- Table View
- List View
Secure Semantic Service-Oriented Systems
by Bhavani ThuraisinghamAs the demand for data and information management continues to grow, so does the need to maintain and improve the security of databases, applications, and information systems. In order to effectively protect this data against evolving threats, an up-to-date understanding of the mechanisms for securing semantic Web technologies is essential. Reviewi
Secure Smart Embedded Devices, Platforms and Applications
by Konstantinos Markantonakis Keith MayesNew generations of IT users are increasingly abstracted from the underlying devices and platforms that provide and safeguard their services. As a result they may have little awareness that they are critically dependent on the embedded security devices that are becoming pervasive in daily modern life. Secure Smart Embedded Devices, Platforms and Applications provides a broad overview of the many security and practical issues of embedded devices, tokens, and their operation systems, platforms and main applications. It also addresses a diverse range of industry/government initiatives and considerations, while focusing strongly on technical and practical security issues. The benefits and pitfalls of developing and deploying applications that rely on embedded systems and their security functionality are presented. A sufficient level of technical detail to support embedded systems is provided throughout the text, although the book is quite readable for those seeking awareness through an initial overview of the topics. This edited volume benefits from the contributions of industry and academic experts and helps provide a cross-discipline overview of the security and practical issues for embedded systems, tokens, and platforms. It is an ideal complement to the earlier work, Smart Cards Tokens, Security and Applications from the same editors.
Secure Software Systems
by Erik Fretheim Marie DescheneSecure Software Systems presents an approach to secure software systems design and development that tightly integrates security and systems design and development (or software engineering) together. It addresses the software development process from the perspective of a security practitioner. The text focuses on the processes, concepts, and concerns of ensuring that secure practices are followed throughout the secure software systems development life cycle, including the practice of following the life cycle rather than just doing ad hoc development.
Secure System Design and Trustable Computing
by Miodrag Potkonjak Chip-Hong ChangThis book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade. Coverage includes issues related to security and trust in a variety of electronic devices and systems related to the security of hardware, firmware and software, spanning system applications, online transactions and networking services. This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of and trust in, modern society's microelectronic-supported infrastructures.
Secure Voice Processing Systems against Malicious Voice Attacks (SpringerBriefs in Computer Science)
by Shu Wang Kun SunThis book provides readers with the basic understanding regarding the threats to the voice processing systems, the state-of-the-art defense methods as well as the current research results on securing voice processing systems.It also introduces three mechanisms to secure the voice processing systems against malicious voice attacks under different scenarios, by utilizing time-domain signal waves, frequency-domain spectrum features, and acoustic physical attributes.First, the authors uncover the modulated replay attack, which uses an inverse filter to compensate for the spectrum distortion caused by the replay attacks to bypass the existing spectrum-based defenses. The authors also provide an effective defense method that utilizes both the time-domain artifacts and frequency-domain distortion to detect the modulated replay attacks. Second, the book introduces a secure automatic speech recognition system for driverless car to defeat adversarial voice command attacks launched from car loudspeakers, smartphones, and passengers. Third, it provides an acoustic compensation system design to reduce the effects from the spectrum reduction attacks, by the audio spectrum compensation and acoustic propagation principle. Finally, the authors conclude with their research effort on defeating the malicious voice attacks and provide insights into more secure voice processing systems.This book is intended for security researchers, computer scientists, and electrical engineers who are interested in the research areas of biometrics, speech signal processing, IoT security, and audio security. Advanced-level students who are studying these topics will benefit from this book as well.
