scholarly journals Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

2021 ◽  
Vol 7 ◽  
pp. e362
Author(s):  
Jinghua Yu ◽  
Stefan Wagner ◽  
Feng Luo
Keyword(s):  
Information Security ◽  
Data Flow ◽  
Process Analysis ◽  
Security Analysis ◽  
Security Requirements ◽  
Security Issues ◽  
External Threats ◽  
Complex Interactions ◽  
Controlling System ◽  
Potential System

Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and specify security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional approaches lack the power to identify insecure incidents caused by complex interactions among physical systems, human and social entities. By contrast, the System-Theoretic Process Analysis for Security (STPA-Sec) approach views losses as resulting from interactions, focuses on controlling system vulnerabilities instead of external threats, and is applicable for complex socio-technical systems. However, the STPA-Sec pays less attention to the non-safety but information-security issues (e.g., data confidentiality) and lacks efficient guidance for identifying information security concepts. In this article, we propose a data-flow-based adaption of the STPA-Sec (named STPA-DFSec) to overcome the mentioned limitations and elicit security constraints systematically. We use the STPA-DFSec and STPA-Sec to analyze a vehicle digital key system and investigate the relationship and differences between both approaches, their applicability, and highlights. To conclude, the proposed approach can identify information-related problems more directly from the data processing aspect. As an adaption of the STPA-Sec, it can be used with other STPA-based approaches to co-design systems in multi-disciplines under the unified STPA framework.

scholarly journals Modification data attack inside computer systems: a critical review

2020 ◽  
Vol 1 (3) ◽  
pp. 98-105
Author(s):  
Vahid Kaviani J ◽  
Parvin Ahmadi Doval Amiri ◽  
Farsad Zamani Brujeni ◽  
Nima Akhlaghi
Keyword(s):  
Information Security ◽  
Computer Systems ◽  
Security Analysis ◽  
Sensitive Information ◽  
Cyber Attack ◽  
User Input ◽  
Security Issues ◽  
Data User ◽  
Recent Developments ◽  
Data Configuration

This paper is a review of types of modification data attack based on computer systems and it explores the vulnerabilities and mitigations. Altering information is a kind of cyber-attack during which intruders interfere, catch, alter, take or erase critical data on the PCs and applications through using network exploit or by running malicious executable codes on victim's system. One of the most difficult and trendy areas in information security is to protect the sensitive information and secure devices from any kind of threats. Latest advancements in information technology in the field of information security reveal huge amount of budget funded for and spent on developing and addressing security threats to mitigate them. This helps in a variety of settings such as military, business, science, and entertainment. Considering all concerns, the security issues almost always come at first as the most critical concerns in the modern time. As a matter of fact, there is no ultimate security solution; although recent developments in security analysis are finding daily vulnerabilities, there are many motivations to spend billions of dollars to ensure there are vulnerabilities waiting for any kind of breach or exploit to penetrate into the systems and networks and achieve particular interests. In terms of modifying data and information, from old-fashioned attacks to recent cyber ones, all of the attacks are using the same signature: either controlling data streams to easily breach system protections or using non-control-data attack approaches. Both methods can damage applications which work on decision-making data, user input data, configuration data, or user identity data to a large extent. In this review paper, we have tried to express trends of vulnerabilities in the network protocols’ applications.

Security Engineering

2011 ◽  
pp. 168-181
Author(s):  
Ronda R. Henning
Keyword(s):  
Information Security ◽  
Systems Engineering ◽  
Development Process ◽  
System Analysis ◽  
Security Analysis ◽  
Security Requirements ◽  
Security Engineering ◽  
System Analysis And Design ◽  
Early Integration ◽  
Analysis And Design

Information security engineering is the specialized branch of systems engineering that addresses the derivation and fulfillment of a system’s security requirements. For years, security engineering practitioners have claimed that security is easier to build into a system when it is integrated with the system analysis and design. This paper presents some basic tenets of security analysis that can be applied by any systems engineer to ensure early integration of security constraints into the system definition and development process. It sheds light on security requirements interpretation to facilitate the fulfillment of security requirements throughout the system lifecycle.

