Security Requirements for Multimedia Archives

Advances in Multimedia ◽

10.1155/2015/956416 ◽

2015 ◽

Vol 2015 ◽

pp. 1-5 ◽

Cited By ~ 1

Author(s):

Sang Bae Park

Keyword(s):

Storage Systems ◽

Security Requirements ◽

Digital Archives ◽

Security Issues ◽

Multimedia Contents ◽

Data Lifetime

With the explosive growth of various multimedia contents, digital archives are used to store those contents accordingly. In contrast to the traditional storage systems in which data lifetime is measured in months or years, data lifetime in the archive is measured in decades. This longevity of contents causes new security issues that threat the archive systems. In this paper, we discuss these new security issues in perspective. And we suggest some security requirements for digital archives.

Download Full-text

Research trends and solutions for secure traffic management of SDN

APTIKOM Journal on Computer Science and Information Technologies ◽

10.34306/csit.v2i3.70 ◽

2020 ◽

Vol 2 (3) ◽

pp. 97-105

Author(s):

Ravi Shankar Pandey ◽

Vivek Srivastava ◽

Lal Babu Yadav

Keyword(s):

Traffic Management ◽

Single Point ◽

Research Trends ◽

Security Requirements ◽

New Paradigm ◽

Research Papers ◽

Malicious Attack ◽

Security Issues ◽

Free Environment ◽

New Research

Software Defined Network (SDN) decouples the responsibilities of route management and datatransmission of network devices present in network infrastructure. It integrates the control responsibility at thecentralized software component which is known as controller. This centralized aggregation of responsibilities mayresult the single point of failure in the case malicious attack at the controller side. These attacks may also affect thetraffic flow and network devices. The security issues due to such malicious attacks in SDN are dominating challengesin the implementation and utilization of opportunities provided by this new paradigm. In this paper we haveinvestigated the several research papers related to proposal of new research trends for security and suggestionswhich fulfil the security requirements like confidentiality, integrity, availability, authenticity, authorization,nonrepudiation, consistency, fast responsiveness and adaptation. We have also investigated the new future researchfor creating the attack free environment for implementing the SDN.

Download Full-text

A Study on Cloud Storage Security Method Using Data Classification

Journal of University of Shanghai for Science and Technology ◽

10.51201/jusst/21/09657 ◽

2021 ◽

Vol 23 (09) ◽

pp. 1105-1121

Author(s):

Dr. Ashish Kumar Tamrakar ◽

◽

Dr. Abhishek Verma ◽

Dr. Vishnu Kumar Mishra ◽

Dr. Megha Mishra ◽

...

Keyword(s):

Cloud Storage ◽

Storage Systems ◽

Data Classification ◽

Data Encryption ◽

Security Requirements ◽

Security And Privacy ◽

Security Level ◽

Distributed Resources ◽

Storage Security ◽

Public Data

Cloud computing is a new model for providing diverse services of software and hardware. This paradigm refers to a model for enabling on-demand network access to a shared pool of configurable computing resources, that can be rapidly provisioned and released with minimal service provider interaction .It helps the organizations and individuals deploy IT resources at a reduced total cost. However, the new approaches introduced by the clouds, related to computation outsourcing, distributed resources and multi-tenancy concept, increase the security and privacy concerns and challenges. It allows users to store their data remotely and then access to them at any time from any place .Cloud storage services are used to store data in ways that are considered cost saving and easy to use. In cloud storage, data are stored on remote servers that are not physically known by the consumer. Thus, users fear from uploading their private and confidential files to cloud storage due to security concerns. The usual solution to secure data is data encryption, which makes cloud users more satisfied when using cloud storage to store their data. Motivated by the above facts; we have proposed a solution to undertake the problem of cloud storage security. In cloud storage, there are public data that do not need any security measures, and there are sensitive data that need applying security mechanisms to keep them safe. In that context, data classification appears as the solution to this problem. The classification of data into classes, with different security requirements for each class is the best way to avoid under security and over security situation. The existing cloud storage systems use the same Journal of University of Shanghai for Science and Technology ISSN: 1007-6735 Volume 23, Issue 9, September – 2021 Page-1105 key size to encrypt all data without taking into consideration its confidentiality level. Treating the low and high confidential data with the same way and at the same security level will add unnecessary overhead and increase the processing time. In our proposal, we have combined the K-NN (K Nearest Neighbors) machine learning method and the goal programming decision-making method, to provide an efficient method for data classification. This method allows data classification according to the data owner security needs. Then, we introduce the user data to the suitable security mechanisms for each class. The use of our solution in cloud storage systems makes the data security process more flexible, besides; it increases the cloud storage system performance and decreases the needed resources, which are used to store the data.

