- Table View
- List View
Securing the Digital Realm: Advances in Hardware and Software Security, Communication, and Forensics
by Oana Geman Muhammad Arif M. Arfan Jaffar Waseem AbbasiThis book, Securing the Digital Realm: Advances in Hardware and Software Security, Communication, and Forensics, is a comprehensive guide that explores the intricate world of digital security and forensics. As our lives become increasingly digital, understanding how to protect our digital assets, communication systems, and investigate cybercrimes is more crucial than ever. This book begins by laying a strong foundation in the fundamental concepts of hardware and software security. It explains the design of modern computer systems and networks to defend against a myriad of threats, from malware to data breaches, in clear and accessible language.One of the standout features of this book is its coverage of cutting-edge technologies like blockchain, artificial intelligence, and machine learning. It demonstrates how these innovations are used to enhance digital security and combat evolving threats.Key features of the book include: Comprehensive coverage of digital security, communication, and forensics Exploration of cutting-edge technologies and trends Emphasis on digital forensics techniques and tools Coverage of ethical and legal aspects of digital security Practical guidance for applying cybersecurity principles Additionally, the book highlights the importance of secure communication in the digital age, discussing encryption, secure messaging protocols, and privacy-enhancing technologies. It empowers readers to make informed decisions about protecting their online communications. Written by experts in the field, this book addresses the ethical and legal dimensions of digital security and forensics, providing readers with a comprehensive understanding of these complex topics. This book is essential reading for anyone interested in understanding and navigating the complexities of digital security and forensics.
Securing the Digital World: A Comprehensive Guide to Multimedia Security
by Aditya Kumar Sahu Subhrajyoti DebSecuring the Digital World: A Comprehensive Guide to Multimedia Security is indispensable reading in today's digital age. With the outbreak of digital range and ever-evolving cyber threats, the demand to protect multimedia data has never been more imperative. This book provides comprehensive research on multimedia information security and bridges the gap between theoretical bases and practical applications.Authored by leading experts in the area, the book focusses on cryptography, watermarking, steganography and its advanced security solution while keeping a clear and engaging description and sets this book apart in its capability to make complex concepts accessible and practical, making it an incalculable resource for beginners and seasoned professionals alike.Key Features: Detailed study of encryption techniques, including encryption and decryption methods adapted to multimedia data A comprehensive discussion of techniques for embedding and detecting hidden information in digital media A survey of the latest advances in multimedia security, including quantum cryptography and blockchain applications Real-world case studies and illustrations that demonstrate the application of multimedia information security techniques in various initiatives Contributions from computer science and information technology experts offer a comprehensive perspective on multimedia security This book is an invaluable help for cybersecurity professionals, IT professionals, and computer and information technology students. Securing the Digital World equips readers with the information and tools required to safeguard multimedia content in a cyber-spatiality full of security challenges.
Securing the Future through Sustainability, Health, Education, and Technology
by Rajiv Divekar Komal Chopra Smita Mehendale Pravin DangeOrganized on 13th–15th December 2023, The 14th Annual International Research Conference of the Symbiosis Institute of Management Studies, (SIMSARC 2023) is based on the theme “Securing the Future through Sustainability, Health, Education and Technology”. It focuses on the need for a holistic approach to address the present challenges of the world while envisioning a resilient and prosperous tomorrow. It discusses the interconnections between Sustainability, Health, Education and Technology in fostering long-term well-being and addresses challenges and future opportunities.
Securing the Future: Introduction to Zero Trust in Cybersecurity (SpringerBriefs in Applied Sciences and Technology)
by Vinayakumar Ravi Gururaj H L Spoorthi M Shreyas J Kumar Sekhar RoyThis book delves into the transformative concept of Zero Trust, challenging traditional notions of network security and advocating for a paradigm shift in cybersecurity strategies. Beginning with an exploration of the fundamentals behind Zero Trust and its core principles, the book progresses to practical insights on implementing Zero Trust networks and extending its principles to cloud environments. It addresses the crucial aspects of compliance and governance within the Zero Trust framework and provides real-world applications and case studies showcasing successful Zero Trust implementations. Furthermore, it underscores the importance of cultivating Zero Trust awareness throughout organizational culture to fortify security measures effectively. Highlighting both the challenges and the future potential of Zero Trust, this book offers a roadmap for organizations seeking to bolster their cybersecurity defenses amidst an evolving threat landscape.
