发布求助
文献互助 智能选刊 最新文献

Int. J. Syst. Softw. Secur. Prot.最新文献

筛选
英文 中文
A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance 面向目标的需求开发和定量安全保证方法
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2021-01-01 DOI: 10.4018/IJSSSP.2021010103
Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki
{"title":"A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance","authors":"Zhengshu Zhou, Qiang Zhi, Zilong Liang, Shuji Morisaki","doi":"10.4018/IJSSSP.2021010103","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021010103","url":null,"abstract":"When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122636055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Graph Classification Using Back Propagation Learning Algorithms 使用反向传播学习算法的图分类
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2020-07-01 DOI: 10.4018/ijsssp.2020070101
Abhijit Bera, M. Ghose, D. Pal
{"title":"Graph Classification Using Back Propagation Learning Algorithms","authors":"Abhijit Bera, M. Ghose, D. Pal","doi":"10.4018/ijsssp.2020070101","DOIUrl":"https://doi.org/10.4018/ijsssp.2020070101","url":null,"abstract":"Due to the propagation of graph data, there has been a sharp focus on developing effective methods for classifying the graph object. As most of the proposed graph classification techniques though effective are constrained by high computational overhead, there is a consistent effort to improve upon the existing classification algorithms in terms of higher accuracy and less computational time. In this paper, an attempt has been made to classify graphs by extracting various features and selecting the important features using feature selection algorithms. Since all the extracted graph-based features need not be equally important, only the most important features are selected by using back propagation learning algorithm. The results of the proposed study of feature-based approach using back propagation learning algorithm lead to higher classification accuracy with faster computational time in comparison to other graph kernels. It also appears to be more effective for large unlabeled graphs.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115481107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Security Review of Event-Based Application Function and Service Component Architecture 基于事件的应用程序功能和服务组件体系结构的安全性综述
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2020-07-01 DOI: 10.4018/ijsssp.2020070104
Faisal Nabi, J. Yong, Xiaohui Tao
{"title":"A Security Review of Event-Based Application Function and Service Component Architecture","authors":"Faisal Nabi, J. Yong, Xiaohui Tao","doi":"10.4018/ijsssp.2020070104","DOIUrl":"https://doi.org/10.4018/ijsssp.2020070104","url":null,"abstract":"The term service component is derived from SCA (service component architecture) for event based distributed system design. Although service component pattern offers composite application development and support application reusability functionality. However, security in event based communication in components interaction model mostly discussed on upper layer in SCA while developing service oriented component application logic. This layer is called application business process logic layer, which produces the application's rendering logic, having being authenticated from ACL.The need for such a comprehensive security review is required in this field that could possibly elaborate the issues in composite application and Event based attack in service component architecture model. The paper achieves this target by analysing, reviewing the security issues, modelling techniques in service component application functionality, while application components, that produces, consume, and processing events.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128775623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards a Secure DevOps Approach for Cyber-Physical Systems: An Industrial Perspective 面向网络物理系统的安全开发运维方法:工业视角
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2020-07-01 DOI: 10.4018/ijsssp.2020070103
P. Abrahamsson, Goetz Botterweck, Hadi Ghanbari, M. Jaatun, Petri Kettunen, T. Mikkonen, Anila Mjeda, Jürgen Münch, A. Duc, B. Russo, Xiaofeng Wang
{"title":"Towards a Secure DevOps Approach for Cyber-Physical Systems: An Industrial Perspective","authors":"P. Abrahamsson, Goetz Botterweck, Hadi Ghanbari, M. Jaatun, Petri Kettunen, T. Mikkonen, Anila Mjeda, Jürgen Münch, A. Duc, B. Russo, Xiaofeng Wang","doi":"10.4018/ijsssp.2020070103","DOIUrl":"https://doi.org/10.4018/ijsssp.2020070103","url":null,"abstract":"With the expansion of cyber-physical systems (CPSs) across critical and regulated industries, systems must be continuously updated to remain resilient. At the same time, they should be extremely secure and safe to operate and use. The DevOps approach caters to business demands of more speed and smartness in production, but it is extremely challenging to implement DevOps due to the complexity of critical CPSs and requirements from regulatory authorities. In this study, expert opinions from 33 European companies expose the gap in the current state of practice on DevOps-oriented continuous development and maintenance. The study contributes to research and practice by identifying a set of needs. Subsequently, the authors propose a novel approach called Secure DevOps and provide several avenues for further research and development in this area. The study shows that, because security is a cross-cutting property in complex CPSs, its proficient management requires system-wide competencies and capabilities across the CPSs development and operation.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115366814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Handling Minority Class Problem in Threats Detection Based on Heterogeneous Ensemble Learning Approach 基于异构集成学习方法处理威胁检测中的少数类问题
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2020-07-01 DOI: 10.4018/ijsssp.2020070102
H. Eke, Andrei V. Petrovski, Hatem Ahriz
{"title":"Handling Minority Class Problem in Threats Detection Based on Heterogeneous Ensemble Learning Approach","authors":"H. Eke, Andrei V. Petrovski, Hatem Ahriz","doi":"10.4018/ijsssp.2020070102","DOIUrl":"https://doi.org/10.4018/ijsssp.2020070102","url":null,"abstract":"Multiclass problems, such as detecting multi-steps behaviour of advanced persistent threats (APTs), have been a major global challenge due to their capability to navigates around defenses and to evade detection for a prolonged period. Targeted APT attacks present an increasing concern for both cyber security and business continuity. Detecting the rare attack is a classification problem with data imbalance. This paper explores the applications of data resampling techniques together with heterogeneous ensemble approach for dealing with data imbalance caused by unevenly distributed data elements among classes with the focus on capturing the rare attack. It has been shown that the suggested algorithms provide not only detection capability but can also classify malicious data traffic corresponding to rare APT attacks.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124657941","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Towards a Conceptual Framework for Security Requirements Work in Agile Software Development 面向敏捷软件开发中安全需求工作的概念框架
