Exploitation of Vulnerabilities in Cloud-Storage

The paper presents the vulnerabilities of cloudstorage and various possible attacks exploiting thesevulnerabilities that relate to cloud security, which is one of thechallenging features of cloud computing. The attacks areclassified into three broad categories of which the socialnetworking based attacks are the recent attacks which areevolving out of existing technologies such as P2P file sharing.The study is extended to available defence mechanisms andcurrent research areas of cloud storage. Based on the study,simple cloud storage is implemented and the major aspectssuch as login mechanism, encryption techniques and keymanagement techniques are evaluated against the presentedattacks. The study proves that the cloud storage consumers arestill dependent on the trust and contracts agreed with theservice provider and there is no hard way of proven defensemechanisms against the attacks. Further down, the emergingtechnologies could possibly break down all key basedencryption mechanisms

A Neural Network Based Security Tool for Analyzing Software

Part 4: Intelligent Computational SystemsInternational audienceThe need to secure software application in today’s hostile computer environment cannot be overlooked. The increase in attacks aimed at software directly in the last decade and the demand for more secure software applications has drawn the attention of the software industry into looking for better ways in which software can be developed more securely. To achieve this, it has been suggested that security needs to be integrated into every phase of software development lifecycle (SDLC). In line with this view, security tools are now used during SDLC to integrate security into software applications. Here, we propose a neural network based security tool for analyzing software design for security flaws. Our findings show that the trained neural network was able to match possible attack patterns to design scenarios presented to it. With the information on the attack pattern identified, developers can make informed decision in mitigating risks in their designs

An Evaluation of Current Approaches for Modelling Mobility of Agents

The development of agent-based systems requires methodologies and modelling languages that are based on agent related concepts. Towards this direction, research has proposed a large number of Agent Oriented Software Engineering (AOSE) approaches to modelling mobility of agents. This paper will evaluate the current approaches and methodologies with respect to modelling mobile agent systems and it will propose a number of concepts required to adequately model agent mobility

Human organ re-representation using UML and CMAUT

Clinical data was captured and stored data using natural language (NL) in order to describe the human organs, their attributes and behaviour (Olsen et, 1998). Although this was an accurate form of data representation it created information overload, space complexity, inconsistency and erroneous data. To address the issue of data inconsistency and standardisation, clinical coding such as UMLS was used while for clinical interoperability and data exchange between users, NL7 was introduced. A survey conducted by (de Keizer et, 2000a) revealed that these methods are inadequate for clinical data representation hence the data rerepresentation technique (Haimowitz et, 1988) was introduced and used for modelling CIS with Entity Relationship Diagram (ERD) and (FOL)(de Keizer et, 2000b). However this model does not address the issue of information overload and space complexity. Hence, this paper presents an alternative approach where UML is used to capture human organs, their attributes and relationships. A new framework with built in algorithm converts the multiple attributes modelled in the class diagram into mathematical formalisation using the CMAUT. The logical expression serves as input to the optimisation algorithm to determine the optimal amount of data that must be retrieved for primary healthcare investigation. To evaluate the framework, mathematical operations were performed which revealed that the space complexity when using the CMA rerepresentation technique is θ ( n + 1) compared to θ (2n) for nonCMA. This means less space is needed when the CMA with AND connector is used but for substitutable organs with OR connector the space complexity for both CMA and nonCMA representations have the same exponential expansion of θ (2 n ). A ttest conducted on the amount of data required for investigation before and after optimisation gave a pvalue of 0.000 which means there is a significant different between the two data sets. For epidemiological analysis the output of the framework was benchmarked against the output of a web based heart risk calculator and the single sample ttest conducted gave a pvalue of 0.686 meaning there is no difference between two outputs. Thus this framework with data rerepresentation occupies less space as compared to others and can be used to calculate the risk factor of a heart patient

The triple helix of information security, government regulations and offshore outsourcing in UK

Information Security in IT, ICT, ITES sectors and associated activities is a vital solution in safeguarding tomorrow’s information society and its systems. Statistical analysis proves that only 40% of UK companies have a policy for information security in a market where only one in six companies survives without IT (ENISA, 2008). This paper explores the parameters of the conceptual triple helix model in context of the synergy among IT, ICT and ITES. Based on a study of the different models employed by UK governmental authorities, the scope of this paper is to develop a model of triple helix to be employed by the IT regulatory authority of UK. This paper evaluates statistical and conceptual data from European Network and Information Security Agency (ENISA), business models for outsourcing, activities of existing UK government authorities (and organisations) regulating best practice of information security in industry and society. Hence the hypothetical triple helix model would centralize the activities of regulatory authority. It would also facilitate change in the industry and market towards a best practice of information security without distressing the flow of existing business systems

