A Reference Model of Information Assurance &amp;amp;amp; Security

Cherdantseva, Yulia; Hilton, Jeremy

doi:10.1109/ares.2013.72

Cited by 147 publications

(99 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Traditionally, when discussing security of systems, CIA (Confidentiality, Integrity, Availability) are considered the properties of systems that we wish to protect Cherdantseva and Hilton (2013). Confidentiality relates to data or systems only being disclosed to appropriate parties.…”

Section: Related Workmentioning

confidence: 99%

Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Happa

Glencross²,

Steed

2019

Front. ICT

View full text Add to dashboard Cite

Collaborative Mixed-Reality (CMR) applications are gaining interest in a wide range of areas including games, social interaction, design and health-care. To date, the vast majority of published work has focused on display technology advancements, software, collaboration architectures and applications. However, the potential security concerns that affect collaborative platforms have received limited research attention. In this position paper, we investigate the challenges posed by cyber-security threats to CMR systems. We focus on how typical network architectures facilitating CMR and how their vulnerabilities can be exploited by attackers, and discuss the degree of potential social, monetary impacts, psychological and other harms that may result from such exploits. The main purpose of this paper is to provoke a discussion on CMR security concerns. We highlight insights from a cyber-security threat modelling perspective and also propose potential directions for research and development toward better mitigation strategies. We present a simple, systematic approach to understanding a CMR attack surface through an abstraction-based reasoning framework to identify potential attack vectors. Using this framework, security analysts, engineers, designers and users alike (stakeholders) can identify potential Indicators of Exposures (IoE) and Indicators of Compromise (IoC). Our framework allows stakeholders to reduce their CMR attack surface as well understand how Intrusion Detection System (IDS) approaches can be adopted for CMR systems. To demonstrate the validity to our framework, we illustrate several CMR attack surfaces through a set of use-cases. Finally, we also present a discussion on future directions this line of research should take.

show abstract

Section: Related Workmentioning

confidence: 99%

Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Happa

Glencross²,

Steed

2019

Front. ICT

View full text Add to dashboard Cite

show abstract

“…Inspired by these works, there are several approaches extending BPMN 2.0 with security specifications, eg, Salnitri et al and Cherdantseva. 23,39 While they provide, on the one hand, further security properties that are not supported by SecureBPMN, they all have in common that the access control specifications are very coarse-grained (only supporting simple RBAC models). In contrast, our approach allows the fine-grained specification of security requirements for single tasks or data objects.…”

Section: Related Workmentioning

confidence: 99%

Modelling, validating, and ranking of secure service compositions

et al. 2017

View full text Add to dashboard Cite

Summary In the world of large‐scale applications, software as a service (SaaS) in general and use of microservices, in particular, is bringing service‐oriented architectures to a new level: Systems in general and systems that interact with human users (eg, sociotechnical systems) in particular are built by composing microservices that are developed independently and operated by different parties. At the same time, SaaS applications are used more and more widely by enterprises as well as public services for providing critical services, including those processing security or privacy of relevant data. Therefore, providing secure and reliable service compositions is increasingly needed to ensure the success of SaaS solutions. Building such service compositions securely is still an unsolved problem. In this paper, we present a framework for modelling, validating, and ranking secure service compositions that integrate both automated services as well as services that interact with humans. As a unique feature, our approach for ranking services integrates validated properties (eg, based on the result of formally analysing the source code of a service implementation) as well as contractual properties that are part of the service level agreement and, thus, not necessarily ensured on a technical level.

show abstract

“…In the current digital age, numerous research papers and applications have been written and have developed proposed solutions to combat network based threats and to protect information systems. As a result, various security systems have emerged, which aim to ensure that the key goals of cybersecurity are met [1]. However, every day these stated security goals are flagrantly violated by breaches and security incidents, which raises questions about the capability of existing security systems.…”

Section: Introductionmentioning

confidence: 99%

Improving Intrusion Detection Model Prediction by Threshold Adaptation

Tobi

Duncan

2019

Information

View full text Add to dashboard Cite

Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these intrusion detection models. Specifically, this research studied the adaptability features of three well known machine learning algorithms: C5.0, Random Forest and Support Vector Machine. Each algorithm’s ability to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. Multiple IDS datasets were used for the analysis, including a newly generated dataset (STA2018). This research demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation traffic have different statistical properties. Tests were undertaken to analyse the effects of feature selection and data balancing on model accuracy when different significant features in traffic were used. The effects of threshold adaptation on improving accuracy were statistically analysed. Of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates.

show abstract

A Reference Model of Information Assurance &amp; Security

Cited by 147 publications

References 18 publications

Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Modelling, validating, and ranking of secure service compositions

Improving Intrusion Detection Model Prediction by Threshold Adaptation

Contact Info

Product

Resources

About