TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

Jinfei Liu,Li Xiong,Jun Luo

DOI: https://doi.org/10.1145/2457317.2457340

2013-01-01

Abstract:In this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three variants of the representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure multi-party computation setting, and prove they are equivalent. To the best of our knowledge, this is the first work that illustrates the relationships of these privacy definitions and unifies them through one framework.

SQ Wang,L Chen,GC Chen

DOI: https://doi.org/10.1109/cacwd.2004.1348985

2003-01-01

Abstract:In the recent years, the hardware technology, high bandwidth network and 3D graphics systems bring the virtual reality (VR) technology into a new field: collaborative virtual environment (CVE). This field's goal is to use computers as tools for communication and information share. CVE is different from distributed virtual environment (DVE), it concerns more about the collaboration and the consistency in the cooperative work. And Java 3D is a new 3D technology, it offers a simple way to build up other virtual environments, and make the cooperation between the users easier to realize and control. By leveraging the inherent strengths of the Java language, Java 3D technology extends the concept of "write once, run anywhere" to 3D graphics applications, which makes the applications be independent of the hardware and software plat flat. So we put forward a new framework of the CVE system based on Java 3D technology. In this framework, we give a system architecture to realize scalability, persistence, consistency, and other requirements in CVE, and further more, it can realize complex cooperative works.

Jiang Bian,Remzi Seker

DOI: https://doi.org/10.1016/j.compeleceng.2013.01.018

IF: 4.152

2013-01-01

Computers & Electrical Engineering

Abstract:The Jigsaw Distributed File System (JigDFS) aims to securely store and retrieve files on large scale networks. The design of JigDFS is driven by the privacy needs of its users. Files in JigDFS are sliced into small segments using an Information Dispersal Algorithm (IDA) and distributed onto different nodes recursively. JigDFS provides fault-tolerance against node failures while assuring confidentiality, integrity, and availability of the stored data. Layered encryption is applied to each file segment with keys produced by a hashed-key chain algorithm. Recursive IDA and layered encryption enhance users’ anonymity and provide a degree of plausible deniability. JigDFS is envisioned to be an ideal long-term storage solution for developing secure data archiving systems.

Brijender Kahanwal,Tejinder Pal Singh

DOI: https://doi.org/10.48550/arXiv.1312.1817

2013-12-06

Software Engineering

Abstract:A Java File Security System (JFSS) [1] has been developed by us. That is an ecrypted file system. It is developed by us because there are so many file data breaches in the past and current history and they are going to increase day by day as the reports by DataLossDB (Open Security Foundation) organization, a non-profit organization in US so it is. The JFSS is evaluated regarding the two software engineering approaches. One of them is size metric that is Lines of Code (LOC) in the software product development. Another approach is the customer oriented namely User Satisfaction Testing methodology. Satisfying our customers is an essential element to stay in business in modern world of global competition. We must satisfy and even delight our customers with the value of our software products and services to gain their loyalty and repeat business. Customer satisfaction is therefore a primary goal of process improvement programs as well as quality predictions of our software. With the help of User Satisfaction Index that is calculated for many parameters regarding the customer satisfaction. Customer Satisfaction Surveys are the best way to find the satisfaction level of our product quality.

Michael Backes,Sven Bugiel,Sebastian Gerling,Philipp von Styp-Rekowsky

DOI: https://doi.org/10.48550/arXiv.1404.1395

2014-04-04

Cryptography and Security

Abstract:We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android's software stack. ASF provides a novel security API that supports authors of Android security extensions in developing their modules. This overcomes the current unsatisfactory situation to provide security solutions as separate patches to the Android software stack or to embed them into Android's mainline codebase. As a result, ASF provides different practical benefits such as a higher degree of acceptance, adaptation, and maintenance of security solutions than previously possible on Android. We present a prototypical implementation of ASF and demonstrate its effectiveness and efficiency by modularizing different security models from related work, such as context-aware access control, inlined reference monitoring, and type enforcement.