Securing the Nation’s Critical Infrastructures: A Guide for the 2021-2025 Administration
by Drew SpanielSecuring the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help the United States Executive administration, legislators, and critical infrastructure decision-makers prioritize cybersecurity, combat emerging threats, craft meaningful policy, embrace modernization, and critically evaluate nascent technologies. The book is divided into 18 chapters that are focused on the critical infrastructure sectors identified in the 2013 National Infrastructure Protection Plan (NIPP), election security, and the security of local and state government. Each chapter features viewpoints from an assortment of former government leaders, C-level executives, academics, and other cybersecurity thought leaders. Major cybersecurity incidents involving public sector systems occur with jarringly frequency; however, instead of rising in vigilant alarm against the threats posed to our vital systems, the nation has become desensitized and demoralized. This publication was developed to deconstruct the normalization of cybersecurity inadequacies in our critical infrastructures and to make the challenge of improving our national security posture less daunting and more manageable. To capture a holistic and comprehensive outlook on each critical infrastructure, each chapter includes a foreword that introduces the sector and perspective essays from one or more reputable thought-leaders in that space, on topics such as: • The State of the Sector (challenges, threats, etc.) • Emerging Areas for Innovation • Recommendations for the Future (2021–2025) Cybersecurity Landscape ABOUT ICIT The Institute for Critical Infrastructure Technology (ICIT) is the nation’s leading 501(c)3 cybersecurity think tank providing objective, nonpartisan research, advisory, and education to legislative, commercial, and public-sector stakeholders. Its mission is to cultivate a cybersecurity renaissance that will improve the resiliency of our Nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders. ICIT programs, research, and initiatives support cybersecurity leaders and practitioners across all 16 critical infrastructure sectors and can be leveraged by anyone seeking to better understand cyber risk including policymakers, academia, and businesses of all sizes that are impacted by digital threats.
Securing the Perimeter
by Michael Schwartz Maciej MachulakLeverage existing free open source software to build an identity and access management (IAM) platform that can serve your organization for the long term. With the emergence of open standards and open source software, it’s now easier than ever to build and operate your own IAM stack.The most common culprit of the largest hacks has been bad personal identification. In terms of bang for your buck, effective access control is the best investment you can make. Financially, it’s more valuable to prevent than to detect a security breach. That’s why Identity and Access Management (IAM) is a critical component of an organization’s security infrastructure. In the past, IAM software has been available only from large enterprise software vendors. Commercial IAM offerings are bundled as “suites” because IAM is not just one component. It’s a number of components working together, including web, authentication, authorization, cryptographic, and persistence services. Securing the Perimeter documents a recipe to take advantage of open standards to build an enterprise-class IAM service using free open source software. This recipe can be adapted to meet the needs of both small and large organizations. While not a comprehensive guide for every application, this book provides the key concepts and patterns to help administrators and developers leverage a central security infrastructure.Cloud IAM service providers would have you believe that managing an IAM is too hard. Anything unfamiliar is hard, but with the right road map, it can be mastered. You may find SaaS identity solutions too rigid or too expensive. Or perhaps you don’t like the idea of a third party holding the credentials of your users—the keys to your kingdom. Open source IAM provides an alternative. Take control of your IAM infrastructure if digital services are key to your organization’s success. What You’ll Learn Understand why you should deploy a centralized authentication and policy management infrastructureUse the SAML or Open ID Standards for web or single sign-on, and OAuth for API Access ManagementSynchronize data from existing identity repositories such as Active DirectoryDeploy two-factor authentication servicesWho This Book Is For Security architects (CISO, CSO), system engineers/administrators, and software developers
Securing the Virtual Environment
by Davi Ottenheimer Matthew WallaceA step-by-step guide to identifying and defending against attacks on the virtual environmentAs more and more data is moved into virtual environments the need to secure them becomes increasingly important. Useful for service providers as well as enterprise and small business IT professionals the book offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities unique to virtual environments. A companion DVD is included with recipes and testing scripts.Examines the difference in a virtual model versus traditional computing models and the appropriate technology and procedures to defend it from attack Dissects and exposes attacks targeted at the virtual environment and the steps necessary for defense Covers information security in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestationsAccompanying DVD includes hands-on examples and codeThis how-to guide arms IT managers, vendors, and architects of virtual environments with the tools they need to protect against common threats.