Secure Web Application Development: A Hands-On Guide with Python and Django
by Matthew BakerCyberattacks are becoming more commonplace and the Open Web Application Security Project (OWASP), estimates 94% of sites have flaws in their access control alone. Attacks evolve to work around new defenses, and defenses must evolve to remain effective. Developers need to understand the fundamentals of attacks and defenses in order to comprehend new techniques as they become available. This book teaches you how to write secure web applications.The focus is highlighting how hackers attack applications along with a broad arsenal of defenses. This will enable you to pick appropriate techniques to close vulnerabilities while still providing users with their needed functionality.Topics covered include:A framework for deciding what needs to be protected and how stronglyConfiguring services such as databases and web serversSafe use of HTTP methods such as GET, POST, etc, cookies and use of HTTPSSafe REST APIsServer-side attacks and defenses such as injection and cross-site scriptingClient-side attacks and defenses such as cross-site request forgerySecurity techniques such as CORS, CSPPassword management, authentication and authorization, including OAuth2Best practices for dangerous operations such as password change and resetUse of third-party components and supply chain security (Git, CI/CD etc)What You'll LearnReview the defenses that can used to prevent attacksModel risks to better understand what to defend and howChoose appropriate techniques to defend against attacksImplement defenses in Python/Django applicationsWho This Book Is ForDevelopers who already know how to build web applications but need to know more about securityNon-professional software engineers, such as scientists, who must develop web tools and want to make their algorithms available to a wider audience.Engineers and managers who are responsible for their product/company technical security policy
Secure Wireless Sensor Networks
by Mauro ContiThis book explores five fundamental mechanisms to build secure Wireless Sensor Networks (WSNs). It presents security issues related to a single node which deals with the authentication and communication confidentiality with other nodes. It also focuses on network security, providing solutions for the node capture attack and the clone attack. It examines a number of areas and problems to which WSNs are applied continuously, including: supporting rescue operations, building surveillance, fire prevention, battlefield monitoring and more. However, known and unknown threats still affect WSNs and in many applications of this new technology the security of the network is a fundamental issue for confidentiality, integrity, authenticity and availability. The last section of the book addresses security for a common WSN service. Case studies are provided throughout. Secure Wireless Sensor Networks: Threats and Solutions targets advanced-level students and researchers in computer science and electrical engineering as a secondary text book. Professionals working in the wireless sensor networks field will also find this book useful as a reference.
Secure Your Node.js Web Application: Keep Attackers Out and Users Happy
by Karl DuunaCyber-criminals have your web applications in their crosshairs. They search for and exploit common security mistakes in your web application to steal user data. Learn how you can secure your Node.js applications, database and web server to avoid these security holes. Discover the primary attack vectors against web applications, and implement security best practices and effective countermeasures. Coding securely will make you a stronger web developer and analyst, and you'll protect your users.Bake security into your code from the start. See how to protect your Node.js applications at every point in the software development life cycle, from setting up the application environment to configuring the database and adding new functionality. You'll follow application security best practices and analyze common coding errors in applications as you work through the real-world scenarios in this book.Protect your database calls from database injection attacks and learn how to securely handle user authentication within your application. Configure your servers securely and build in proper access controls to protect both the web application and all the users using the service. Defend your application from denial of service attacks. Understand how malicious actors target coding flaws and lapses in programming logic to break in to web applications to steal information and disrupt operations. Work through examples illustrating security methods in Node.js. Learn defenses to protect user data flowing in and out of the application.By the end of the book, you'll understand the world of web application security, how to avoid building web applications that attackers consider an easy target, and how to increase your value as a programmer.What You Need:In this book we will be using mainly Node.js. The book covers the basics of JavaScript and Node.js. Since most Web applications have some kind of a database backend, examples in this book work with some of the more popular databases, including MySQL, MongoDB, and Redis.
Secure and Privacy-Preserving Data Communication in Internet of Things
by Liehuang Zhu Zijian Zhang Chang XuThis book mainly concentrates on protecting data security and privacy when participants communicate with each other in the Internet of Things (IoT). Technically, this book categorizes and introduces a collection of secure and privacy-preserving data communication schemes/protocols in three traditional scenarios of IoT: wireless sensor networks, smart grid and vehicular ad-hoc networks recently. This book presents three advantages which will appeal to readers. Firstly, it broadens reader's horizon in IoT by touching on three interesting and complementary topics: data aggregation, privacy protection, and key agreement and management. Secondly, various cryptographic schemes/protocols used to protect data confidentiality and integrity is presented. Finally, this book will illustrate how to design practical systems to implement the algorithms in the context of IoT communication. In summary, readers can simply learn and directly apply the new technologies to communicate data in IoT after reading this book.
