The Experts below are selected from a list of 18285 Experts worldwide ranked by ideXlab platform
Edgar Weippl - One of the best experts on this subject based on the ideXlab platform.
-
conclusion and outlook on Security and quality of complex cyber physical systems engineering
Security and Quality in Cyber-Physical Systems Engineering, 2019Co-Authors: Stefan Biffl, Matthias Eckhart, Arndt Luder, Edgar WeipplAbstract:Typical assumptions for research in quality and Security Assurance and improvement for small software-intensive systems may not hold for long-running technical systems, such as critical infrastructure or industrial production systems. Therefore, researchers in quality and Security Assurance and improvement can benefit from better understanding challenges on quality and Security Assurance and quality improvement coming from the engineering of Complex Cyber-Physical Systems based on the use cases and requirements presented. This chapter summarizes and reflects on the material presented in this book regarding challenges and solutions for Security and Quality of Complex Cyber-Physical Systems (C-CPS) Engineering. Contributions in this book consider requirements, risks, and solutions to improve the Security and quality of C-CPS. Engineers and project managers will be enabled to identify quality and Security challenges they should consider. In addition, the chapter describes measures to assist the involved staff in handling the identified challenges. The chapter discusses the contributions of the chapters to the Research Questions raised in Chap. 1 of this book.
-
Security Assurance assessment methodology for hybrid clouds
Computers & Security, 2017Co-Authors: Aleksandar Hudic, Paul Smith, Edgar WeipplAbstract:Abstract The emergence of the cloud computing paradigm has altered the delivery models for ICT services. Unfortunately, the widespread use of the cloud has a cost, in terms of reduced transparency and control over a user's information and services. In addition, there are a number of well-understood Security and privacy challenges that are specific to this environment. These drawbacks are particularly problematic to operators of critical information infrastructures that want to leverage the benefits of cloud. To improve transparency and provide Assurances that measures are in place to ensure Security, novel approaches to Security evaluation are needed. To evaluate the Security of services that are deployed in the cloud requires an evaluation of complex multi-layered systems and services, including their interdependencies. This is a challenging task that involves significant effort, in terms of both computational and human resources. With these challenges in mind, we propose a novel Security assessment methodology for analysing the Security of critical services that are deployed in cloud environments. Our methodology offers flexibility, in that tailored policy-driven Security assessments can be defined based on a user's requirements, relevant standards, policies, and guidelines. We have implemented and evaluated a system that supports online assessments using our methodology, which acquires and processes large volumes of Security-related data without affecting the performance of the services in a cloud environment.
Lotfi Ben Othmane - One of the best experts on this subject based on the ideXlab platform.
-
Towards Effective Security Assurance for Incremental Software Development the Case of Zen Cart Application
2016 11th International Conference on Availability Reliability and Security (ARES), 2016Co-Authors: Lotfi Ben Othmane, Azmat AliAbstract:Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the Security Assurance of the software. Thus, each new version of a given software requires a new full Security assessment. This paper investigates the impact of incremental development of software on their Security Assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design Security Assurance cases and trace the impact of code changes on the Security Assurance of the given software. A Security Assurance case shows how a claim, such as "The system is acceptably secure" is supported by objective evidence.
-
evaluation of the challenges of developing secure software using the agile approach
International Journal of Secure Software Engineering, 2016Co-Authors: Imran Ghani, Adila Firdaus Arbain, Hela Oueslati, Mohammad Masudur Rahman, Lotfi Ben OthmaneAbstract:A set of challenges of developing secure software using the agile development approach and methods are reported in the literature. This paper reports about a systematic literature review to identify these challenges and evaluate the causes of each of these challenges, with respect to the agile values, the agile principles, and the Security Assurance practices. The authors identified in this study 20 challenges, which are reported in 28 publications. They found that 14 of these challenges are valid and 6 are neither caused by agile values and principles, nor by the Security Assurance practices. The authors also found that 2 of the valid challenges are related to the software development life-cycle, 4 are related to incremental development, 4 are related to Security Assurance, 2 are related to awareness and collaboration, and 2 are related to Security management. These results justify the need for research to make developing secure software smooth.
