Pub Date : 2022-10-17DOI: 10.1080/19393555.2022.2128942
Rajesh Bingu, S. Jothilakshmi, N. Srinivasu
ABSTRACT With the vast development in the cloud computing environment, many cloud users intend to outsource the data to a remote location and share the data with multiple users. The hierarchical model is an extensively used data organization process. It is highly complex to guarantee integrity, privacy, and confidentiality of the data and the structure of the model when the sensitive data is held in this manner. This research attempts to give a solution to hierarchically ensure the security and privacy of the information while data sharing occurs. A constructive hierarchical data sharing (CHDS) method is proposed to adopt symmetric encryption over the rooted hierarchical graph structure. The hierarchical graph model deals with incoming data features to establish the model’s privacy and authenticity. Based on this model, the proposed CHDS is known to be transparent, secure, and confident in the public environment. Here, performance metrics like computational complexity, key generation, prediction accuracy, and execution time are evaluated. The outcomes provide the security of the multi-party environment without forfeiting sensible resources when the hierarchical model grows to a more significant number of siblings, edges, and vertices. The proposed CHDS gives a better trade-off when compared with various existing approaches.
{"title":"Security and privacy preservation using constructive hierarchical data-sharing approach in cloud environment","authors":"Rajesh Bingu, S. Jothilakshmi, N. Srinivasu","doi":"10.1080/19393555.2022.2128942","DOIUrl":"https://doi.org/10.1080/19393555.2022.2128942","url":null,"abstract":"ABSTRACT With the vast development in the cloud computing environment, many cloud users intend to outsource the data to a remote location and share the data with multiple users. The hierarchical model is an extensively used data organization process. It is highly complex to guarantee integrity, privacy, and confidentiality of the data and the structure of the model when the sensitive data is held in this manner. This research attempts to give a solution to hierarchically ensure the security and privacy of the information while data sharing occurs. A constructive hierarchical data sharing (CHDS) method is proposed to adopt symmetric encryption over the rooted hierarchical graph structure. The hierarchical graph model deals with incoming data features to establish the model’s privacy and authenticity. Based on this model, the proposed CHDS is known to be transparent, secure, and confident in the public environment. Here, performance metrics like computational complexity, key generation, prediction accuracy, and execution time are evaluated. The outcomes provide the security of the multi-party environment without forfeiting sensible resources when the hierarchical model grows to a more significant number of siblings, edges, and vertices. The proposed CHDS gives a better trade-off when compared with various existing approaches.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"216 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122388810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-07DOI: 10.1080/19393555.2022.2111004
Suruchi Karnani, H. K. Shakya
ABSTRACT Software-defined network (SDN) plays a dominant role in meeting today’s business requirements with its ingrained features like programmability, agility, and central management. Although, distributed denial-of-service (DDoS) attacks can threaten the flexibility and availability of resources in SDN. In recent years, attackers participate actively to abuse the network elements with extensive efforts. With that, efforts have been put parallelly to defend against DDoS attacks by the researchers too. This survey performed on DDoS attack mitigation strategies in the SDN environment. As a result of this work, the mitigation taxonomy has evolved. The taxonomy of SDN DDoS mitigation strategies is categorized into four: Application plane, Control plane, Data plane, and Communication interfaces. An in-depth review of existing literature on mitigating DDoS in SDN encapsulated. This article sheds light on the nuts and bolts, strengths and limitations of mitigation strategies in SDN environment to support research and security domains.
