22 research outputs found
Exploitation of Vulnerabilities in Cloud-Storage
The paper presents the vulnerabilities of cloudstorage and various possible attacks exploiting thesevulnerabilities that relate to cloud security, which is one of thechallenging features of cloud computing. The attacks areclassified into three broad categories of which the socialnetworking based attacks are the recent attacks which areevolving out of existing technologies such as P2P file sharing.The study is extended to available defence mechanisms andcurrent research areas of cloud storage. Based on the study,simple cloud storage is implemented and the major aspectssuch as login mechanism, encryption techniques and keymanagement techniques are evaluated against the presentedattacks. The study proves that the cloud storage consumers arestill dependent on the trust and contracts agreed with theservice provider and there is no hard way of proven defensemechanisms against the attacks. Further down, the emergingtechnologies could possibly break down all key basedencryption mechanisms
A Neural Network Based Security Tool for Analyzing Software
Part 4: Intelligent Computational SystemsInternational audienceThe need to secure software application in today’s hostile computer environment cannot be overlooked. The increase in attacks aimed at software directly in the last decade and the demand for more secure software applications has drawn the attention of the software industry into looking for better ways in which software can be developed more securely. To achieve this, it has been suggested that security needs to be integrated into every phase of software development lifecycle (SDLC). In line with this view, security tools are now used during SDLC to integrate security into software applications. Here, we propose a neural network based security tool for analyzing software design for security flaws. Our findings show that the trained neural network was able to match possible attack patterns to design scenarios presented to it. With the information on the attack pattern identified, developers can make informed decision in mitigating risks in their designs
An Evaluation of Current Approaches for Modelling Mobility of Agents
The development of agent-based systems requires methodologies and modelling languages that are based on agent related concepts. Towards this direction, research has proposed a large number of Agent Oriented Software Engineering (AOSE) approaches to modelling mobility of agents. This paper will evaluate the current approaches and methodologies with respect to modelling mobile agent systems and it will propose a number of concepts required to adequately model agent mobility
Human organ re-representation using UML and CMAUT
Clinical data was captured and stored data using natural language (NL) in order to
describe the human organs, their attributes and behaviour (Olsen et, 1998). Although this was an
accurate form of data representation it created information overload, space complexity, inconsistency
and erroneous data. To address the issue of data inconsistency and standardisation, clinical coding
such as UMLS was used while for clinical interoperability and data exchange between users, NL7 was
introduced. A survey conducted by (de Keizer et, 2000a) revealed that these methods are inadequate
for clinical data representation hence the data rerepresentation
technique (Haimowitz et, 1988) was
introduced and used for modelling CIS with Entity Relationship Diagram (ERD) and (FOL)(de Keizer
et, 2000b). However this model does not address the issue of information overload and space
complexity. Hence, this paper presents an alternative approach where UML is used to capture human
organs, their attributes and relationships. A new framework with built in algorithm converts the
multiple attributes modelled in the class diagram into mathematical formalisation using the CMAUT.
The logical expression serves as input to the optimisation algorithm to determine the optimal amount
of data that must be retrieved for primary healthcare investigation. To evaluate the framework,
mathematical operations were performed which revealed that the space complexity when using the
CMA rerepresentation
technique is θ ( n + 1) compared to θ (2n) for nonCMA.
This means less
space is needed when the CMA with AND connector is used but for substitutable organs with OR
connector the space complexity for both CMA and nonCMA
representations have the same
exponential expansion of θ (2 n ). A ttest
conducted on the amount of data required for investigation
before and after optimisation gave a pvalue
of 0.000 which means there is a significant different
between the two data sets. For epidemiological analysis the output of the framework was
benchmarked against the output of a web based heart risk calculator and the single sample ttest
conducted gave a pvalue
of 0.686 meaning there is no difference between two outputs. Thus this
framework with data rerepresentation
occupies less space as compared to others and can be used to
calculate the risk factor of a heart patient
The triple helix of information security, government regulations and offshore outsourcing in UK
Information Security in IT, ICT, ITES sectors and associated activities is a vital solution in
safeguarding tomorrow’s information society and its systems. Statistical analysis proves that only
40% of UK companies have a policy for information security in a market where only one in six
companies survives without IT (ENISA, 2008). This paper explores the parameters of the conceptual
triple helix model in context of the synergy among IT, ICT and ITES. Based on a study of the
different models employed by UK governmental authorities, the scope of this paper is to develop a
model of triple helix to be employed by the IT regulatory authority of UK. This paper evaluates
statistical and conceptual data from European Network and Information Security Agency (ENISA),
business models for outsourcing, activities of existing UK government authorities (and organisations)
regulating best practice of information security in industry and society. Hence the hypothetical triple
helix model would centralize the activities of regulatory authority. It would also facilitate change in
the industry and market towards a best practice of information security without distressing the flow of
existing business systems
Evaluating location based privacy in wireless networks
Research into the use of Location Based Services (LBS) that can pinpoint the exact
location of users using wireless networks is the fastest growing area in Information Technology (IT)
today. This is because of the need to transform the radio waves which act as a wireless networks
data’s transmission medium into a private location. Contemporary research on LBS suggests that
indoor location can be difficult as the geo positional satellites (GPS) cannot give an accurate positional
computation due to insulation provided by physical barriers like the walls and furniture of a house.
Previous research however suggests a way around this by making use of wireless fidelity (WiFi)
cards
signal strength but acknowledges limitations on the range which doesn’t exceed 50 meters. Other
researchers have suggested that using LBS technology would allow hackers to track the user’s
movement over time and so proposed that the user identity be kept secret by disposing the identifiers.
Against this backdrop, some researchers have championed the call for a framework in LBS privacy in
order to curtail the security risks that come with using wireless networks and suggested using a
transactionbased
wireless communication system in which transactions were unlinkable. This would
in effect camouflage the movement of users as their location would not be able to be tracked. This
paper aims to review contemporary issues on location based privacy in wireless technology and proposes
a model for optimising LBS privacy and describes the initial stages of a research project aimed at
filling the research void through the application of a hybrid research methodolog
Modelling Mobile Agent Mobility in Virtual Learning Environment (VLE) using Fitness function
This paper reports on a study conducted to ascertain the requirement for developing Virtual Learning Environments (VLEs) and how these needs are met using fitness function for modelling the solution to meet the requirements and demands of such as system. The systems used for this study was University of East London blackboard Learning System called UEL Plus. We realized that UEL Plus has multiple features to support teaching and learning. UEL Plus provides an improved communication, access
to resources and advanced assessment capabilities. Our study focused fundamentally on the UEL Plus which part of VLE. The rest of the paper is organized as follows: Section 2 will describe end user
categories and section 3 will highlight the mobile agents as a solution. Section 4 will introduce mobile agent fitness function and Section 5 will discusses the mobility in VLE in section 6 draws conclusion
e-Government security implications
The electronic government (eGovernment)
is mainly concerned with providing quality
services and value added information to citizens, and it has potentials to build better relationships
between government and the public by making interactions between citizens and government agencies
smoother, easier, and more efficient. The use of Internet medium has helped government
organisations and nongovernment
organisations to increase their productivity, reduce costs and also
improve services. The most security implications in egovernment
is the protection of the data
security, whereby the privacy of the citizens are not guaranteed, because the access to the data are not
controlled by authorised agents, and due to human interaction it is vulnerable to so many attacks.
Hackers developed sneaky ways attacking the digital communicating system by phishing into the
information systems. There are problems about security vulnerability in government websites, which
has made the public to be extremely concerned, and third party routinely invade government websites
for fraudulent purposes. Attitudes of people interrogating this system will go a long way by having a
strong principle of sincerity and honesty so as to help rectifying the security issues and strict
legislative rule cannot be undermined in dealing with offenders. This paper proposed a model of five
blocks of steps to bring security in eGovernment
systems
Security strategy models (SSM)
The aim of this research paper is to analyse the individual and collective information
security risks which could arise from using a security strategy model (SSM); the objective of creating
the SSM was so as to protect a wireless local area network (WLAN). As such the focus of this paper
shall be on the individual operational components used to create the SSM and the information security
risks which stem from their being part of the SSM. In order to review the components of the SSM the
paper shall use the BS ISO/IEC 17799:2005 which is the British Standard, International Standard and
also the European Standard for using Information Communication Technology (ICT) correctly in
order to effectively mitigate against the exposure of an organizations data to unauthorized access. The
general idea of using the BS ISO/IEC 17799:2005 is so that the SSM is created based on best practice
within the ICT industry of protecting confidential data or at least that the possible risks that stem from
using the SSM are mitigated against; this is also known as risk based auditing. Against this backdrop
the paper shall review each component of the SSM and use the risks to create a ‘Threat’ model which
would then be used to create a ‘Trust model in order to strengthen the confidentiality of any data that
passes through the SSM