发布求助
文献互助 智能选刊 最新文献

International Journal of Systems and Software Security and Protection最新文献

筛选
英文 中文
Using ECG Authentication for Biometrics in Smart Cities 在智慧城市中使用心电认证进行生物识别
International Journal of Systems and Software Security and Protection Pub Date : 2023-06-01 DOI: 10.4018/ijsssp.324078
Rohit Rastogi, Aditi Mittal, Ishanki Verma, Pallavit Saxena
{"title":"Using ECG Authentication for Biometrics in Smart Cities","authors":"Rohit Rastogi, Aditi Mittal, Ishanki Verma, Pallavit Saxena","doi":"10.4018/ijsssp.324078","DOIUrl":"https://doi.org/10.4018/ijsssp.324078","url":null,"abstract":"All the biometric systems are based on some important features of these modalities which are mainly known for their uniqueness in one way or the other. However, the automatic attendance system using heart biometrics is focused as it is internally unique and focused on internal flexibility of the heart. Heart biometrics include different authentication modalities such as ECG, SCG, PCG and so on. It is primarily focused on authentication using ECG signals which uses algorithms or techniques such as SVM (support vector machine) for authentication purposes and dynamic time warping for signal matching. Algorithms used have shown high accuracy results and the challenges faced were considerable and effectively managed to improve for further advancements.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115582997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Empirical Investigation on Vulnerability for Software Companies 软件企业脆弱性实证研究
International Journal of Systems and Software Security and Protection Pub Date : 2022-01-01 DOI: 10.4018/ijsssp.304894
Jianping Peng, Guoying Zhang, C. Chiu
{"title":"An Empirical Investigation on Vulnerability for Software Companies","authors":"Jianping Peng, Guoying Zhang, C. Chiu","doi":"10.4018/ijsssp.304894","DOIUrl":"https://doi.org/10.4018/ijsssp.304894","url":null,"abstract":"This research analyzes software vulnerability information from the perspective of software companies. A total of 13019 vulnerabilities from 136 software companies were collected from a public vulnerability database. A latent class model classifies the companies into three classes based on vulnerability information during a five-year period, and then three class-specific models pinpoint the most significant key features of vulnerabilities for each class. A class I company can reduce vulnerability level if it puts focus on \"boundary condition errors,\" \"input validation errors,\" and \"exception handling errors.\" A class II company needs to emphasize \"access validation errors\" and \"race condition errors.\" Interestingly, a class III company needs to avoid any potential \"origin validation errors,\" \"boundary condition errors,\" \"design errors,\" and \"access validation errors.\" With these significant key features information, software companies can effectively reduce vulnerability by managing related errors throughout the development and testing process.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131639148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards a New Quantitative Availability Model for Computer Systems Based on Classifications of Security Requirements 基于安全需求分类的计算机系统可用性定量模型研究
International Journal of Systems and Software Security and Protection Pub Date : 2022-01-01 DOI: 10.4018/ijsssp.314626
Chaima Boulifi, M. Jouini
{"title":"Towards a New Quantitative Availability Model for Computer Systems Based on Classifications of Security Requirements","authors":"Chaima Boulifi, M. Jouini","doi":"10.4018/ijsssp.314626","DOIUrl":"https://doi.org/10.4018/ijsssp.314626","url":null,"abstract":"Cloud computing is an emerging computing paradigm that replaces computing as a personal asset with computing as a public service. As such, it offers all the advantages of a public utility system, in terms of economy of scale, flexibility, and convenience, but it poses major problems including the loss of availability. In this article, the authors define and refine a taxonomy of basic security requirements suitable for all contexts and systems; then the resulted hierarchical model is used to create a new approach to quantifying the availability of it systems. This new measure is inspired from the mean failure cost (MFC). Measure and called availability mean failure cost (MFCa) is the average monetary value of loss per unit of time of use of each participant. This metric gives us a more accurate estimate, clear refinement, and useful interpretation for availability-related decision making using MFCa. How this metric can be used to analyze cloud computing as a business model is something to be explored.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116789573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Learning Algorithm Recommendation Framework for IS and CPS Security IS和CPS安全学习算法推荐框架
International Journal of Systems and Software Security and Protection Pub Date : 2022-01-01 DOI: 10.4018/ijsssp.293236
