A Taxonomy for Security Flaws in Event-Based Systems

Event-based system (EBS) is prevalent in various systems including mobile cyber physical systems (MCPSs), Internet of Things (IoT) applications, mobile applications, and web applications, because of its particular communication model that uses implicit invocation and concurrency between components. However, an EBS’s non-determinism in event processing can introduce inherent security vulnerabilities into the system. Multiple types of attacks can incapacitate and damage a target EBS by exploiting this event-based communication model. To minimize the risk of security threats in EBSs, security efforts are required by determining the types of security flaws in the system, the relationship between the flaws, and feasible techniques for dealing with each flaw. However, existing security flaw taxonomies do not appropriately reflect the security issues that originate from an EBS’s characteristics. In this paper, we introduce a new taxonomy that defines and classifies the particular types of inherent security flaws in an EBS, which can serve as a basis for resolving its specific security problems. We also correlate our taxonomy with security attacks that can exploit each flaw and identify existing solutions that can be applied to preventing such attacks. We demonstrate that our taxonomy handles particular aspects of EBSs not covered by existing taxonomies.

Download Full-text

9. Natural resources, security, and conflicts

Global Environmental Politics ◽

10.1093/hepl/9780198826088.003.0009 ◽

2020 ◽

pp. 293-317

Author(s):

Jean-Frédéric Morin ◽

Amandine Orsini ◽

Sikina Jinnah

Keyword(s):

Natural Resources ◽

Environmental Degradation ◽

Environmental Security ◽

Armed Conflicts ◽

Security Threats ◽

Environmental Resources ◽

Security Issues ◽

State Security ◽

The Impact ◽

The Relationship

This chapter discusses the relationship between the environment and security. The concept of ‘environmental security’ is omnipresent, but is nonetheless ambiguous and contested. What exactly needs to be secured, and what are the security threats? Is environmental security about state security, faced with the loss of natural resources? Or is it about protecting individuals and communities from environmental degradation and reduced access to key environmental resources? A first step in clarifying these questions is to disentangle two related but distinct causal arguments. In the relationship between environment and security, environmental degradation can be analysed either as a cause or as a consequence of security issues. A second step needed to clarify these debates is to adopt clear definitions. In the context of international relations, security has traditionally been understood in relation to the survival of the state, and the main threats to state security are armed conflicts. For the purpose of this chapter, conflicts are defined as any type of disagreement. The chapter also examines the impact of conflicts on the environment.

Download Full-text

Analysis of Security Attacks and Taxonomy in Underwater Wireless Sensor Networks

Wireless Communications and Mobile Computing ◽

10.1155/2021/1444024 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Irfan Ahmad ◽

Taj Rahman ◽

Asim Zeb ◽

Inayat Khan ◽

Inam Ullah ◽

...

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Routing Protocols ◽

Wireless Sensor ◽

Security Threats ◽

Security Attacks ◽

Underwater Wireless Sensor Networks ◽

Marine Monitoring ◽

Security Issues ◽

Underwater Environment

Underwater Wireless Sensor Networks (UWSN) have gained more attention from researchers in recent years due to their advancement in marine monitoring, deployment of various applications, and ocean surveillance. The UWSN is an attractive field for both researchers and the industrial side. Due to the harsh underwater environment, own capabilities, and open acoustic channel, it is also vulnerable to malicious attacks and threats. Attackers can easily take advantage of these characteristics to steal the data between the source and destination. Many review articles are addressed some of the security attacks and taxonomy of the Underwater Wireless Sensor Networks. In this study, we have briefly addressed the taxonomy of the UWSNs from the most recent research articles related to the well-known research databases. This paper also discussed the security threats on each layer of the Underwater Wireless sensor networks. This study will help the researchers design the routing protocols to cover the known security threats and help industries manufacture the devices to observe these threats and security issues.

Download Full-text

Static analysis for discovering IoT vulnerabilities

International Journal on Software Tools for Technology Transfer ◽

10.1007/s10009-020-00592-x ◽

2020 ◽

Author(s):

Pietro Ferrara ◽

Amit Kr Mandal ◽

Agostino Cortesi ◽

Fausto Spoto

Keyword(s):

Static Analysis ◽

Web Application ◽

Web Applications ◽

Security Vulnerabilities ◽

Web Application Security ◽

Robust Solution ◽

Representative Case ◽

Application Security ◽

Industrial Analyzer ◽

The Relationship

AbstractThe Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

Download Full-text

IOT-BASED SMART ENVIRONMENTS: STATE OF THE ART, SECURITY THREATS AND SOLUTIONS

ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences ◽

10.5194/isprs-archives-xlvi-4-w5-2021-279-2021 ◽

2021 ◽

Vol XLVI-4/W5-2021 ◽

pp. 279-286

Author(s):

G. Ikrissi ◽

T. Mazri

Keyword(s):

Energy Efficiency ◽

Internet Of Things ◽

State Of The Art ◽

The Internet ◽

Smart Environments ◽

Security Threats ◽

Smart Environment ◽

Security Attacks ◽

Security Issues ◽

The Internet Of Things

Abstract. Smart environments provide many benefits to the users including comfort, convenience, energy efficiency, safety, automation, and service quality. The Internet of Things (IoT) has developed to become one of the widely used technologies in smart environments. Many security attacks and threats are generated by security flaws in IoT-based systems and devices, which may affect smart environments applications. As a result, security is one of the most important issues in any smart area or environment based on the IoT model. This paper presents an overview of smart environments based on IoT technology and highlights the main security issues and countermeasures in the four layers of smart environment IoT architecture. It also reviews some of the current solutions that ensure the security of information in smart environments applications.