Download Full-text

Internal Control Considerations for Information System Changes and Patches

Advances in Business Information Systems and Analytics - Information Systems and Technology for Organizational Agility, Intelligence, and Resilience ◽

10.4018/978-1-4666-5970-4.ch008 ◽

2014 ◽

pp. 161-179 ◽

Cited By ~ 2

Author(s):

Jeffrey S. Zanzig ◽

Guillermo A. Francia III ◽

Xavier P. Francia

Keyword(s):

Information System ◽

Information Systems ◽

Internal Control ◽

Security Requirements ◽

Information Technology Professionals ◽

Organization Management ◽

Internal Auditors ◽

Security Issues ◽

System Changes ◽

Current Change

The dependence of businesses on properly functioning information systems to allow organizational personnel and outside investors to make important decisions has never been more pronounced. Information systems are constantly evolving due to operational and security requirements. These changes to information systems involve a risk that they could occur in a way that results in improper processing of information and/or security issues. The purpose of this chapter is to consider related guidance provided in a Global Technology Audit Guide (GTAG) from The Institute of Internal Auditors in conjunction with current change and patch management literature in order to assist internal auditors and organizational personnel in better understanding a process that leads to efficient and effective information system changes. The authors describe how internal auditors and information technology professionals can work together with organization management to form a mature approach in addressing both major information system changes and patches.

Download Full-text

Cloud Security Engineering Concept and Vision

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch006 ◽

2018 ◽

pp. 93-101 ◽

Cited By ~ 1

Author(s):

Shadi Aljawarneh

Keyword(s):

Cloud Security ◽

Research Community ◽

Security Requirements ◽

Software System ◽

Security Engineering ◽

Security Issues ◽

Requirements Specifications ◽

Evolutionary Changes ◽

World Environment ◽

Engineering Concept

The research community found that a software system should be evolved once every few months to ensure it is adapted to the real-world environment. The system evolution requires regularly amendments that append, delete, or alter features. It also migrates or converts the software system from one operating platform to another. These amendments may result in requirements/ specifications that were satisfied in a previous release of a software system not being satisfied in the subsequent versions. As a result, software evolutionary changes violate security requirements, and then a system may become vulnerable to different kinds of attacks. In this paper, concepts and visions are presented to avoid/minimize the Cloud security issues.

Download Full-text

TAKE-IoT

International Journal of Embedded and Real-Time Communication Systems ◽

10.4018/ijertcs.2020070101 ◽

2020 ◽

Vol 11 (3) ◽

pp. 1-21

Author(s):

Roumaissa Khelf ◽

Nacira Ghoualmi-Zine ◽

Marwa Ahmim

Keyword(s):

Key Exchange ◽

Internet Security ◽

Security Requirements ◽

Wireless Sensor ◽

Key Generation ◽

Authenticated Key Exchange ◽

Key Exchange Protocol ◽

Security Issues ◽

Ipsec Protocol ◽

The Internet Of Things

The goal of this work is to develop a key exchange solution for IPsec protocol, adapted to the restricted nature of the Internet of Things (IoT) components. With the emergence of IP-enabled wireless sensor networks (WSNs), the landscape of IoT is rapidly changing. Nevertheless, this technology has exacerbated the conventional security issues in WSNs, such as the key exchange problem. Therefore, Tiny Authenticated Key Exchange Protocol for IoT (TAKE-IoT) is proposed to solve this problem. The proposed TAKE-IoT is a secure, yet efficient, protocol that responds to several security requirements and withstands various types of known attacks. Moreover, TAKE-IoT aims to reduce computation costs using lightweight operations for the key generation. The proposed protocol is validated using the automated validation of internet security protocols and applications (AVISPA) tool. Hence, results show that TAKE-IoT can reach a proper level of security without sacrificing its efficiency in the context of IoT.

Download Full-text

Mobile Government Applications Based on Security and Privacy: A Literature Review

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.1.19492 ◽

2018 ◽

Vol 7 (4.1) ◽

pp. 51

Author(s):

Ala'a Saeb Al-Sherideh ◽

Roesnita Ismail ◽

Fauziah Abdul Wahid ◽

Norasikin Fabil ◽

Waidah Ismail

Keyword(s):

Literature Review ◽

Mobile Applications ◽

Public Services ◽

Security Requirements ◽

Security And Privacy ◽

Privacy And Security ◽

The Public ◽

Privacy Requirements ◽

Security Issues ◽

The Government

Mobile applications available in anytime and from anywhere. The utilizing of mobile governmental applications is significant to reduce the efforts and time that are required to accomplish the public services by citizens. The main challenges that face the acceptance and adoption of mobile governmental applications are the privacy and security issues. The users, who do not trust the security of mobile governmental applications, may reject the use of these applications which discourages the government to adopt the mobile services. This study focuses in investigating the security and privacy requirements of mobile government applications. Many related works are reviewed and discussed to understand the important security requirements of mobile government applications. The main results indicate that effective privacy and security of mobile government applications should be assured so as to enhance the level of adopting and using these applications. The security requirements involve many considerations such as the hardware characteristics, software characteristics, and communication characteristics. This article mainly gives better understanding of security requirements of mobile government applications.

