Walter Fuertes, Anabel Tunala, Ronnie Moncayo, Fausto Meneses, T. Toulkeridis
The education and training of security networks is an essential challenge for the academy, due to the vertiginous increase of threats and vulnerabilities. This study aims to implement a software-based experimental platform over virtual network environments, in order to stimulate teaching in Distributed Denial of Service (DDoS) attacks. We have used the theories of learning oriented to the experience, reflexive observation, and active experimentation of the students. This allowed to evaluate the learning objectives based on Bloom's Digital Taxonomy. From the software point of view, the experimental paradigm of Software Engineering has been applied, using Scrum as an agile methodology. During the development of the application, we implemented different roles including attackers, learners as well as victims in order to reconstruct and understand real attacks on IP networks. Hereby, for the role of attackers, we have used an interface to select the type of attack, while for the role of learners, we designed an intuitive interface that presents through natural language, to select possible firewall rules. This helped to learn, detect and mitigate potential attacks. Finally, for the role of victims, we included an analytical approach, which allowed to recognize online the impact of attacks on the performance of the computer system. The results demonstrate the functionality of the platform confirming that the introduced software meets the Usability criteria. Finally, our results present a network security learning, determined in terms of Bloom's Digital Taxonomy.
{"title":"Software-Based Platform for Education and Training of DDoS Attacks Using Virtual Networks","authors":"Walter Fuertes, Anabel Tunala, Ronnie Moncayo, Fausto Meneses, T. Toulkeridis","doi":"10.1109/ICSSA.2017.19","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.19","url":null,"abstract":"The education and training of security networks is an essential challenge for the academy, due to the vertiginous increase of threats and vulnerabilities. This study aims to implement a software-based experimental platform over virtual network environments, in order to stimulate teaching in Distributed Denial of Service (DDoS) attacks. We have used the theories of learning oriented to the experience, reflexive observation, and active experimentation of the students. This allowed to evaluate the learning objectives based on Bloom's Digital Taxonomy. From the software point of view, the experimental paradigm of Software Engineering has been applied, using Scrum as an agile methodology. During the development of the application, we implemented different roles including attackers, learners as well as victims in order to reconstruct and understand real attacks on IP networks. Hereby, for the role of attackers, we have used an interface to select the type of attack, while for the role of learners, we designed an intuitive interface that presents through natural language, to select possible firewall rules. This helped to learn, detect and mitigate potential attacks. Finally, for the role of victims, we included an analytical approach, which allowed to recognize online the impact of attacks on the performance of the computer system. The results demonstrate the functionality of the platform confirming that the introduced software meets the Usability criteria. Finally, our results present a network security learning, determined in terms of Bloom's Digital Taxonomy.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115156291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.
{"title":"Automated Synthesis of Access Control Lists","authors":"Xiao Liu, Brett A Holden, Dinghao Wu","doi":"10.1109/ICSSA.2017.26","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.26","url":null,"abstract":"Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114769618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Ryoo, Soyoung Kim, Junsung Cho, Hyoungshick Kim, S. Tjoa, Christopher Derobertis
Internet of Everything (IoE) is a newly emerging trend especially in homes. Marketing forces towards smart homes are also accelerating the spread of IoE devices in households. An obvious danger of rapid adoption of these gadgets is that many of them lack controls for protecting the privacy and security of end users from attacks designed to disrupt lives and incur financial losses. Our research goal for this paper is to develop an IoE threat model geared specifically for home users who are often unaware of the privacy and security threats which the IoE appliances pose. Our ultimate goal is to propose an effective solution to alerting users of imminent IoE security threats and offering actionable steps to mitigate them through an intuitive and friendly user interface design. There have been ample security research on individual elements of IoE. In particular, there are many publications on Internet of Things (IoT) security. What differentiates our research from the existing IoT works is that we are treating IoT as a component of an IoE ecosystem and developing our threat model in the more comprehensive context of how other pieces of the equation, such as people and data as well as processes fit together to result in formidable security threats.