Download Full-text

Sensors Network

Network Security Attacks and Countermeasures - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-8761-5.ch006 ◽

2016 ◽

pp. 176-196

Author(s):

Mamta Bachani ◽

Ahsan Memon ◽

Faisal Karim Shaikh

Keyword(s):

Sensor Networks ◽

Security Threats ◽

Security Mechanism ◽

Security Attacks ◽

Security Issues ◽

Exchange Of Information

This chapter aims to develop an understanding of sensor networks and the security threats posed to them, owing to the inherently insecure wireless nature. It also highlights the current security issues associated with the exchange of information and presents respective countermeasures that can be used to secure the network of malevolent behavior. It builds the reader's understanding of security threats by presenting an idealistic security mechanism and comparing it to currently practiced security mechanisms. Doing so, it identifies the security flaws in each mechanism, henceforth, enumerating a list of well-known security attacks that are connected to the respective security flaws. To provide a better understanding of security threats, the security attacks, in general, are discussed in the perspective of a network administrator, and an adversary. Their impact is also considered from the side of a network administrator and its respective benefits to the adversary. The chapter is later concluded along with future directives and an insight on requirements of forthcoming technologies.

Download Full-text

Survey on Reverse-Engineering Tools for Android Mobile Devices

Mathematical Problems in Engineering ◽

10.1155/2022/4908134 ◽

2022 ◽

Vol 2022 ◽

pp. 1-7

Author(s):

Ashwag Albakri ◽

Huda Fatima ◽

Maram Mohammed ◽

Aisha Ahmed ◽

Aisha Ali ◽

...

Keyword(s):

Reverse Engineering ◽

Mobile Devices ◽

Mobile Applications ◽

Information Leakage ◽

Sensitive Information ◽

Security Threats ◽

Application Security ◽

Security Issues ◽

Frequent Use ◽

User Data

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

Download Full-text

Security Threats and Research Challenges of IoT - A Review

Journal of Engineering Advancements ◽

10.38032/jea.2020.04.008 ◽

2020 ◽

Vol 01 (04) ◽

pp. 170-182

Author(s):

A K M Bahalul Haque ◽

Sonia Tasmin

Keyword(s):

Future Research ◽

Security Threats ◽

Security Attacks ◽

Research Directions ◽

Smart Systems ◽

Security Issues ◽

Heterogeneous Devices ◽

Research Challenges ◽

Future Research Directions

Internet of things (IoT) is the epitome of sustainable development. It has facilitated the development of smart systems, industrialization, and the state-of-the-art quality of life. IoT architecture is one of the essential baselines of understanding the widespread adoption. Security issues are very crucial for any technical infrastructure. Since IoT comprises heterogeneous devices, its security issues are diverse too. Various security attacks can be responsible for compromising confidentiality, integrity, and availability. In this paper, at first, the IoT architecture is described briefly. After that, the components of IoT are explained with perspective to various IoT based applications and services. Finally, various security issues, including recommended solutions, are elaborately described and the potential research challenges and future research directions.

Download Full-text

Sensors Network

Sensor Technology ◽

10.4018/978-1-7998-2454-1.ch001 ◽

2020 ◽

pp. 1-21

Author(s):

Mamta Bachani ◽

Ahsan Memon ◽

Faisal Karim Shaikh

Keyword(s):

Sensor Networks ◽

Security Threats ◽

Security Mechanism ◽

Security Attacks ◽

Security Issues ◽

Exchange Of Information

Download Full-text

Web Application Security Tools Analysis

Studies in Media and Communication ◽

10.11114/smc.v5i2.2663 ◽

2017 ◽

Vol 5 (2) ◽

pp. 118

Author(s):

Abdulrahman Alzahrani ◽

Ali Alqazzaz ◽

Nabil Almashfi ◽

Huirong Fu ◽

Ye Zhu

Keyword(s):

Web Application ◽

Web Applications ◽

Information Leakage ◽

Deep Understanding ◽

Transport Layer ◽

Development Environment ◽

Security Vulnerabilities ◽

Security Issues ◽

The Many ◽

The Web

Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications’ complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Fingerprinting, Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, SQL Injection, and HTTP Splitting. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications’ users and administrators aiming to educate them.

Download Full-text

Security issues and framework of electronic medical record: A review

Bulletin of Electrical Engineering and Informatics ◽

10.11591/eei.v9i2.2064 ◽

2020 ◽

Vol 9 (2) ◽

Author(s):

Jibril Adamu ◽

Raseeda Hamzah ◽

Marshima Mohd Rosli

Keyword(s):

Medical Record ◽

Electronic Medical Record ◽

Security And Privacy ◽

Security Threats ◽

Security Vulnerabilities ◽

Sql Injection ◽

Security Issues ◽

Electronic Medical Record Systems ◽

Cross Site ◽

Common Security

The electronic medical record has been more widely accepted due to its unarguable benefits when compared to a paper-based system. As electronic medical record becomes more popular, this raises many security threats against the systems. Common security vulnerabilities, such as weak authentication, cross-site scripting, SQL injection, and cross-site request forgery had been identified in the electronic medical record systems. To achieve the goals of using EMR, attaining security and privacy is extremely important. This study aims to propose a web framework with inbuilt security features that will prevent the common security vulnerabilities in the electronic medical record. The security features of the three most popular and powerful PHP frameworks Laravel, CodeIgniter, and Symfony were reviewed and compared. Based on the results, Laravel is equipped with the security features that electronic medical record currently required. This paper provides descriptions of the proposed conceptual framework that can be adapted to implement secure EMR systems.

Download Full-text