A privacy-preserving model to control social interaction behaviors in social network sites

Social Network Sites (SNSs) served as an invaluable platform to transfer information across a large number of users. SNSs also disseminate users data to third-parties to provide more interesting services for users as well as gaining profits. Users grant access to third-parties to use their services, although they do not necessarily protect users’ data privacy. Controlling social network data diffusion among users and third-parties is difficult due to the vast amount of data. Hence, undesirable users’ data diffusion to unauthorized parties in SNSs may endanger users’ privacy. This paper highlights the privacy breaches on SNSs and emphasizes the most significant privacy issues to users. The goals of this paper are to i) propose a privacy-preserving model for social interactions among users and third-parties; ii) enhance users’ privacy by providing access to the data for appropriate third-parties. These advocate to not compromising the advantages of SNSs information sharing functionalities

A framework to detect cyber-attacks against networked medical devices (Internet of Medical Things):an attack-surface-reduction by design approach

Most medical devices in the healthcare system are not built-in security concepts. Hence, these devices' built-in vulnerabilities prone them to various cyber-attacks when connected to a hospital network or cloud. Attackers can penetrate devices, tamper, and disrupt services in hospitals and clinics, which results in threatening patients' health and life. A specialist can Manage Cyber-attacks risks by reducing the system's attack surface. Attack surface analysis, either as a potential source for exploiting a potential vulnerability by attackers or as a medium to reduce cyber-attacks play a significant role in mitigating risks. Furthermore, it is necessitated to perform attack surface analysis in the design phase. This research proposes a framework that integrates attack surface concepts into the design and development of medical devices. Devices are classified as high-risk, medium-risk, and low-risk. After risk assessment, the employed classification algorithm detects and analyzes the attack surfaces. Accordingly, the relevant adapted security controls will be prompted to hinder the attack. The simulation and evaluation of the framework is the subject of further research.</p

Towards a new framework for TPM compliance testing

Trusted Computing Group (TCG) has proposed the Trusted Computing (TC) concept. Subsequently, TC becomes a common base for many new computing platforms, called Trusted Platform (TP) architecture (hardware and software) that, practically, has a built-in trusted hardware component mounted at the hardware layer and a corresponding trusted software component installed at the operating system level. The trusted hardware component is called Trusted Platform Module (TPM) whose specification has been issued by TCG group and it is implemented by the industry as a tamper- resistant integrated circuit. In practice, the security of an IT TPM-enabled system relies on the correctness of its mounted TPM. Thus, TPM testing is urgently needed to assist in building confidence of the users on the security functionality provided by the TPM. This paper presents the state of the art of the modelling methods being used in the TPM compliance testing. Finally, the paper proposes new framework criteria for TPM Testing that aim at increasing the quality of TPM testing

Demographic, clinico-pathological features and management pattern of primary bone tumors in a tertiary care hospital of South India

Background: Primary bone tumors are very rare tumors. The true incidence of bone tumors is not well established and is under reported due to rarity and lack of accurate registries. Hence it is essential to study about the demographic, clinico-pathological features and the pattern of surgical management of bone tumors. The aim of this study is to analyze the demographic and clinico-pathological features of primary bone tumors that were managed by surgery.Methods: A retrospective analysis of all patients with primary bone tumor who were treated by surgery from 2012 to 2019 was done. The age, sex distribution, histopathology, location of the tumor and surgical procedure done were analyzed.Results: Among 103 patients analyzed, 66 (64%) were men and 37 (36%) were women. Primary bone tumors most commonly presented in 11 to 20 years of age with 35 (33.9%) patients occurring in this age group. Osteosarcoma was the most common primary bone tumor and it occurred in 49 (47.6%) patients, out of which 34 (69.3%) patients were below 20 years of age. Giant cell tumor was the most common benign bone tumor and it occurred in 22 patients, out of which nine (40.9%) patients were of age 21 to 30 years. Distal femur was the most common site with 39 (37.9%) patients. The limb preservation rate for malignant appendicular bone tumors was 69.0%.Conclusions: The diagnosis of bone tumor depends not only on histopathological features but also needs correlation with age, clinical features, tumor location and radiological features for confirmation of diagnosis

Proposed architecture for intrusion detection system for software as a service in cloud computing environment

The purpose of this paper is to propose an architecture for intrusion detection based on Software as a Service (SaaS) called Software as a Service Intrusion Detection Services (SaaSIDS) in a cloud environment. Therefore, this research focusing on developing Software As A Service IDS (SaaSIDS) where the traffic at different points of the network is sniffed and the interested packets would be transferred to the SaaSIDS for further inspection. The main engine of SaaSIDS is the hybrid analysis engine where the signature based engine and anomaly based engine which using artificial immune system will work in parallel. The SaaSIDS is able to identify malicious activity and would generate appropriate alerts and notification accordingly

Traditional security risk assessment methods in cloud computing environment: usability analysis

The term "Cloud Computing" has become very common in our daily life. Cloud computing has emerged with promises to decrease the cost of computing implementation and deliver the computing as service, where the clients pay only for what he needed and used. However, due to the new structure of the cloud computing model, several security concerns have been raised and many other security threats have been needed to be reevaluated according to the cloud structure. Besides, the traditional security risk assessment methods become unfit for cloud computing model due to its new distinguished characteristics. In this paper, we analysis the ability to assess the security risks in cloud computing environments

Preventive measures for cross site request forgery attacks on web-based applications

Today's contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL

Security source code analysis of applications in Android OS

It is a known fact that Android mobile phones' security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security

Intrusion detection system for the Internet of Things based on blockchain and multi-agent systems

With the popularity of Internet of Things (IoT) technology, the security of the IoT network has become an important issue. Traditional intrusion detection systems have their limitations when applied to the IoT network due to resource constraints and the complexity. This research focusses on the design, implementation and testing of an intrusion detection system which uses a hybrid placement strategy based on a multi-agent system, blockchain and deep learning algorithms. The system consists of the following modules: data collection, data management, analysis, and response. The National security lab–knowledge discovery and data mining NSL-KDD dataset is used to test the system. The results demonstrate the efficiency of deep learning algorithms when detecting attacks from the transport layer. The experiment indicates that deep learning algorithms are suitable for intrusion detection in IoT network environment