Bello Alhaji Buhari, A. Obiniyi, S. Junaidu, A. F. Donfack Kana
This research proposes a lightweight tamper resistant client file in an external memory as an alternative to smart card for remote user authentication and access control. The benefit of using this special client file is portability and ease of acquirement, especially in school online portals, online resources portals, and e-commerce portals. The characteristics and design considerations that make smart card tamper resistant are reviewed. Techniques and characteristics to make a client file in an external memory to exhibit a lightweight tamper resistant property has been formulated. The Kumari et al.'s scheme, which is the latest research that uses external memory for remote user authentication, has been reviewed. The basic system design and software design of the proposed client file is presented and modeled. This will enable implementation of the proposed system using any prepared programming or scripting language of one's choice. The proposed scheme and reviewed scheme are also evaluated for efficiency, tamper resistance, and impersonation attack.
{"title":"A Light Weight Temper Resistance Client File in an External Memory for Remote User Authentication and Access Control","authors":"Bello Alhaji Buhari, A. Obiniyi, S. Junaidu, A. F. Donfack Kana","doi":"10.4018/ijsssp.318342","DOIUrl":"https://doi.org/10.4018/ijsssp.318342","url":null,"abstract":"This research proposes a lightweight tamper resistant client file in an external memory as an alternative to smart card for remote user authentication and access control. The benefit of using this special client file is portability and ease of acquirement, especially in school online portals, online resources portals, and e-commerce portals. The characteristics and design considerations that make smart card tamper resistant are reviewed. Techniques and characteristics to make a client file in an external memory to exhibit a lightweight tamper resistant property has been formulated. The Kumari et al.'s scheme, which is the latest research that uses external memory for remote user authentication, has been reviewed. The basic system design and software design of the proposed client file is presented and modeled. This will enable implementation of the proposed system using any prepared programming or scripting language of one's choice. The proposed scheme and reviewed scheme are also evaluated for efficiency, tamper resistance, and impersonation attack.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117309098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The global use of UML diagrams serving as a baseline for the development of software leads to the mandatory consideration of non-functional requirements providing a secure and robust application. Secure SRS model with CIA-AAA provides the consideration of non-functional requirements and quality attributes before authorizing the users for accessing use cases. The extensive literature survey for UML Use case diagram is done. The UML use case diagrams do not provide notations, stereotypes, constraint for mis-use case and defense mechanism. This paper describes various notations, the new stereotypes such as Authentication, Buffer Overflow, SQL Injection, Encryption, Session Expiration and Connection Flooding with mathematical modelling for mitigating the attacks on the various transactions or use cases handle by the actors for providing the security.
{"title":"Proposed Secure 3-Use Case Diagram","authors":"Madhuri Gedam, B. Meshram","doi":"10.4018/ijsssp.293237","DOIUrl":"https://doi.org/10.4018/ijsssp.293237","url":null,"abstract":"The global use of UML diagrams serving as a baseline for the development of software leads to the mandatory consideration of non-functional requirements providing a secure and robust application. Secure SRS model with CIA-AAA provides the consideration of non-functional requirements and quality attributes before authorizing the users for accessing use cases. The extensive literature survey for UML Use case diagram is done. The UML use case diagrams do not provide notations, stereotypes, constraint for mis-use case and defense mechanism. This paper describes various notations, the new stereotypes such as Authentication, Buffer Overflow, SQL Injection, Encryption, Session Expiration and Connection Flooding with mathematical modelling for mitigating the attacks on the various transactions or use cases handle by the actors for providing the security.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126906052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJSSSP.2021070104
L. Favre
Systems and applications aligned with new paradigms such as cloud computing and internet of the things are becoming more complex and interconnected, expanding the areas in which they are susceptible to attacks. Their security can be addressed by using model-driven engineering (MDE). In this context, specific IoT or cloud computing metamodels emerged to support the systematic development of software. In general, they are specified through semiformal metamodels in MOF style. This article shows the theoretical foundations of a method for automatically constructing secure metamodels in the context of realizations of MDE such as MDA. The formal metamodeling language Nereus and systems of transformation rules to bridge the gap between formal specifications and MOF are described. The main contribution of this article is the definition of a system of transformation rules called NEREUStoMOF for transforming automatically formal metamodeling specifications in Nereus to semiformal-MOF metamodels annotated in OCL.
