| 1. |
- Adee, Rose, et al.
(författare)
-
A Dynamic Four-Step Data Security Model for Data in Cloud Computing Based on Cryptography and Steganography
- 2022
-
Ingår i: Sensors. - : MDPI AG. - 1424-8220. ; 22:3
-
Tidskriftsartikel (refereegranskat)abstract
- Cloud computing is a rapidly expanding field. It allows users to access computer system resources as needed, particularly data storage and computational power, without managing them directly. This paper aims to create a data security model based on cryptography and steganography for data in cloud computing that seeks to reduce existing security and privacy concerns, such as data loss, data manipulation, and data theft. To identify the problem and determine its core cause, we studied various literature on existing cloud computing security models. This study utilizes design science research methodology. The design science research approach includes problem identification, requirements elicitation, artifact design and development, demonstration, and assessment. Design thinking and the Python programming language are used to build the artifact, and discussion about its working is represented using histograms, tables, and algorithms. This paper’s output is a four-step data security model based on Rivest–Shamir–Adleman, Advanced Encryption Standard, and identity-based encryption algorithms alongside Least Significant Bit steganography. The four steps are data protection and security through encryption algorithms, steganography, data backup and recovery, and data sharing. This proposed approach ensures more cloud data redundancy, flexibility, efficiency, and security by protecting data confidentiality, privacy, and integrity from attackers.
|
|
| 2. |
- Alam, Sana, et al.
(författare)
-
Trust Management in Social Internet of Things (SIoT) : A Survey
- 2022
-
Ingår i: IEEE Access. - 2169-3536. ; 10, s. 108924-108954
-
Tidskriftsartikel (refereegranskat)abstract
- A survey on trust management in the Social Internet of Things (SIoT) is provided, beginning with a discussion of SIoT architectures and relationships. Using a variety of publication databases, we describe efforts that focus on various trust management aspects of SIoT. Trust management models comprise three themes: trust computation, aggregation, and updates. Our study presents a detailed discussion of all three steps. Trust computation and trust aggregation depend upon Trust Attributes (TAs) for the calculation of local and global trust values. Our paper discusses many strategies for aggregating trust, but “Weighted Sum” is the most frequently used in the relevant studies. Our paper addresses trust computation and aggregation scenarios. Our work classifies research by TAs (Social Trust, Quality of Service). We’ve categorized the research (reputation-based, recommendation-based, knowledge-based) depending on the types of feedback/opinions used to calculate trust values (global feedback/opinion, feedback from a friend, trustor’s own opinion considering the trustee’s information). Our work classifies studies (policy-based, prediction-based, weighted sum-based/weighted linear combination-based) by trust computation/aggregation approach. Two trust-update schemes are discussed: time-driven and event-driven schemes, while most trust management models utilize an event-driven scheme. Both trust computation and aggregation need propagating trust values in a centralized, decentralized, or semi-centralized way. Our study covers classifying research by trust updates and propagation techniques. Trust models should provide resiliency to SIoT attacks. This analysis classifies SIoT attacks as collaborative or individual. We also discuss scenarios depicted in the relevant studies to incorporate resistance against trust-related attacks in SIoT. Studies suggest context-based or context-free trust management strategies. Our study categorizes studies based on context-based or context-free approaches. To gain the benefits of an immutable, privacy-preserving approach, a future trust management system should utilize Blockchain technology to support non-repudiation and tracking of trust relationships.
|
|
| 3. |
- Alkubaisy, Duaa, et al.
(författare)
-
A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design
- 2022
-
Ingår i: Evaluation of Novel Approaches to Software Engineering. - Cham : Springer. - 9783030966478 - 9783030966485 ; , s. 67-87
-
Bokkapitel (refereegranskat)abstract
- Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by Alkubaisy et al. [1] – which itself is a continuation of earlier studies [2, 3] and aims to aid the reader in comprehensively grasping the concepts laid out).
|
|
| 4. |
- Filipidis, Adam, et al.
(författare)
-
Enhancing information security awareness programs through collaborative learning
- 2022
-
Ingår i: Proceedings of the 16th European Conference on Games Based Learning. - : Springer. - 9781914587528
-
Konferensbidrag (refereegranskat)abstract
- Information security attacks targeting human nature, such as phishing, are rising rapidly. Information security Awareness (ISA) programs have been proven to be valuable proactive measures that increase Return On Investment (ROI) regarding information security enhancement. These programs tend to focus on concepts and technical aspects. Although these customary instruction methodologies have their preferences, trainees can additionally take advantage of educational techniques that are more intuitive and situation driven. This study aims to increase the efficiency of learning in such programmes by using design science to create an artefact for learning and then testing the acquired knowledge. Design science will be used as a research method. The creative method, a brainstorming technique, and five steps in design science are performed: explicate the problem, define requirements, design and develop artefact, demonstrate artefact, and evaluate artefact to develop a process framework to respond to this problem. The problem is explicated with a literature review and the requirements to be met by Game-Based Learning (GBL) are set. The first artefact, which is an interactive book support quizzes, crossword puzzles, multimedia such as video, and “complete the word” simple games that enhance the learning process. The second artefact is a printed board game with hackers and cards with the goal to support the learning process and assess the ability of the participants to respond and take actions based on this new knowledge. At last, limitations that exist in security education such as lack of user-centered modules and limited guidelines from learning theories are elaborated and future work is also presented.
|
|
| 5. |
- Islam, Shareeful, et al.