Brijender Kahanwal,Dr. Tejinder Pal Singh,Dr. R. K. Tuteja

DOI: https://doi.org/10.48550/arXiv.1311.3686

2013-11-13

Operating Systems

Abstract:Security is a critical issue of the modern file and storage systems, it is imperative to protect the stored data from unauthorized access. We have developed a file security system named as Java File Security System (JFSS) [1] that guarantee the security to files on the demand of all users. It has been developed on Java platform. Java has been used as programming language in order to provide portability, but it enforces some performance limitations. It is developed in FUSE (File System in User space) [3]. Many efforts have been done over the years for developing file systems in user space (FUSE). All have their own merits and demerits. In this paper we have evaluated the performance of Java File Security System (JFSS). Over and over again, the increased security comes at the expense of user convenience, performance or compatibility with other systems. JFSS system performance evaluations show that encryption overheads are modest as compared to security.

Yinbin Miao,Qiuyun Tong,Kim-Kwang Raymond Choo,Ximeng Liu,Robert H. Deng,Hongwei Li

DOI: https://doi.org/10.1109/jiot.2019.2923068

IF: 10.6

2019-10-01

IEEE Internet of Things Journal

Abstract:Ciphertext-policy attribute-based keyword search (CP-ABKS) schemes facilitate the fine-grained keyword search over encrypted data, such as those sensed/collected from Industrial Internet of Things (IIoT) devices and stored in the cloud. However, existing CP-ABKS schemes generally have significant computation and storage requirements, which are beyond those of resource-constrained IIoT devices. Therefore, in this paper, we design a secure online/offline data sharing framework (DSF), which supports online/offline encryption and outsourced decryption. Using the healthcare setting as a case study, we demonstrate how DSF can be deployed in the cloud-assisted Healthcare IIoT (HealthIIoT) system. We not only prove that the DSF is selectively secure in the chosen access structure security model but also demonstrate its efficiency and feasibility in practical scenarios using experiments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Joanna F DeFranco,Joshua Roberts,David Ferraiolo,D Chris Compton

DOI: https://doi.org/10.1093/jamiaopen/ooae040

2024-05-15

JAMIA Open

Abstract:Objective: To address database interoperability challenges to improve collaboration among disparate organizations. Materials and methods: We developed a lightweight system to allow broad but well-controlled data sharing while preserving local data protection policies. We used 2 NIST-developed technologies-Next-generation Database Access Control (NDAC) and the Data Block Matrix (DBM)-to create a proof-of-concept system called the Secure Federated Data Sharing System (SFDS). NDAC controls access to database resources down to the field level based on attributes assigned to users. The DBM manages and shares authoritative user-attribute assignments across a federation of organizations, implemented using a modified open-source permissioned blockchain, to manage and share authoritative user-attribute assignments across a federation of organizations. We used synthetic data to demonstrate a clinical research data-sharing use case using the SFDS. Results: We demonstrated, through consent, the onboarding of previously unknown users into NDAC via assignments to their DBM-validated attributes, allowing those users policy-preserving access to local database resources. The SFDS main system components-NDAC and DBM-also showed excellent performance metrics. Discussion: The SFDS provides a generic data-sharing infrastructure that effectively and securely achieves data-sharing objectives. It is completely transparent to the otherwise normal business operations of participating organizations. It requires no changes to database management systems or existing methods of authenticating and authorizing local user access to local resources. Conclusion: This efficiency, flexibility of deployment, and granularity of control make this new infrastructure solution practical for meeting the data-sharing and protection objectives of the clinical research community.