{"title":"Formal Metamodeling for Secure Model-Driven Engineering","authors":"L. Favre","doi":"10.4018/IJSSSP.2021070104","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021070104","url":null,"abstract":"Systems and applications aligned with new paradigms such as cloud computing and internet of the things are becoming more complex and interconnected, expanding the areas in which they are susceptible to attacks. Their security can be addressed by using model-driven engineering (MDE). In this context, specific IoT or cloud computing metamodels emerged to support the systematic development of software. In general, they are specified through semiformal metamodels in MOF style. This article shows the theoretical foundations of a method for automatically constructing secure metamodels in the context of realizations of MDE such as MDA. The formal metamodeling language Nereus and systems of transformation rules to bridge the gap between formal specifications and MOF are described. The main contribution of this article is the definition of a system of transformation rules called NEREUStoMOF for transforming automatically formal metamodeling specifications in Nereus to semiformal-MOF metamodels annotated in OCL.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"192 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124264424","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJSSSP.2021070101
Amine Rahmani
Chaotic cryptography has been a well-studied domain over the last few years. Many works have been done, and the researchers are still getting benefit from this incredible mathematical concept. This paper proposes a new model for coloured image encryption using simple but efficient chaotic equations. The proposed model consists of a symmetric encryption scheme in which it uses the logistic equation to generate secrete keys then an affine recursive transformation to encrypt pixels' values. The experimentations show good results, and theoretic discussion proves the efficiency of the proposed model.
{"title":"A Novel Iterated Function System-Based Model for Coloured Image Encryption","authors":"Amine Rahmani","doi":"10.4018/IJSSSP.2021070101","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021070101","url":null,"abstract":"Chaotic cryptography has been a well-studied domain over the last few years. Many works have been done, and the researchers are still getting benefit from this incredible mathematical concept. This paper proposes a new model for coloured image encryption using simple but efficient chaotic equations. The proposed model consists of a symmetric encryption scheme in which it uses the logistic equation to generate secrete keys then an affine recursive transformation to encrypt pixels' values. The experimentations show good results, and theoretic discussion proves the efficiency of the proposed model.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117328872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJSSSP.2021070102
S. Valiveti, Anush Manglani, Tadrush Desai
Ad hoc networks are used in heterogeneous environments like tactical military applications, where no centrally coordinated infrastructure is available. The network is required to perform self-configuration, dynamic topology management, and ensure the self-sustainability of the network. Security is hence of paramount importance. Anomaly-based intrusion detection system (IDS) is a distributed activity carried out by all nodes of the network in a cooperative manner along with other related network activities like routing, etc. Machine learning and its advances have found a promising place in anomaly detection. This paper describes the journey of defining the most suitable routing protocol for implementing IDS for tactical applications, along with the selection of the related suitable data set. The paper also reviews the latest machine learning techniques, implementation capabilities, and limitations.
{"title":"Anomaly-Based Intrusion Detection Systems for Mobile Ad Hoc Networks: A Practical Comprehension","authors":"S. Valiveti, Anush Manglani, Tadrush Desai","doi":"10.4018/IJSSSP.2021070102","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021070102","url":null,"abstract":"Ad hoc networks are used in heterogeneous environments like tactical military applications, where no centrally coordinated infrastructure is available. The network is required to perform self-configuration, dynamic topology management, and ensure the self-sustainability of the network. Security is hence of paramount importance. Anomaly-based intrusion detection system (IDS) is a distributed activity carried out by all nodes of the network in a cooperative manner along with other related network activities like routing, etc. Machine learning and its advances have found a promising place in anomaly detection. This paper describes the journey of defining the most suitable routing protocol for implementing IDS for tactical applications, along with the selection of the related suitable data set. The paper also reviews the latest machine learning techniques, implementation capabilities, and limitations.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131817547","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/IJSSSP.2021070103
F. Abdullayeva
The paper proposes a method for predicting the workload of virtual machines in the cloud infrastructure. Reconstruction probabilities of variational autoencoders were used to provide the prediction. Reconstruction probability is a probability criterion that considers the variability in the distribution of variables. In the proposed approach, the values of the reconstruction probabilities of the variational autoencoder show the workload level of the virtual machines. The results of the experiments showed that variational autoencoders gave better results in predicting the workload of virtual machines compared to simple deep neural networks. The generative characteristics of the variational autoencoders determine the workload level by the data reconstruction.
