P. Pattnaik,Mrinmoy Ganguly,S. Mohanty

Abstract:Cloud Computing Environment fulfils the computational requirements of individual, small organizations and large organizations with minimum cost. Generally, the data are the asset of the owners and the owner always concern about the security issue which they generally face while storing their data in the cloud. Once the data are stored in cloud, user loses his control over the data. Thus, the major security issues are to maintain data confidentiality(C), integrity(I) and availability(A) which forms the CIA triad. If CIA triad can be implemented in Cloud Computing Environment then Cloud Service Provider will be held accountable for cloud user's data confidentiality, integrity and availability. This paper addresses the availability issue which is not addressed in existing research paper to achieve accountability in Cloud.

Computer Science

Kar Yee Chai,Mohamad Fadli Zolkipli

DOI: https://doi.org/10.37134/jictie.vol8.2.4.2021

2021-07-13

Journal Of ICT In Education

Abstract:Information security is very significant needs to be secured due to people relying on networks and communication. Therefore, protecting information is a major challenge with the number of users increases rapidly in recent years. The aim of this article is to review Confidentiality, Integrity and Availability (CIA) in information security. This article focuses on the issues of information security and the requirements of information security. The articles, journals and conference papers are reviewed by researchers were published in 2016-2021. Security issues are analyzed in the recent methodologies. The result of the relationship between CIA in each information security requirement is at a moderate level. It is suggested cybersecurity risk awareness program for society is needed. Therefore, every user could get full advantages in networks and digital platforms.

Robson de Oliveira Albuquerque,Luis Javier García Villalba,Ana Lucila Sandoval Orozco,Fábio Buiati,Tai-Hoon Kim

DOI: https://doi.org/10.3390/s141222754

2014-12-01

Abstract:Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

P Swapna,S Fazila,K Hanumanthu Naik,G Amrutha vani,B Reddaiah,,,,,

DOI: https://doi.org/10.35940/ijeat.a3841.1012122

2022-10-30

International Journal of Engineering and Advanced Technology

Abstract:Any untoward incident occurs while transmitting data digitally may lead to threats whenever the data is transmitted to malicious destination unknowingly, there arises a question of data integrity. In this scenario cryptography plays a crucial role in ensuring the users both confidentiality and integrity while transmitting of data over various network platform, supporting with the algorithms like AES, hashing etc., to ensure end user safety. In this paper, an improved hybrid cryptography system which is a combination of message digest and symmetric key algorithm is being incorporated. This proposed system provides confidentiality as well as integrity.

Heidi Howard,Fritz Alder,Edward Ashton,Amaury Chamayou,Sylvan Clebsch,Manuel Costa,Antoine Delignat-Lavaud,Cedric Fournet,Andrew Jeffery,Matthew Kerner,Fotios Kounelis,Markus A. Kuppe,Julien Maffre,Mark Russinovich,Christoph M. Wintersteiger

2023-10-18

Abstract:Confidentiality, integrity protection, and high availability, abbreviated to CIA, are essential properties for trustworthy data systems. The rise of cloud computing and the growing demand for multiparty applications however means that building modern CIA systems is more challenging than ever. In response, we present the Confidential Consortium Framework (CCF), a general-purpose foundation for developing secure stateful CIA applications. CCF combines centralized compute with decentralized trust, supporting deployment on untrusted cloud infrastructure and transparent governance by mutually untrusted parties. CCF leverages hardware-based trusted execution environments for remotely verifiable confidentiality and code integrity. This is coupled with state machine replication backed by an auditable immutable ledger for data integrity and high availability. CCF enables each service to bring its own application logic, custom multiparty governance model, and deployment scenario, decoupling the operators of nodes from the consortium that governs them. CCF is open-source and available now at <a class="link-external link-https" href="https://github.com/microsoft/CCF" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Suhail Qadir,S. Quadri

DOI: https://doi.org/10.4236/JIS.2016.73014

2016-04-01

Abstract:This paper presents an in-depth understanding of Availability, which is one of the important pillars of Information Security and yet is not taken too seriously while talking about the security of an information system. The paper highlights the importance of Availability w.r.t. Security of information and the other attributes of security and also gives a realistic shape to the existing CIA triad security model. An in-depth understanding of the various factors that can impact the Availability of an information system (Software, Hardware and Network) is given. The paper also gives a categorization of the type of Availability that a system can have. The paper also explains the relation between Availability and other security attributes and also explains through what issues an information system may go while providing Availability.