{"title":"Learning Algorithm Recommendation Framework for IS and CPS Security","authors":"","doi":"10.4018/ijsssp.293236","DOIUrl":"https://doi.org/10.4018/ijsssp.293236","url":null,"abstract":"Artificial intelligence and machine learning have recently made outstanding contributions to the performance of information system and cyber--physical system security. There has been a plethora of research in this area, resulting in an outburst of publications over the past two years. Choosing the right algorithm to solve a complex security problem in a very precise industrial context is a challenging task. Therefore, in this paper, we propose a Learning Algorithm Recommendation Framework that, for a clearly defined situation, guides the selection of learning algorithm and scientific discipline (e.g. RNN, GAN, RL, CNN,...) which have sparked great interest to the scientific community and which therefore offers preponderant elements and benefits for further deployments. This framework has the advantage of having been generated from an extensive analysis of the literature, as illustrated by this paper for the recurrent neural networks and their variations.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116180531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Cyber Security and COVID-19 Understanding cyber predators and vulnerabilities for teenagers 网络安全和COVID-19了解青少年的网络掠夺者和漏洞
International Journal of Systems and Software Security and Protection Pub Date : 2022-01-01 DOI: 10.4018/ijsssp.302623
{"title":"Cyber Security and COVID-19 Understanding cyber predators and vulnerabilities for teenagers","authors":"","doi":"10.4018/ijsssp.302623","DOIUrl":"https://doi.org/10.4018/ijsssp.302623","url":null,"abstract":"An increasing number of teenagers are now using the internet through their computers, phones, ipads, ipods, laptops, tablets, etc. In the era of COVID-19, where School kids do home schooling using the internet, the number of teenagers using the web will be higher and their presence online will increase. The internet can be a major channel for their education, creativity, and self-expression. However, it also carries a spectrum of cyber risks to which teenagers are more vulnerable than adults. This paper focuses on online risks for teenagers under COVID-19 era and how to protect them from cyber predators. It examines direct and indirect precautionary measures available to these innocent teenagers and their parents to help mitigate online vulnerabilities. The paper believes that, to enhance the policy to protect teenagers online, governments and School Districts should enhance the coherence of their policy measures and tools in collaboration with parents, caregivers, educators, businesses, and civil societies.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125181567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Survey On IoT Authentication Security Service 物联网认证安全服务现状调查
International Journal of Systems and Software Security and Protection Pub Date : 2022-01-01 DOI: 10.4018/ijsssp.295101
{"title":"A Survey On IoT Authentication Security Service","authors":"","doi":"10.4018/ijsssp.295101","DOIUrl":"https://doi.org/10.4018/ijsssp.295101","url":null,"abstract":"Internet of things is becoming the most important technology now a days and it is next era of communication. By the use of IOT, various physical things can create, send and receive the data seamlessly. Different IoT applications' main focus is to automate the maximum tasks so with minimum human intervention efficiency and productivity can be increased. \"Things\" are directly connected with the Open Web, so any intruder can easily become the part of the network and can launch different attacks. So, to increase the level of comfort and efficiency, high security policy in terms of the authentication is required. Existing authentication methods can not be deployed on \"Things\" as they require high amount of resources and because of that life span of the network will be decreased. In this paper, we have discussed different security threats present at each IoT layer, existing research done in this domain, research gap in existing identity validation methods and also we have find out the future work directions to enhance IoT Security in terms of accurate validation of device identity.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"1996 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128201235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Detecting and Rectifying the Non-Malicious Insider Threat in a Healthcare Setting 检测和纠正医疗保健设置中的非恶意内部威胁
International Journal of Systems and Software Security and Protection Pub Date : 2022-01-01 DOI: 10.4018/ijsssp.315766
Humayun Zafar
