Brijender Kahanwal,Dr. Tejinder Pal Singh,Dr. R. K. Tuteja

DOI: https://doi.org/10.48550/arXiv.1311.3686

2013-11-13

Operating Systems

Abstract:Security is a critical issue of the modern file and storage systems, it is imperative to protect the stored data from unauthorized access. We have developed a file security system named as Java File Security System (JFSS) [1] that guarantee the security to files on the demand of all users. It has been developed on Java platform. Java has been used as programming language in order to provide portability, but it enforces some performance limitations. It is developed in FUSE (File System in User space) [3]. Many efforts have been done over the years for developing file systems in user space (FUSE). All have their own merits and demerits. In this paper we have evaluated the performance of Java File Security System (JFSS). Over and over again, the increased security comes at the expense of user convenience, performance or compatibility with other systems. JFSS system performance evaluations show that encryption overheads are modest as compared to security.

TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

Serguei A. Mokhov,Lee Wei Huynh,Jian Li,Farid Rassai

DOI: https://doi.org/10.48550/arXiv.1604.00025

2016-03-31

Cryptography and Security

Abstract:We present the design of something we call Confidentiality, Integrity and Authentication Sub-Frameworks, which are a part of a more general Java Data Security Framework (JDSF) designed to support various aspects related to data security (confidentiality, origin authentication, integrity, and SQL randomization). The JDSF was originally designed in 2007 for use in the two use-cases, MARF and HSQLDB, to allow a plug-in-like implementation of and verification of various security aspects and their generalization. The JDSF project explores secure data storage related issues from the point of view of data security in the two projects. A variety of common security aspects and tasks were considered in order to extract a spectrum of possible parameters these aspects require for the design an extensible frameworked API and its implementation. A particular challenge being tackled is an aggregation of diverse approaches and algorithms into a common set of Java APIs to cover all or at least most common aspects, and, at the same time keeping the framework as simple as possible. As a part of the framework, we provide the mentioned sub-frameworks' APIs to allow for the common algorithm implementations of the confidentiality, integrity, and authentication aspects for MARF's and HSQLDB's database(s). At the same time we perform a detailed overview of the related work and literature on data and database security that we considered as a possible input to design the JDSF.

Jiang Bian,Remzi Seker

DOI: https://doi.org/10.1016/j.compeleceng.2013.01.018

IF: 4.152

2013-01-01

Computers & Electrical Engineering

Abstract:The Jigsaw Distributed File System (JigDFS) aims to securely store and retrieve files on large scale networks. The design of JigDFS is driven by the privacy needs of its users. Files in JigDFS are sliced into small segments using an Information Dispersal Algorithm (IDA) and distributed onto different nodes recursively. JigDFS provides fault-tolerance against node failures while assuring confidentiality, integrity, and availability of the stored data. Layered encryption is applied to each file segment with keys produced by a hashed-key chain algorithm. Recursive IDA and layered encryption enhance users’ anonymity and provide a degree of plausible deniability. JigDFS is envisioned to be an ideal long-term storage solution for developing secure data archiving systems.

H Han,YF Dai,XM Li

DOI: https://doi.org/10.1002/cpe.839

2005-01-01

Concurrency and Computation Practice and Experience

Abstract:The CSFS (cryptographic storage file system) is a network file storage system that is suitable for a small‐to‐medium sized networks such as a campus network. In a CSFS, a lot of distributed file servers are organized in a star‐liked architecture. File names are stored in a name server and file data are stored in distributed file servers. A CSFS has good scalability and is able to accommodate hundreds of file servers. We implemented a CSFS in pure Java and tested the system with a benchmark. The test results show that CSFS delivers acceptable performance for general file operations. Its performance of file upload and download is as efficient as FTP. It can support more than 450 concurrent online users. Copyright © 2005 John Wiley & Sons, Ltd.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Khairul Muttaqin,J. Rahmadoni

DOI: https://doi.org/10.37385/JAETS.V1I2.78

2020-05-26

Journal of Applied Engineering and Technological Science (JAETS)