Guoyou Chen,Jiajia Miao,Feng Xie,Handong Mao

DOI: https://doi.org/10.4028/www.scientific.net/amm.278-280.1767

2013-01-01

Applied Mechanics and Materials

Abstract:Cloud computing has been a hot researching area of computer network technology, since it was proposed in 2007. Cloud computing also has been envisioned as the next-generation architecture of IT Enterprise [1]. Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. It moves the application software and database to the large data centers, where the management of the data and services may not be fully trustworthy [2]. This poses many new security challenges. In this paper, we just focus on data storage security in the cloud, which has been the most important aspect of quality of service. To ensure the confidentiality and integrity of user's data in the cloud, and support of data dynamic operations, such as modification, insertion and deletion, we propose a framework for storage security, which includes cryptographic storage scheme and data structure. With our framework, the untrusted server cannot learn anything about the plaintext, and the dynamic operation can be finished in short time. The encryption algorithm and data storage structure is simple, and it's easy to maintain. Hence, our framework is practical to use today.

Vinod Kumar,Musheer Ahmad,Pankaj Kumar

DOI: https://doi.org/10.1007/978-981-13-1217-5_7

2018-09-08

Abstract:Big data raises a robust need for a network structure with the ability to support information retrieval and sharing. Many companies start to supply of big data services for Internet users and at the same time, these services also bring sever all security issues. Presently, the great part of big data set provides digital identity for users to use their services. At the moment, most of these systems use asymmetric and conventional public key cryptography (PKC) to give mutual authentication data security. However, existing authentication schemes trust commonly on the centralized servers to offer record and facilitation facilities for information retrieval. Pairing-free identity-based cryptography has some pull characteristics that gives the idea to healthy requirements in that scenario. The presented scheme is carried out in three phases and are as follows: initialization phase, registration phase and mutual authentication, and session key agreement phase. Detailed security analyzes have been made to authenticate big data server and user. Further, the paper has the resistance to possible attacks in this environment.

Praveen Sivadasan,P. Sojan Lal

DOI: https://doi.org/10.48550/arXiv.1205.4813

2012-05-22

Cryptography and Security

Abstract:Information security is protecting information from unauthorized access, use, disclosure, disruption, modification, perusal and destruction. CAIN model suggest maintaining the Confidentiality, Authenticity, Integrity and Non-repudiation (CAIN) of information. Oracle 8i, 9i and 11g Databases support SQLJ framework allowing embedding of SQL statements in Java Programs and providing programmer friendly means to access the Oracle database. As cloud computing technology is becoming popular, SQLJ is considered as a flexible and user friendly language for developing distributed applications in grid architectures. SQLJ source codes are translated to java byte codes and decompilation is generation of source codes from intermediate byte codes. The intermediate SQLJ application byte codes are open to decompilation, allowing a malicious reader to forcefully decompile it for understanding confidential business logic or data from the codes. To the best of our knowledge, strong and cost effective techniques exist for Oracle Database security, but still data security techniques are lacking for client side applications, giving possibility for revelation of confidential business data. Data obfuscation is hiding the data in codes and we suggest enhancing the data security in SQLJ source codes by data hiding, to mitigate disclosure of confidential business data, especially integers in distributed applications.

Shahnawaz Ahmad,Shabana Mehfuz,Shabana Urooj,Najah Alsubaie

DOI: https://doi.org/10.1007/s10586-024-04288-8

2024-02-19

Cluster Computing

Abstract:Ensuring the confidentiality, integrity, and availability of sensitive data in cloud environments relies heavily on the robust management of cryptographic keys. With the expansion of cloud usage and the increase in data volumes, ensuring the security and reliability of key management services is becoming an essential aspect of overall cloud security. These policies encompass various aspects, such as the lifecycle management of keys, controlling access, encryption protocols, and safeguarding keys, all of which collectively contribute to enhanced security and compliance with regulatory requirements. Two case studies demonstrate the application of existing frameworks in a financial institution and a healthcare organization. The paper concludes by highlighting potential applications and use cases across different industries. This study introduces a secure application management framework within the realm of cloud security called the secure policies of cloud security framework (SPCSF). SPCSF is built around the idea of implementing precise control over application permissions and encrypting REST API communications to enhance protection against malicious attacks. The framework is made up of two main parts: (i) a permission detection engine that determines whether an application's permissions are legitimate. By looking at permission manifests, byte codes, and cross-referencing permissions against a well-defined list of sensitive APIs, it accomplishes this. (ii) Registration Authorization Engine: this engine makes it easier for applications to register securely with the controller. It makes use of a suggested technique for safe authentication, allowing or denying applications access to requested REST APIs based on the level of danger they pose. With this strategy, approved and secure access to vital resources is guaranteed.