Evaluating location based privacy in wireless networks

Research into the use of Location Based Services (LBS) that can pinpoint the exact location of users using wireless networks is the fastest growing area in Information Technology (IT) today. This is because of the need to transform the radio waves which act as a wireless networks data’s transmission medium into a private location. Contemporary research on LBS suggests that indoor location can be difficult as the geo positional satellites (GPS) cannot give an accurate positional computation due to insulation provided by physical barriers like the walls and furniture of a house. Previous research however suggests a way around this by making use of wireless fidelity (WiFi) cards signal strength but acknowledges limitations on the range which doesn’t exceed 50 meters. Other researchers have suggested that using LBS technology would allow hackers to track the user’s movement over time and so proposed that the user identity be kept secret by disposing the identifiers. Against this backdrop, some researchers have championed the call for a framework in LBS privacy in order to curtail the security risks that come with using wireless networks and suggested using a transactionbased wireless communication system in which transactions were unlinkable. This would in effect camouflage the movement of users as their location would not be able to be tracked. This paper aims to review contemporary issues on location based privacy in wireless technology and proposes a model for optimising LBS privacy and describes the initial stages of a research project aimed at filling the research void through the application of a hybrid research methodolog

Modelling Mobile Agent Mobility in Virtual Learning Environment (VLE) using Fitness function

This paper reports on a study conducted to ascertain the requirement for developing Virtual Learning Environments (VLEs) and how these needs are met using fitness function for modelling the solution to meet the requirements and demands of such as system. The systems used for this study was University of East London blackboard Learning System called UEL Plus. We realized that UEL Plus has multiple features to support teaching and learning. UEL Plus provides an improved communication, access to resources and advanced assessment capabilities. Our study focused fundamentally on the UEL Plus which part of VLE. The rest of the paper is organized as follows: Section 2 will describe end user categories and section 3 will highlight the mobile agents as a solution. Section 4 will introduce mobile agent fitness function and Section 5 will discusses the mobility in VLE in section 6 draws conclusion

e-Government security implications

The electronic government (eGovernment) is mainly concerned with providing quality services and value added information to citizens, and it has potentials to build better relationships between government and the public by making interactions between citizens and government agencies smoother, easier, and more efficient. The use of Internet medium has helped government organisations and nongovernment organisations to increase their productivity, reduce costs and also improve services. The most security implications in egovernment is the protection of the data security, whereby the privacy of the citizens are not guaranteed, because the access to the data are not controlled by authorised agents, and due to human interaction it is vulnerable to so many attacks. Hackers developed sneaky ways attacking the digital communicating system by phishing into the information systems. There are problems about security vulnerability in government websites, which has made the public to be extremely concerned, and third party routinely invade government websites for fraudulent purposes. Attitudes of people interrogating this system will go a long way by having a strong principle of sincerity and honesty so as to help rectifying the security issues and strict legislative rule cannot be undermined in dealing with offenders. This paper proposed a model of five blocks of steps to bring security in eGovernment systems

Security strategy models (SSM)

The aim of this research paper is to analyse the individual and collective information security risks which could arise from using a security strategy model (SSM); the objective of creating the SSM was so as to protect a wireless local area network (WLAN). As such the focus of this paper shall be on the individual operational components used to create the SSM and the information security risks which stem from their being part of the SSM. In order to review the components of the SSM the paper shall use the BS ISO/IEC 17799:2005 which is the British Standard, International Standard and also the European Standard for using Information Communication Technology (ICT) correctly in order to effectively mitigate against the exposure of an organizations data to unauthorized access. The general idea of using the BS ISO/IEC 17799:2005 is so that the SSM is created based on best practice within the ICT industry of protecting confidential data or at least that the possible risks that stem from using the SSM are mitigated against; this is also known as risk based auditing. Against this backdrop the paper shall review each component of the SSM and use the risks to create a ‘Threat’ model which would then be used to create a ‘Trust model in order to strengthen the confidentiality of any data that passes through the SSM