Secure and Resilient Digital Transformation of Healthcare: First Workshop, SUNRISE 2023, Stavanger, Norway, November 30, 2023, Proceedings (Communications in Computer and Information Science #1884)
by Sokratis Katsikas Habtamu Abie Sandeep Pirbhulal Vasileios GkioulosThis CCIS post conference volume constitutes the proceedings of First Workshop, SUNRISE 2023, in Stavanger, Norway, in November 2023. The 4 full papers together in this volume were carefully reviewed and selected from 9 submissions. The workshop offers a wide range of techniques addressing cybersecurity skills, access control, privacy risks, and resilience in healthcare systems.
Secure and Resilient Digital Transformation of Healthcare: Second International Workshop, SUNRISE 2024, Bergen, Norway, November 25, 2024, Proceedings (Communications in Computer and Information Science #2404)
by Sokratis Katsikas Habtamu Abie Sandeep Pirbhulal Vasileios GkioulosThis CCIS post conference volume constitutes the proceedings of the Second International Workshop on Secure and Resilient Digital Transformation of Healthcare, SUNRISE 2024, in Bergen, Norway, during November 25, 2024. The 6 full papers presented in this volume were carefully reviewed and selected from 9 submissions. They are grouped into the following topics: Resilience and Dynamic Risk Assessment in Healthcare; Cybersecurity Adaptive and Continuous Authentication in Healthcare; Invited Paper from Keynotes.
Secure and Resilient Software Development
by Mark S. Merkow Lakshmikanth RaghavanAlthough many software books highlight open problems in secure software development, few provide easily actionable, ground-level solutions. Breaking the mold, Secure and Resilient Software Development teaches you how to apply best practices and standards for consistent and secure software development. It details specific quality software developmen
Secure and Resilient Software: Requirements, Test Cases, and Testing Methods
by Mark S. Merkow Lakshmikanth RaghavanSecure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes: Pre-developed nonfunctional requirements that can be reused for any software development project Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software Testing methods that can be applied to the test cases provided Downloadable resources with all security requirements and test cases as well as MS Word versions of the checklists, requirements, and test cases covered in the book Offering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience. The accompanying downloadable resources filled with helpful checklists and reusable documentation provides you with the tools needed to integrate security into the requirements analysis, design, and testing phases of your software development lifecycle.Some Praise for the Book:This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples. It takes you through the entire lifecycle from conception to implementation ... .—Doug Cavit, Chief Security Strategist, Microsoft Corporation...provides the reader with the tools necessary to jump-start and mature security within the software development lifecycle (SDLC). —Jeff Weekes, Sr. Security Architect at Terra Verde Services
Secure and Smart Cyber-Physical Systems
by Danda B. Rawat Uttam Ghosh Fortune MhlangaCybersecurity is a paramount concern in both Internet of Things (IoT) and Cyber-Physical Systems (CPSs) due to the interconnected and often critical nature of these systems. The integration of AI/ML into the realm of IoT and CPS security has gained significant attention and momentum in recent years. The success of AI/ML in various domains has sparked interest in leveraging these technologies to enhance the security, resilience, and adaptability of IoT and CPS. Secure and Smart Cyber-Physical Systems provides an extensive exploration of AI/ML-based security applications in the context of IoT and CPS.Features• Presents cutting-edge topics and research in IoT and CPS.• Includes contributions from leading worldwide researchers.• Focuses on CPS architectures for secure and smart environments.• Explores AI/ML and blockchain approaches for providing security and privacy to CPS including smart grids, smart cities, and smart healthcare.• Provides comprehensive guidance into the intricate world of software development for medical devices.• Covers a blueprint for the emergence of 6G communications technology in Industry 5.0 and federated-learning-based secure financial services.This book covers state-of-the-art problems, existing solutions, and potential research directions for CPS researchers, scholars, and professionals in both industry and academia.
Secure and Trusted Cyber Physical Systems: Recent Approaches and Future Directions (Smart Sensors, Measurement and Instrumentation #43)
by Ernest Foo Shantanu Pal Zahra JadidiThis book highlights the latest design and development of security issues and various defences to construct safe, secure and trusted Cyber-Physical Systems (CPS). In addition, the book presents a detailed analysis of the recent approaches to security solutions and future research directions for large-scale CPS, including its various challenges and significant security requirements. Furthermore, the book provides practical guidance on delivering robust, privacy, and trust-aware CPS at scale. Finally, the book presents a holistic insight into IoT technologies, particularly its latest development in strategic applications in mission-critical systems, including large-scale Industrial IoT, Industry 4.0, and Industrial Control Systems. As such, the book offers an essential reference guide about the latest design and development in CPS for students, engineers, designers, and professional developers.
Secure and Trustworthy Cyberphysical Microfluidic Biochips: A practical guide to cutting-edge design techniques for implementing secure and trustworthy cyberphysical microfluidic biochips
by Krishnendu Chakrabarty Jack Tang Mohamed Ibrahim Ramesh KarriThis book describes novel hardware security and microfluidic biochip design methodologies to protect against tampering attacks in cyberphysical microfluidic biochips (CPMBs). It also provides a general overview of this nascent area of research, which will prove to be a vital resource for practitioners in the field.This book shows how hardware-based countermeasures and design innovations can be a simple and effective last line of defense, demonstrating that it is no longer justifiable to ignore security and trust in the design phase of biochips.
Secure and Trustworthy Transportation Cyber-Physical Systems
by Houbing Song Yunchuan SunThis book comprehensively reviews the cyber security and privacy issues in transportation cyber-physical systems (TCPSs). It examines theories and various state-of-the-art technologies and methodologies. Starting with a survey of the latest solutions in TCPSs, it introduces a smart-transport-system architecture design based on cyber-physical systems. It then discusses in detail the principles and metrics of evaluating safety and privacy in TCPSs and elaborates the verification and analysis of secure, robust and trustworthy TCPSs. Moreover, it demonstrates the advanced and novel tools commonly used in practice by several researchers. Lastly it provides an exhaustive case study on the authentication and attestation in TCPSs. This book is of interest not only to readers in the field of TCPSs, but also to those in interdisciplinary fields, such as energy, healthcare, bio-engineering etc.
Secure by Design
by Daniel Sawano Dan Bergh Johnsson Daniel DeogunAs a developer, you need to build software in a secure way. But you can't spend all your time focusing on security. The answer is to use good design principles, tools, and mindsets that make security an implicit result - it's secure by design. Secure by Design teaches developers how to use design to drive security in software development. This book is full of patterns, best practices, and mindsets that you can directly apply to your real world development. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
Secure, Resilient, and Agile Software Development
by Mark MerkowA collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. Written to aid your career as well as your organization, the book shows how to gain skills in secure and resilient software development and related tasks. The book explains how to integrate these development skills into your daily duties, thereby increasing your professional value to your company, your management, your community, and your industry. Secure, Resilient, and Agile Software Development was written for the following professionals: AppSec architects and program managers in information security organizations Enterprise architecture teams with application development focus Scrum teams DevOps teams Product owners and their managers Project managers Application security auditors With a detailed look at Agile and Scrum software development methodologies, this book explains how security controls need to change in light of an entirely new paradigm on how software is developed. It focuses on ways to educate everyone who has a hand in any software development project with appropriate and practical skills to Build Security In. After covering foundational and fundamental principles for secure application design, this book dives into concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. It also explains how the design sprint is adapted for proper consideration of security as well as defensive programming techniques. The book concludes with a look at white box application analysis and sprint-based activities to improve the security and quality of software under development.
Securing AI Model Weights: Preventing Theft and Misuse of Frontier Models
by Sella Nevo Dan Lahav Ajay Karpur Yogev Bar-On Henry-Alexander Bradley Jeff AlstottAs frontier artificial intelligence (AI) models—that is, models that match or exceed the capabilities of the most advanced models at the time of their development—become more capable, protecting them from theft and misuse will become more important. The authors of this report explore what it would take to protect model weights—the learnable parameters that encode the core intelligence of an AI—from theft by a variety of potential attackers.
Securing Ajax Applications
by Christopher WellsAjax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur. Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money. Topics include: An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging Web security basics, including common vulnerabilities, common cures, state management and session management How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex How to protect your server, including front-line defense, dealing with application servers, PHP and scripting Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS How to secure web services, build secure APIs, and make open mashups secure Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.
Securing Ajax Applications
by Christopher WellsAjax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money. Topics include: An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging Web security basics, including common vulnerabilities, common cures, state management and session management How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex How to protect your server, including front-line defense, dealing with application servers, PHP and scripting Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS How to secure web services, build secure APIs, and make open mashups secure Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.