computer science, information systems, theory & methods

Nicolas Boltz,Sebastian Hahner,Christopher Gerking,Robert Heinrich

2024-03-14

Abstract:The growing interconnection between software systems increases the need for security already at design time. Security-related properties like confidentiality are often analyzed based on data flow diagrams (DFDs). However, manually analyzing DFDs of large software systems is bothersome and error-prone, and adjusting an already deployed software is costly. Additionally, closed analysis ecosystems limit the reuse of modeled information and impede comprehensive statements about a system's security. In this paper, we present an open and extensible framework for data flow analysis. The central element of our framework is our new implementation of a well-validated data-flow-based analysis approach. The framework is compatible with DFDs and can also extract data flows from the Palladio architectural description language. We showcase the extensibility with multiple model and analysis extensions. Our evaluation indicates that we can analyze similar scenarios while achieving higher scalability compared to previous implementations.

Software Engineering,Cryptography and Security

Nuno Alves,Raymond Hu,Nobuko Yoshida,Pierre-Malo Deniélou

DOI: https://doi.org/10.4204/EPTCS.69.1

2011-10-19

Abstract:The development of the SJ Framework for session-based distributed programming is part of recent and ongoing research into integrating session types and practical, real-world programming languages. SJ programs featuring session types (protocols) are statically checked by the SJ compiler to verify the key property of communication safety, meaning that parties engaged in a session only communicate messages, including higher-order communications via session delegation, that are compatible with the message types expected by the recipient. This paper presents current work on security aspects of the SJ Framework. Firstly, we discuss our implementation experience from improving the SJ Runtime platform with security measures to protect and augment communication safety at runtime. We implement a transport component for secure session execution that uses a modified TLS connection with authentication based on the Secure Remote Password (SRP) protocol. The key technical point is the delicate treatment of secure session delegation to counter a previous vulnerability. We find that the modular design of the SJ Runtime, based on the notion of an Abstract Transport for session communication, supports rapid extension to utilise additional transports whilst separating this concern from the application-level session programming task. In the second part of this abstract, we formally prove the target security properties by modelling the extended SJ delegation protocols in the pi-calculus.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Networking and Internet Architecture,Programming Languages

Amen Faridoon,M. Tahar Kechadi

DOI: https://doi.org/10.48550/arXiv.2307.06779

2023-07-13

Abstract:In today's highly connected society, we are constantly asked to provide personal information to retailers, voter surveys, medical professionals, and other data collection efforts. The collected data is stored in large data warehouses. Organisations and statistical agencies share and use this data to facilitate research in public health, economics, sociology, etc. However, this data contains sensitive information about individuals, which can result in identity theft, financial loss, stress and depression, embarrassment, abuse, etc. Therefore, one must ensure rigorous management of individuals' privacy. We propose, an advanced data privacy management architecture composed of three layers. The data management layer consists of de-identification and anonymisation, the access management layer for re-enforcing data access based on the concepts of Role-Based Access Control and the Chinese Wall Security Policy, and the roles layer for regulating different users. The proposed system architecture is validated on healthcare datasets.