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2020-01-01 DOI: 10.4018/ijsssp.2020010103
Inger Anne Tøndel, M. Jaatun
{"title":"Towards a Conceptual Framework for Security Requirements Work in Agile Software Development","authors":"Inger Anne Tøndel, M. Jaatun","doi":"10.4018/ijsssp.2020010103","DOIUrl":"https://doi.org/10.4018/ijsssp.2020010103","url":null,"abstract":"Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in order to bridge the observed gap between software security practices and security risks in many projects today. Particularly, such knowledge can help researchers improve on available practices and recommendations. This article uses the results of published empirical studies on security requirement work to create a conceptual framework that shows key concepts related to work context, this work itself and the effects of this work. The resulting framework points to the following research challenges: 1) Identifying and understanding factors important for the effect of security requirements work; 2) Understanding what is the importance of the chosen requirements approach itself, and; 3) Properly taking into account contextual factors, especially factors related to individuals and interactions, in planning and analysis of empirical studies on security requirements work.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131379877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Factors in Information Assurance Professionals' Intentions to Adhere to Information Security Policies 信息保障专业人员坚持信息安全政策意图的因素
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2020-01-01 DOI: 10.4018/ijsssp.2020010102
S. Muller, Mary L. Lind
{"title":"Factors in Information Assurance Professionals' Intentions to Adhere to Information Security Policies","authors":"S. Muller, Mary L. Lind","doi":"10.4018/ijsssp.2020010102","DOIUrl":"https://doi.org/10.4018/ijsssp.2020010102","url":null,"abstract":"Information security policies (ISPs) serve to clarify and formalize organizational information security practices and reduce data risks, but research shows that ISP noncompliance remains a prominent concern for both scholars and practitioners. This study utilized the unified theory of acceptance and use of technology 2 (UTAUT2) to explore factors that predict information assurance professionals' behavioral intentions to comply with ISPs. The research question addressed: To what extent do performance expectancy, effort expectancy, social influence, facilitating conditions, hedonic motivation, price value, and habit predict information assurance professionals' behavioral intention to comply with information security policies in organizations? A nonexperimental, cross-sectional research design using structural equation modeling (PLS-SEM) addressed the research question with information assurance professionals in government agencies where habit emerged as the important component of ISP compliance with hedonic factors having a negative impact.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122498902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Analysing Information Security Risk Ontologies 分析信息安全风险本体
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2020-01-01 DOI: 10.4018/ijsssp.2020010101
Ines Meriah, Latifa Ben Arfa Rabai
{"title":"Analysing Information Security Risk Ontologies","authors":"Ines Meriah, Latifa Ben Arfa Rabai","doi":"10.4018/ijsssp.2020010101","DOIUrl":"https://doi.org/10.4018/ijsssp.2020010101","url":null,"abstract":"This research work presents existing security ontologies and identifies relevant security ontology requirements in information systems. Moreover, it proposes a new classification of security ontologies in which, two main families, namely ontologies-based security standards and ontologies-based security risk assessment, are defined. For each family, a set of related research works is selected and a thorough description of their security ontologies is presented. The purpose of this analysis is to identify security ontology requirements as well as ontological characteristics for each study in order to help a security decision maker to select an ontology based off of their security risks and requirements as well as their needed security models and standards. By selecting the appropriate ontology, security stakeholders support security compliance and risk assessment in an enterprise.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128425395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
TLS Certificates of the Tor Network and Their Distinctive Features Tor网络的TLS证书及其特点
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2019-07-01 DOI: 10.4018/ijsssp.2019070102
V. Lapshichyov
{"title":"TLS Certificates of the Tor Network and Their Distinctive Features","authors":"V. Lapshichyov","doi":"10.4018/ijsssp.2019070102","DOIUrl":"https://doi.org/10.4018/ijsssp.2019070102","url":null,"abstract":"This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115500429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards a UMLsec-Based Proctored Examination Model 基于umlsec的监考模型研究
Int. J. Syst. Softw. Secur. Prot. Pub Date : 2019-07-01 DOI: 10.4018/ijsssp.2019070103
I. Fadahunsi, O. Arogundade, A. Sodiya, B. Olajuwon
{"title":"Towards a UMLsec-Based Proctored Examination Model","authors":"I. Fadahunsi, O. Arogundade, A. Sodiya, B. Olajuwon","doi":"10.4018/ijsssp.2019070103","DOIUrl":"https://doi.org/10.4018/ijsssp.2019070103","url":null,"abstract":"Electronic examination systems are becoming increasingly complex and intensive to develop with the introduction of virtual invigilator in proctored examinations. In order to address this complexity issue, there is evident need to have a global model that is extensible. Modeling software systems enables developers to better understand the system they are building and offers opportunities for simplification and reuse. This article presents an extension to UMLsec, by introducing three (3) new stereotypes which were added to the UMLsec Profile for a Proctored e-Exam model. The model was validated and converted to a platform specific model using the Java stereotype available on Papyrus. This enabled the model generate Java classes which can be used for the implementation of a secure proctored e-exam system. The model allows developers with little or no knowledge in security to use the model to build proctored e-exam systems and to incorporate all known security requirements. The model can also be extended to accommodate new security solutions for e-exam systems as they are discovered.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123958669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信