Securing Blockchain Networks like Ethereum and Hyperledger Fabric: Learn advanced security configurations and design principles to safeguard Blockchain networks
by Alessandro ParisiBuild secure private blockchain networks to handle mission-critical security challenges such as denial-of-service attacks, user wallets, and pool mining attacks Key Features Explore blockchain concepts such as cryptography, consensus algorithms, and security assumptions Architect network security for mission-critical decentralized apps (Dapps) using design security considerations Consider various deployment and operational aspects while building a blockchain network Book Description Blockchain adoption has extended from niche research to everyday usage. However, despite the blockchain revolution, one of the key challenges faced in blockchain development is maintaining security, and this book will demonstrate the techniques for doing this. You'll start with blockchain basics and explore various blockchain attacks on user wallets, and denial of service and pool mining attacks. Next, you'll learn cryptography concepts, consensus algorithms in blockchain security, and design principles while understanding and deploying security implementation guidelines. You'll not only cover architectural considerations, but also work on system and network security and operational configurations for your Ethereum and Hyperledger Fabric network. You'll later implement security at each level of blockchain app development, understanding how to secure various phases of a blockchain app using an example-based approach. You'll gradually learn to securely implement and develop decentralized apps, and follow deployment best practices. Finally, you'll explore the architectural components of Hyperledger Fabric, and how they can be configured to build secure private blockchain networks. By the end of this book, you'll have learned blockchain security concepts and techniques that you can implement in real blockchain production environments. What you will learn Understand blockchain consensus algorithms and security assumptions Design secure distributed applications and smart contracts Understand how blockchains manage transactions and help to protect wallets and private keys Prevent potential security threats that can affect distributed ledger technologies (DLTs) and blockchains Use pentesting tools for assessing potential flaws in Dapps and smart contracts Assess privacy compliance issues and manage sensitive data with blockchain Who this book is for This book is for blockchain developers, security professionals, and Ethereum and Hyperledger developers who are looking to implement security in blockchain platforms and ensure secure data management using an example-driven approach. Basic knowledge of blockchain concepts will be beneficial.
Securing Cloud Containers: Building and Running Secure Cloud-Native Applications (Tech Today)
by Abbas Kudrati Sina Manavi Muhammad Aizuddin ZaliA practical and up-to-date roadmap to securing cloud containers on AWS, GCP, and Azure Securing Cloud Containers: Building and Running Secure Cloud-Native Applications is a hands-on guide that shows you how to secure containerized applications and cloud infrastructure, including Kubernetes. The authors address the most common obstacles and pain points that security professionals, DevOps engineers, and IT architects encounter in the development of cloud applications, including industry standard compliance and adherence to security best practices. The book provides step-by-step instructions on the strategies and tools you can use to develop secure containers, as well as real-world examples of secure cloud-native applications. After an introduction to containers and Kubernetes, you'll explore the architecture of containerized applications, best practices for container security, security automation tools, the use of artificial intelligence in cloud security, and more. Inside the book: An in-depth discussion of implementing a Zero Trust model in cloud environments Additional resources, including a glossary of important cloud and container security terms, recommendations for further reading, and lists of useful platform-specific tools (for Azure, Amazon Web Services, and Google Cloud Platform) An introduction to SecDevOps in cloud-based containers, including tools and frameworks designed for Azure, GCP, and AWS platforms An invaluable and practical resource for IT system administrators, cloud engineers, cybersecurity and SecDevOps professionals, and related IT and security practitioners, Securing Cloud Containers is an up-to-date and accurate roadmap to cloud container security that explains the “why” and “how” of securing containers on the AWS, GCP, and Azure platforms.
Securing Cloud Services
by Lee NewcombeLee Newcombe is an enterprise architect with commercial experience at numerous high-profile companies, including a retail bank, a systems integrator and one of the Big 4 consultancies. He has worked within various Cloud programmes and acted as the IT industry security expert during the early days of the UK Government's G-Cloud programme. Lee has been writing about, presenting on, and working with Cloud technologies since 2007, and is a named contributor to the Cloud Security Alliance guidance document.