Biblio
Filters: Keyword is security requirement [Clear All Filters]
.
2021. Automatic Security Inspection Framework for Trustworthy Supply Chain. 2021 IEEE/ACIS 19th International Conference on Software Engineering Research, Management and Applications (SERA). :45—50.
Threats and risks against supply chains are increasing and a framework to add the trustworthiness of supply chain has been considered. In this framework, organisations in the supply chain validate the conformance to the pre-defined requirements. The results of validations are linked each other to achieve the trustworthiness of the entire supply chain. In this paper, we further consider this framework for data supply chains. First, we implement the framework and evaluate the performance. The evaluation shows 500 digital evidences (logs) can be checked in 0.28 second. We also propose five methods to improve the performance as well as five new functionalities to improve usability. With these functionalities, the framework also supports maintaining the certificate chain.
.
2019. Ontology-Driven Security Requirements Recommendation for APT Attack. 2019 IEEE 27th International Requirements Engineering Conference Workshops (REW). :150–156.
Advanced Persistent Threat (APT) is one of the cyber threats that continuously attack specific targets exfiltrate information or destroy the system [1]. Because the attackers use various tools and methods according to the target, it is difficult to describe APT attack in a single pattern. Therefore, APT attacks are difficult to defend against with general countermeasures. In these days, systems consist of various components and related stakeholders, which makes it difficult to consider all the security concerns. In this paper, we propose an ontology knowledge base and its design process to recommend security requirements based on APT attack cases and system domain knowledge. The proposed knowledge base is divided into three parts; APT ontology, general security knowledge ontology, and domain-specific knowledge ontology. Each ontology can help to understand the security concerns in their knowledge. While integrating three ontologies into the problem domain ontology, the appropriate security requirements can be derived with the security requirements recommendation process. The proposed knowledge base and process can help to derive the security requirements while considering both real attacks and systems.
.
2017. Chip-Based symmetric and asymmetric key generation in hierarchical wireless sensors networks. 2017 International Conference on Inventive Systems and Control (ICISC). :1–6.
Realization of an application using Wireless Sensor Networks (WSNs) using Sensor Nodes (SNs) brings in profound advantages of ad-hoc and flexible network deployments. Implementation of these networks face immense challenges due to short wireless range; along with limited power, storage & computational capabilities of SNs. Also, due to the tiny physical attributes of the SNs in WSNs, they are prone to physical attacks. In the context of WSNs, the physical attacks may range from destroying, lifting, replacing and adding new SNs. The work in this paper addresses the threats induced due to physical attacks and, further proposes a methodology to mitigate it. The methodology incorporates the use of newly proposed secured and efficient symmetric and asymmetric key distribution technique based on the additional commodity hardware Trusted Platform Module (TPM). Further, the paper demonstrates the merits of the proposed methodology. With some additional economical cost for the hardware, the proposed technique can fulfill the security requirement of WSNs, like confidentiality, integrity, authenticity, resilience to attack, key connectivity and data freshness.