-
literature review of the challenges of developing secure software using the agile approach
Availability Reliability and Security, 2015Co-Authors: Hela Oueslati, Mohammad Masudur Rahman, Lotfi Ben OthmaneAbstract:A set of challenges of developing secure software using the agile development approach and methods are reported in the literature. This paper reports about a systematic literature review to identify these challenges and evaluates the causes of each of these challenges, with respect to the agile values, the agile principles, and the Security Assurance practices. We identified in this study 20 challenges, which are reported in 10 publications. We found that 14 of these challenges are valid and 6 are neither caused by the agile values and principles, nor by the Security Assurance practices. We also found that 2 of the the valid challenges are related to the software development life-cycle, 4are related to incremental development, 4 are related to Security Assurance, 2 are related to awareness and collaboration, and 2 are related to Security management. These results justify the need for research to make developing secure software smooth.
Aleksandar Hudic - One of the best experts on this subject based on the ideXlab platform.
-
Security Assurance assessment methodology for hybrid clouds
Computers & Security, 2017Co-Authors: Aleksandar Hudic, Paul Smith, Edgar WeipplAbstract:Abstract The emergence of the cloud computing paradigm has altered the delivery models for ICT services. Unfortunately, the widespread use of the cloud has a cost, in terms of reduced transparency and control over a user's information and services. In addition, there are a number of well-understood Security and privacy challenges that are specific to this environment. These drawbacks are particularly problematic to operators of critical information infrastructures that want to leverage the benefits of cloud. To improve transparency and provide Assurances that measures are in place to ensure Security, novel approaches to Security evaluation are needed. To evaluate the Security of services that are deployed in the cloud requires an evaluation of complex multi-layered systems and services, including their interdependencies. This is a challenging task that involves significant effort, in terms of both computational and human resources. With these challenges in mind, we propose a novel Security assessment methodology for analysing the Security of critical services that are deployed in cloud environments. Our methodology offers flexibility, in that tailored policy-driven Security assessments can be defined based on a user's requirements, relevant standards, policies, and guidelines. We have implemented and evaluated a system that supports online assessments using our methodology, which acquires and processes large volumes of Security-related data without affecting the performance of the services in a cloud environment.
Quang Hieu Vu - One of the best experts on this subject based on the ideXlab platform.
-
from Security to Assurance in the cloud a survey
ACM Computing Surveys, 2015Co-Authors: Claudio Agostino Ardagna, Ernesto Damiani, Rasool Asal, Quang Hieu VuAbstract:The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud’s level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud Security stands out. Several approaches to Security have been described and summarized in general surveys on cloud Security techniques. The survey in this article focuses on the interface between cloud Security and cloud Security Assurance. First, we provide an overview of the state of the art on cloud Security. Then, we introduce the notion of cloud Security Assurance and analyze its growing impact on cloud Security approaches. Finally, we present some recommendations for the development of next-generation cloud Security and Assurance solutions.
Kimkwang Raymond Choo - One of the best experts on this subject based on the ideXlab platform.
-
blockchain based anonymous authentication with key management for smart grid edge computing infrastructure
IEEE Transactions on Industrial Informatics, 2020Co-Authors: Jing Wang, Kimkwang Raymond ChooAbstract:Achieving low latency and providing real-time services are two of several key challenges in conventional cloud-based smart grid systems, and hence, there has been an increasing trend of moving to edge computing. While there have been a number of cryptographic protocols designed to facilitate secure communications in smart grid systems, existing protocols generally do not support conditional anonymity and flexible key management. Thus, in this article, we introduce a blockchain-based mutual authentication and key agreement protocol for edge-computing-based smart grid systems. Specifically, leveraging blockchain, the protocol can support efficient conditional anonymity and key management, without the need for other complex cryptographic primitives. The Security analysis shows that the protocol achieves reasonable Security Assurance, and the comparative summary for Security and efficiency also suggests the potential of the proposed protocol in a smart grid deployment.
