38,965 research outputs found
Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE
As more businesses and users adopt cloud computing services, security
vulnerabilities will be increasingly found and exploited. There are many
technological and political challenges where investigation of potentially
criminal incidents in the cloud are concerned. Security experts, however, must
still be able to acquire and analyze data in a methodical, rigorous and
forensically sound manner. This work applies the STRIDE asset-based risk
assessment method to cloud computing infrastructure for the purpose of
identifying and assessing an organization's ability to respond to and
investigate breaches in cloud computing environments. An extension to the
STRIDE risk assessment model is proposed to help organizations quickly respond
to incidents while ensuring acquisition and integrity of the largest amount of
digital evidence possible. Further, the proposed model allows organizations to
assess the needs and capacity of their incident responders before an incident
occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on
Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp.
223-236, 201
Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios
The composition of vulnerabilities in attack scenarios has been traditionally performed based on detailed pre- and post-conditions. Although very precise, this approach is dependent on human analysis, is time consuming, and not at all scalable. We investigate the NIST National Vulnerability Database (NVD) with three goals: (i) understand the associations among vulnerability attributes related to impact, exploitability, privilege, type of vulnerability and clues derived from plaintext descriptions, (ii) validate our initial composition model which is based on required access and resulting effect, and (iii) investigate the maturity of XML database technology for performing statistical analyses like this directly on the XML data. In this report, we analyse 27,273 vulnerability entries (CVE 1) from the NVD. Using only nominal information, we are able to e.g. identify clusters in the class of vulnerabilities with no privilege which represent 52% of the entries
Hypermedia support for argumentation-based rationale: 15 years on from gIBIS and QOC
Having developed, used and evaluated some of the early IBIS-based approaches to design rationale (DR) such as gIBIS and QOC in the late 1980s/mid-1990s, we describe the subsequent evolution of the argumentation-based paradigm through software support, and perspectives drawn from modeling and meeting facilitation. Particular attention is given to the challenge of negotiating the overheads of capturing this form of rationale. Our approach has maintained a strong emphasis on keeping the representational scheme as simple as possible to enable real time meeting mediation and capture, attending explicitly to the skills required to use the approach well, particularly for the sort of participatory, multi-stakeholder requirements analysis demanded by many design problems. However, we can then specialize the notation and the way in which the tool is used in the service of specific methodologies, supported by a customizable hypermedia environment, and interoperable with other software tools. After presenting this approach, called Compendium, we present examples to illustrate the capabilities for support security argumentation in requirements engineering, template driven modeling for document generation, and IBIS-based indexing of and navigation around video records of meetings
Grid Databases for Shared Image Analysis in the MammoGrid Project
The MammoGrid project aims to prove that Grid infrastructures can be used for
collaborative clinical analysis of database-resident but geographically
distributed medical images. This requires: a) the provision of a
clinician-facing front-end workstation and b) the ability to service real-world
clinician queries across a distributed and federated database. The MammoGrid
project will prove the viability of the Grid by harnessing its power to enable
radiologists from geographically dispersed hospitals to share standardized
mammograms, to compare diagnoses (with and without computer aided detection of
tumours) and to perform sophisticated epidemiological studies across national
boundaries. This paper outlines the approach taken in MammoGrid to seamlessly
connect radiologist workstations across a Grid using an "information
infrastructure" and a DICOM-compliant object model residing in multiple
distributed data stores in Italy and the UKComment: 10 pages, 5 figure
Security-oriented data grids for microarray expression profiles
Microarray experiments are one of the key ways in which gene activity can be identified and measured thereby shedding light and understanding for example on biological processes. The BBSRC funded Grid enabled Microarray Expression Profile Search (GEMEPS) project has developed an infrastructure which allows post-genomic life science researchers to ask and answer the following questions: who has undertaken microarray experiments that are in some way similar or relevant to mine; and how similar were these relevant experiments? Given that microarray experiments are expensive to undertake and may possess crucial information for future exploitation (both academically and commercially), scientists are wary of allowing unrestricted access to their data by the wider community until fully exploited locally. A key requirement is thus to have fine grained security that is easy to establish and simple (or ideally transparent) to use across inter-institutional virtual organisations. In this paper we present an enhanced security-oriented data Grid infrastructure that supports the definition of these kinds of queries and the analysis and comparison of microarray experiment results
Business integration models in the context of web services.
E-commerce development and applications have
been bringing the Internet to business and marketing
and reforming our current business styles and
processes. The rapid development of the Web, in
particular, the introduction of the semantic web and
web service technologies, enables business
processes, modeling and management to enter an
entirely new stage. Traditional web based business
data and transactions can now be analyzed,
extracted and modeled to discover new business
rules and to form new business strategies, let alone
mining the business data in order to classify
customers or products. In this paper, we investigate
and analyze the business integration models in the
context of web services using a micro-payment
system because a micro-payment system is
considered to be a service intensive activity, where
many payment tasks involve different forms of
services, such as payment method selection for
buyers, security support software, product price
comparison, etc. We will use the micro-payment case
to discuss and illustrate how the web services
approaches support and transform the business
process and integration model.
- âŠ