{"title":"IoE Security Threats and You","authors":"J. Ryoo, Soyoung Kim, Junsung Cho, Hyoungshick Kim, S. Tjoa, Christopher Derobertis","doi":"10.1109/ICSSA.2017.28","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.28","url":null,"abstract":"Internet of Everything (IoE) is a newly emerging trend especially in homes. Marketing forces towards smart homes are also accelerating the spread of IoE devices in households. An obvious danger of rapid adoption of these gadgets is that many of them lack controls for protecting the privacy and security of end users from attacks designed to disrupt lives and incur financial losses. Our research goal for this paper is to develop an IoE threat model geared specifically for home users who are often unaware of the privacy and security threats which the IoE appliances pose. Our ultimate goal is to propose an effective solution to alerting users of imminent IoE security threats and offering actionable steps to mitigate them through an intuitive and friendly user interface design. There have been ample security research on individual elements of IoE. In particular, there are many publications on Internet of Things (IoT) security. What differentiates our research from the existing IoT works is that we are treating IoT as a component of an IoE ecosystem and developing our threat model in the more comprehensive context of how other pieces of the equation, such as people and data as well as processes fit together to result in formidable security threats.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129920135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Joseph Gualdoni, Andrew Kurtz, Ilva Myzyri, Megan Wheeler, Syed S. Rizvi
Purchasing items on the Internet with credit cards is risky-due to the ease of gaining the information without having the physical card. The ease of phishing, spoofing, or other ways perpetrators can obtain a consumer's credit card information. The threat of identity theft is growing as we rely more and more on the Internet to make purchases. To mitigate risk, we present a new Multi-Layer Defense (MLD) model. Our proposed MLD model combines the strong two-factor authentication capabilities with a unique random code that is only valid for an active session. Essentially, two-factor authentication is an extra layer of security used in addition to username and password to better confirm the user's identity. This code serves as a private key to authenticate such online transactions. The code can be utilized to identify users and establish secure ways of purchasing items. The proposed MLD model uses devices to log into card accounts via an application to view a generated code. The generated code is inputted on an online retailer's website to authorize the use of the credit card. This minimizes the possibility of an illegitimate user gaining access to another individual's credit card. Without a valid code, impostors cannot use the stolen card information to make purchases that could harm the account holder. To show the practicality of our scheme, we provide one case study between a Consumer A and Consumer B that explains the difference in outcome by using the proposed MLD model.
{"title":"Multi-Layer Defense Model for Securing Online Financial Transactions","authors":"Joseph Gualdoni, Andrew Kurtz, Ilva Myzyri, Megan Wheeler, Syed S. Rizvi","doi":"10.1109/ICSSA.2017.25","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.25","url":null,"abstract":"Purchasing items on the Internet with credit cards is risky-due to the ease of gaining the information without having the physical card. The ease of phishing, spoofing, or other ways perpetrators can obtain a consumer's credit card information. The threat of identity theft is growing as we rely more and more on the Internet to make purchases. To mitigate risk, we present a new Multi-Layer Defense (MLD) model. Our proposed MLD model combines the strong two-factor authentication capabilities with a unique random code that is only valid for an active session. Essentially, two-factor authentication is an extra layer of security used in addition to username and password to better confirm the user's identity. This code serves as a private key to authenticate such online transactions. The code can be utilized to identify users and establish secure ways of purchasing items. The proposed MLD model uses devices to log into card accounts via an application to view a generated code. The generated code is inputted on an online retailer's website to authorize the use of the credit card. This minimizes the possibility of an illegitimate user gaining access to another individual's credit card. Without a valid code, impostors cannot use the stolen card information to make purchases that could harm the account holder. To show the practicality of our scheme, we provide one case study between a Consumer A and Consumer B that explains the difference in outcome by using the proposed MLD model.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130052144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Joel Margolis, T. Oh, Suyash Jadhav, Young Ho Kim, J. Kim
Multiple news stories, articles, incidents, and attacks have consistently brought to light that IoT devices have a major lack of security. Developing a solution to protect and secure these devices is difficult because of the multitude of devices available on the market, each with their own requirements. This paper will focus on a particularly widespread piece of IoT malware known as the Mirai botnet by examining what its capabilities are, how it spreads to new devices, the impact that it has already had, and propose mitigation solutions to help prevent future attacks.
{"title":"An In-Depth Analysis of the Mirai Botnet","authors":"Joel Margolis, T. Oh, Suyash Jadhav, Young Ho Kim, J. Kim","doi":"10.1109/ICSSA.2017.12","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.12","url":null,"abstract":"Multiple news stories, articles, incidents, and attacks have consistently brought to light that IoT devices have a major lack of security. Developing a solution to protect and secure these devices is difficult because of the multitude of devices available on the market, each with their own requirements. This paper will focus on a particularly widespread piece of IoT malware known as the Mirai botnet by examining what its capabilities are, how it spreads to new devices, the impact that it has already had, and propose mitigation solutions to help prevent future attacks.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123267917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security defects are common in large software systems because of their size and complexity. Although efficient development processes, testing, and maintenance policies are applied to software systems, there are still a large number of vulnerabilities that can remain, despite these measures. Developers need to know more about characteristics and types of residual vulnerabilities in systems to adopt suitable countermeasures in current and next versions. We propose an automatic vulnerability classification framework based on conditions that activate vulnerabilities with the goal of helping developers to design appropriate corrective actions (the most costly part of the development and maintenance phases). Different machine learning techniques (Random Forest, C4.5 Decision Tree, Logistic Regression, and Naive Bayes) are employed to construct a classifier with the highest F-measure in labelling an unseen vulnerability by the framework. We evaluate the effectiveness of the classification by analysing 580 software security defects of the Firefox project. The achieved results show that C4.5 Decision Tree is able to identify the category of unseen vulnerabilities with 69% F-measure.