Computer Science

Hussain Ahmad,Isuru Dharmadasa,Faheem Ullah,M. Ali Babar

DOI: https://doi.org/10.1145/3558001

2022-01-31

Abstract:Command, Control, Communication, and Intelligence (C3I) systems are increasingly used in critical civil and military domains for achieving information superiority, operational efficacy, and greater situational awareness. Unlike traditional systems facing widespread cyber-attacks, the sensitive nature of C3I tactical operations make their cybersecurity a critical concern. For instance, tampering or intercepting confidential information in military battlefields not only damages C3I operations, but also causes irreversible consequences such as loss of human lives and mission failures. Therefore, C3I systems have become a focal point for cyber adversaries. Moreover, technological advancements and modernization of C3I systems have significantly increased the potential risk of cyber-attacks on C3I systems. Consequently, cyber adversaries leverage highly sophisticated attack vectors to exploit security vulnerabilities in C3I systems. Despite the burgeoning significance of cybersecurity for C3I systems, the existing literature lacks a comprehensive review to systematize the body of knowledge on C3I systems' security. Therefore, in this paper, we have gathered, analyzed, and synthesized the state-of-the-art on the cybersecurity of C3I systems. In particular, this paper has identified security vulnerabilities, attack vectors, and countermeasures/defenses for C3I systems. Furthermore, our survey has enabled us to: (i) propose a taxonomy for security vulnerabilities, attack vectors and countermeasures; (ii) interrelate attack vectors with security vulnerabilities and countermeasures; and (iii) propose future research directions for advancing the state-of-the-art on the cybersecurity of C3I systems.

Cryptography and Security,Systems and Control

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Craig A. Horne,Atif Ahmad,Sean B. Maynard

DOI: https://doi.org/10.48550/arXiv.1606.03528

2016-06-11

Abstract:Dependence on information, including for some of the world's largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences continue to indicate that attacks are still escalating on organisations when conducting these information-based activities. Clearly, more research is needed to better understand how organisations should formulate strategy to secure their information. Through a thematic review of academic security literature, we (1) analyse the antecedent conditions that motivate the potential adoption of a comprehensive information security strategy, (2) the current perspectives of strategy and (3) the yields and benefits that could be enjoyed post-adoption. Our contributions include a definition of information security strategy. We argue for a paradigm shift to extend from internally-focussed protection of organisation-wide information towards a strategic view that considers the inter-organisational level. Our findings are then used to suggest future research directions.

Computers and Society,Cryptography and Security

David W. Chadwick,Wenjun Fan,Gianpiero Costantino,Rogerio de Lemos,Francesco Di Cerbo,Ian Herwono,Mirko Manea,Paolo Mori,Ali Sajjad,Xiao-Si Wang

DOI: https://doi.org/10.1016/j.future.2019.06.026

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:Cyber-attacks affect every aspect of our lives. These attacks have serious consequences, not only for cyber-security, but also for safety, as the cyber and physical worlds are increasingly linked. Providing effective cyber-security requires cooperation and collaboration among all the entities involved. Increasing the amount of cyber threat information (CTI) available for analysis allows better prediction, prevention and mitigation of cyber-attacks. However, organizations are deterred from sharing their CTI over concerns that sensitive and confidential information may be revealed to others. We address this concern by providing a flexible framework that allows the confidential sharing of CTI for analysis between collaborators. We propose a five-level trust model for a cloud-edge based data sharing infrastructure. The data owner can choose an appropriate trust level and CTI data sanitization approach, ranging from plain text, through anonymization/pseudonymization to homomorphic encryption, in order to manipulate the CTI data prior to sharing it for analysis. Furthermore, this sanitization can be performed by either an edge device or by the cloud service provider, depending upon the level of trust the organization has in the latter. We describe our trust model, our cloud-edge infrastructure, and its deployment model, which are designed to satisfy the broadest range of requirements for confidential CTI data sharing. Finally we briefly describe our implementation and the testing that has been carried out so far by four pilot projects that are validating our infrastructure.

Dincy R. Arikkat,Mert Cihangiroglu,Mauro Conti,Rafidha Rehiman K. A.,Serena Nicolazzo,Antonino Nocera,Vinod P

2024-06-20

Abstract:The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality, and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. An extensive experimental campaign demonstrates our framework's correctness and performance, and the detailed attack model discusses its robustness against attacks in the context of data and model quality.

Cryptography and Security

Linan Huang,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.2301.05920

2023-01-14

Cryptography and Security

Abstract:Human cognitive capacities and the needs of human-centric solutions for "Industry 5.0" make humans an indispensable component in Cyber-Physical Systems (CPSs), referred to as Human-Cyber-Physical Systems (HCPSs), where AI-powered technologies are incorporated to assist and augment humans. The close integration between humans and technologies in Section 1.1 and cognitive attacks in Section 1.2.4 poses emerging security challenges, where attacks can exploit vulnerabilities of human cognitive processes, affect their behaviors, and ultimately damage the HCPS. Defending HCPSs against cognitive attacks requires a new security paradigm, which we refer to as "cognitive security" in Section 1.2.5. The vulnerabilities of human cognitive systems and the associated methods of exploitation distinguish cognitive security from "cognitive reliability" and give rise to a distinctive CIA triad, as shown in Sections 1.2.5.1 and 1.2.5.2, respectively. Section 1.2.5.3 introduces cognitive and technical defense methods that deter the kill chain of cognitive attacks and achieve cognitive security. System scientific perspectives in Section 1.3 offer a promising direction to address the new challenges of cognitive security by developing quantitative, modular, multi-scale, and transferable solutions.