Securing the Virtual Environment: How to Defend the Enterprise Against Attack
by Davi Ottenheimer Matthew WallaceA step-by-step guide to identifying and defending against attacks on the virtual environment As more and more data is moved into virtual environments the need to secure them becomes increasingly important. Useful for service providers as well as enterprise and small business IT professionals the book offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities unique to virtual environments. A companion DVD is included with recipes and testing scripts. Examines the difference in a virtual model versus traditional computing models and the appropriate technology and procedures to defend it from attack Dissects and exposes attacks targeted at the virtual environment and the steps necessary for defense Covers information security in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestations Accompanying DVD includes hands-on examples and code This how-to guide arms IT managers, vendors, and architects of virtual environments with the tools they need to protect against common threats.
Security - The Human Factor
by Paul KearneyAddress human vulnerabilities with this essential guide . . . Practical advice from an acknowledged expert - endorsed by BT!Your business information is likely to be much more valuable than the hardware on which it is stored. The loss of a laptop might set you back £400, but if the files on the laptop included sensitive customer data or the blueprint for a new product, the cost of repairing the damage would run into thousands. The consequences of a data breach range from alienating customers to heavy fines, or even criminal prosecution. While technologies, such as antivirus software and encryption, can offer some protection against cybercrime, security breaches are most often the result of human error and carelessness. Improve information securityImproving information security within your organisation, therefore, has to encompass people and processes, as well as technology. Motivating your team and making them more aware of security concerns should be at the heart of your information security strategy. At the same time, the processes you have in place to address information security issues need to be straightforward and properly understood if you want your employees to adhere to them. BT's approachThis pocket guide is based on the approach used by BT to protect its own data security - one that draws on the capabilities of both people and technology. The guide will prove invaluable for IT managers, information security officers and business executives.
Security 2020
by Bruce Schneier Kevin Prince Doug HowardIdentify real security risks and skip the hypeAfter years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examines what history has taught us and predicts future concernsPoints out the differences between artificial concerns and solutions and the very real threats to new technology, with startling real-world scenariosProvides knowledge needed to cope with emerging dangers and offers opinions and input from more than 20 noteworthy CIOs and business executivesGives you insight to not only what these industry experts believe, but also what over 20 of their peers believe and predict as wellWith a foreword by security expert Bruce Schneier, Security 2020: Reduce Security Risks This Decade supplies a roadmap to real IT security for the coming decade and beyond.
Security Administrator Street Smarts
by David R. Miller Michael GreggA step-by-step guide to the tasks involved in security administrationIf you aspire to a career in security administration, one of your greatest challenges will be gaining hands-on experience. This book takes you through the most common security admin tasks step by step, showing you the way around many of the roadblocks you can expect on the job. It offers a variety of scenarios in each phase of the security administrator's job, giving you the confidence of first-hand experience.In addition, this is an ideal complement to the brand-new, bestselling CompTIA Security+ Study Guide, 5th Edition or the CompTIA Security+ Deluxe Study Guide, 2nd Edition, the latest offerings from Sybex for CompTIA's Security+ SY0-301 exam.Targets security administrators who confront a wide assortment of challenging tasks and those seeking a career in security administration who are hampered by a lack of actual experienceWalks you through a variety of common tasks, demonstrating step by step how to perform them and how to circumvent roadblocks you may encounterFeatures tasks that are arranged according to four phases of the security administrator's role: designing a secure network, creating and implementing standard security policies, identifying insecure systems in an existing environment, and training both onsite and remote usersIdeal hands-on for those preparing for CompTIA's Security+ exam (SY0-301)This comprehensive workbook provides the next best thing to intensive on-the-job training for security professionals.