{"title":"An Automatic Software Vulnerability Classification Framework","authors":"Maryam Davari, Mohammad Zulkernine, Fehmi Jaafar","doi":"10.1109/ICSSA.2017.27","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.27","url":null,"abstract":"Security defects are common in large software systems because of their size and complexity. Although efficient development processes, testing, and maintenance policies are applied to software systems, there are still a large number of vulnerabilities that can remain, despite these measures. Developers need to know more about characteristics and types of residual vulnerabilities in systems to adopt suitable countermeasures in current and next versions. We propose an automatic vulnerability classification framework based on conditions that activate vulnerabilities with the goal of helping developers to design appropriate corrective actions (the most costly part of the development and maintenance phases). Different machine learning techniques (Random Forest, C4.5 Decision Tree, Logistic Regression, and Naive Bayes) are employed to construct a classifier with the highest F-measure in labelling an unseen vulnerability by the framework. We evaluate the effectiveness of the classification by analysing 580 software security defects of the Firefox project. The achieved results show that C4.5 Decision Tree is able to identify the category of unseen vulnerabilities with 69% F-measure.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127865420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Martin Valicek, Gregor Schramm, Martin Pirker, S. Schrittwieser
The internet connects an uncountable number of users and their devices, no one has a global overview anymore. This state of constant chaos poses the problem of detecting novel, previously unknown attacks and attackers, and therefore requires creative strategies to detect and study them as early as possible. One approach is the use of honeypots to bait attacks into separate, dedicated systems and study them there. This paper explores the construction of high-interaction honeypots based on Docker containers, both for Windows and Linux operating systems. A core challenge is the transparent integration of honeypots into an existing company's network, although they are located off-site and not directly on a company's premises. We report practical prototyping experiences with Linux and Windows as container hosts for a diverse set of services and the limits we encountered in current software versions as they impede our effort.
{"title":"Creation and Integration of Remote High Interaction Honeypots","authors":"Martin Valicek, Gregor Schramm, Martin Pirker, S. Schrittwieser","doi":"10.1109/ICSSA.2017.21","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.21","url":null,"abstract":"The internet connects an uncountable number of users and their devices, no one has a global overview anymore. This state of constant chaos poses the problem of detecting novel, previously unknown attacks and attackers, and therefore requires creative strategies to detect and study them as early as possible. One approach is the use of honeypots to bait attacks into separate, dedicated systems and study them there. This paper explores the construction of high-interaction honeypots based on Docker containers, both for Windows and Linux operating systems. A core challenge is the transparent integration of honeypots into an existing company's network, although they are located off-site and not directly on a company's premises. We report practical prototyping experiences with Linux and Windows as container hosts for a diverse set of services and the limits we encountered in current software versions as they impede our effort.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132893670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There exist many plagiarism detection tools to uncover plagiarized codes by analyzing the similarity of source codes. To measure how reliable those plagiarism detection tools are, we developed a tool named Code ObfuscAtion Tool (COAT) that takes a program source code as input and produces another source code that is exactly equivalent to the input source code in their functional behaviors but with a different structure. In COAT, we particularly considered the eight representative obfuscation techniques (e.g., modifying control flow or inserting dummy codes) to test the performance of source code plagiarism detection tools. To show the practicality of COAT, we gathered 69 source codes and then tested those source codes with the four popularly used source code plagiarism detection tools (Moss, JPlag, SIM and Sherlock). In these experiments, we found that the similarity scores between the original source codes and their obfuscated plagiarized codes are very low; the mean similarity scores only ranged from 4.00 to 16.20 where the maximum possible score is 100. These results demonstrate that all the tested tools have clear limitations in detecting the plagiarized codes generated with combined code obfuscation techniques.