Abstract:The times has made human needs are increasing, including information needs. Therefore, sending and storing data through electronic media requires a process that is able to guarantee the security and integrity of the data that requires an encoding process. Encryption is the process of changing an original data into confidential data that cannot be read. Meanwhile, the decryption process is a process where the confidential data received will be converted back into the original data. In this case the Advanced Encryption Standard (AES) algorithm is used as the latest cryptographic algorithm standard. The previous algorithm was considered unable to answer the challenges of the development of communication technology very quickly. AES is a cryptographic algorithm using the Rijndael algorithm that can encrypt and decrypt blocks of data over 128 bits with a key length of 128 bits. In this study the application of AES as a file security system is carried out, where the encryption and decryption process is carried out on the file. In testing the system a trial is performed on all files with different file sizes and for the results of the encryption process (ciphertext) in the form of files with the file format with the *.encrypted extension.

Computer Science

Nizomiddin Ochilov

DOI: https://doi.org/10.37394/23202.2022.21.24

2022-11-24

WSEAS TRANSACTIONS ON SYSTEMS

Abstract:The relevance of this study is determined by insecure data storage on personal computers, as it is the main operating system that performs authentication and file access control. Bypassing these security rules is possible in case of using another open-source operating system on the same personal computer. The aim of this work is the research and development of file encryptors, disk encryptors and file system encryptors. Each of them has its shortcomings which manifest themselves during development. Combining the advantages of file encryptors and file system encryptors helped to overcome those shortcomings. The userspace filesystem library was used for this purpose. The study involved the methods aimed at designing and developing the Udev daemon file system for Linux using the OpenSSL library. The file system design was mathematically modelled and formally verified through a test parser. The file system also has its own authentication and authorization procedures to provide uniform access across multiple operating systems. The Udev daemon file system is the result of this work. Each file is encrypted with a separate key to protect against cryptanalysis. This key is encrypted with the owner’s private key, thereby enabling him/her to change the ownership. The passphrase is used to decrypt the user’s private key. The developed file system has passed authentication and access control testing successfully. The file system shows best performance with file sizes 1 KB to 256 MB. Encryption-caused performance degradation was also measured and found to be within acceptable limits. This Udev daemon stackable file system is available for all Unix clones with OpenSSL libraries. The prospects for further work are the development of a file system using several combined methods from a list of existing design and development methods for file systems.

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P. Syam

DOI: https://doi.org/10.48550/arXiv.1203.6214

2012-03-28

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P Syam

DOI: https://doi.org/10.48550/arXiv.1204.0240

2012-04-02

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security,Software Engineering

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan

DOI: https://doi.org/10.48550/arXiv.1203.6622

2012-03-29

Abstract:Security is a hot issue to be discussed, ranging from business activities, correspondence, banking and financial activities; it requires prudence and high precision. Since information security has a very important role in supporting activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter, more structured, high precision and measured forecasting.

Cryptography and Security,Software Engineering

Ariessa Davaindran Lingham,Nelson Tang Kwong Kin,Chen Wan Jing,Chong Heng Loong,Fatima-tuz-Zahra

DOI: https://doi.org/10.48550/arXiv.2012.13108

2020-12-24

Abstract:Security holds an important role in a software. Most people are not aware of the significance of security in software system and tend to assume that they will be fine without security in their software systems. However, the lack of security features causes to expose all the vulnerabilities possible to the public. This provides opportunities for the attackers to perform dangerous activities to the vulnerable insecure systems. This is the reason why many organizations are reported for being victims of system security attacks. In order to achieve the security requirement, developers must take time to study so that they truly understand the consequences and importance of security. Hence, this paper is written to discuss how secure software development can be performed. To reach the goal of this paper, relevant researches have been reviewed. Multiple case study papers have been studied to find out the answers to how the vulnerabilities are identified, how to eliminate them, when to implement security features, why do we implement them. Finally, the paper is concluded with final remarks on implementation of security features during software development process. It is expected that this paper will be a contribution towards the aforementioned software security domain which is often ignored during practical application.

