Integrating security and usability into the requirements and design process

According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human–computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these

Development and Deployment of VoiceXML-Based Banking Applications

In recent times, the financial sector has become one of the most vibrant sectors of the Nigerian economy with about twenty five banks after the bank consolidation / merger exercise. This sector presents huge business investments in the area of Information and Communication Technology (ICT). It is also plausible to say that the sector today is the largest body of ICT services and products users. It is no gainsaying the fact that so many Nigerians now carry mobile phones across the different parts of the country. However, applications that provide voice access to real-time banking transactions from anywhere, anytime via telephone are still at their very low stage of adoption across the Nigerian banking and financial sector. A versatile speech-enabled mobile banking application has been developed using VXML, PHP, Apache and MySQL. The developed application provides real-time access to banking services, thus improving corporate bottom-line and Quality of Service (QoS) for customer satisfaction

Proposing a secure component-based-application logic and system’s integration testing approach

Software engineering moved from traditional methods of software enterprise applications to com-ponent based development for distributed system’s applications. This new era has grown up forlast few years, with component-based methods, for design and rapid development of systems, butfact is that , deployment of all secure software features of technology into practical e-commercedistributed systems are higher rated target for intruders. Although most of research has been con-ducted on web application services that use a large share of the present software, but on the otherside Component Based Software in the middle tier ,which rapidly develops application logic, alsoopen security breaching opportunities .This research paper focus on a burning issue for researchersand scientists ,a weakest link in component based distributed system, logical attacks, that cannotbe detected with any intrusion detection system within the middle tier e-commerce distributed ap-plications. We proposed An Approach of Secure Designing application logic for distributed system,while dealing with logically vulnerability issue

Pervasive computing at tableside : a wireless web-based ordering system

Purpose &ndash; The purpose of this paper is to introduce a wireless web-based ordering system called iMenu in the restaurant industry. Design/methodology/approach &ndash; By using wireless devices such as personal digital assistants and WebPads, this system realizes the paradigm of pervasive computing at tableside. Detailed system requirements, design, implementation and evaluation of iMenu are presented.Findings &ndash; The evaluation of iMenu shows it explicitly increases productivity of restaurant staff. It also has other desirable features such as integration, interoperation and scalability. Compared to traditional restaurant ordering process, by using this system customers get faster and better services, restaurant staff cooperate more efficiently with less working mistakes, and enterprise owners thus receive more business profits. Originality/value &ndash; While many researchers have explored using wireless web-based information systems in different industries, this paper presents a system that employs wireless multi-tiered web-based architecture to build pervasive computing systems. Instead of discussing theoretical issues on pervasive computing, we focus on practical issues of developing a real system, such as choosing of web-based architecture, design of input methods in small screens, and response time in wireless web-based systems.<br /

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

XML Security in Certificate Management - XML Certificator

The trend of rapid growing use of XML format in data/document management system reveals that security measures should be urgently considered into next generation's data/document systems. This paper presents a new certificate management system developed on the basis of XML security mechanisms. The system is supported by the theories of XML security as well as Object oriented technology and database. Finally it has been successfully implemented in using C&#, SQL, XML signature and XML encryption. An implementation metrics is evidently presented

Formal modelling and design of mobile prescription applications

Adverse drug effects are a major cause of death in the world with tens of thousand deaths occurring each year because of medication or prescription errors. Many errors involve the prescription or administration of the wrong drug or dosage by care givers to patients due to illegible handwriting, dosage mistakes, confusing drug names. With the use of mobile devices such as personal digital assistants and smart phones some of these errors could be eliminated because they allow prescription information to be captured and viewed in type rather than handwriting. This paper presents a formal modelling, and design of a prescription application to improve health care services. This could lead to costs and life savings in healthcare centres across the world especially in developing countries where treatment processes are usually paper based