Visible to the public Biblio

Filters: Author is Fernandez, Eduardo B.  [Clear All Filters]
2020-03-09
Alnaim, Abdulrahman K., Alwakeel, Ahmed M., Fernandez, Eduardo B..  2019.  Threats Against the Virtual Machine Environment of NFV. 2019 2nd International Conference on Computer Applications Information Security (ICCAIS). :1–5.

Network Function Virtualization (NFV) is an implementation of cloud computing that leverages virtualization technology to provide on-demand network functions such as firewalls, domain name servers, etc., as software services. One of the methods that help us understand the design and implementation process of such a new system in an abstract way is architectural modeling. Architectural modeling can be presented through UML diagrams to show the interaction between different components and its stakeholders. Also, it can be used to analyze the security threats and the possible countermeasures to mitigate the threats. In this paper, we show some of the possible threats that may jeopardize the security of NFV. We use misuse patterns to analyze misuses based on privilege escalation and VM escape threats. The misuse patterns are part of an ongoing catalog, which is the first step toward building a security reference architecture for NFV.

2019-03-22
Moreno, Julio, Fernandez, Eduardo B., Fernandez-Medina, Eduardo, Serrano, Manuel A..  2018.  A Security Pattern for Key-Value NoSQL Database Authorization. Proceedings of the 23rd European Conference on Pattern Languages of Programs. :12:1-12:4.

Numerous authorization models have been proposed for relational databases. On the other hand, several NoSQL databases used in Big Data applications use a new model appropriate to their requirements for structure, speed, and large amount of data. This model protects each individual cell in key-value databases by labeling them with authorization rights following a Role-Based Access Control model or similar. We present here a pattern to describe this model as it exists in several Big Data systems.

2017-10-27
Pedraza-García, Gilberto, Noël, René, Matalonga, Santiago, Astudillo, Hernán, Fernandez, Eduardo B..  2016.  Mitigating Security Threats Using Tactics and Patterns: A Controlled Experiment. Proccedings of the 10th European Conference on Software Architecture Workshops. :37:1–37:7.
Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.