{"title":"Mitigation strategies for distributed denial of service (DDoS) in SDN: A survey and taxonomy","authors":"Suruchi Karnani, H. K. Shakya","doi":"10.1080/19393555.2022.2111004","DOIUrl":"https://doi.org/10.1080/19393555.2022.2111004","url":null,"abstract":"ABSTRACT Software-defined network (SDN) plays a dominant role in meeting today’s business requirements with its ingrained features like programmability, agility, and central management. Although, distributed denial-of-service (DDoS) attacks can threaten the flexibility and availability of resources in SDN. In recent years, attackers participate actively to abuse the network elements with extensive efforts. With that, efforts have been put parallelly to defend against DDoS attacks by the researchers too. This survey performed on DDoS attack mitigation strategies in the SDN environment. As a result of this work, the mitigation taxonomy has evolved. The taxonomy of SDN DDoS mitigation strategies is categorized into four: Application plane, Control plane, Data plane, and Communication interfaces. An in-depth review of existing literature on mitigating DDoS in SDN encapsulated. This article sheds light on the nuts and bolts, strengths and limitations of mitigation strategies in SDN environment to support research and security domains.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"195 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122435681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-03DOI: 10.1080/19393555.2022.2128944
T. P. Fowdur, Shuaïb Hosenally
ABSTRACT One of the most common attacks in browser extensions is Cross-site scripting (XSS). To address these challenges, several browsers have proposed a new mechanism where legitimate browser extensions can only be installed from their respective Web Stores. Nonetheless, this mechanism is not flawless and multiple users still choose to install browser extensions from other sources, leaving them exposed to multiple types of attacks. This paper proposes a browser extension capable of detecting XSS attacks using Machine Learning (ML), as well as other irregularities that may occur in recently installed browser extensions. Regarding the detection of XSS attacks, the detection model is based on the Support Vector Machine (SVM) and it was able to detect malicious scripts with an accuracy of 99.5%, a precision of 99.4%, and a recall of 99.0%. Additionally, the detection of two other types of irregularities, namely the presence of blacklisted or irregular URLs located in the browser extension, and the presence of undesirable data in the manifest file of the browser extension, were considered. A Windows application was also designed in Java and deployed alongside the browser extension to monitor suspicious network requests from the newly installed browser extension.
{"title":"A real-time machine learning application for browser extension security monitoring","authors":"T. P. Fowdur, Shuaïb Hosenally","doi":"10.1080/19393555.2022.2128944","DOIUrl":"https://doi.org/10.1080/19393555.2022.2128944","url":null,"abstract":"ABSTRACT One of the most common attacks in browser extensions is Cross-site scripting (XSS). To address these challenges, several browsers have proposed a new mechanism where legitimate browser extensions can only be installed from their respective Web Stores. Nonetheless, this mechanism is not flawless and multiple users still choose to install browser extensions from other sources, leaving them exposed to multiple types of attacks. This paper proposes a browser extension capable of detecting XSS attacks using Machine Learning (ML), as well as other irregularities that may occur in recently installed browser extensions. Regarding the detection of XSS attacks, the detection model is based on the Support Vector Machine (SVM) and it was able to detect malicious scripts with an accuracy of 99.5%, a precision of 99.4%, and a recall of 99.0%. Additionally, the detection of two other types of irregularities, namely the presence of blacklisted or irregular URLs located in the browser extension, and the presence of undesirable data in the manifest file of the browser extension, were considered. A Windows application was also designed in Java and deployed alongside the browser extension to monitor suspicious network requests from the newly installed browser extension.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122684146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-08DOI: 10.1080/19393555.2022.2118089
Mohammed Elwan, Amira Salem, Hossam Fawky, Ahmed Mahmoud ramadan
ABSTRACT It is very difficult to keep track of employee attendance manually. In addition to the length of time that the registration process takes, there are still chances that some errors may occur. It’s easy to put an end to errors, save time and eliminate hassles with a dedicated attendance recording app that automates the process. With these tools, you can track employee entry and exit processes, keep a record of hours worked, manage employee overtime, half-offs, days off, and much more. In this research paper, a gate has been proposed through which employees’ departure and attendance are calculated. Prevent any unwanted person from entering at the same time, a unit can be added through which individuals are sterilized for the Prevention of viruses. The proposed system showed high efficiency in recording the attendance and departure of employees and preventing any unwanted person from entering. The raspberry pi 4 model/ 8GB is used and Practical tests were conducted and applied to the system of employees in one of the educational institutions and proved highly efficient.