Security Analytics for the Internet of Everything
by Al-Sakib Khan Pathan Mohiuddin Ahmed Abu S. S. M. Barkat UllahSecurity Analytics for the Internet of Everything compiles the latest trends, technologies, and applications in this emerging field. It includes chapters covering emerging security trends, cyber governance, artificial intelligence in cybersecurity, and cyber challenges. Contributions from leading international experts are included. The target audience for the book is graduate students, professionals, and researchers working in the fields of cybersecurity, computer networks, communications, and the Internet of Everything (IoE). The book also includes some chapters written in a tutorial style so that general readers can easily grasp some of the ideas.
Security Analytics: A Data Centric Approach to Information Security (Chapman & Hall/CRC Cyber-Physical Systems)
by Mehak Khurana Shilpa MahajanThe book gives a comprehensive overview of security issues in cyber physical systems by examining and analyzing the vulnerabilities. It also brings current understanding of common web vulnerabilities and its analysis while maintaining awareness and knowledge of contemporary standards, practices, procedures and methods of Open Web Application Security Project. This book is a medium to funnel creative energy and develop new skills of hacking and analysis of security and expedites the learning of the basics of investigating crimes, including intrusion from the outside and damaging practices from the inside, how criminals apply across devices, networks, and the internet at large and analysis of security data. Features Helps to develop an understanding of how to acquire, prepare, visualize security data. Unfolds the unventured sides of the cyber security analytics and helps spread awareness of the new technological boons. Focuses on the analysis of latest development, challenges, ways for detection and mitigation of attacks, advanced technologies, and methodologies in this area. Designs analytical models to help detect malicious behaviour. The book provides a complete view of data analytics to the readers which include cyber security issues, analysis, threats, vulnerabilities, novel ideas, analysis of latest techniques and technology, mitigation of threats and attacks along with demonstration of practical applications, and is suitable for a wide-ranging audience from graduates to professionals/practitioners and researchers.
Security Architecture for Hybrid Cloud: A Practical Method for Designing Security Using Zero Trust Principles
by Mark Buckwell Stefaan Van Daele Carsten HorstAs the transformation to hybrid multicloud accelerates, businesses require a structured approach to securing their workloads. Adopting zero trust principles demands a systematic set of practices to deliver secure solutions. Regulated businesses, in particular, demand rigor in the architectural process to ensure the effectiveness of security controls and continued protection.This book provides the first comprehensive method for hybrid multicloud security, integrating proven architectural techniques to deliver a comprehensive end-to-end security method with compliance, threat modeling, and zero trust practices. This method ensures repeatability and consistency in the development of secure solution architectures.Architects will learn how to effectively identify threats and implement countermeasures through a combination of techniques, work products, and a demonstrative case study to reinforce learning. You'll examine:The importance of developing a solution architecture that integrates security for clear communicationRoles that security architects perform and how the techniques relate to nonsecurity subject matter expertsHow security solution architecture is related to design thinking, enterprise security architecture, and engineeringHow architects can integrate security into a solution architecture for applications and infrastructure using a consistent end-to-end set of practicesHow to apply architectural thinking to the development of new security solutionsAbout the authorsMark Buckwell is a cloud security architect at IBM with 30 years of information security experience.Carsten Horst with more than 20 years of experience in Cybersecurity is a certified security architect and Associate Partner at IBM.Stefaan Van daele has 25 years experience in Cybersecurity and is a Level 3 certified security architect at IBM.
Security Assessment in Vehicular Networks
by Suguo Du Haojin ZhuThis book presents several novel approaches to model the interaction between the attacker and the defender and assess the security of Vehicular Ad Hoc Networks (VANETs). The first security assessment approach is based on the attack tree security assessment model, which leverages tree based methods to analyze the risk of the system and identify the possible attacking strategies the adversaries may launch. To further capture the interaction between the attacker and the defender, the authors propose to utilize the attack-defense tree model to express the potential countermeasures which could mitigate the system. By considering rational participants that aim to maximize their payoff function, the brief describes a game-theoretic analysis approach to investigate the possible strategies that the security administrator and the attacker could adopt. A phased attack-defense game allows the reader to model the interactions between the attacker and defender for VANET security assessment. The brief offers a variety of methods for assessing the security of wireless networks. Professionals and researchers working on the defense of VANETs will find this material valuable.