Johann Rehberger

2024-12-09

Abstract:The CIA security triad - Confidentiality, Integrity, and Availability - is a cornerstone of data and cybersecurity. With the emergence of large language model (LLM) applications, a new class of threat, known as prompt injection, was first identified in 2022. Since then, numerous real-world vulnerabilities and exploits have been documented in production LLM systems, including those from leading vendors like OpenAI, Microsoft, Anthropic and Google. This paper compiles real-world exploits and proof-of concept examples, based on the research conducted and publicly documented by the author, demonstrating how prompt injection undermines the CIA triad and poses ongoing risks to cybersecurity and AI systems at large.

Cryptography and Security,Artificial Intelligence,Machine Learning

Mana Saleh Al Reshan

DOI: https://doi.org/10.3991/ijim.v15i24.27333

2021-12-21

International Journal of Interactive Mobile Technologies (iJIM)

Abstract:Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices.

Markus Borg,José-Luis de la Vara,Krzysztof Wnuk

DOI: https://doi.org/10.48550/arXiv.1605.07105

2016-05-24

Abstract:Safety standards prescribe change impact analysis (CIA) during evolution of safety-critical software systems. Although CIA is a fundamental activity, there is a lack of empirical studies about how it is performed in practice. We present a case study on CIA in the context of an evolving automation system, based on 14 interviews in Sweden and India. Our analysis suggests that engineers on average spend 50-100 hours on CIA per year, but the effort varies considerably with the phases of projects. Also, the respondents presented different connotations to CIA and perceived the importance of CIA differently. We report the most pressing CIA challenges, and several ideas on how to support future CIA. However, we show that measuring the effect of such improvement solutions is non-trivial, as CIA is intertwined with other development activities. While this paper only reports preliminary results, our work contributes empirical insights into practical CIA.

Software Engineering

Hussein A Abbass,Eleni Petraki,Kathryn Merrick,John Harvey,Michael Barlow

DOI: https://doi.org/10.1007/s12559-015-9365-5

Abstract:This paper considers two emerging interdisciplinary, but related topics that are likely to create tipping points in advancing the engineering and science areas. Trusted Autonomy (TA) is a field of research that focuses on understanding and designing the interaction space between two entities each of which exhibits a level of autonomy. These entities can be humans, machines, or a mix of the two. Cognitive Cyber Symbiosis (CoCyS) is a cloud that uses humans and machines for decision-making. In CoCyS, human-machine teams are viewed as a network with each node comprising humans (as computational machines) or computers. CoCyS focuses on the architecture and interface of a Trusted Autonomous System. This paper examines these two concepts and seeks to remove ambiguity by introducing formal definitions for these concepts. It then discusses open challenges for TA and CoCyS, that is, whether a team made of humans and machines can work in fluid, seamless harmony.

Jens Wegener

DOI: https://doi.org/10.1080/16161262.2019.1697539

2019-12-19

Journal of Intelligence History

Abstract:In the summer of 1967, with antiwar and civil rights protests dominating the news, U.S. president Lyndon B. Johnson tasked law enforcement and intelligence agencies with investigating links between domestic civil unrest and foreign governments, particularly the Soviet Union. One of the outcomes was HYDRA, a CIA-led counter-intelligence database intended to leverage novel digital information technology to uncover previously unseen links to foreign threats. The paper argues that conceptualizing HYDRA as technological system which mobilized resources from across the federal government as well as from foreign partner agencies, allows us to raise larger questions about the impact of information technology on intelligence work: How did computer technology change everyday practices within intelligence and security services? Did public opposition to computerization efforts contribute to a critical discourse within Western societies associating security databases with attacks on freedom and democracy? Did the use of computers contribute to a new culture of security that shifted attention from great power rivalries to technological, networked or transnational threats which became characteristic of the Information Age?

Christian Berghoff,Matthias Neu,Arndt von Twickel

DOI: https://doi.org/10.48550/arXiv.2003.08837

2020-03-18

Cryptography and Security

Abstract:This article deals with the IT security of connectionist artificial intelligence (AI) applications, focusing on threats to integrity, one of the three IT security goals. Such threats are for instance most relevant in prominent AI computer vision applications. In order to present a holistic view on the IT security goal integrity, many additional aspects such as interpretability, robustness and documentation are taken into account. A comprehensive list of threats and possible mitigations is presented by reviewing the state-of-the-art literature. AI-specific vulnerabilities such as adversarial attacks and poisoning attacks as well as their AI-specific root causes are discussed in detail. Additionally and in contrast to former reviews, the whole AI supply chain is analysed with respect to vulnerabilities, including the planning, data acquisition, training, evaluation and operation phases. The discussion of mitigations is likewise not restricted to the level of the AI system itself but rather advocates viewing AI systems in the context of their supply chains and their embeddings in larger IT infrastructures and hardware devices. Based on this and the observation that adaptive attackers may circumvent any single published AI-specific defence to date, the article concludes that single protective measures are not sufficient but rather multiple measures on different levels have to be combined to achieve a minimum level of IT security for AI applications.

George Grispos,William Bradley Glisson,Tim Storer

DOI: https://doi.org/10.48550/arXiv.1408.2431

2014-08-11

Cryptography and Security

Abstract:In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.