Security Requirements
Recently Published Documents


TOTAL DOCUMENTS

1881
(FIVE YEARS 827)

H-INDEX

35
(FIVE YEARS 16)

Facilities ◽  
2022 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Stephanie Brick

Purpose Service members of the US Department of Defense (DoD) have alarmingly high rates of depression, anxiety, probable stress disorders and suicidality, all of which are negative health conditions exacerbated by various external stressors. High-stress work conditions – to include shift work, hazardous territories, high-stakes mission sets and generally disconnected sites – require a work environment that facilitates, rather than inhibits, stress reduction and mental well-being. This paper aims to present “salutogenic design” as an innovative approach: Salutogenic design offers demonstrated architectural solutions that improve health and well-being. Design/methodology/approach This paper describes salutogenic design strategies beginning with the need for such an approach, the call to action to implement strategic and tactical solutions and the challenges and financial impacts of such a broad and innovative strategy to improve workplace health, well-being and performance in the DoD and beyond. Examples of these strategies, via biophilic design solutions, are presented in the central Table 1 as an easy-to-reference tool and supported by the voluminous literature as referenced, in part, through this research paper. Findings Salutogenic design strategies offer innovative, financially viable solutions to help mitigate stress and improve workforce well-being while maintaining the highest level of building security requirements in access-controlled spaces and disconnected sites, such as military installations and government compounds. Research limitations/implications Issues of mental and physical health are complex and multi-faceted, and they require complex and multi-faceted solutions. Salutogenic design is presented as one facet of that solution: a tangible solution to an often-intangible issue. Further, as a novel approach to address a critical DoD issue, Table 1 bridges the common gap between high-concept design theory and practical construction-application solutions, with positive value to the health, performance, quality-of-life and well-being of service members. Originality/value To the best of the author’s knowledge, this paper is the first to approach the DoD’s imperative to reduce service members’ mental stress with “salutogenic design.”


Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 607
Author(s):  
Mayuresh Sunil Pardeshi ◽  
Ruey-Kai Sheu ◽  
Shyan-Ming Yuan

Authentication is essential for the prevention of various types of attacks in fog/edge computing. Therefore, a novel mode-based hash chain for secure mutual authentication is necessary to address the Internet of Things (IoT) devices’ vulnerability, as there have been several years of growing concerns regarding their security. Therefore, a novel model is designed that is stronger and effective against any kind of unauthorized attack, as IoT devices’ vulnerability is on the rise due to the mass production of IoT devices (embedded processors, camera, sensors, etc.), which ignore the basic security requirements (passwords, secure communication), making them vulnerable and easily accessible. Furthermore, crackable passwords indicate that the security measures taken are insufficient. As per the recent studies, several applications regarding its requirements are the IoT distributed denial of service attack (IDDOS), micro-cloud, secure university, Secure Industry 4.0, secure government, secure country, etc. The problem statement is formulated as the “design and implementation of dynamically interconnecting fog servers and edge devices using the mode-based hash chain for secure mutual authentication protocol”, which is stated to be an NP-complete problem. The hash-chain fog/edge implementation using timestamps, mode-based hash chaining, the zero-knowledge proof property, a distributed database/blockchain, and cryptography techniques can be utilized to establish the connection of smart devices in large numbers securely. The hash-chain fog/edge uses blockchain for identity management only, which is used to store the public keys in distributed ledger form, and all these keys are immutable. In addition, it has no overhead and is highly secure as it performs fewer calculations and requires minimum infrastructure. Therefore, we designed the hash-chain fog/edge (HCFE) protocol, which provides a novel mutual authentication scheme for effective session key agreement (using ZKP properties) with secure protocol communications. The experiment outcomes proved that the hash-chain fog/edge is more efficient at interconnecting various devices and competed favorably in the benchmark comparison.


Polymers ◽  
2022 ◽  
Vol 14 (2) ◽  
pp. 299
Author(s):  
Louise Lods ◽  
Tutea Richmond ◽  
Jany Dandurand ◽  
Eric Dantras ◽  
Colette Lacabanne ◽  
...  

A biobased composite was generated from bamboo fibers (BF) and a polyamide 11 (PA11) matrix. In order to fulfill security requirements, a PA11 already containing a flame retardant (FR) was chosen: This matrix is referred as PA11-FR. In this work, the effects of flame retardant (melamine cyanurate) on the composite properties were considered. In the calorimetric study, the glass transition and melting temperatures of PA11-FR were the same as those of PA11. The melamine cyanurate (MC) had no influence on these parameters. Thermogravimetric analysis revealed that PA11-FR was less stable than PA11. The presence of MC facilitated thermal decomposition regardless of the analysis atmosphere used. It is important to note that the presence of FR did not influence processing conditions (especially the viscosity parameter) for the biosourced composite. Continuous BF-reinforced PA 11-FR composites, single ply, with 60% of fibers were processed and analyzed using dynamic mechanical analysis. In shear mode, comparative data recorded for BF/PA11-FR composite and the PA11-FR matrix demonstrated that the shear glassy modulus was significantly improved: multiplied by a factor of 1.6 due to the presence of fibers. This result reflected hydrogen bonding between reinforcing fibers and the matrix, resulting in a significant transfer of stress. In tensile mode, the conservative modulus of BF/PA11-FR reached E’ = 8.91 GPa. Upon BF introduction, the matrix tensile modulus was multiplied by 5.7. It can be compared with values of a single bamboo fiber recorded under the same experimental conditions: 31.58 GPa. The difference is partly explained by the elementary fibers’ lack of alignment in the composite.


2022 ◽  
Vol 2022 ◽  
pp. 1-13
Author(s):  
Minsoo Lee ◽  
Hyun Kwon ◽  
Hyunsoo Yoon

The instrumentation and control (I&C) system of a nuclear power plant (NPP) employs a cybersecurity program regulated by the government. Through regulation, the government requires the implementation of security controls in order for a system to be developed and operated. Accordingly, the licensee of an NPP works to comply with this requirement, beginning in the development phase. The compliance-driven approach is efficient when the government supervises NPPs, but it is inefficient when a licensee constructs them. The security controls described in regulatory guidance do not consider system characteristics. In other words, the development organization spends a considerable amount of time excluding unnecessary control items and preparing the evidence to justify their exclusion. In addition, security systems can vary according to the developer’s level of security knowledge, leading to differences in levels of security between systems. This paper proposes a method for a developer to select the appropriate security controls when preparing the security requirements during the early development phase; it is designed to ensure the system’s security and reduce the cost of excluding unnecessary security controls. We have formalized the representation of attack patterns and security control patterns and identified the relationships between these patterns. We conducted a case study applying RG 5.71 in the Plant Protection System (PPS) to confirm the validity of the proposed method.


Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 534
Author(s):  
Nasr Abosata ◽  
Saba Al-Rubaye ◽  
Gokhan Inalhan

The Internet of Things (IoT) connects billions of sensors to share and collect data at any time and place. The Advanced Metering Infrastructure (AMI) is one of the most important IoT applications. IoT supports AMI to collect data from smart sensors, analyse and measure abnormalities in the energy consumption pattern of sensors. However, two-way communication in distributed sensors is sensitive and tends towards security and privacy issues. Before deploying distributed sensors, data confidentiality and privacy and message authentication for sensor devices and control messages are the major security requirements. Several authentications and encryption protocols have been developed to provide confidentiality and integrity. However, many sensors in distributed systems, resource constraint smart sensors, and adaptability of IoT communication protocols in sensors necessitate designing an efficient and lightweight security authentication scheme. This paper proposes a Payload Encryption-based Optimisation Scheme for lightweight authentication (PEOS) on distributed sensors. The PEOS integrates and optimises important features of Datagram Transport Layer Security (DTLS) in Constrained Application Protocol (CoAP) architecture instead of implementing the DTLS in a separate channel. The proposed work designs a payload encryption scheme and an Optimised Advanced Encryption Standard (OP-AES). The PEOS modifies the DTLS handshaking and retransmission processes in PEOS using payload encryption and NACK messages, respectively. It also removes the duplicate features of the protocol version and sequence number without impacting the performance of CoAP. Moreover, the PEOS attempts to improve the CoAP over distributed sensors in the aspect of optimised AES operations, such as parallel execution of S-boxes in SubBytes and delayed Mixcolumns. The efficiency of PEOS authentication is evaluated on Conitki OS using the Cooja simulator for lightweight security and authentication. The proposed scheme attains better throughput while minimising the message size overhead by 9% and 23% than the existing payload-based mutual authentication PbMA and basic DTLS/CoAP scheme in random network topologies with less than 50 nodes.


Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 538
Author(s):  
Alok Mishra ◽  
Yehia Ibrahim Alzoubi ◽  
Asif Qumer Gill ◽  
Memoona Javeria Anwar

Cybersecurity is a critical issue that must be prioritized not just by enterprises of all kinds, but also by national security. To safeguard an organization’s cyberenvironments, information, and communication technologies, many enterprises are investing substantially in cybersecurity these days. One part of the cyberdefense mechanism is building an enterprises’ security policies library, for consistent implementation of security controls. Significant and common cybersecurity policies of various enterprises are compared and explored in this study to provide robust and comprehensive cybersecurity knowledge that can be used in various enterprises. Several significant common security policies were identified and discussed in this comprehensive study. This study identified 10 common cybersecurity policy aspects in five enterprises: healthcare, finance, education, aviation, and e-commerce. We aimed to build a strong infrastructure in each business, and investigate the security laws and policies that apply to all businesses in each sector. Furthermore, the findings of this study reveal that the importance of cybersecurity requirements differ across multiple organizations. The choice and applicability of cybersecurity policies are determined by the type of information under control and the security requirements of organizations in relation to these policies.


Electronics ◽  
2022 ◽  
Vol 11 (1) ◽  
pp. 131
Author(s):  
Sungwook Kim

Succinct Non-interactive Arguments of Knowledge (SNARks) are receiving a lot of attention as a core privacy-enhancing technology for blockchain applications. Polynomial commitment schemes are important building blocks for the construction of SNARks. Polynomial commitment schemes enable the prover to commit to a secret polynomial of the prover and convince the verifier that the evaluation of the committed polynomial is correct at a public point later. Bünz et al. recently presented a novel polynomial commitment scheme with no trusted setup in Eurocrypt’20. To provide a transparent setup, their scheme is built over an ideal class group of imaginary quadratic fields (or briefly, class group). However, cryptographic assumptions on a class group are relatively new and have, thus far, not been well-analyzed. In this paper, we study an approach to transpose Bünz et al.’s techniques in the discrete log setting because the discrete log setting brings a significant improvement in efficiency and security compared to class groups. We show that the transposition to the discrete log setting can be obtained by employing a proof system for the equality of discrete logarithms over multiple bases. Theoretical analysis shows that the transposition preserves security requirements for a polynomial commitment scheme.


2022 ◽  
Vol 354 ◽  
pp. 00049
Author(s):  
Marcel Daniel Rad ◽  
Dragos Fotau ◽  
Diana Sălăsan ◽  
Sorin Zsido

The evaluation of explosion-proof electrical equipment for certification is particularly important given the risk of explosion and must be minimized. This in order to ensure the safety of life, health of workers, to prevent damage to goods and the environment when they meet the essential security requirements at European level. Directive 2014/34 / EU states that equipment used in explosive atmospheres must be designed to operate without endangering the environment for which it is intended. This paper presents a comparison between the different types of cable glands for electrical apparatus by comparing some common characteristics that are important for maintaining the integrity of explosion protection. Consequently, this paper intends to be the precursor of a practical guide for the selection and implementation of different types of protection on the apparatus intended for use in areas with hazard of explosive atmospheres, both for designers and manufactures. This state of fact is negatively more emphatic because, lately, the groups of standards from this field in the world, Europe and Romania have a peculiar dynamic caused especially by the homogenisation and generalisation process opened and maintained by IEC.


2022 ◽  
pp. 247-279
Author(s):  
Inger Anne Tøndel ◽  
Martin Gilje Jaatun

Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in order to bridge the observed gap between software security practices and security risks in many projects today. Particularly, such knowledge can help researchers improve on available practices and recommendations. This article uses the results of published empirical studies on security requirement work to create a conceptual framework that shows key concepts related to work context, this work itself and the effects of this work. The resulting framework points to the following research challenges: 1) Identifying and understanding factors important for the effect of security requirements work; 2) Understanding what is the importance of the chosen requirements approach itself, and; 3) Properly taking into account contextual factors, especially factors related to individuals and interactions, in planning and analysis of empirical studies on security requirements work.


Sign in / Sign up

Export Citation Format

Share Document