Download Full-text

An Intelligent and Secure Health Monitoring Scheme Using IoT Sensor Based on Cloud Computing

Journal of Sensors ◽

10.1155/2017/3734764 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 22

Author(s):

Jin-Xin Hu ◽

Chin-Ling Chen ◽

Chun-Long Fan ◽

Kun-hao Wang

Keyword(s):

Cloud Computing ◽

Health Monitoring ◽

Cloud Model ◽

The Elderly ◽

Security Requirements ◽

Embedded Devices ◽

Monitoring Scheme ◽

Security Issues ◽

Sensor Cloud ◽

Cloud Servers

Internet of Things (IoT) is the network of physical objects where information and communication technology connect multiple embedded devices to the Internet for collecting and exchanging data. An important advancement is the ability to connect such devices to large resource pools such as cloud. The integration of embedded devices and cloud servers offers wide applicability of IoT to many areas of our life. With the aging population increasing every day, embedded devices with cloud server can provide the elderly with more flexible service without the need to visit hospitals. Despite the advantages of the sensor-cloud model, it still has various security threats. Therefore, the design and integration of security issues, like authentication and data confidentiality for ensuring the elderly’s privacy, need to be taken into consideration. In this paper, an intelligent and secure health monitoring scheme using IoT sensor based on cloud computing and cryptography is proposed. The proposed scheme achieves authentication and provides essential security requirements.

Download Full-text

Software Engineering Principles and Security Vulnerabilities

10.29007/4q71 ◽

2019 ◽

Author(s):

Aakanksha Rastogi ◽

Kendall Nygard

Keyword(s):

Software Engineering ◽

Design Science ◽

Science Research ◽

Security Requirements ◽

Security Vulnerabilities ◽

Analysis And Design ◽

Security Issues ◽

Development Life Cycle ◽

Design Science Research Methodology ◽

Trust Modelling

Software Engineering principles have connections with design science, including cybersecurity concerns pertaining to vulnerabilities, trust and reputation. The work of this paper surveys, identifies, establishes and explores these connections. Identification and addressing of security issues and concerns during the early phases of software development life cycle, especially during the requirements analysis and design phases; and importance of inclusion of security requirements have also been illustrated. In addition to that, effective and efficient strategies and techniques to prevent, mitigate and remediate security vulnerabilities by the application of the principles of trust modelling and design science research methodology have also been presented.

Download Full-text

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

PeerJ Computer Science ◽

10.7717/peerj-cs.362 ◽

2021 ◽

Vol 7 ◽

pp. e362

Author(s):

Jinghua Yu ◽

Stefan Wagner ◽

Feng Luo

Keyword(s):

Information Security ◽

Data Flow ◽

Process Analysis ◽

Security Analysis ◽

Security Requirements ◽

Security Issues ◽

External Threats ◽

Complex Interactions ◽

Controlling System ◽

Potential System

Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and specify security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional approaches lack the power to identify insecure incidents caused by complex interactions among physical systems, human and social entities. By contrast, the System-Theoretic Process Analysis for Security (STPA-Sec) approach views losses as resulting from interactions, focuses on controlling system vulnerabilities instead of external threats, and is applicable for complex socio-technical systems. However, the STPA-Sec pays less attention to the non-safety but information-security issues (e.g., data confidentiality) and lacks efficient guidance for identifying information security concepts. In this article, we propose a data-flow-based adaption of the STPA-Sec (named STPA-DFSec) to overcome the mentioned limitations and elicit security constraints systematically. We use the STPA-DFSec and STPA-Sec to analyze a vehicle digital key system and investigate the relationship and differences between both approaches, their applicability, and highlights. To conclude, the proposed approach can identify information-related problems more directly from the data processing aspect. As an adaption of the STPA-Sec, it can be used with other STPA-based approaches to co-design systems in multi-disciplines under the unified STPA framework.

Download Full-text

Application of Blockchain for Internet of Things: A Bibliometric Analysis

Mathematical Problems in Engineering ◽

10.1155/2021/5547530 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Ruijun Duan ◽

Li Guo

Keyword(s):

Internet Of Things ◽

Business Models ◽

Citation Index ◽

Security Requirements ◽

Future Research ◽

Privacy And Security ◽

Bibliometric Method ◽

Research Directions ◽

Security Issues ◽

Future Research Directions

As a disruptive emerging technology, the Internet of things (IoT) has rapidly developed, but its privacy risks and security vulnerabilities are still key challenges. The decentralized and distributed architecture of blockchain has the potential to satisfy IoT privacy and security requirements. This gives birth to the new domain of blockchain for IoT (BIoT). BIoT will cause significant transformations across several industries, paving the way for new business models. Based on the Science Citation Index Expanded (SCIE) and Social Sciences Citation Index (SSCI) databases in Web of Science (WoS) Core Collection, this study aims to explore the research trends and cooperation in the field of BIoT using the bibliometric method. The results indicate that the publications in this field have increased significantly from 2016 to 2020, with China and the USA being the most productive and influential countries. Keyword co-occurrence analysis shows that the most important research topics are as follows: security issues, core technologies, application dimensions, and transaction processes. Text mining analysis indicates that future research directions for BloT will focus more on both computing paradigms and key applications. This study will provide researchers with a greater understanding on the state of the art of BIoT and will serve as a reference for researchers engaging in this field to identify their own future research directions.

Download Full-text