Security Automation with Ansible 2: Leverage Ansible 2 to automate complex security tasks like application security, network security, and malware analysis
by Akash Mahajan Madhu AkulaAutomate security-related tasks in a structured, modular fashion using the best open source automation tool available About This Book • Leverage the agentless, push-based power of Ansible 2 to automate security tasks • Learn to write playbooks that apply security to any part of your system • This recipe-based guide will teach you to use Ansible 2 for various use cases such as fraud detection, network security, governance, and more Who This Book Is For If you are a system administrator or a DevOps engineer with responsibility for finding loop holes in your system or application, then this book is for you. It's also useful for security consultants looking to automate their infrastructure's security model. What You Will Learn • Use Ansible playbooks, roles, modules, and templating to build generic, testable playbooks • Manage Linux and Windows hosts remotely in a repeatable and predictable manner • See how to perform security patch management, and security hardening with scheduling and automation • Set up AWS Lambda for a serverless automated defense • Run continuous security scans against your hosts and automatically fix and harden the gaps • Extend Ansible to write your custom modules and use them as part of your already existing security automation programs • Perform automation security audit checks for applications using Ansible • Manage secrets in Ansible using Ansible Vault In Detail Security automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat. We'll start by covering various popular modules and writing simple playbooks to showcase those modules. You'll see how this can be applied over a variety of platforms and operating systems, whether they are Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, you'll learn how to leverage tools such as Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems, and so on. Moving on, you'll delve into useful security automation techniques and approaches, and learn how to extend Ansible for enhanced security. While on the way, we will tackle topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration using Ansible Galaxy. In the final stretch, we'll tackle how to extend the modules of Ansible for our use, and do all the previous tasks in a programmatic manner to get even more powerful automation frameworks and rigs. Style and approach This comprehensive guide will teach you to manage Linux and Windows hosts remotely in a repeatable and predictable manner. The book takes an in-depth approach and helps you understand how to set up complicated stacks of software with codified and easy-to-share best practices.
Security Awareness Design in the New Normal Age
by Wendy F. GoucherPeople working in our cyber world have access to a wide range of information including sensitive personal or corporate information which increases the risk to it. One of the aspects of the protection of this data is to train the user to behave more securely. This means that every person who handles sensitive information, their own or that of other people, be aware of the risks that their use can pose as well as how to do their job in such a way as to reduce that risk. The approach we use for that is called ‘Security awareness’ but would be more accurately described as security ‘un-awareness’ because most of the problems come where the user doesn’t know about a risk from their behaviour, or its potential impact. In these post COVID days of ‘New Normal’ working, in which staff spend more of their time working at home, organisations are still responsible for the protection of sensitive personal and corporate data. This means that it is more important than ever to create an effective security awareness communication process. This book will primarily consider the problem of hitting that ‘Sweet Spot’ in the age of ‘New Normal' working, which means that the knowledge about secure practice is not only understood and remembered, but also reliably put into practice – even when a person is working alone. This will be informed by academic research as well as experience, both my own and learnt from my fellow professionals, and then will be used to demonstrate how ‘New Normal’ working can improve security awareness as well as challenge it.
Security Awareness For Dummies
by Ira WinklerMake security a priority on your team Every organization needs a strong security program. One recent study estimated that a hacker attack occurs somewhere every 37 seconds. Since security programs are only as effective as a team’s willingness to follow their rules and protocols, it’s increasingly necessary to have not just a widely accessible gold standard of security, but also a practical plan for rolling it out and getting others on board with following it. Security Awareness For Dummies gives you the blueprint for implementing this sort of holistic and hyper-secure program in your organization. Written by one of the world’s most influential security professionals—and an Information Systems Security Association Hall of Famer—this pragmatic and easy-to-follow book provides a framework for creating new and highly effective awareness programs from scratch, as well as steps to take to improve on existing ones. It also covers how to measure and evaluate the success of your program and highlight its value to management. Customize and create your own program Make employees aware of the importance of security Develop metrics for success Follow industry-specific sample programs Cyberattacks aren’t going away anytime soon: get this smart, friendly guide on how to get a workgroup on board with their role in security and save your organization big money in the long run.
