65,919 research outputs found
Threat Modelling for Active Directory
This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here
Threats Management Throughout the Software Service Life-Cycle
Software services are inevitably exposed to a fluctuating threat picture.
Unfortunately, not all threats can be handled only with preventive measures
during design and development, but also require adaptive mitigations at
runtime. In this paper we describe an approach where we model composite
services and threats together, which allows us to create preventive measures at
design-time. At runtime, our specification also allows the service runtime
environment (SRE) to receive alerts about active threats that we have not
handled, and react to these automatically through adaptation of the composite
service. A goal-oriented security requirements modelling tool is used to model
business-level threats and analyse how they may impact goals. A process flow
modelling tool, utilising Business Process Model and Notation (BPMN) and
standard error boundary events, allows us to define how threats should be
responded to during service execution on a technical level. Throughout the
software life-cycle, we maintain threats in a centralised threat repository.
Re-use of these threats extends further into monitoring alerts being
distributed through a cloud-based messaging service. To demonstrate our
approach in practice, we have developed a proof-of-concept service for the Air
Traffic Management (ATM) domain. In addition to the design-time activities, we
show how this composite service duly adapts itself when a service component is
exposed to a threat at runtime.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Model Based Development of Quality-Aware Software Services
Modelling languages and development frameworks give support for functional and structural description of software architectures. But quality-aware applications require languages which allow expressing QoS as a first-class concept during architecture design and service composition, and to extend existing tools and infrastructures adding support for modelling, evaluating, managing and monitoring QoS aspects. In addition to its functional behaviour and internal structure, the developer of each service must consider the fulfilment of its quality requirements. If the service is flexible, the output quality depends both on input quality and available resources (e.g., amounts of CPU execution time and memory). From the software engineering point of view, modelling of quality-aware requirements and architectures require modelling support for the description of quality concepts, support for the analysis of quality properties (e.g. model checking and consistencies of quality constraints, assembly of quality), tool support for the transition from quality requirements to quality-aware architectures, and from quality-aware architecture to service run-time infrastructures. Quality management in run-time service infrastructures must give support for handling quality concepts dynamically. QoS-aware modeling frameworks and QoS-aware runtime management infrastructures require a common evolution to get their integration
Recommended from our members
Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things
A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Grid-enabling FIRST: Speeding up simulation applications using WinGrid
The vision of grid computing is to make computational power, storage capacity, data and applications available to users as readily as electricity and other utilities. Grid infrastructures and applications have traditionally been geared towards dedicated, centralized, high performance clusters running on UNIX flavour operating systems (commonly referred to as cluster-based grid computing). This can be contrasted with desktop-based grid computing which refers to the aggregation of non-dedicated, de-centralized, commodity PCs connected through a network and running (mostly) the Microsoft Windowstrade operating system. Large scale adoption of such Windowstrade-based grid infrastructure may be facilitated via grid-enabling existing Windows applications. This paper presents the WinGridtrade approach to grid enabling existing Windowstrade based commercial-off-the-shelf (COTS) simulation packages (CSPs). Through the use of a case study developed in conjunction with Ford Motor Company, the paper demonstrates how experimentation with the CSP Witnesstrade and FIRST can achieve a linear speedup when WinGridtrade is used to harness idle PC computing resources. This, combined with the lessons learned from the case study, has encouraged us to develop the Web service extensions to WinGridtrade. It is hoped that this would facilitate wider acceptance of WinGridtrade among enterprises having stringent security policies in place
- …