手工记录员工考勤是非常困难的。除了注册过程需要的时间长度之外,仍然有可能发生一些错误。通过一个专门的考勤记录应用程序,可以很容易地结束错误,节省时间,消除麻烦。有了这些工具,您可以跟踪员工的入职和离职流程,记录工作时间,管理员工加班、半工半休、休假等等。在本研究中,我们提出了一个闸门,通过它来计算员工的离职和出勤。防止任何不需要的人进入,同时,可以增加一个单位,通过个人消毒,以防止病毒。该系统在记录员工的出勤和离开以及防止任何不需要的人进入方面显示出高效率。使用raspberry pi 4型号/ 8GB,并在某教育机构的员工系统中进行了实际测试和应用,证明了其高效。
{"title":"Intelligent security sanitizing gate","authors":"Mohammed Elwan, Amira Salem, Hossam Fawky, Ahmed Mahmoud ramadan","doi":"10.1080/19393555.2022.2118089","DOIUrl":"https://doi.org/10.1080/19393555.2022.2118089","url":null,"abstract":"ABSTRACT It is very difficult to keep track of employee attendance manually. In addition to the length of time that the registration process takes, there are still chances that some errors may occur. It’s easy to put an end to errors, save time and eliminate hassles with a dedicated attendance recording app that automates the process. With these tools, you can track employee entry and exit processes, keep a record of hours worked, manage employee overtime, half-offs, days off, and much more. In this research paper, a gate has been proposed through which employees’ departure and attendance are calculated. Prevent any unwanted person from entering at the same time, a unit can be added through which individuals are sterilized for the Prevention of viruses. The proposed system showed high efficiency in recording the attendance and departure of employees and preventing any unwanted person from entering. The raspberry pi 4 model/ 8GB is used and Practical tests were conducted and applied to the system of employees in one of the educational institutions and proved highly efficient.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132874951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-03DOI: 10.1080/19393555.2021.1956024
V. B, V. V.
ABSTRACT The social networks continue to augment their popularity due to the increased usage of the Internet. The people become connected using social media like Facebook and Twitter. This has increased impulsive communication, namely, spam and is utilized in accumulating information of an individual or marketing to cause offense against people. Spam detection in Twitter is a major issue because of small text and elevated language inconsistency in social media. Thus, it is imperative to devise a spam detection model that poses the ability to detect spam messages using Twitter data. This paper devises a novel spam detection model using a stream of Twitter data. Here, the data transformation is done on the input data using Yeo-Jhonson (YJ) transformation for making the data suitable for processing. The feature fusion is performed using Renyi entropy and Deep Belief Network (DBN). Moreover, the spam detection is performed using the Generative Adversial Network (GAN), which is trained by the proposed Conditional Autoregressive Value at Risk-Sail Fish (CAViaR-SF) algorithm. The proposed CAViaR-SF algorithm is devised by integrating Sail Fish optimizer (SFO) and Conditional Autoregressive Value at Risk (CAViaR) algorithm. The proposed CAViaR-SF offered maximal precision of 97.3%, recall of 99.2%, and F-measure of 98.2%.
随着互联网使用的不断增加,社交网络的受欢迎程度也在不断提高。人们通过Facebook和Twitter等社交媒体联系在一起。这增加了冲动通信,即垃圾邮件,并被用于积累个人信息或营销,以引起对人们的冒犯。Twitter中的垃圾邮件检测是一个主要问题,因为社交媒体中的文本较小,语言不一致程度较高。因此,必须设计一个垃圾邮件检测模型,使其能够使用Twitter数据检测垃圾邮件。本文利用Twitter数据流设计了一种新的垃圾邮件检测模型。在这里,使用yeo - johnson (YJ)转换对输入数据进行数据转换,以使数据适合于处理。利用Renyi熵和深度信念网络(Deep Belief Network, DBN)进行特征融合。此外,垃圾邮件检测使用生成式对抗网络(GAN)进行,GAN由提出的条件自回归值风险帆鱼(CAViaR-SF)算法训练。将帆鱼优化器(SFO)和条件自回归风险值(CAViaR)算法相结合,设计了CAViaR- sf算法。CAViaR-SF的最大精密度为97.3%,召回率为99.2%,F-measure为98.2%。
{"title":"Optimized generative adversarial network with fractional calculus based feature fusion using Twitter stream for spam detection","authors":"V. B, V. V.","doi":"10.1080/19393555.2021.1956024","DOIUrl":"https://doi.org/10.1080/19393555.2021.1956024","url":null,"abstract":"ABSTRACT The social networks continue to augment their popularity due to the increased usage of the Internet. The people become connected using social media like Facebook and Twitter. This has increased impulsive communication, namely, spam and is utilized in accumulating information of an individual or marketing to cause offense against people. Spam detection in Twitter is a major issue because of small text and elevated language inconsistency in social media. Thus, it is imperative to devise a spam detection model that poses the ability to detect spam