Software Engineering

Jin Wang,Zishan Huang,Hui Xiao,Yinhao Xiao

DOI: https://doi.org/10.48550/arXiv.2307.15915

2023-07-29

Abstract:Software vulnerabilities pose significant risks to computer systems, impacting our daily lives, productivity, and even our health. Identifying and addressing security vulnerabilities in a timely manner is crucial to prevent hacking and data breaches. Unfortunately, current vulnerability identification methods, including classical and deep learning-based approaches, exhibit critical drawbacks that prevent them from meeting the demands of the contemporary software industry. To tackle these issues, we present JFinder, a novel architecture for Java vulnerability identification that leverages quad self-attention and pre-training mechanisms to combine structural information and semantic representations. Experimental results demonstrate that JFinder outperforms all baseline methods, achieving an accuracy of 0.97 on the CWE dataset and an F1 score of 0.84 on the PROMISE dataset. Furthermore, a case study reveals that JFinder can accurately identify four cases of vulnerabilities after patching.

Cryptography and Security

Asif Imran

DOI: https://doi.org/10.1007/978-3-031-36597-3

2023-10-23

Abstract:Software security requirements have been traditionally considered as a non-functional attribute of the software. However, as more software started to provide services online, existing mechanisms of using firewalls and other hardware to secure software have lost their applicability. At the same time, under the current world circumstances, the increase of cyber-attacks on software is ever increasing. As a result, it is important to consider the security requirements of software during its design. To design security in the software, it is important to obtain the views of the developers and managers of the software. Also, it is important to evaluate if their viewpoints match or differ regarding the security. Conducting this communication through a specific model will enable the developers and managers to eliminate any doubts on security design and adopt an effective strategy to build security into the software. In this paper, we analyzed the viewpoints of developers and managers regarding their views on security design. We interviewed a team of 7 developers and 2 managers, who worked in two teams to build a real-life software product that was recently compromised by a cyber-attack. We obtained their views on the reasons for the successful attack by the malware and took their recommendations on the important aspects to consider regarding security. Based on their feedback, we coded their open-ended responses into 4 codes, which we recommended using for other real-life software as well.

Software Engineering,Cryptography and Security,Computers and Society

Dr. Shishir Kumar,U.S. Rawat,Sameer Kumar Jasra,Akshay Kumar Jain

DOI: https://doi.org/10.48550/arXiv.0908.0551

2009-08-05

Abstract:The Encrypted File System (EFS) pushes encryption services into the file system itself. EFS supports secure storage at the system level through a standard UNIX file system interface to encrypted files. User can associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; clear text is never stored on a disk or sent to a remote file server. EFS can use any available file system for its underlying storage without modifications, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. Performance is an important factor to users since encryption can be time consuming. This paper describes the design and implementation of EFS in user space using faster cryptographic algorithms on UNIX Operating system. Implementing EFS in user space makes it portable and flexible; Kernel size will also not increase resulting in more reliable & efficient Operating System. Encryption techniques for file system level encryption are described, and general issues of cryptographic system interfaces to support routine secure computing are discussed.

Cryptography and Security

Jinsheng Sun,Shaobo Li,Jun Xu,Jikun Huang

DOI: https://doi.org/10.48550/arxiv.2204.12590

2022-01-01

Abstract:This paper presents a systematic study on the security of modern file systems, following a vulnerability-centric perspective. Specifically, we collected 377 file system vulnerabilities committed to the CVE database in the past 20 years. We characterize them from four dimensions that include why the vulnerabilities appear, how the vulnerabilities can be exploited, what consequences can arise, and how the vulnerabilities are fixed. This way, we build a deep understanding of the attack surfaces faced by file systems, the threats imposed by the attack surfaces, and the good and bad practices in mitigating the attacks in file systems. We envision that our study will bring insights towards the future development of file systems, the enhancement of file system security, and the relevant vulnerability mitigating solutions.

