UML-BASED MODELING AND ANALYSIS OF SECURITY THREATS

Poor design has been a major source of software security problems. Rigorous and designer-friendly methodologies for modeling and analyzing secure software are highly desirable. A formal method for software development, however, often suffers from a gap between the rigidity of the method and the informal nature of system requirements. To narrow this gap, this paper presents a UML-based framework for modeling and analyzing security threats (i.e. potential security attacks) rigorously and visually. We model the intended functions of a software application with UML statechart diagrams and the security threats with sequence diagrams, respectively. Statechart diagrams are automatically converted into a graph transformation system, which has a well-established theoretical foundation. Method invocations in a sequence diagram of a security threat are interpreted as a sequence of paired graph transformations. Therefore, the analysis of a security threat is conducted through simulating the state transitions from an initial state to a final state triggered by method invocations. In our approach, designers directly work with UML diagrams to visually model system behaviors and security threats while threats can still be rigorously analyzed based on graph transformation.

Download Full-text

A Software Security Optimization Architecture (SoSOA) and its Adaptation for Mobile Applications

International Journal of Interactive Mobile Technologies (iJIM) ◽

10.3991/ijim.v15i11.20133 ◽

2021 ◽

Vol 15 (11) ◽

pp. 148

Author(s):

Amr Abozeid ◽

AbdAllah Adel AlHabshy ◽

Kamal ElDahshan

Keyword(s):

Mobile Applications ◽

Software Security ◽

Security Threats ◽

Security Threat ◽

Daily News ◽

Software Application ◽

Software Applications ◽

Different Types ◽

Security Standard ◽

Analysis Design

Security attacks become daily news due to an exposure of a security threat in a widely used software. Taking software security into consideration during the analysis, design, and implementation phases is a must. A software application should be protected against any security threat such as unauthorized distribution or code retrieval. Due to the lack of applying a software security standard architecture, developers may create software that may be vulnerable to many types of security threats. This paper begins by reviewing different types of known software security threats and their countermeasure mechanisms. Then, it proposes a new security optimization architecture for software applications. This architecture is a step towards establishing a standard to guarantee the software's security. Furthermore, it proposes an adapted software security optimization architecture for mobile applications. Besides, it presents an algorithmic implementation of the newly proposed architecture, then it proves its security. Moreover, it builds a secure mobile application based on the newly proposed architecture.

Download Full-text

Security Threat Analyses and Attack Models for Approximate Computing Systems

ACM Transactions on Design Automation of Electronic Systems ◽

10.1145/3442380 ◽

2021 ◽

Vol 26 (4) ◽

pp. 1-31

Author(s):

Pruthvy Yellu ◽

Landon Buell ◽

Miguel Mark ◽

Michel A. Kinsy ◽

Dongpeng Xu ◽

...

Keyword(s):

Error Resilience ◽

Security Threats ◽

Approximate Computing ◽

Security Threat ◽

Security Vulnerabilities ◽

Computing Systems ◽

Quantitative Analyses ◽

Resilience Mechanisms ◽

The Impact ◽

Attack Models

Approximate computing (AC) represents a paradigm shift from conventional precise processing to inexact computation but still satisfying the system requirement on accuracy. The rapid progress on the development of diverse AC techniques allows us to apply approximate computing to many computation-intensive applications. However, the utilization of AC techniques could bring in new unique security threats to computing systems. This work does a survey on existing circuit-, architecture-, and compiler-level approximate mechanisms/algorithms, with special emphasis on potential security vulnerabilities. Qualitative and quantitative analyses are performed to assess the impact of the new security threats on AC systems. Moreover, this work proposes four unique visionary attack models, which systematically cover the attacks that build covert channels, compensate approximation errors, terminate normal error resilience mechanisms, and propagate additional errors. To thwart those attacks, this work further offers the guideline of countermeasure designs. Several case studies are provided to illustrate the implementation of the suggested countermeasures.

Download Full-text

Dual subtractions

Journal of High Energy Physics ◽

10.1007/jhep06(2021)089 ◽

2021 ◽

Vol 2021 (6) ◽

Author(s):

Renato Maria Prisco ◽

Francesco Tramontano

Keyword(s):

Field Theory ◽

Quantum Field ◽

Matrix Elements ◽

Leading Order ◽

Initial State ◽

Final State ◽

Dual Representation ◽

Subtraction Scheme ◽

Theoretical Predictions ◽

Perturbative Quantum

Abstract We propose a novel local subtraction scheme for the computation of Next-to-Leading Order contributions to theoretical predictions for scattering processes in perturbative Quantum Field Theory. With respect to well known schemes proposed since many years that build upon the analysis of the real radiation matrix elements, our construction starts from the loop diagrams and exploits their dual representation. Our scheme implements exact phase space factorization, handles final state as well as initial state singularities and is suitable for both massless and massive particles.