messages using Twitter data. This paper devises a novel spam detection model using a stream of Twitter data. Here, the data transformation is done on the input data using Yeo-Jhonson (YJ) transformation for making the data suitable for processing. The feature fusion is performed using Renyi entropy and Deep Belief Network (DBN). Moreover, the spam detection is performed using the Generative Adversial Network (GAN), which is trained by the proposed Conditional Autoregressive Value at Risk-Sail Fish (CAViaR-SF) algorithm. The proposed CAViaR-SF algorithm is devised by integrating Sail Fish optimizer (SFO) and Conditional Autoregressive Value at Risk (CAViaR) algorithm. The proposed CAViaR-SF offered maximal precision of 97.3%, recall of 99.2%, and F-measure of 98.2%.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114609661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-10DOI: 10.1080/19393555.2022.2111005
D. Bouhnik, Achia Admoni
ABSTRACT According to popular opinion, evidence of international or military information warfare can be found only toward the end of the 20th century, in the late 1980ʹs or early 1990ʹs. The purpose of this study is to examine the truth of this claim and to ascertain if any earlier evidence of this type of warfare exists. The study focused on two main sources: past research of technological developments during the 1960–1980 period and interviews with past prominent figures in the technological field. We revealed evidence of hostility between the U.S. and the Soviet Union and an awareness of defense and warfare tools. Further investigation revealed hypothetical evidence as to the existence of offensive operations. This study uncovers the beginnings of modern information warfare, which were rooted in technological developments and social changes of the time.
{"title":"“We had no homefront”: another piece of the U.S part in the information warfare story","authors":"D. Bouhnik, Achia Admoni","doi":"10.1080/19393555.2022.2111005","DOIUrl":"https://doi.org/10.1080/19393555.2022.2111005","url":null,"abstract":"ABSTRACT According to popular opinion, evidence of international or military information warfare can be found only toward the end of the 20th century, in the late 1980ʹs or early 1990ʹs. The purpose of this study is to examine the truth of this claim and to ascertain if any earlier evidence of this type of warfare exists. The study focused on two main sources: past research of technological developments during the 1960–1980 period and interviews with past prominent figures in the technological field. We revealed evidence of hostility between the U.S. and the Soviet Union and an awareness of defense and warfare tools. Further investigation revealed hypothetical evidence as to the existence of offensive operations. This study uncovers the beginnings of modern information warfare, which were rooted in technological developments and social changes of the time.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132750534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-09DOI: 10.1080/19393555.2022.2107584
P. Nagesh, N. Srinivasu
ABSTRACT Internet of Things (IoT) is extensively adopted to manage everyday life. Data is gathered from IoT devices cloud computing is inevitable to store and analyze the data. The storage over the cloud is also not owned by the end-user. Thus, it is not so feasible. Therefore, two diverse issues are directly connected with the verification of data integrity, i.e. the incoming data should be verified and the verification process is performed. Various prevailing approaches are used for performing data integrity verification over the trusted party and nodes with proper resources. Moreover, it is highly complex to apply different prevalent research methods to IoT devices with constrained resources. This work concentrates on performing secure cloud-based storage over an IoT environment using authentic provable data possession (APDP) using the Legacy filtering model (APDP-LFM). The major contribution is the data possession and filter process to reduce the computational complexity. The experimentation is performed using a MATLAB environment, and the outcomes demonstrate that the proposed model preserves computational time and no complexity over the verification process. This model helps avoid False Positives and efficiently works for the enormous amount of incoming data over the IoT environment.
