on the motivations for communicating, the habits, activities, and patterns that have been established, and the barriers and concerns faced. We synthesized these findings into four design personas that describe the desired functionality and requirements of systems to support remote communication with preschoolers. For each persona, we systematically evaluated 60 research-based systems based on the extent to which each persona’s requirements were covered, demonstrating that none of the personas were greatly satisfied with the available tools
    • …
    corecore