Download Full-text

Final(Initial)-State Interactions. Unitarity and Analyticity Requirements. Watson Final-State Theorem

SpringerBriefs in Physics - A Brief Introduction to Dispersion Relations ◽

10.1007/978-3-030-13582-9_13 ◽

2019 ◽

pp. 87-91

Author(s):

José Antonio Oller

Keyword(s):

Initial State ◽

Final State

Download Full-text

Multilevel classification of security threats in cloud computing

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.5.9157 ◽

2017 ◽

Vol 7 (1.5) ◽

pp. 253

Author(s):

N. Srinivasu ◽

O. Sree Priyanka ◽

M. Prudhvi ◽

G. Meghana

Keyword(s):

Cloud Computing ◽

Web Application ◽

Service Level Agreement ◽

Service Level ◽

Security Threats ◽

Security Threat ◽

Security Issues ◽

Network Applications ◽

Storage Network ◽

Multilevel Classification

Cloud Security was provided for the services such as storage, network, applications and software through internet. The Security was given at each layer (Saas, Paas, and Iaas), in each layer, there are some security threats which became the major problem in cloud computing. In Saas, the security issues are mainly present in Web Application services and this issue can be overcome by web application scanners and service level agreement(SLA). In Paas, the major problem is Data Transmission. During transmission of data, some data may be lost or modified. The PaaS environment accomplishes proficiency to some extent through duplication of information. The duplication of information makes high accessibility of information for engineers and clients. However, data is never fully deleted instead the pointers to the data are deleted. In order to overcome this problem the techniques that used are encryption[12], data backup. In Iaas the security threat that occurs in is virtualization and the techniques that are used to overcome the threats are Dynamic Security Provisioning(DSC), operational security procedure, for which Cloud Software is available in the market, for e.g. Eucalyptus, Nimbus 6.

Download Full-text

Development and testing of a community flood resilience measurement tool

10.5194/nhess-2016-188 ◽

2016 ◽

Cited By ~ 3

Author(s):

Adriana Keating ◽

Karen Campbell ◽

Michael Szoenyi ◽

Colin McQuistan ◽

David Nash ◽

...

Keyword(s):

Sustainable Livelihoods ◽

Development Work ◽

Measurement Tool ◽

Disaster Resilience ◽

Initial State ◽

Final State ◽

Sustainable Livelihoods Framework ◽

Flood Characteristics ◽

Over Time ◽

Livelihoods Framework

Abstract. Given the increased attention on resilience-strengthening in international humanitarian and development work, there is a growing need to invest in its measurement and the overall accountability of "resilience strengthening" initiatives. We present a framework and tool for measuring community level resilience to flooding, built around the five capitals (5Cs) of the Sustainable Livelihoods Framework. At the time of writing the tool is being tested in 75 communities across 10 countries. Currently 88 potential sources of resilience are measured at the baseline (initial state) and endline (final state) approximately two years later. If a flood occurs in the community during the study period, resilience outcome measures are recorded. By comparing pre-flood characteristics to post flood outcomes, we aim to empirically verify sources of resilience, something which has never been done in this field. There is an urgent need for the continued development of theoretically anchored, empirically verified and practically applicable disaster resilience measurement frameworks and tools so that the field may: a) deepen understanding of the key components of "disaster resilience" in order to better target resilience enhancing initiatives, and b) enhance our ability to benchmark and measure disaster resilience over time, and compare how resilience changes as a result of different capacities, actions and hazards.

Download Full-text

Study of the influence of initial-state fluctuations on hydrodynamic simulations

EPJ Web of Conferences ◽

10.1051/epjconf/202024506005 ◽

2020 ◽

Vol 245 ◽

pp. 06005

Author(s):

Marcin Słodkowski ◽

Patryk Gawryszewski ◽

Dominik Setniewski

Keyword(s):

Initial Conditions ◽

Graphics Processing Unit ◽

Heavy Ion ◽

Processing Unit ◽

Initial State ◽

Final State ◽

Hydrodynamic Simulation ◽

Hydrodynamic Simulations ◽

Cartesian Coordinate ◽

Ion Collision

In this work, we are focusing on assessing the contribution of the initial-state fluctuations of heavy ion collision in the hydrodynamic simulations. We are trying to answer the question of whether the hydrodynamic simulation retains the same level of fluctuation in the final-state as for the initial stage. In another scenario, the hydrodynamic simulations of the fluctuation drowns in the final distribution of expanding matter. For this purpose, we prepared sufficient relativistic hydrodynamic program to study A+A interaction which allows analysing initial-state fluctuations in the bulk nuclear matter. For such an assumption, it is better to use high spatial resolution. Therefore, we applied the (3+1) dimensional Cartesian coordinate system. We implemented our program using parallel computing on graphics cards processors - Graphics Processing Unit (GPU). Simulations were carried out with various levels of fluctuation in initial conditions using the average method of events coming from UrQMD models. Energy density distributions were analysed and the contribution of fluctuations in initial conditions was assessed in the hydrodynamic simulation.