{"title":"Modeling an efficient authentic provable data possession model using legacy filter model for IOT and cloud environment","authors":"P. Nagesh, N. Srinivasu","doi":"10.1080/19393555.2022.2107584","DOIUrl":"https://doi.org/10.1080/19393555.2022.2107584","url":null,"abstract":"ABSTRACT Internet of Things (IoT) is extensively adopted to manage everyday life. Data is gathered from IoT devices cloud computing is inevitable to store and analyze the data. The storage over the cloud is also not owned by the end-user. Thus, it is not so feasible. Therefore, two diverse issues are directly connected with the verification of data integrity, i.e. the incoming data should be verified and the verification process is performed. Various prevailing approaches are used for performing data integrity verification over the trusted party and nodes with proper resources. Moreover, it is highly complex to apply different prevalent research methods to IoT devices with constrained resources. This work concentrates on performing secure cloud-based storage over an IoT environment using authentic provable data possession (APDP) using the Legacy filtering model (APDP-LFM). The major contribution is the data possession and filter process to reduce the computational complexity. The experimentation is performed using a MATLAB environment, and the outcomes demonstrate that the proposed model preserves computational time and no complexity over the verification process. This model helps avoid False Positives and efficiently works for the enormous amount of incoming data over the IoT environment.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126382957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-08-04DOI: 10.1080/19393555.2022.2106909
Paul A. Wortman, J. Chandy
ABSTRACT Designing secure architectures for IT infrastructure is a difficult process that needs mechanisms to provide security risk metrics that can help guide the system design process. It is through this evaluation process that a designer can ensure that implementations of a model meet the necessary security-based requirements. This work presents a scheme called TAMSAT for translating early-stage system architecture design models into security-based attack trees, which are evaluated for security risk. These attack trees can be evaluated around a set of assets of importance, whose security risk is classified by a monetary value. This security risk value can inform the system designer and provide input into an iterative design process, as well as illuminate unexpected sources of potential future security issues.
{"title":"Translation of AADL model to security attack tree (TAMSAT) to SMART evaluation of monetary security risk","authors":"Paul A. Wortman, J. Chandy","doi":"10.1080/19393555.2022.2106909","DOIUrl":"https://doi.org/10.1080/19393555.2022.2106909","url":null,"abstract":"ABSTRACT Designing secure architectures for IT infrastructure is a difficult process that needs mechanisms to provide security risk metrics that can help guide the system design process. It is through this evaluation process that a designer can ensure that implementations of a model meet the necessary security-based requirements. This work presents a scheme called TAMSAT for translating early-stage system architecture design models into security-based attack trees, which are evaluated for security risk. These attack trees can be evaluated around a set of assets of importance, whose security risk is classified by a monetary value. This security risk value can inform the system designer and provide input into an iterative design process, as well as illuminate unexpected sources of potential future security issues.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"147 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124608432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-07-29DOI: 10.1080/19393555.2022.2104766
Lampis Alevizos, Eliana Stavrou
ABSTRACT Financial institutions are undergoing the so-called “de-perimeterization.” The security model up to today is heavily dependent on ”border patrols” focusing mostly on providing a secure perimeter while the internal network is inherently trusted. In the upcoming borderless networks, the focus is shifting to protection of the data itself, considering the full lifecycle or switching toward context-aware defensive strategies also known as zero trust networks. The focus of this work is to critically discuss existing threat modeling methodologies, available and used in the financial services sector (FSS). The objective is to investigate the extent at which existing methodologies cover the different threat actors & events and if they reflect the current threat landscape in the FSS. The investigations are supported by a real-world case study to uncover if any process can reflect the current threat landscape without any customizations or special know-how, and whether the final outcome helps in reaching a secure or compliance state. Through the case study, it is evidenced that by utilizing the IRAM2 methodology resulted in a high ratio of compliance, however, considering the Crown Jewels of a Financial Institution (FI), a secure, as much as possible, state should be the desired outcome.