Web Sites Information Security Management Based on B/S Pattern

2012 ◽  
Vol 263-266 ◽  
pp. 3141-3144
Author(s):  
Xiao Long Zhu
Keyword(s):  
Information Security ◽  
Web Sites ◽  
Security Analysis ◽  
Security Management ◽  
Management Program ◽  
Records Management ◽  
Security Strategy ◽  
Information Security Management ◽  
Security Issues ◽  
Electronic Records Management

This paper summarizes the development of electronic records management, and due to current defects and shortcomings, discusses the more effective and reasonable information security management program. For the system security issues, the paper has done an overall security analysis of system from the application layer, network layer, and database layer to physical and management levels, and has made a system’s security strategy.

scholarly journals Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

2021 ◽  
Vol 11 (20) ◽  
pp. 9393
Author(s):  
Shantanu Pal ◽  
Zahra Jadidi
Keyword(s):  
Internet Of Things ◽  
Large Scale ◽  
Security Analysis ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Future Research ◽  
The Internet ◽  
Industrial Internet Of Things ◽  
Security Issues ◽  
Industrial Internet

Industrial Internet of Things (IIoT) can be seen as an extension of the Internet of Things (IoT) services and applications to industry with the inclusion of Industry 4.0 that provides automation, reliability, and control in production and manufacturing. IIoT has tremendous potential to accelerate industry automation in many areas, including transportation, manufacturing, automobile, marketing, to name a few places. When the benefits of IIoT are visible, the development of large-scale IIoT systems faces various security challenges resulting in many large-scale cyber-attacks, including fraudulent transactions or damage to critical infrastructure. Moreover, a large number of connected devices over the Internet and resource limitations of the devices (e.g., battery, memory, and processing capability) further pose challenges to the system. The IIoT inherits the insecurities of the traditional communication and networking technologies; however, the IIoT requires further effort to customize the available security solutions with more focus on critical industrial control systems. Several proposals discuss the issue of security, privacy, and trust in IIoT systems, but comprehensive literature considering the several aspects (e.g., users, devices, applications, cascading services, or the emergence of resources) of an IIoT system is missing in the present state of the art IIoT research. In other words, the need for considering a vision for securing an IIoT system with broader security analysis and its potential countermeasures is missing in recent times. To address this issue, in this paper, we provide a comparative analysis of the available security issues present in an IIoT system. We identify a list of security issues comprising logical, technological, and architectural points of view and consider the different IIoT security requirements. We also discuss the available IIoT architectures to examine these security concerns in a systematic way. We show how the functioning of different layers of an IIoT architecture is affected by various security issues and report a list of potential countermeasures against them. This study also presents a list of future research directions towards the development of a large-scale, secure, and trustworthy IIoT system. The study helps understand the various security issues by indicating various threats and attacks present in an IIoT system.

scholarly journals Tenant-Oriented Monitoring for Customized Security Services in the Cloud

Symmetry ◽  
2019 ◽  
Vol 11 (2) ◽  
pp. 252 ◽  
Author(s):  
Huaizhe Zhou ◽  
Haihe Ba ◽  
Yongjun Wang ◽  
Zhiying Wang ◽  
Jun Ma ◽  
...  
Keyword(s):  
Virtual Machines ◽  
Service Providers ◽  
Security Analysis ◽  
Security Requirements ◽  
Security And Privacy ◽  
Sensitive Information ◽  
Cloud Environment ◽  
Security Issues ◽  
Security Services ◽  
Runtime Information

The dramatic proliferation of cloud computing makes it an attractive target for malicious attacks. Increasing solutions resort to virtual machine introspection (VMI) to deal with security issues in the cloud environment. However, the existing works are not feasible to support tenants to customize individual security services based on their security requirements flexibly. Additionally, adoption of VMI-based security solutions makes tenants at the risk of exposing sensitive information to attackers. To alleviate the security and privacy anxieties of tenants, we present SECLOUD, a framework for monitoring VMs in the cloud for security analysis in this paper. By extending VMI techniques, SECLOUD provides remote tenants or their authorized security service providers with flexible interfaces for monitoring runtime information of guest virtual machines (VMs) in a non-intrusive manner. The proposed framework enhances effectiveness of monitoring by taking advantages of architectural symmetry of cloud environment. Moreover, we harden our framework with a privacy-preserving capacity for tenants. The flexibility and effectiveness of SECLOUD is demonstrated through a prototype implementation based on Xen hypervisor, which results in acceptable performance overhead.

ANALYSIS AND ASSESSMENT OF METHODS AND MEANS OF DESTRUCTING INFORMATION FROM MAGNETIC MEDIA AS AN ELEMENT OF MODERN INFORMATION SECURITY

2019 ◽  
pp. 99-112 ◽  
Author(s):  
O. Semenenko ◽  
Y. Dobrovolsky ◽  
V. Koverga ◽  
O. Sechenev
Keyword(s):  
Information Security ◽  
Information Exchange ◽  
Integrated Approach ◽  
Operating Conditions ◽  
Security Requirements ◽  
Magnetic Media ◽  
Security Technologies ◽  
Analysis Of Means ◽  
Complex Development ◽  
Modern Information