{"title":"Cloud Computing Virtual Machine Workload Prediction Method Based on Variational Autoencoder","authors":"F. Abdullayeva","doi":"10.4018/IJSSSP.2021070103","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021070103","url":null,"abstract":"The paper proposes a method for predicting the workload of virtual machines in the cloud infrastructure. Reconstruction probabilities of variational autoencoders were used to provide the prediction. Reconstruction probability is a probability criterion that considers the variability in the distribution of variables. In the proposed approach, the values of the reconstruction probabilities of the variational autoencoder show the workload level of the virtual machines. The results of the experiments showed that variational autoencoders gave better results in predicting the workload of virtual machines compared to simple deep neural networks. The generative characteristics of the variational autoencoders determine the workload level by the data reconstruction.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131812391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.4018/IJSSSP.2021010101
Tomoko Kaneko, Nobukazu Yoshioka
As the complexity of computer systems increases, assuring safety and security is significant. The authors aim to construct a new development methodology CC-Case that can assure the demands of complex systems, including IoT and AI, using safety and security technologies in an integrated manner. As a central framework of CC-Case, this manuscript shows requirements extraction by STAMP/STPA extension to safety and security (STAMP S & S) and assurance using GSN divided into a logical model and a concrete model. STAMP S & S makes it possible to model requirements based on system theory and extract more comprehensive safety and security requirements in a single model diagram. Besides, the GSN defines the overall picture of the assurance and verifies and validates the hazards and threats extracted by STAMP S & S. This paper presents the procedures of CC-Case with STAMP, GSN, and show examples of level 3 autonomous driving.
随着计算机系统复杂性的增加,确保安全是非常重要的。作者的目标是构建一种新的开发方法CC-Case,可以确保复杂系统的需求,包括物联网和人工智能,以集成的方式使用安全和安保技术。作为CC-Case的中心框架,本文展示了通过STAMP/STPA扩展到安全和保障(STAMP S & S)的需求提取和使用GSN的保证,分为逻辑模型和具体模型。STAMP S & S使基于系统理论的需求建模成为可能,并在单个模型图中提取更全面的安全和保障需求。此外,GSN定义了保障的整体图景,并对STAMP S & S提取的危害和威胁进行验证和验证。本文介绍了使用STAMP、GSN进行CC-Case的流程,并展示了3级自动驾驶的示例。
{"title":"CC-Case-Safety and Security Engineering Methodology","authors":"Tomoko Kaneko, Nobukazu Yoshioka","doi":"10.4018/IJSSSP.2021010101","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021010101","url":null,"abstract":"As the complexity of computer systems increases, assuring safety and security is significant. The authors aim to construct a new development methodology CC-Case that can assure the demands of complex systems, including IoT and AI, using safety and security technologies in an integrated manner. As a central framework of CC-Case, this manuscript shows requirements extraction by STAMP/STPA extension to safety and security (STAMP S & S) and assurance using GSN divided into a logical model and a concrete model. STAMP S & S makes it possible to model requirements based on system theory and extract more comprehensive safety and security requirements in a single model diagram. Besides, the GSN defines the overall picture of the assurance and verifies and validates the hazards and threats extracted by STAMP S & S. This paper presents the procedures of CC-Case with STAMP, GSN, and show examples of level 3 autonomous driving.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130833378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.4018/IJSSSP.2021010105
Qiang Zhi, Zhengshu Zhou, Shuji Morisaki
Assurance case helps analyze the system dependability, but the relationships between system elements and assurance case are generally not clearly defined. In order to make system assurance more intuitive and reliable, this paper proposes an approach that clearly defines the relationships between safety issues and system elements and integrates them using ArchiMate. Also, the proposed method applies model checking to system safety assurance, and the checking results are regarded as evidence of assurance cases. This method consists of four steps: interaction visualization, processes model checking, assurance case creation, and composite safety assurance. The significance of this work is that it provides a formalized procedure for safety-critical system assurance, which could increase the confidence in system safety. It would be expected to make the safety of a system easier to explain to third parties and make the system assurance more intuitive and effective. Also, a case study on an automatic driving system is carried out to confirm the effectiveness of this approach.