Sam Wen Ping,Jeffrey Cheok Jun Wah,Lee Wen Jie,Jeremy Bong Yong Han,Saira Muzafar

2023-11-18

Abstract:In recent years, technology has advanced considerably with the introduction of many systems including advanced robotics, big data analytics, cloud computing, machine learning and many more. The opportunities to exploit the yet to come security that comes with these systems are going toe to toe with new releases of security protocols to combat this exploitation to provide a secure system. The digitization of our lives proves to solve our human problems as well as improve quality of life but because it is digitalized, information and technology could be misused for other malicious gains. Hackers aim to steal the data of innocent people to use it for other causes such as identity fraud, scams and many more. This issue can be corrected during the software development life cycle, integrating security across the development phases, and testing of the software is done early to reduce the number of vulnerabilities that might or might not heavily impact an organisation depending on the range of the attack. The goal of a secured system software is to prevent such exploitations from ever happening by conducting a system life cycle where through planning and testing is done to maximise security while maintaining functionality of the system. In this paper, we are going to discuss the recent trends in security for system development as well as our predictions and suggestions to improve the current security practices in this industry.

Cryptography and Security,Software Engineering

Madan Solanki,Prof. (Dr.) Vrinda Tokekar,,

DOI: https://doi.org/10.35940/ijitee.l9324.11111222

2022-11-30

International Journal of Innovative Technology and Exploring Engineering

Abstract:Cloud applications are becoming a necessary part of modern life. Security is one of the most important non-functional requirements of every solution. Early days, security and data privacy was just luxury part of software development and it was an optional requirement but nowadays it plays a critical role in daily life. The presented work will be made to observe the need for symmetric security algorithms in Cloud application with Amazon web service. This work observes that the current security level of existing applications recommend improved security solutions to enhance the security level as well performance of proposed architecture. This work recommends Blowfish, RC6 algorithm (symmetric key cryptography) can be used to achieve confidentiality during communication Amazon web service Platform. It also considers the MD5 algorithm to maintain the integrity and modified Kerberos algorithm to achieve authentication. The complete work will propose a security architecture having solution to achieve confidentiality, integrity with strong authentication policy for Cloud application development in Amazon web service. The strong security architecture provide for data and minimum executive time in upload and download file, different key size, file size and chunking size in file. File size divided into chunk 512 bit, 1024 bit, 2048 bit after process in Amazon web service, we are found the optimum time are chunking file size 2048 bits reduce time in encryption and decryption data process and maintain strong security data file in communication including file size 5, 10, 15 and 20 Megabyte.

Jason Slaughter,Syed Shawon M. Rahman

DOI: https://doi.org/10.48550/arXiv.1111.1772

2011-11-07

Cryptography and Security

Abstract:The Department of Defense has a need for an identity management system that uses two factor authentications to ensure that only the correct individuals get access to their top secret flight simulator program. Currently the Department of Defense does not have a web interface sign in system. We will be creating a system that will allow them to access their programs, back office and administrator functions remotely. A security plan outlining our security architecture will be delivered prior to the final code roll out. The plan will include responses to encryption used and the security architecture applied in the final documentation. The code will be delivered in phases to work out any issues that may occur during the implementation

Brijender Kahanwal

DOI: https://doi.org/10.48550/arXiv.1403.5976

2014-03-21

Abstract:In this article, the file system development design approaches are discussed. The selection of the file system design approach is done according to the needs of the developers what are the needed requirements and specifications for the new design. It allowed us to identify where our proposal fitted in with relation to current and past file system development. Our experience with file system development is limited so the research served to identify the different techniques that can be used. The variety of file systems encountered show what an active area of research file system development is. The file systems may be from one of the two fundamental categories. In one category, the file system is developed in user space and runs as a user process. Another file system may be developed in the kernel space and runs as a privileged process. Another one is the mixed approach in which we can take the advantages of both aforesaid approaches. Each development option has its own pros and cons. In this article, these design approaches are discussed.

Operating Systems