A Constrained, Possibilistic Logical Approach for Software System Survivability Evaluation

In this paper, we present a logical framework to facilitate users in assessing a software system in terms of the required survivability features. Survivability evaluation is essential in linking foreign software components to an existing system or obtaining software systems from external sources. It is important to make sure that any foreign components/systems will not compromise the current system’s survivability properties. Given the increasing large scope and complexity of modern software systems, there is a need for an evaluation framework to accommodate uncertain, vague, or even ill-known knowledge for a robust evaluation based on multi-dimensional criteria. Our framework incorporates user-defined constrains on survivability requirements. Necessity-based possibilistic uncertainty and user survivability requirement constraints are effectively linked to logic reasoning. A proof-of-concept system has been developed to validate the proposed approach. To our best knowledge, our work is the first attempt to incorporate vague, imprecise information into software system survivability evaluation

Designing Security Requirements – A Flexible, Balanced, and Threshold-Based Approach

Defining security requirements is the important first step in designing, implementing and evaluating a secure system. In thispaper, we propose a formal approach for designing security requirements, which is flexible for a user to express his/hersecurity requirements with different levels of details and for the system developers to take different options to design andimplement the system to satisfy the user’s requirements. The proposed approach also allows the user to balance the requiredsystem security properties and some unfavorable features (e.g., performance degrading due to tight control and strongsecurity). Given the importance of social-technical factors in information security, the proposed approach also incorporateseconomic and organizational security management factors in specifying user’s security requirements. We demonstrate theapplication of our approach with the help of a concrete pervasive information system

A HOLISTIC APPROACH FOR SECURITY REQUIREMENT SPECIFICATION FOR LOW-COST, DISTRIBUTED UBIQUITOUS SYSTEMS

The class of low-cost, distributed ubiquitous systems represents a computing mode where a system has small, inexpensive networked processing devices, distributed at all scales throughout business activities and everyday life. The unique features of such a class of ubiquitous systems make the security analysis different from that for the centralized computing paradigms. This paper presents a holistic approach for security requirement analysis for low cost, distributed ubiquitous systems. Rigorous security analysis needs both quantitative and qualitative approaches to produce the holistic view and the robust data regarding the security features that a system must have in order to meet users’ security expectations. Our framework can assist system administrators to specify key security properties for a low-cost, distributed ubiquitous system and to define the specific security requirements for such a system. We applied Bayesian network and stochastic process algebra to incorporate probabilistic analysis to the framework

Composition and combination‐based object trust evaluation for knowledge management in virtual organizations

Purpose – This paper aims to develop a framework for object trust evaluation and related object trust principles to facilitate knowledge management in a virtual organization. It proposes systematic methods to quantify the trust of an object and defines the concept of object trust management. The study aims to expand the domain of subject trust to object trust evaluation in terms of whether an object is correct and accurate in expressing a topic or issue and whether the object is secure and safe to execute (in the case of an executable program). By providing theoretical and empirical insights about object trust composition and combination, this research facilitates better knowledge identification, creation, evaluation, and distribution. Design/methodology/approach This paper presents two object trust principles – trust composition and trust combination. These principles provide formal methodologies and guidelines to assess whether an object has the required level of quality and security features (hence it is trustworthy). The paper uses a component‐based approach to evaluate the quality and security of an object. Formal approaches and algorithms have been developed to assess the trustworthiness of an object in different cases. Findings The paper provides qualitative and quantitative analysis about how object trust can be composed and combined. Novel mechanisms have been developed to help users evaluate the quality and security features of available objects. Originality/value This effort fulfills an identified need to address the challenging issue of evaluating the trustworthiness of an object (e.g. a software program, a file, or other type of knowledge element) in a loosely‐coupled system such as a virtual organization. It is the first of its kind to formally define object trust management and study object trust evaluation

An RFID Survivability Impact Model in the Military Domain

In recent years, the development of Radio Frequency Identification (RFID) has led to many applications in the military domain. Compared to the vast amount of research on RFID security, there is little research on RFID survivability. In this paper, we present a theoretical survivability impact model for military RFID. Due to a lack of military data, our research is entirely based on available public sources. The objective is to identify the critical factors that could significantly affect military RFID survivability and lay down groundwork for further research in this area

The Chinese pine genome and methylome unveil key features of conifer evolution

Conifers dominate the world's forest ecosystems and are the most widely planted tree species. Their giant and complex genomes present great challenges for assembling a complete reference genome for evolutionary and genomic studies. We present a 25.4-Gb chromosome-level assembly of Chinese pine (Pinus tabuliformis) and revealed that its genome size is mostly attributable to huge intergenic regions and long introns with high transposable element (TE) content. Large genes with long introns exhibited higher expressions levels. Despite a lack of recent whole-genome duplication, 91.2% of genes were duplicated through dispersed duplication, and expanded gene families are mainly related to stress responses, which may underpin conifers' adaptation, particularly in cold and/or arid conditions. The reproductive regulation network is distinct compared with angiosperms. Slow removal of TEs with high-level methylation may have contributed to genomic expansion. This study provides insights into conifer evolution and resources for advancing research on conifer adaptation and development

Tokenizing Renewable Energy Certificates (RECs)—A Blockchain Approach for REC Issuance and Trading

Renewable Energy Certificate (REC) is a market-based instrument and tracking mechanism for electricity generated from renewable sources as they flow into the power grid. The current REC issuance and tracking system is centralized, highly regulated, and operationally expensive. We proposed a blockchain-based, decentralized platform for REC issuance and trading by allowing greater traceability and transparency in transactions and reducing the operational costs of REC exchanges. The main design of the platform is to tokenize RECs and provides a decentralized, trustworthy mechanism for REC issuance, trading, verification, and retirement. The platform provides low costs, transparency, and easy to use. Representing RECs as blockchain tokens ensures that the trustworthy information is immutably recorded and available for all stakeholders to track and verify, thereby improving the reliability and security of the REC issuance and tracking systems. We present the design of the platform and detailed simulations of REC issuance and trading