Evolution of security technologies shows that only the concept of an integrated approach to information security can provide modern information security requirements. A comprehensive approach means the complex development of all the necessary methods and means of information protection. Today, the information exchange and information systems in the Ministry of Defense of Ukraine have certain means and approaches to the destruction of information, but each of them has different estimates of the effectiveness of their use, as well as different cost of their purchase and use. Therefore, the main purpose of the article is to carry out a comprehensive analysis of means of destroying confidential information of methods of its destruction in order to formulate practical recommendations for choosing the most effective and economically feasible for the Ministry of Defense of Ukraine. The perfection of methods and means of destroying information from magnetic media is an important element of modern information security. The results of the analysis carried out in the article are the disclosure of the main features of modern devices for the elimination of magnetic records, as well as the ability to formulate a list of basic requirements for modern devices for the destruction of information from magnetic media. Today, technical means of information security, in particular, the elimination of information on magnetic media, are constantly being improved, absorbing the latest advances in modern security technologies. Their model range, which takes into account the diversity of customer requirements, such as the type of energy supply, the level of mobility, reliability and operating conditions, expands. All this determines the relevance of research topics in this direction in the future.

scholarly journals USE OF ONTOLOGIES IN MAPPING OF INFORMATION SECURITY REQUIREMENTS / ONTOLOGIJOS NAUDOJIMAS INFORMACIJOS SAUGUMO REIKALAVIMAMS SUSIET

2013 ◽  
Vol 5 (2) ◽  
pp. 88-91
Author(s):  
Simona Ramanauskaitė ◽  
Eglė Radvilė ◽  
Dmitrij Olifer
Keyword(s):  
Information Security ◽  
Best Practices ◽  
Security Requirements ◽  
Security Standards

A large amount of different security documents, standards, guidelines and best practices requires to ensure mapping between different security requirements. As the result of mapping, security requirements of different standards can coincide or require to be amended or harmonised. This is the reason why it is so difficult to map more than two different security documents. Ontologies can be used to solve this issue. The article offers a review of different security documents and ontology types as well as investigates possible use of ontologies for mapping of security standards. Article in Lithuanian Santrauka Esant daugybei informacijos saugą reglamentuojančių dokumentų, gairių ir standartų, aktualu tarpusavyje susieti juose apibrėžtus saugumo reikalavimus. Skirtinguose saugos dokumentuose aprašyti saugumo reikalavimai gali ne tik sutapti arba papildyti vienas kitą, bet ir prieštarauti vienas kitam. Tai labai apsunkina daugiau negu dviejų informacijos saugą reglamentuojančių dokumentų susiejimą. Vienas būdų susieti daugiau negu du saugą reglamentuojančius dokumentus galėtų būti ontologijos naudojimas. Straipsnyje apžvelgiami šiuo metu pagrindiniai saugą reglamentuojantys standartai, egzistuojančios saugumo ontologijos, išnagrinėta galimybė naudoti ontologiją saugą reglamentuojančių dokumentų reikalavimams susieti ir galimybę tokį susiejimą atvaizduoti grafais.

Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication

2022 ◽  
Vol 16 (1) ◽  
pp. 0-0
Keyword(s):  
Data Security ◽  
Security Analysis ◽  
Data Communication ◽  
Computation Time ◽  
Computational Time ◽  
Security Issues ◽  
Authentication Mechanism ◽  
Cloud Server ◽  
Secure Authentication ◽  
Provably Secure

Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.

A review on Privacy-Preserving Data Preprocessing

2020 ◽  
pp. 16-30
Author(s):  
Mukesh Soni ◽  
◽  
◽  
◽  
YashKumar Barot ◽  
...  
Keyword(s):  
Health Care ◽  
Information Security ◽  
Social Insurance ◽  
Disease Outbreaks ◽  
Security And Privacy ◽  
Health Care Information ◽  
Privacy And Security ◽  
Healthcare Data ◽  
Security Issues ◽  
Care Information

Health care information has great potential for improving the health care system and also providing fast and accurate outcomes for patients, predicting disease outbreaks, gaining valuable information for prediction in future, preventing such diseases, reducing healthcare costs, and improving overall health. In any case, deciding the genuine utilization of information while saving the patient's identity protection is an overwhelming task. Regardless of the amount of medical data it can help advance clinical science and it is essential to the accomplishment of all medicinal services associations, at the end information security is vital. To guarantee safe and solid information security and cloud-based conditions, It is critical to consider the constraints of existing arrangements and systems for the social insurance of information security and assurance. Here we talk about the security and privacy challenges of high-quality important data as it is used mainly by the healthcare structure and similar industry to examine how privacy and security issues occur when there is a large amount of healthcare information to protect from all possible threats. We will discuss ways that these can be addressed. The main focus will be on recently analyzed and optimized methods based on anonymity and encryption, and we will compare their strengths and limitations, and this chapter closes at last the privacy and security recommendations for best practices for privacy of preprocessing healthcare data.

Sign in / Sign up

Export Citation Format

Share Document