Download Full-text

Finding Cut-Offs in Leaderless Rendez-Vous Protocols is Easy

Lecture Notes in Computer Science - Foundations of Software Science and Computation Structures ◽

10.1007/978-3-030-71995-1_3 ◽

2021 ◽

pp. 42-61

Author(s):

A. R. Balasubramanian ◽

Javier Esparza ◽

Mikhail Raskin

Keyword(s):

Lower Bounds ◽

Petri Net ◽

Special Class ◽

Upper Bounds ◽

Initial State ◽

Reachability Problem ◽

Final State ◽

Final Configuration ◽

Finite State ◽

State Agents

AbstractIn rendez-vous protocols an arbitrarily large number of indistinguishable finite-state agents interact in pairs. The cut-off problem asks if there exists a number B such that all initial configurations of the protocol with at least B agents in a given initial state can reach a final configuration with all agents in a given final state. In a recent paper [17], Horn and Sangnier prove that the cut-off problem is equivalent to the Petri net reachability problem for protocols with a leader, and in "Image missing" for leaderless protocols. Further, for the special class of symmetric protocols they reduce these bounds to "Image missing" and "Image missing" , respectively. The problem of lowering these upper bounds or finding matching lower bounds is left open. We show that the cut-off problem is "Image missing" -complete for leaderless protocols, "Image missing" -complete for symmetric protocols with a leader, and in "Image missing" for leaderless symmetric protocols, thereby solving all the problems left open in [17].

Download Full-text

Analisis Strategi Forum Kewaspadaan Dini Masyarakat (FKDM) atas Cegah Dini dalam Penanganan Konflik Sosial di Provinsi Dki Jakarta Tahun 2019

Transparansi Jurnal Ilmiah Ilmu Administrasi ◽

10.31334/transparansi.v3i2.1226 ◽

2020 ◽

Vol 3 (2) ◽

pp. 205-209

Author(s):

Dwi Agustina ◽

Edy Mulyadi

Keyword(s):

Government Regulation ◽

Swot Analysis ◽

Social Conflict ◽

Warning System ◽

Security Threats ◽

Security Threat ◽

National Unity ◽

Conflict Handling ◽

The Government

The community is responsible for the implementation of the community early awareness, meanwhile the government is obliged to facilitate it. A good role of the Community Early Awareness Forum or Forum Kewaspadaan Dini Masyarakat (FKDM) followed up by the government can save the community from security threat or disaster and minimize losses by anticipating the security threats and disaster. This research uses qualitative approach. Concept operationalization in this research refers to the used strategy, the SWOT analysis. The FKDM strategies in social conflict early prevention are: 1) inserting early warning system by increasing institutional capacities which include three elements; government, private sector, community through dialogue, 2) National Unity and Politics Agency or Badan Kesatuan Bangsa dan Politik (Kesbangpol) of DKI Jakarta actively making dialogue persuasively and finding solution, 3) budgeting of conflict handling according to the Government Regulation gives opportunity to strengthen community resilience to protect the community, encourage community participation, handle social conflict, and preserve local wisdom to maintain peace.

Download Full-text

Air Transport Terrorism: One of the most Feared Types of Asymmetric Security Threat

INCAS BULLETIN ◽

10.13111/2066-8201.2020.12.4.21 ◽

2020 ◽

Vol 12 (4) ◽

pp. 227-239

Author(s):

Radoslav IVANČÍK ◽

Pavel NEČAS

Keyword(s):

Negative Impact ◽

Air Transport ◽

Regional Security ◽

Human Society ◽

Security Threats ◽

Negative Consequences ◽

Security Threat ◽

Ongoing Research ◽

Security Environment ◽

Security Science

This paper presents the ongoing research and, deals, in the framework of interdisciplinary scientific research, with various military and non-military threats and their negative impact on the security of contemporary human society. In this research, the authors point out the continuous deterioration of the global and regional security environment and the growth of symmetric and asymmetric security threats with focus on the air transport, and the resulting negative consequences for the security of the states and their citizens. In order to contribute to the development of security science, the authors examine the issues of terrorism as an asymmetric security threat, focusing in particular on terrorism and terrorist activities of the air transport and measures taken to eliminate terrorism in the airspace.

Download Full-text