Biblio

In this paper we present techniques based on machine learning techniques on monitoring data for analysis of cybersecurity threats in cloud environments that incorporate enterprise applications from the fields of telecommunications and IoT. Cybersecurity is a term describing techniques for protecting computers, telecommunications equipment, applications, environments and data. In modern networks enormous volume of generated traffic can be observed. We propose several techniques such as Support Vector Machines, Neural networks and Deep Neural Networks in combination for analysis of monitoring data. An approach for combining classifier results based on performance weights is proposed. The proposed approach delivers promising results comparable to existing algorithms and is suitable for enterprise grade security applications.

Performing a fair exchange without a Trusted Third Party (TTP) was considered to be impossible. With multi party computation and practices like Proof-of-Work (PoW), blockchain accomplishes a fair exchange in a trustless network. Data confidentiality is a key challenge that has to be resolved before adopting blockchain for enterprise applications where tokenized assets will be transferred. Protocols like Zcash are already providing the same for financial transactions but lacks flexibility required to apply in most of the potential use cases of blockchain. Most of the real world application work in a way where a transaction is carried out when a particular action is performed. Also, the zero knowledge proof method used in Zcash, ZKSNARK has certain weaknesses restricting its adoption. One of the major drawbacks of ZKSNARK is that it requires an initial trust setup phase which is difficult to achieve in blockchain ecosystem. ZKSTARK, an interactive zero knowledge proof does not require this phase and also provides security against post quantum attacks. We propose a system that uses two indistinguishable hash functions along with ZKSTARK to improve the flexibility of blockchain platforms. The two indistinguishable hash functions are chosen from SHA3-finalists based on their security, performance and inner designs.

Web application technologies are growing rapidly with continuous innovation and improvements. This paper focuses on the popular Spring Boot [1] java-based framework for building web and enterprise applications and how it provides the flexibility for service-oriented architecture (SOA). One challenge with any Spring-based applications is its level of complexity with configurations. Spring Boot makes it easy to create and deploy stand-alone, production-grade Spring applications with very little Spring configuration. Example, if we consider Spring Model-View-Controller (MVC) framework [2], we need to configure dispatcher servlet, web jars, a view resolver, and component scan among other things. To solve this, Spring Boot provides several Auto Configuration options to setup the application with any needed dependencies. Another challenge is to identify the framework dependencies and associated library versions required to develop a web application. Spring Boot offers simpler dependency management by using a comprehensive, but flexible, framework and the associated libraries in one single dependency, which provides all the Spring related technology that you need for starter projects as compared to CRUD web applications. This framework provides a range of additional features that are common across many projects such as embedded server, security, metrics, health checks, and externalized configuration. Web applications are generally packaged as war and deployed to a web server, but Spring Boot application can be packaged either as war or jar file, which allows to run the application without the need to install and/or configure on the application server. In this paper, we discuss how Atmospheric Radiation Measurement (ARM) Data Center (ADC) at Oak Ridge National Laboratory, is using Spring Boot to create a SOA based REST [4] service API, that bridges the gap between frontend user interfaces and backend database. Using this REST service API, ARM scientists are now able to submit reports via a user form or a command line interface, which captures the same data quality or other important information about ARM data.

With the recent advances in information and communication technology, Web and Mobile Internet applications have become a part of our daily lives. These developments have also emerged Information Security concept due to the necessity of protecting information of institutions from Internet attackers. There are many security approaches to provide information security in Enterprise applications. However, using only one of these approaches may not be efficient enough to obtain security. This paper describes a Multi-Layered Framework of implementing two-factor and single sign-on authentication together. The proposed framework generates unique one-time passwords (OTP), which are used to authenticate application data. Nevertheless, using only OTP mechanism does not meet security requirements. Therefore, implementing a separate authentication application which has single sign-on capability is necessary.