{"title":"A Composite Safety Assurance Method for Developing System Architecture Using Model Checking","authors":"Qiang Zhi, Zhengshu Zhou, Shuji Morisaki","doi":"10.4018/IJSSSP.2021010105","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021010105","url":null,"abstract":"Assurance case helps analyze the system dependability, but the relationships between system elements and assurance case are generally not clearly defined. In order to make system assurance more intuitive and reliable, this paper proposes an approach that clearly defines the relationships between safety issues and system elements and integrates them using ArchiMate. Also, the proposed method applies model checking to system safety assurance, and the checking results are regarded as evidence of assurance cases. This method consists of four steps: interaction visualization, processes model checking, assurance case creation, and composite safety assurance. The significance of this work is that it provides a formalized procedure for safety-critical system assurance, which could increase the confidence in system safety. It would be expected to make the safety of a system easier to explain to third parties and make the system assurance more intuitive and effective. Also, a case study on an automatic driving system is carried out to confirm the effectiveness of this approach.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131510587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.4018/IJSSSP.2021010104
H. Takeuchi
This research considers the common understanding of proof-of-concept (PoC) projects developing AI service systems between business and IT divisions. The authors propose an enterprise architecture (EA)-based project assurance model for the PoC of AI service systems, and represented elements of the developed application, development processes, and project goals with relations in the model. The proposed model provides two views, the “Why-What-Who View” representing the relationships between goals, processes and actors, and “Who-What-How View” representing the relationships between actors, processes and applications. Through these views, this paper shows that project members can understand the development activities in which they are involved, and the impact or significance of each activity on the project, and the project goal is assured by executing each activity in the process. Through a case study the authors show that one can use the proposed model as a reference model when proposing and executing AI service system development projects.
{"title":"Enterprise Architecture-Based Project Assurance Model for the Proof-of-Concept of AI Service Systems","authors":"H. Takeuchi","doi":"10.4018/IJSSSP.2021010104","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021010104","url":null,"abstract":"This research considers the common understanding of proof-of-concept (PoC) projects developing AI service systems between business and IT divisions. The authors propose an enterprise architecture (EA)-based project assurance model for the PoC of AI service systems, and represented elements of the developed application, development processes, and project goals with relations in the model. The proposed model provides two views, the “Why-What-Who View” representing the relationships between goals, processes and actors, and “Who-What-How View” representing the relationships between actors, processes and applications. Through these views, this paper shows that project members can understand the development activities in which they are involved, and the impact or significance of each activity on the project, and the project goal is assured by executing each activity in the process. Through a case study the authors show that one can use the proposed model as a reference model when proposing and executing AI service system development projects.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124435458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.4018/IJSSSP.2021010102
Tsutomu Koshiyama, Seiichiro Takahashi
Goal structuring notation (GSN) is widely used in safety cases and other methods for assuring reliability. Demonstrating the fulfillment of a claim in the GSN requires that its achievement be interpreted logically and structurally by the reader. This study proposes a typical pattern of interpreting these structural interpretations. Furthermore, the proposed patterns were verified for their application to actual GSN samples, and the applicability of these patterns was validated. In addition, these patterns were compared with the existing use of the so-called multi-legged arguments, and the differences between them were shown. Moreover, some of the proposed patterns show that there is a difference in the degree of certainty in the achievement of the converted claim, which indicates achievement of the claim from which it is derived.
{"title":"Six-Assurance Case Patterns by Strengthening/Weakening Argument","authors":"Tsutomu Koshiyama, Seiichiro Takahashi","doi":"10.4018/IJSSSP.2021010102","DOIUrl":"https://doi.org/10.4018/IJSSSP.2021010102","url":null,"abstract":"Goal structuring notation (GSN) is widely used in safety cases and other methods for assuring reliability. Demonstrating the fulfillment of a claim in the GSN requires that its achievement be interpreted logically and structurally by the reader. This study proposes a typical pattern of interpreting these structural interpretations. Furthermore, the proposed patterns were verified for their application to actual GSN samples, and the applicability of these patterns was validated. In addition, these patterns were compared with the existing use of the so-called multi-legged arguments, and the differences between them were shown. Moreover, some of the proposed patterns show that there is a difference in the degree of certainty in the achievement of the converted claim, which indicates achievement of the claim from which it is derived.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131499777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: