Research Article Novel Security Conscious Evaluation Criteria for Web Service Composition

Abstract: This study aims to present a new mathematical based evaluation method for service composition with respects to security aspects. Web service composition as complex problem solver in service computing has become one of the recent challenging issues in today's web environment. It makes a new added value service through combination of available basic services to address the problem requirements. Despite the importance of service composition in service computing, security issues have not been addressed in this area. Considering the dazzling growth of number of service based transactions, making a secure composite service from candidate services with different security concerns is a demanding task. To deal with this challenge, different techniques have been employed which have direct impacts on secure service composition efficiency. Nonetheless, little work has been dedicated to deeply investigate those impacts on service composition outperformance. Therefore, the focus of this study is to evaluate the existing approaches based on their applied techniques and QoS aspects. A mathematicalbased security-aware evaluation framework is proposed wherein Analytic Hierarchy Process (AHP), a multiple criteria decision making technique, is adopted. The proposed framework is tested on state-of-the-art approaches and the statistical analysis of the results presents the efficiency and correctness of the proposed work

Security evaluation for graphical password

Nowadays, user authentication is one of the important topics in information security. Text-based strong password schemes could provide with certain degree of security. However, the fact that strong passwords being difficult to memorize often leads their owners to write them down on papers or even save them in a computer file. Graphical Password or Graphical user authentication (GUA) has been proposed as a possible alternative solution to text-based authentication, motivated particularly by the fact that humans can remember images better than text. All of Graphical Password algorithms have two different aspects which are usability and security. This paper focuses on security aspects of algorithms that most of researchers work on this part and try to define security features and attributes. Unfortunately, till now there isn't a complete evaluation criterion for graphical password security. At first, this paper tries to study on most of GUA algorithm. Then, collects the major security attributes in GUA and proposed an evaluation criterion

The knowledge based authentication attacks

Knowledge Based authentication is still the most widely used and accepted technique for securing resources from unauthorized access for its simplicity, ease of revocation and legacy deployment which divides to textual and graphical password. Over the last decade several attacks records for stealing user’s identity and confidential information using a single or combination of attacks. In this paper the attacks pattern of textual and graphical password describes according to CAPEC standard, following describing their effects on both conventional and image password. More over some categories lacks from detail research which highlighted and will select as future work

A Trust-Influenced Smart Grid: A Survey and a Proposal

A compromised Smart Grid, or its components, can have cascading effects that can affect lives. This has led to numerous cybersecurity-centric studies focusing on the Smart Grid in research areas such as encryption, intrusion detection and prevention, privacy and trust. Even though trust is an essential component of cybersecurity research; it has not received considerable attention compared to the other areas within the context of Smart Grid. As of the time of this study, we observed that there has neither been a study assessing trust within the Smart Grid nor were there trust models that could detect malicious attacks within the substation. With these two gaps as our objectives, we began by presenting a mathematical formalization of trust within the context of Smart Grid devices. We then categorized the existing trust-based literature within the Smart Grid under the NIST conceptual domains and priority areas, multi-agent systems and the derived trust formalization. We then proposed a novel substation-based trust model and implemented a Modbus variation to detect final-phase attacks. The variation was tested against two publicly available Modbus datasets (EPM and ATENA H2020) under three kinds of tests, namely external, internal, and internal with IP-MAC blocking. The first test assumes that external substation adversaries remain so and the second test assumes all adversaries within the substation. The third test assumes the second test but blacklists any device that sends malicious requests. The tests were performed from a Modbus server’s point of view and a Modbus client’s point of view. Aside from detecting the attacks within the dataset, our model also revealed the behaviour of the attack datasets and their influence on the trust model components. Being able to detect all labelled attacks in one of the datasets also increased our confidence in the model in the detection of attacks in the other dataset. We also believe that variations of the model can be created for other OT-based protocols as well as extended to other critical infrastructures

Static Bandwidth Allocation on Optical Networks

Abstract. A detailed understanding of the many facets of the Internet's topological structure is critical for evaluating the performance of networking protocols, for assessing the effectiveness of proposed techniques to protect the network from nefarious intrusions and attacks, or for developing improved designs for resource provisioning. In this way Available bandwidth estimation is a vital component of admission control for quality-of-service (QoS) on Internet in the world.In coming years, Optical networks are come to dominate the access network space. Ethernet passive optical networks, which influence the all of subscriber locations of Ethernet, seems bound for success in the optical access network. In this Review Paper we first prepare an introduction to Ethernet passive optical networks structure, then related to our totally categorize the bandwidth allocation methods to three groups as Static and Router-Based and Windows-Based, we will explain seven major weaknesses on static group and describe the improvements on them one by one. Finally in this survey, we found some roles and principles in static bandwidth allocation methods which explain them separately.We hope in the next article we will explain the Dynamic bandwidth allocation weaknesses and improvements then make a comparison between static and dynamic bandwidth allocations. Following that, at the end, we will propose an algorithm on dynamic bandwidth allocation and evaluate it

Cloud Computing Data Center Adoption Factors Validity By Fuzzy AHP

Most sectors of the economy like the universities, high-tech, financial services, and government institutions have data center. However, there are some issues which encompass current data center such as physical location, energy consumption, performance, flexibility. Big organizations like Google, IBM have migrated toward cloud computing, and using cloud data center as the most cost efficient alternative to the current data center. Cloud computing is a model that provides suitable and on-demand access to a VKDUHG SRRO RI FRQ¿JXUDEOH FRPSXWLQJ UHVRXUFHV, EXW unfortunately, it has some attendant problems like security issue, lack of proper policy and standardization. Therefore, in spite of the provision of all the benefits of cloud computing, such as cost reduction, flexibility, easy implementation and accessibility, some organisations are suspected to move toward cloud computing data center. Therefore, the main focus of this paper is to determine the critical success factors for the adoption of cloud computing data center. To achieve this, a structural literature review of existing work and semi structured interview with ten IT administration and IT staff were carried out. We also performed a content validity using a panel of experts including 12 experts with more than 5 years experience. Subsequently, a FAHP technique was used to evaluate experts’ consensuses