{"title":"Detecting and Rectifying the Non-Malicious Insider Threat in a Healthcare Setting","authors":"Humayun Zafar","doi":"10.4018/ijsssp.315766","DOIUrl":"https://doi.org/10.4018/ijsssp.315766","url":null,"abstract":"This paper aims to apply habit-based research to the domain of information security. It proposes a new training paradigm in which a user “automatically” does the right thing without being an expert in the area of information security. The authors used a multiphased approach in which a new security training program was created and assessed for three groups: administrators (mostly managers), medical professionals (included physicians, physician assistants etc.) and staff (appointment coordinators, billing specialists etc.). The authors were able to find strong correlations between habit creation and security threats such as phishing, unauthorized cloud computing use, and password sharing. The authors were also able to ascertain that traditional security training and awareness programs need to move away from the “one-size” fits all technique to custom models that need to look at employee groups. This study supports the idea of training programs that are focused on changing habits, which is an area that has not yet been extensively researched in this context.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116807611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Client-side hashing for efficient typo-tolerant password checkers 客户端散列用于高效的容错密码检查器
International Journal of Systems and Software Security and Protection Pub Date : 2022-01-01 DOI: 10.4018/ijsssp.302622
Enka Blanchard
{"title":"Client-side hashing for efficient typo-tolerant password checkers","authors":"Enka Blanchard","doi":"10.4018/ijsssp.302622","DOIUrl":"https://doi.org/10.4018/ijsssp.302622","url":null,"abstract":"Credential leaks still happen with regular frequency, and show evidence that, despite decades of warnings, password hashing is still not correctly implemented in practice. The common practice today, inherited from previous but obsolete constraints, is to transmit the password in cleartext to the server, where it is hashed and stored. This allows some usability improvements, such as typo-tolerant password checkers — which can correct up to 32% of typos, with no negative impact on security — formally introduced by Chatterjee et al. in 2016, but used in some preliminary forms since 2012. This article investigates the advantages and drawbacks of the alternative of hashing client-side, and shows that it is present today exclusively on Chinese websites. It introduces an alternative typo-correction framework based on client-side hashing, which corrects up to 57% of typos without affecting user experience, at no computational cost to the server. Finally, it proposes some potential ways to improve the industry standards by enforcing accountability on password security.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127049967","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
CSPM
International Journal of Systems and Software Security and Protection Pub Date : 2021-07-01 DOI: 10.4018/ijsssp.20210101.oa1
Tian Xia, H. Washizaki, Y. Fukazawa, H. Kaiya, Shinpei Ogata, E. Fernández, Takehisa Kato, Hideyuki Kanuka, T. Okubo, Nobukazu Yoshioka, A. Hazeyama
{"title":"CSPM","authors":"Tian Xia, H. Washizaki, Y. Fukazawa, H. Kaiya, Shinpei Ogata, E. Fernández, Takehisa Kato, Hideyuki Kanuka, T. Okubo, Nobukazu Yoshioka, A. Hazeyama","doi":"10.4018/ijsssp.20210101.oa1","DOIUrl":"https://doi.org/10.4018/ijsssp.20210101.oa1","url":null,"abstract":"Security and privacy in cloud systems are critical. To address security and privacy concerns, many security patterns, privacy patterns, and non-pattern-based knowledge have been reported. However, knowing which pattern or combination of patterns to use in a specific scenario is challenging due to the sheer volume of options and the layered cloud stack. To deal with security and privacy in cloud services, this study proposes the cloud security and privacy metamodel (CSPM). CSPM uses a consistent approach to classify and handle existing security and privacy patterns. In addition, CSPM is used to develop a security and privacy awareness process to develop cloud systems. The effectiveness and practicality of CSPM is demonstrated via several case studies.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114379830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
What Do We Know About Buffer Overflow Detection? 关于缓冲区溢出检测我们知道些什么?
International Journal of Systems and Software Security and Protection Pub Date : 2018-07-01 DOI: 10.4018/IJSSSP.2018070101
M. Chaim, D. S. D. Santos, D. Cruzes
{"title":"What Do We Know About Buffer Overflow Detection?","authors":"M. Chaim, D. S. D. Santos, D. Cruzes","doi":"10.4018/IJSSSP.2018070101","DOIUrl":"https://doi.org/10.4018/IJSSSP.2018070101","url":null,"abstract":"Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before releasing a software to production. They found that most of the studies addresses several vulnerabilities or memory errors, being not specific to BO detection. The authors organized them in seven categories: program analysis, testing, computational intelligence, symbolic execution, models, and code inspection. Program analysis, testing and code inspection techniques are available for use by the practitioner. However, program analysis adoption is hindered by the high number of false alarms; testing is broadly used but in ad hoc manner; and code inspection can be used in practice provided it is added as a task of the software development process. New techniques combining object code analysis with techniques from different categories seem a promising research avenue towards practical BO detection.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127936530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信