Cryptography and Security

Zhuolin Mei,Jin Yu,Caicai Zhang,Bin Wu,Shimao Yao,Jiaoli Shi,Zongda Wu

DOI: https://doi.org/10.1016/j.is.2024.102343

IF: 3.18

2024-05-01

Information Systems

Abstract:Outsourcing data to the cloud offers various advantages, such as improved reliability, enhanced flexibility, accelerated deployment, and so on. However, data security concerns arise due to potential threats such as malicious attacks and internal misuse of privileges, resulting in data leakage. Data encryption is a recognized solution to address these issues and ensure data confidentiality even in the event of a breach. However, encrypted data presents challenges for common operations like access control and range queries. To address these challenges, this paper proposes Secure Multi-dimensional Data Retrieval with Access Control and Range Search in the Cloud (SMDR). In this paper, we propose SMDR policy, which supports both access control and range queries. The design of the SMDR policy cleverly utilizes the minimum and maximum points of buckets, enabling the SMDR policy is highly appropriate for supporting range queries on multi-dimensional data. Additionally, we have made modifications to Ciphertext Policy-Attribute Based Encryption (CP-ABE) to enable effective integration with the SMDR policy, and then constructed a secure index using the SMDR policy and CP-ABE. By utilizing the secure index, access control and range queries can be effectively supported over the encrypted multi-dimensional data. To evaluate the efficiency of SMDR, extensive experiments have been conducted. The experimental results demonstrate the effectiveness and suitability of SMDR in handling encrypted multi-dimensional data. Additionally, we provide a detailed security analysis of SMDR.

computer science, information systems

Mirador G. Labrador,Abegail Bordios,Weiyan Hou

DOI: https://doi.org/10.11591/ijeecs.v24.i2.pp780-788

2021-11-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The convergence of microelectronics and micromechanical system within a sensing device, the proliferation of wireless communication, and the use of software-driven equipment are already changing the landscape of the manufacturing industries. This situation compels the industries to adopt industrial internet of things (IIoT) systems and processes with the main objective-to improve the processes and increase production. However, it is undeniable that despite IIoT advantages, it posed significant issues on the security and privacy on industry automation especially along data generation and control system. Hence, this paper proposes a cloud based 3-tier data security framework that performs two-level security verification processes. The framework has been tested and validated using an experimental industry automation system and has been found to be functionally effective with an acceptable handoff delay.

Ji-shi ZHOU,Xiao-han ZHANG,Yuan ZHANG,Min YANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2019.02.022

2019-01-01

Abstract:As Java software becoming more and more sophisticated, developers increasingly rely on cryptographic libraries to protect application data. While cryptographic libraries are secure enough, the complicated Java cryptographic API is often misused, leading to some avoidable security problem. We propose SecureCrypto, an annotation-based framework to help developers securely using cryptographic APIs. SecureCrypto framework can generate code based on user parameters and scenario template, verify user code and raise errors during compile time. To simplify annotation developing, we implemented a template generator based on Java code. Security expert can quickly define newscenarios to extend SecureCrypto. From control experiment, we find that annotation can indeed help developers to write secure and reliable code, template generator is also a necessary tool for security experts to define newannotation scenarios.

Pardeep Kumar,An Braeken,Andrei Gurtov,Jari Iinatti,Phuong Hoai Ha

DOI: https://doi.org/10.1109/tifs.2016.2647225

IF: 7.231

2017-04-01

IEEE Transactions on Information Forensics and Security

Abstract:The smart home is an environment, where heterogeneous electronic devices and appliances are networked together to provide smart services in a ubiquitous manner to the individuals. As the homes become smarter, more complex, and technology dependent, the need for an adequate security mechanism with minimum individual's intervention is growing. The recent serious security attacks have shown how the Internet-enabled smart homes can be turned into very dangerous spots for various ill intentions, and thus lead the privacy concerns for the individuals. For instance, an eavesdropper is able to derive the identity of a particular device/appliance via public channels that can be used to infer in the life pattern of an individual within the home area network. This paper proposes an anonymous secure framework (ASF) in connected smart home environments, using solely lightweight operations. The proposed framework in this paper provides efficient authentication and key agreement, and enables devices (identity and data) anonymity and unlinkability. One-time session key progression regularly renews the session key for the smart devices and dilutes the risk of using a compromised session key in the ASF. It is demonstrated that computation complexity of the proposed framework is low as compared with the existing schemes, while security has been significantly improved.

computer science, theory & methods,engineering, electrical & electronic