{"title":"COAT: Code Obfuscation Tool to Evaluate the Performance of Code Plagiarism Detection Tools","authors":"Sangjun Ko, Jusop Choi, Hyoungshick Kim","doi":"10.1109/ICSSA.2017.29","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.29","url":null,"abstract":"There exist many plagiarism detection tools to uncover plagiarized codes by analyzing the similarity of source codes. To measure how reliable those plagiarism detection tools are, we developed a tool named Code ObfuscAtion Tool (COAT) that takes a program source code as input and produces another source code that is exactly equivalent to the input source code in their functional behaviors but with a different structure. In COAT, we particularly considered the eight representative obfuscation techniques (e.g., modifying control flow or inserting dummy codes) to test the performance of source code plagiarism detection tools. To show the practicality of COAT, we gathered 69 source codes and then tested those source codes with the four popularly used source code plagiarism detection tools (Moss, JPlag, SIM and Sherlock). In these experiments, we found that the similarity scores between the original source codes and their obfuscated plagiarized codes are very low; the mean similarity scores only ranged from 4.00 to 16.20 where the maximum possible score is 100. These results demonstrate that all the tested tools have clear limitations in detecting the plagiarized codes generated with combined code obfuscation techniques.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125834175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Weike Wang, Muyang Liu, Pei Du, Zongmin Zhao, Yuntong Tian, Qiang Hao, Xiang Wang
Embedded systems are vulnerable to various kinds of attacks when they are in execution. Advanced attacks, such as buffer overflow, are able to inject malicious code at runtime. Besides, physical attacks are also becoming more common. This paper presents a new hardware-assisted architecture to validate the execution of the program which is reliable, effective and of low overhead. A specified tool is developed to collect software properties of each basic block from binary code automatically. At runtime, the proposed scheme checks whether the executing code conforms to the permissible behavior and triggers appropriate response mechanisms when illegal actions are detected. This architecture won't change the program and has no restriction on the developer. The performance overhead of the architecture is mostly less than 1% according to the selected benchmarks and the hybrid search scheme can reduce the indexing overhead to approximately 30% of that of binary search.
{"title":"An Architectural-Enhanced Secure Embedded System with a Novel Hybrid Search Scheme","authors":"Weike Wang, Muyang Liu, Pei Du, Zongmin Zhao, Yuntong Tian, Qiang Hao, Xiang Wang","doi":"10.1109/ICSSA.2017.14","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.14","url":null,"abstract":"Embedded systems are vulnerable to various kinds of attacks when they are in execution. Advanced attacks, such as buffer overflow, are able to inject malicious code at runtime. Besides, physical attacks are also becoming more common. This paper presents a new hardware-assisted architecture to validate the execution of the program which is reliable, effective and of low overhead. A specified tool is developed to collect software properties of each basic block from binary code automatically. At runtime, the proposed scheme checks whether the executing code conforms to the permissible behavior and triggers appropriate response mechanisms when illegal actions are detected. This architecture won't change the program and has no restriction on the developer. The performance overhead of the architecture is mostly less than 1% according to the selected benchmarks and the hybrid search scheme can reduce the indexing overhead to approximately 30% of that of binary search.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132874250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
E. M. English, Daniel Paul Stacey, Syed Rizvi, Donte Perino
In today's era of technology and the institutions which take advantage of it, there are many solutions to everyday problems yet many more problems arise. One such example is the onset of cloud computing, which grants the ability to transfer and store large amounts of data without any of the hassles of a physical server. When a large institution such as a hospital utilizes the cloud they take on the inherent risk of that cloud connection being interrupted. If or when this connection is disrupted it can oftentimes lead to an institution to come to a halt. Often times, these institutions either don't have any way to backup their data or have an inadequate solution. The solution being proposed in this paper, Cloud Reliability and Independence Standard (CRIS), is to implement a standard for information storage and backups to be used by all institutions. This leads to the adaptation of a three tiered system that rates how much and how expansive the organization's backup should be. Our solution works to mitigate the issue of connection loss by keeping companies profitable and functional.
{"title":"Cloud Reliability and Independence Standard: A Three Tiered System for Optimal Cloud Storage","authors":"E. M. English, Daniel Paul Stacey, Syed Rizvi, Donte Perino","doi":"10.1109/ICSSA.2017.15","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.15","url":null,"abstract":"In today's era of technology and the institutions which take advantage of it, there are many solutions to everyday problems yet many more problems arise. One such example is the onset of cloud computing, which grants the ability to transfer and store large amounts of data without any of the hassles of a physical server. When a large institution such as a hospital utilizes the cloud they take on the inherent risk of that cloud connection being interrupted. If or when this connection is disrupted it can oftentimes lead to an institution to come to a halt. Often times, these institutions either don't have any way to backup their data or have an inadequate solution. The solution being proposed in this paper, Cloud Reliability and Independence Standard (CRIS), is to implement a standard for information storage and backups to be used by all institutions. This leads to the adaptation of a three tiered system that rates how much and how expansive the organization's backup should be. Our solution works to mitigate the issue of connection loss by keeping companies profitable and functional.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126986135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: