E-commerce has transformed the commerce industry as we know it, introducing better purchasing, shipping, and customer services. These business services generate and utilise sensitive information such ...as customer purchases, financial and personal information which are of high value to attackers. Securing e-commerce systems demands security risk management conscious of evolving security threats. This research work proposes and analyses a threat-driven approach that explores the use of a security threat analysis method - STRIDE to support a selected security risk management method - ISSRM (Information System Security Risk Management) in managing security risk in an e-commerce system. Results of this approach present e-commerce asset identification, threat analysis, and risk identification, with security risk treatment decisions. We discuss these results presenting the benefits of the STRIDE and ISSRM combination.
With the Amazon EC2 Cloud becoming available as a viable platform for parallel computing, Earth System Models are increasingly interested in leveraging its capabilities towards improving climate ...projections. In particular, faced with long wait periods on high-end clusters, the elasticity of the Cloud presents a unique opportunity of potentially “infinite” availability of small-sized clusters running on high-performance instances. Among specific applications of this new paradigm, we show here how uncertainty quantification in climate projections of polar ice sheets (Antarctica and Greenland) can be significantly accelerated using the Cloud. Indeed, small-sized clusters are very efficient at delivering sensitivity and sampling analysis, core tools of uncertainty quantification. We demonstrate how this approach was used to carry out an extensive analysis of ice-flow projections on one of the largest basins in Greenland, the North-East Greenland Glacier, using the Ice Sheet System Model, the public-domain NASA-funded ice-flow modeling software. We show how errors in the projections were accurately quantified using Monte-Carlo sampling analysis on the EC2 Cloud, and how a judicious mix of high-end parallel computing and Cloud use can best leverage existing infrastructures, and significantly accelerate delivery of potentially ground-breaking climate projections, and in particular, enable uncertainty quantification that were previously impossible to achieve.
•NASA/JPL's Ice Sheet System Model ported to the Amazon EC2 Cloud.•First ever application of Cloud computing to modeling of polar ice flow.•Combining ISSM high-end and EC2 Cloud computing accelerates delivery of projections.•Cloud elasticity eliminates batch queuing time in uncertainty quantification runs.•Demonstrates feasibility of uncertainty quantification in sea-level projections.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK, ZRSKP
Organizations mainly rely on data and the mechanism of dealing with that data on cloud computing. Data in an organization has multi security levels, which is classified depending on nature of the ...data, and the impact of data on the organization. The security procedures which used for protecting data usually be complicated, and it had a direct and indirect influence on the usability level. This study aims to establish a model which has an ability to classify data dynamically according to the security form low till high levels. The security level classified it into five levels based on the policies and classification method. The purpose of classification is to apply a complex security procedure on data which has a high security level larger than data which has a low security level. It also has a potential to segregation an illegal data from the legal to support usability in system. Finally, several experiments have been conducted to evaluate the proposed approaches. Several experiments have been performed to empirically evaluate two feature selection methods (Chi-square (χ^sup 2^), information gain (IG)) and five classification methods (decision tree classifier, Support Vector Machine (SVM), Naïve Bayes (NB), and K-Nearest Neighbor (KNN) and meta-classifier combination) for Legal Documents Filtering The results show that all classifiers perform better with the information gain feature selection methods than their results with Chi-Square feature selection method. Results also show that Support Vector Machine (SVM) outperforms achieve the best results among all individual classifiers. However, the proposed meta-classifiers method achieves the best results among all classification approaches.
Rijndael is a specification for the encryption of electronic data that considered as a collection of ciphers with distinct block and key sizes. This study aims to develop the key of Rijndael cipher ...in order to enhance the level of confusion and diffusion. The tools of analysis, design, implementation, testing, and evaluation have been applied by using the model of software system development life cycle (SDLC). The results of the study show that adding keys to the Rijndael will increase its security level and promote widely use in the organizations.
Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network ...construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.
Information system security must battle regularly with new threats that jeopardize the protection of those systems. Security tests have to be run periodically not only to identify vulnerabilities but ...also to control information systems, network devices, services and communications. Vulnerability assessments gather large amounts of data to be further analyzed by security experts, who recently have started using data analysis techniques to extract useful knowledge from these data. With the aim of assisting this process, this work presents CAOS, an evolutionary multiobjective approach to be used to cluster information of security tests. The process enables the clustering of the tested devices with similar vulnerabilities to detect hidden patterns, rogue or risky devices. Two different types of metrics have been selected to guide the discovery process in order to get the best clustering solution: general-purpose and specific-domain objectives. The results of both approaches are compared with the state-of-the-art single-objective clustering techniques to corroborate the benefits of the clustering results to security analysts.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK
Within the security scope, Authentication is considered as a core model to control accessing any system. Password is one of the most significant mechanisms which diagnose the authorized user from ...others. However, it is facing many problems such as spoofing and man in the middle attack(MitMA). When unauthorized user has got the correct password. Then, this user would be able to access into the data and change previous password which causes significant loss in efforts and cost. Similarly, the hacker "who don't have a password" is also trying to penetrate the system through predicted a set of words. In fact, both of authorized and hacker users work to input a wrong password, but authorized user may have only one or two wrong characters while the hacker inputs a whole wrong password. The aim of this paper, established an algorithm under the name of " Confidence Range ". The main tasks of this algorithm are monitoring all the activities which associated with the password on time, error, and style to the authorized user to recognize any suspicious activity. For that reason, a unique EPSB," Electronic Personal Synthesis Behavior", has been generated to the authorized user by the application of confidence range algorithm.
For the last few years a considerable number of efforts have been devoted into integrating security issues into information systems development practices. This has led to a number of languages, ...methods, methodologies and techniques for considering security issues during the developmental stages of an information system. However, these approaches mainly focus on security requirements elicitation, analysis and design issues and neglect testing. This paper presents the Security Attack Testing (SAT) approach, a novel scenario-based approach that tests the security of an information system at the design time. The approach is illustrated with the aid of a real-life case study involving the development of a health and social care information system.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK