New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environme...New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environments,such as smart factories,digital healthcare,and smart grids,with increased security concerns.We intend to operate Security Orchestration,Automation and Response(SOAR)in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged.To facilitate the understanding of the security concern involved in this newly emerging area,we offer the definition of Internet of Blended Environment(IoBE)where various convergence environments are interconnected and the data analyzed in automation.We define Blended Threat(BT)as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE.We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process.The Security Orchestration,Automation,and Response(SOAR)part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data.SOAR is operated under Collaborative Units of Blended Environment(CUBE)which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.展开更多
The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define ...The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.展开更多
With respect to security, the use of various terminals in the mobile Internet environment is problematic.Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not ...With respect to security, the use of various terminals in the mobile Internet environment is problematic.Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service(Taa S). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.展开更多
In this paper,we present a WItness based Data priority mEchanism(WIDE)for vehicles in the vicinity of an accident to facilitate liability decisions.WIDE evaluates the integrity of data generated by these vehicles,call...In this paper,we present a WItness based Data priority mEchanism(WIDE)for vehicles in the vicinity of an accident to facilitate liability decisions.WIDE evaluates the integrity of data generated by these vehicles,called witnesses,in the event of an accident to assure the reliability of data to be used for making liability decisions and ensure that such data are received from credible witnesses.To achieve this,WIDE introduces a two-level integrity assessment to achieve end-to-end integrity by initially ascertaining the integrity of data-producing sensors,and validating that data generated have not been altered on transit by compromised road-side units(RSUs)by executing a practical byzantine fault tolerance(pBFT)protocol to reach consensus on data reliability.Furthermore,WIDE utilises a blockchain based reputation management system(BRMS)to ensure that only data from highly reputable witnesses are utilised as contributing evidence for facilitating liability decisions.Finally,we formally verify the proposed framework against data integrity requirements using the Automated Verification of Internet Security Protocols and Applications(AVISPA)with High-Level Protocol Specification Language(HLPSL).Qualitative arguments show that our proposed framework is secured against identified security attacks and assures the reliability of data utilised for making liability decisions,while quantitative evaluations demonstrate that our proposal is practical for fully autonomous vehicle forensics.展开更多
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.2021R1A2C2011391)and was supported by the Ajou University research fund.
文摘New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environments,such as smart factories,digital healthcare,and smart grids,with increased security concerns.We intend to operate Security Orchestration,Automation and Response(SOAR)in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged.To facilitate the understanding of the security concern involved in this newly emerging area,we offer the definition of Internet of Blended Environment(IoBE)where various convergence environments are interconnected and the data analyzed in automation.We define Blended Threat(BT)as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE.We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process.The Security Orchestration,Automation,and Response(SOAR)part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data.SOAR is operated under Collaborative Units of Blended Environment(CUBE)which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.
文摘The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.
基金supported by the National Natural Science Foundation of China (No. 61202431)the National High-Tech Research and Development (863) Program of China (No. 2013AA014702)+2 种基金Beijing Higher Education Young Elite Teacher Project (No. YETP0535)the Open Project Program of Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networksthe Scientific Research Foundation for the Returned Overseas Chinese Scholars, Ministry of Education
文摘With respect to security, the use of various terminals in the mobile Internet environment is problematic.Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service(Taa S). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.
文摘In this paper,we present a WItness based Data priority mEchanism(WIDE)for vehicles in the vicinity of an accident to facilitate liability decisions.WIDE evaluates the integrity of data generated by these vehicles,called witnesses,in the event of an accident to assure the reliability of data to be used for making liability decisions and ensure that such data are received from credible witnesses.To achieve this,WIDE introduces a two-level integrity assessment to achieve end-to-end integrity by initially ascertaining the integrity of data-producing sensors,and validating that data generated have not been altered on transit by compromised road-side units(RSUs)by executing a practical byzantine fault tolerance(pBFT)protocol to reach consensus on data reliability.Furthermore,WIDE utilises a blockchain based reputation management system(BRMS)to ensure that only data from highly reputable witnesses are utilised as contributing evidence for facilitating liability decisions.Finally,we formally verify the proposed framework against data integrity requirements using the Automated Verification of Internet Security Protocols and Applications(AVISPA)with High-Level Protocol Specification Language(HLPSL).Qualitative arguments show that our proposed framework is secured against identified security attacks and assures the reliability of data utilised for making liability decisions,while quantitative evaluations demonstrate that our proposal is practical for fully autonomous vehicle forensics.