Security Bibliography
by Safari Content TeamPeople are increasingly concerned by the security of the information they put online and worry about their privacy and their online profile. With new attacks, information leaks, vulnerabilities and exploits published every week, information security is a constant learning process. To be effective and stay up to date, you need the right resources to make sure you can quickly access any needed information. Obtaining the details you need is like trying to find a needle in a haystack. From general IT security knowledge and certifications to specialized content such as exploit writing, this bibliography brings together the right resources to help you get the information you need to solve any problem in IT security. We cover mobile and network security, cyber warfare and cyber crime and how to confront malware, including detection, development and forensics. And with more and more code written every day, secure coding is crucial, and we cover books on secure development, cryptography development, guidelines and best practices.
Security Breach Files Updated Edition: An AFK Book (Five Nights At Freddy's)
by Scott CawthonCrack open this updated edition of the Security Breach Files for a deep dive into the terrifying game!All that you want to know about the first free-roam Five Nights at Freddy's game is presented here in vivid detail, with thirty-two new pages taking you through the free story "Ruin".This comprehensive breakdown covering gameplay, secrets, Easter eggs, and alternate endings for both the main game and DLC will deepen the knowledge of even the most enthusiastic player. All the evidence, along with every detail of the newest entry into the world of Five Nights at Freddy's is laid out for fans to explore in this one-of-a-kind guide.
Security Challenges and Approaches in Internet of Things
by Muthucumaru Maheswaran Sridipta Misra Salman HashmiThis book provides a comprehensive survey of the security and privacy research advancements in Internet of Things (IoT). The book lays the context for the discussion by introducing a system model for IoT. Since IoT is very varied and has been introduced in many different contexts, the system model introduced plays a crucial role in integrating the concepts into a coherent framework. After the system model, the book introduces the vulnerable features of the IoT. By providing a comprehensive discussion of the vulnerable features, the book highlights the problem areas of IoT that should be studied concerning security and privacy. Using the vulnerable features as a motivation, the book presents a vast survey of existing security and privacy approaches for IoT. The survey is a good way for the reader to pick up interesting directions of research that have already been explored and also hints at directions that could take additional investigation. Finally, the book presents four case studies that provide a detailed view of how some of the security and privacy concerns are addressed in specific problem areas.
Security Chaos Engineering: Sustaining Resilience in Software and Systems
by Kelly ShortridgeCybersecurity is broken. Year after year, attackers remain unchallenged and undeterred, while engineering teams feel pressure to design, build, and operate "secure" systems. Failure can't be prevented, mental models of systems are incomplete, and our digital world constantly evolves. How can we verify that our systems behave the way we expect? What can we do to improve our systems' resilience? In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals. Learn how to design a modern security programMake informed decisions at each phase of software delivery to nurture resilience and adaptive capacityUnderstand the complex systems dynamics upon which resilience outcomes dependNavigate technical and organizational trade-offsthat distort decision making in systemsExplore chaos experimentation to verify critical assumptions about software quality and securityLearn how major enterprises leverage security chaos engineering
Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants
by Sven Matthias PeldszusFor ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage.
Security De-Engineering: Solving the Problems in Information Risk Management
by Ian TibbleAs hacker organizations surpass drug cartels in terms of revenue generation, it is clear that the good guys are doing something wrong in information security. Providing a simple foundational remedy for our security ills, Security De-Engineering: Solving the Problems in Information Risk Management is a definitive guide to the current problems i
Security Designs for the Cloud, IoT, and Social Networking
by Chintan Bhatt Dac-Nhuong Le Mani MadhukarSecurity concerns around the rapid growth and variety of devices that are controlled and managed over the Internet is an immediate potential threat to all who own or use them. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problems, investigating the roots of the problems and how programming and attention to good security practice can combat the threats today that are a result of lax security processes on the Internet of Things, cloud computing and social media.