(författare)
-
An Automated Tool to Support an Intelligence Learner Management System Using Learning Analytics and Machine Learning
- 2021
-
Ingår i: Artificial Intelligence Applications and Innovations. - Cham : Springer Nature. - 9783030791490 - 9783030791520 - 9783030791506 ; , s. 494-504
-
Konferensbidrag (refereegranskat)abstract
- Learner Management Systems (LMSs) are widely deployed across the industry as they provide a cost-saving approach that can support flexible learning opportunities. Despite their benefits, LMSs fail to cater for individual learning behavior and needs and support individualised prediction and progression. Learning Analytics (LAs) support these gaps by correlating existing learner data to provide meaningful predictive and prescriptive analysis. The industry and research community have already recognised the necessity of LAs to support modern learning needs. But a little effort has been directed towards the integration of LA into LMSs. This paper presents a novel automated Intelligence Learner Management System (iLMS) that integrates learner management and learning analytics into a single platform. The presented iLMS considers Machine Learning techniques to support learning analytics including descriptive, predictive and perspective analytics.
|
|
| 6. |
- Mouratidis, Haralambos, et al.
(författare)
-
Cyber Security Resilience in Business Informatics : An Exploratory Paper
- 2020
-
Ingår i: Perspectives in Business Informatics Research. - Cham : Springer. - 9783030611408 - 9783030611392 ; , s. 53-66
-
Konferensbidrag (refereegranskat)abstract
- Although considerable effort is made to secure organisational infrastructures and to protect organizational assets, it is widely acknowledged that it is equally important to ensure that organisations need to define appropriate ways to harden their overall resilience including recovery from security incidents. In this exploratory paper we outline research challenges and we present the motivation and the foundations of a novel framework that is based on security resilience and capability modelling theory.
|
|
| 7. |
- Papastergiou, Spyridon, et al.
(författare)
-
Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures
- 2021
-
Ingår i: Evolving Systems. - : Springer Science and Business Media LLC. - 1868-6478 .- 1868-6486. ; 12, s. 91-108
-
Tidskriftsartikel (refereegranskat)abstract
- In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.
|
|
| 8. |
- Yeboah-Ofori, Abel, et al.
(författare)
-
Cyber Supply Chain Threat Analysis and Prediction Using Machine Learning and Ontology
- 2021
-
Ingår i: Artificial Intelligence Applications and Innovations. - Cham : Springer Nature. - 9783030791490 - 9783030791520 - 9783030791506 ; , s. 518-530
-
Konferensbidrag (refereegranskat)abstract
- Cyber Supply Chain (CSC) security requires a secure integrated network among the sub-systems of the inbound and outbound chains. Adversaries are deploying various penetration and manipulation attacks on an CSC integrated network’s node. The different levels of integrations and inherent system complexities pose potential vulnerabilities and attacks that may cascade to other parts of the supply chain system. Thus, it has become imperative to implement systematic threats analyses and predication within the CSC domain to improve the overall security posture. This paper presents a unique approach that advances the current state of the art on CSC threat analysis and prediction by combining work from three areas: Cyber Threat Intelligence (CTI), Ontologies, and Machine Learning (ML). The outcome of our work shows that the conceptualization of cybersecurity using ontological theory provides clear mechanisms for understanding the correlation between the CSC security domain and enables the mapping of the ML prediction with 80% accuracy of potential cyberattacks and possible countermeasures.
|
|
| 9. |
- Zardari, Shehnila, et al.
(författare)
-
A Comprehensive Bibliometric Assessment on Software Testing (2016-2021)
- 2022
-
Ingår i: Electronics. - : MDPI AG. - 2079-9292. ; 11:13
-
Forskningsöversikt (refereegranskat)abstract
- The research study provides a comprehensive bibliometric assessment in the field of Software Testing (ST). The dynamic evolution in the field of ST is evident from the publication rate over the last six years. The research study is carried out to provide insight into the field of ST from various research bibliometric aspects. Our methodological approach includes dividing the six-year time frame into the set of two symmetric but different periods (2016-2018) and (2019-2021) comprising a total of 75,098 records. VOSViewer is used to perform analysis with respect to collaboration network of countries and co-word assessment. Bibliometrix (Studio R) analysis tool is used to evaluate research themes/topics. The year 2019 leads the publication rate whereas a decrement in publication frequency is observed for the years 2020 and 2021. Our research study shows the influence of ST in other research domains as depicted in different research areas. Especially the impact of ST in the Electrical and Electronics Domain is quite notable. Most of the research publications are from the USA and China as they are among the most resourceful countries. On the whole, the majority of the publications are from Asian countries. Collaboration networks amongst countries demonstrate the fact that the higher the collaboration network, the greater would be the research output. Co-word analysis presents the relatedness of documents based on the keywords. The topic dendrogram is generated based on the identified research themes. Although English is the leading language, prominent studies are present in other languages also. This research study provides a comprehensive analysis based on 12 informative research questions.
|
|
