The article is focused on the development of a method for detecting and eliminating floating vulnerabilities in mobile applications, their nature is described, and existing methods of detecting and ...neutralizing floating vulnerabilities are investigated, their defects are noted. The developed method is based on analyzing the state of the application at different points in time and comparing it with a reference state. The proposed algorithm includes fixing the initial state, discrete analysis, detection and identification of vulnerabilities, their elimination, and prevention of additional risks. The scope of application of the results includes the developing and securing of mobile applications for Android operating system. The conclusions of the paper confirm the importance of detecting and preventing floating vulnerabilities to ensure a high level of information protection. The developed method allows to effectively detect and eliminate vulnerabilities, which contributes to the creation of secure and protected applications for users of mobile devices.
•The convergence of synthetic biology and information security forms a new domain of cyberbiosecurity.•Highlighting significant advances in synthetic biology and their dual-use dilemma, raising ...concerns in biosecurity and the potential for misuse.•Discussing how artificially synthesized DNA can be programmed with malicious codes to exploit computer system vulnerabilities.•Using synthetic DNA to illustrate the viability and risks of cyberbiosecurity threats.•Proposing multi-layered defense approaches and stressing the significance of countering new cyberbiosecurity threats.
Synthetic biology is a crucial component of the “cyber-biological revolution” in this new industrial revolution. Owing to breakthroughs in synthetic biology, deoxyribonucleic acid (DNA), the storehouse of hereditary material in biological systems, can now be used as a medium for storage (synthesis) and reading (sequencing) of information. However, integrating synthetic biology with computerization has also caused cyberbiosecurity concerns, encompassing biosecurity and information security issues. Malicious codes intended to attack computer systems can be stored as artificially synthesized DNA fragments, which can be released during DNA sequencing and decoding and attack computer and network systems. As these cyberbiosecurity threats become increasingly realistic, spreading awareness and information about how they can be prevented and controlled is crucial. This review aims to address this need by offering crucial theoretical backing for cyberbiosecurity research and raising awareness of risk mitigation and control measures in information security, biosecurity, and national security.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Objective With the rapid growth of urban rail transit scale, the application of information-based intelligent vehicle operation and maintenance system becomes increasingly extensive, and the ...information security problem of the intelligent vehicle operation and maintenance system for urban rail transit becomes prominent gradually and needs to be solved urgently. Method Based on the information security risks and problems that the intelligent operation and maintenance system for urban rail transit vehicles may face, such as software vulnerabilities, systematic protection missing, network transmission security, etc., and with reference to a number of national and industrial information security standards, the technical solutions to information security protection are systematically proposed, including security zoning, boundary isolation, vertical authentication, and centralized supervision. The device host security is safeguarded by software hardening, access control, security audit and intrusion prevention.The
This paper discusses the application and analysis of information security in the intelligent management of sports equipment. With the rapid development of information security, the intelligent ...management of sports equipment has become more and more convenient, fast and safe. Through the information security situation assessment algorithm and Petri net model of natural language processing, the intelligent management of sports body is realized, personalized service and recommendation are provided, user participation and interaction are enhanced, marketing strategies are optimized, and user experience and user loyalty are enhanced. In the design of sports equipment management, SVM model, attack and defense tree model and SVM-Bayesian model are used in the classification of sports equipment. In the experimental comparison of the three models, it is found that the number of attack and defense SVM-Bayesian alarms is 11, the false alarm rate is 0.55%, the number of missed alarms is 57, the false alarm rate is 2.85%, and the accuracy rate is 96.6%. SVM-Bayesia has obvious advantages in attack success rate and risk defense probability. By constantly comparing the path data and the number of nodes, the algorithm in this paper also has a good application effect.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the ...law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they become implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology for directly extracting access rights and obligations from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the US Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they ...interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed.
Full text
Available for:
NUK, OILJ, SAZU, UKNU, UL, UM, UPUK
A large number of distributed applications requires continuous and timely processing of information as it flows from the periphery to the center of the system. Examples include intrusion detection ...systems which analyze network traffic in real-time to identify possible attacks; environmental monitoring applications which process raw data coming from sensor networks to identify critical situations; or applications performing online analysis of stock prices to identify trends and forecast future values.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, SAZU, UL, UM, UPUK
Private query is a kind of cryptographic protocols to protect both users' privacies in their communication. For instance, Alice wants to buy one item from Bob's database. The aim of private query is ...to ensure that Alice can get only one item from Bob, and simultaneously, Bob cannot know which one was taken by Alice. In pursuing high security and efficiency, some quantum private query protocols were proposed. As a practical model, Quantum-Oblivious-Key-Transfer (QOKT)-based private query, which utilizes a QOKT protocol to distribute oblivious key between Alice and Bob and then applies the key to achieve the aim of private query, has drawn much attention. Here, we focus on postprocessing of the oblivious key, and the following two contributions are achieved. 1) We analyze three recently proposed dilution methods and find two of them have serious security loophole. That is, Alice can illegally obtain much additional information about Bob's database by multiple queries. For example, Alice can obtain the whole database, which contains 10 4 items, by only 53.4 queries averagely. 2) We present an effective error-correction method for the oblivious key, which can address the realistic scenario with channel noises and make QOKT-based private query more practical.
An Insight of Information Security: A Skeleton Shah, Yash; Joshi, Soham; Oza, Prof. Parita ...
International journal of recent technology and engineering,
09/2019, Volume:
8, Issue:
3
Journal Article
Open access
In this age of growing and developing information and technology, data security, integrity and confidentiality are essential aspects related to shared data over some network or medium. Many ...techniques over the years have been developed for securing the messages from attack or theft or breach of very sensible and essential data when shared over a network. The security threats to data have been ascending, so are the data hiding or securing techniques. This is where Information Security has a role to play. Development of techniques and methods that prevents the essential and secret data being stolen and thus providing security to the data. This paper discusses the significance of Information Security, its evolution since its infant stage and study about various subdomains of the same. This paper also shows a comparative study of various Information Security Techniques, their pros and cons and the applications in various domains. This paper analyses various Information Security methods or techniques based on their various characteristics and effectiveness on securing the data from any adversaries. This includes a study of some benchmark techniques and their subsidiaries along with it. The techniques under focus for analyzing were Watermarking, Digital Signatures, Fingerprinting, Cryptography, Steganography and latest being CryptoSteganography Information Security Technique. The characteristics focused were security-related properties, data or message-related properties, their objectives, drawbacks, applications and algorithms.