{"title":"Cyber threat modeling for protecting the crown jewels in the Financial Services Sector (FSS)","authors":"Lampis Alevizos, Eliana Stavrou","doi":"10.1080/19393555.2022.2104766","DOIUrl":"https://doi.org/10.1080/19393555.2022.2104766","url":null,"abstract":"ABSTRACT Financial institutions are undergoing the so-called “de-perimeterization.” The security model up to today is heavily dependent on ”border patrols” focusing mostly on providing a secure perimeter while the internal network is inherently trusted. In the upcoming borderless networks, the focus is shifting to protection of the data itself, considering the full lifecycle or switching toward context-aware defensive strategies also known as zero trust networks. The focus of this work is to critically discuss existing threat modeling methodologies, available and used in the financial services sector (FSS). The objective is to investigate the extent at which existing methodologies cover the different threat actors & events and if they reflect the current threat landscape in the FSS. The investigations are supported by a real-world case study to uncover if any process can reflect the current threat landscape without any customizations or special know-how, and whether the final outcome helps in reaching a secure or compliance state. Through the case study, it is evidenced that by utilizing the IRAM2 methodology resulted in a high ratio of compliance, however, considering the Crown Jewels of a Financial Institution (FI), a secure, as much as possible, state should be the desired outcome.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123794463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-07-18DOI: 10.1080/19393555.2022.2100844
R. Dervishi, Vehbi Neziri, Blerim Rexha
ABSTRACT Exchange of information through the web took place inside a trusted environment and thus user privacy was assured by default. Nowadays, ensuring user privacy is becoming one of the most desirable features of new technology, and Blockchain is not an exception. The Blockchain is a decentralized technology, open, and public platform where all transactions are stored and viewed from nodes, an approach known as “Web of Trust.” Although these transactions tend to be anonymous but in the case of the banking sector, user privacy requires special attention. In centralized systems, the implementation of privacy is no longer a challenge, using a hierarchical approach such as Public Key Infrastructure. This paper presents a broad landscape and state of art of user transaction privacy in Blockchain technology using the Web of Trust approach. Furthermore, we present a novel approach using the Public Key Infrastructure for assuring user privacy adding an optionally encrypted field in blocks in transactions. We have used Bithomp, as a free and open-source tool with the Testnet platform, and Ripple as the best known in the implementation of the payment system to implement the proposed approach. The paper concludes with the strengths and limitations of the proposed approach.
通过网络进行的信息交换发生在一个可信的环境中,因此默认情况下用户的隐私得到了保证。如今,确保用户隐私正成为新技术最理想的特征之一,区块链也不例外。区块链是一种分散的技术,开放的公共平台,所有交易都存储在节点上并从节点查看,这种方法被称为“信任网络”。虽然这些交易往往是匿名的,但在银行部门的情况下,用户隐私需要特别注意。在集中式系统中,使用诸如公钥基础设施之类的分层方法,隐私的实现不再是一个挑战。本文介绍了使用Web of Trust方法的区块链技术中用户交易隐私的广泛前景和现状。此外,我们提出了一种使用公钥基础设施来确保用户隐私的新方法,在交易块中添加可选的加密字段。我们使用Bithomp作为一个免费和开源的测试网平台工具,Ripple作为支付系统实施中最知名的工具来实施所提出的方法。最后,本文总结了该方法的优点和局限性。
{"title":"Transactions privacy on blockchain using web of trust concept","authors":"R. Dervishi, Vehbi Neziri, Blerim Rexha","doi":"10.1080/19393555.2022.2100844","DOIUrl":"https://doi.org/10.1080/19393555.2022.2100844","url":null,"abstract":"ABSTRACT Exchange of information through the web took place inside a trusted environment and thus user privacy was assured by default. Nowadays, ensuring user privacy is becoming one of the most desirable features of new technology, and Blockchain is not an exception. The Blockchain is a decentralized technology, open, and public platform where all transactions are stored and viewed from nodes, an approach known as “Web of Trust.” Although these transactions tend to be anonymous but in the case of the banking sector, user privacy requires special attention. In centralized systems, the implementation of privacy is no longer a challenge, using a hierarchical approach such as Public Key Infrastructure. This paper presents a broad landscape and state of art of user transaction privacy in Blockchain technology using the Web of Trust approach. Furthermore, we present a novel approach using the Public Key Infrastructure for assuring user privacy adding an optionally encrypted field in blocks in transactions. We have used Bithomp, as a free and open-source tool with the Testnet platform, and Ripple as the best known in the implementation of the payment system to implement the proposed approach. The paper concludes with the strengths and limitations of the proposed approach.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130551137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: