Cost-Effective Security

To be successful, application software needs compelling functionality, availability within the right timeframe, and a reasonable price. But equally critical, teams must get nonfunctional characteristics right - performance, scalability, manageability, maintainability, usability, and, of course, security. The authors introduced misuse or abuse cases as counterparts to use cases and explained that although use cases capture functional requirements, abuse cases describes how users can misuse a svstem with malicious intent, thereby identifying additional security requirements. Another prior installment discussed how to fit misuse and abuse cases into the development process by defining who should write them, when to do so, and how to proceed. In this article, we discuss what abuse cases bring to software development in terms of planning. We don't assumes fixed budget is assigned to security measure's but that budgetary constraints apply to the project as a whole. We believe it's reasonable, and often accessary, to trade funtionality against security, so the question isn't how to prioritize security requirements but how to prioritize the development effort across both functional and security requirements.     

Software Protection through Anti-Debugging

This article focuses on describing state-of-the-art attacks on debuggers to prevent reverse engineering. You can use the information we present as part of your strategy to protect your software or to assist you in overcoming the anti-debugging tricks present in malicious software. Currently, there are enough anti-debugging techniques available to software engineers to sufficiently protect software against most threats, likewise, most state-of-the-art malware can be sufficiently reverse-engineered with patience and skill to enable security researchers to continue to defend their networks. However, advances in software protection techniques and reverse engineering might alter the balance.     

Balancing the Security Budget

Regardless of the prevailing economic climate and, especially when, as now, the outlook is reasonably poor, the budget and time allocated to information security are never going to be enough to allow you to do everything you want to (or think that you want to) do. It is therefore incumbent upon all of us to maximise the effectiveness of the way we spend the pittance our masters decree unto us.     

ROI-Driven Cyber Risk Mitigation Using Host Compliance and Network Configuration

Automated cyber security configuration synthesis is the holy grail of cyber risk management. The effectiveness of cyber security is highly dependent on the appropriate configuration hardening of heterogeneous, yet interdependent, network security devices, such as firewalls, intrusion detection systems, IPSec gateways, and proxies, to minimize cyber risk. However, determining cost-effective security configuration for risk mitigation is a complex decision-making process because it requires considering many different factors including end-hosts’ security weaknesses based on compliance checking, threat exposure due to network connectivity, potential impact/damage, service reachability requirements according to business polices, acceptable usability due to security hardness, and budgetary constraints. Although many automated techniques and tools have been proposed to scan end-host vulnerabilities and verify the policy compliance, existing approaches lack metrics and analytics to identify fine-grained network access control based on comprehensive risk analysis using both the hosts’ compliance reports and network connectivity. In this paper, we present new metrics and a formal framework for automatically assessing the global enterprise risk and determining the most cost-effective security configuration for risk mitigation considering both the end-host security compliance and network connectivity. Our proposed metrics measure the global enterprise risk based on the end-host vulnerabilities and configuration weaknesses, collected through compliance scanning reports, their inter-dependencies, and network reachability. We then use these metrics to automatically generate a set of host-based vulnerability fixes and network access control decisions that mitigates the global network risk to satisfy the desired Return on Investment of cyber security. We solve the problem of cyber risk mitigation based on advanced formal methods using Satisfiability Module Theories, which has shown scalability with large-size networks.     

Becoming a Security Expert

Anyone involved in the software industry should learn a few facts and skills that relate to software security. A small number of skills exist that anyone in the software development business can learn to improve software security. Whether you're a developer, architect, or tester, it's important that you understand the nature of the constantly evolving security landscape and build defenses into applications at the design phase, never trust input, and then verify that the input handling is robust in the face of intentionally malformed data. Knowing these skills and applying them will lead to more secure software.     

Enterprise information security strategies

Security decisions are made at every level of an organization and from diverse perspectives. At the tactical and operational levels of an organization, decision making focuses on the optimization of security resources, that is, an integrated combination of plans, personnel, procedures, guidelines and technology that minimize damages and losses. While these actions and tactics reduce the frequency and/or consequences of security breaches, they are bounded by the organization's global security budget. At the strategic, enterprise level management must answer the question, “What is the security budget (cost expenditures), where each dollar spent on security must be weighed against alternative non-security expenditures, that is justified by the foregone (prevented) losses and damages?” The answer to that question depends on the tolerances of decision makers for risk and the information employed to reach it.     

无线传感器网络攻击与防范

相对于普通计算机网络来说,无线传感器网络(W SN)由于自身资源和计算能力的限制,导致其安全面临更严峻的挑战。因此,需要更加有效的安全防范机制。针对W SN自身资源和计算能力受制的安全特点和面临的欺骗、篡改或重发等八大主要攻击,提出了相应的安全防范措施,可以为传感器网络新技术的工作人员提供一定的借鉴。     

Computer aided optimization of natural gas pipe networks using genetic algorithm

This study is concerned to determine the optimum pipe size for networks used in natural gas applications. The genetic algorithm has been used in optimizing network parameters. The topology of the network is predefined. The study deals with the discrete nature of decision variables, namely, pipe diameters, as they are usually available in market in standard sizes. Hard constraints and soft constraints are considered. An imposed penalty factor is introduced to allow solutions that violate soft constraints to remain in the population during the solution progress guiding the algorithm convergence to a minimum network cost.In a case study, engineers with average experience of 6 years in the design office of a gas company performed the design of a gas network problem using their experience and judgment. The adopted method by engineers depends on a trial and error, time consuming, procedure. Their results are compared with the results obtained from the developed genetic algorithm optimization technique.The developed optimization technique has provided a distinctive reduction in the total cost of pipe networks over the existing heuristic approach which is based on human experience and judgment. A saving up to 12.1% has been achieved using the present analysis, in the special case studied.     

A cost-value approach for prioritizing requirements

Developing software systems that meet stakeholders' needs and expectations is the ultimate goal of any software provider seeking a competitive edge. To achieve this, you must effectively and accurately manage your stakeholders' system requirements: the features, functions, and attributes they need in their software system. Once you agree on these requirements, you can use them as a focal point for the development process and produce a software system that meets the expectations of both customers and users. However, in real world software development, there are usually more requirements than you can implement given stakeholders' time and resource constraints. Thus, project managers face a dilemma: how do you select a subset of the customers' requirements and still produce a system that meets their needs? The authors developed a cost-value approach for prioritizing requirements and applied it to two commercial projects     

Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures

Most of the decision procedures for symbolic analysis of protocols are limited to a fixed set of algebraic operators associated with a fixed intruder theory. Examples of such sets of operators comprise XOR, multiplication, abstract encryption/decryption. In this report we give an algorithm for combining decision procedures for arbitrary intruder theories with disjoint sets of operators, provided that solvability of ordered intruder constraints, a slight generalization of intruder constraints, can be decided in each theory. This is the case for most of the intruder theories for which a decision procedure has been given. In particular our result allows us to decide trace-based security properties of protocols that employ any combination of the above mentioned operators with a bounded number of sessions.     

Solving a stochastic demand multi-product supplier selection model with service level and budget constraints using Genetic Algorithm

This study presents a stochastic demand multi-product supplier selection model with service level and budget constraints using Genetic Algorithm. Recently, much attention has been given to stochastic demand due to uncertainty in the real world. Conflicting objectives also exist between profit, service level and resource utilization. In this study, the relationship between the expected profit and the number of trials as well as between the expected profit and the combination of mutation and crossover rates are investigated to identify better parameter values to efficiently run the Genetic Algorithm. Pareto optimal solutions and return on investment are analyzed to provide decision makers with the alternative options of achieving the proper budget and service level. The results show that the optimal value for the return on investment and the expected profit are obtained with a certain budget and service level constraint.     

A mapping model for assessing project effort from requirements

Since the effort required to develop a system depends on its requirements, it is important to consider the resulting effort when deciding on the requirements. Miscalculating the effort may lead to requirements that cannot be implemented within given budget constraints. In order to support requirements engineers in calculating the effort resulting from the requirements they elaborate correctly, we develop a mapping model for assessing project effort from requirements (MMAPER) in this paper. MMAPER incorporates effort estimation into requirements engineering and thereby enables engineers to proactively assess project effort without demanding that they spend significant additional time on this task. MMAPER measures system size using function point analysis and assesses the resulting effort using the Constructive Cost Model 2. The theoretical underpinning of the methods stems from theoretical perspectives from which we derive theories of how requirements determine the resulting project effort. We also take into consideration that it is important to distinguish requirements of different size but also implemented in different contexts for estimating the resulting effort. We empirically evaluate the model using data from five case studies which we conducted with a financial services organization. The developed model provides very accurate effort estimations, across both controlled experiments and field applications.     

A flexible three-level logistic network design considering cost and time criteria with a multi-objective evolutionary algorithm

Nowadays, time and cost are familiar criteria for every logistic provider, and both have been long treated to be minimized simultaneously. However, the criteria are naturally conflicted even with flexibilities and/or constraints appeared in the logistic networks. This paper is concerned with three-level logistic networks with potential suppliers, distributed centers (DCs), and deterministic demands from available consumers. The networks also benefit from potential direct shipments from suppliers to consumers as long as suppliers and DCs facilities might face limited capacity in their own seasonal supplying and warehousing processes. The goal is (re)configure the networks in order to minimize response time to consumers, transportation cost and facility cost. Therefore, the networks are formulated as multiple criteria decision making problems, which have more than one configuration through the time and cost optimizing at the same time. Due to the flexibility and the constraints, the decision maker(s) needs a set of compromise solutions for the networks that represent optimal configurations based on the objectives without considering prior knowledge. To this end, the problems are formulated into four individual logistic network models varying with the flexibility option and/or the capacitated facilities. To find the compromise solutions, Pareto-based multi-objective evolutionary algorithm, NSGA-II is customized and then utilized to deal with an illustrative case study. The results are analyzed through the two performance measures, hypervolume and the number of optimal solutions obtained so far.     

Secure System Modeling: Integrating Security Attacks with Statecharts

Software security is becoming an important concern as software applications are increasingly depending on the Internet, an untrustworthy computing environment. Vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in software design can be wrongly exploited by security attacks. Software functionality and security, however, are often handled separately in the development process. Software is designed with the mindset of its functionalities and cost, where the focus is mainly on the operational behavior. Security concerns, on the other hand, are often described in an imprecise way and open to subjective interpretations. This paper presents a threat driven approach that improves on the quality of software through the realization of a more secure model. The approach introduces systematic transformation rules and integration steps for integrating attack tree representations into statechart-based functional models. Through the focus on the behavior of an attack from the perspective of the system behavior, software engineers can clearly define and understand security concerns as software is designed. Security analysis and threat identification are then applied to the integrated model in order to identify and mitigate vulnerabilities at the design level.     

Mobile agents in wireless devices

The networks that connect handheld wireless devices such as cell phones and PDAs suffer from low bandwidth and a high incidence of network errors. By employing mobile agents, such devices could provide a reliable technology for message transport over wireless links. Mobile agents are inherently distributed software entities that reduce the load on the network when they move. Mobile agents can be employed in wireless handheld devices in two ways: An agent platform could be installed on the device, enabling mobile agents to run directly on it, or devices could access and use remote mobile agents running on wired networks. Each approach is viable and has its own advantages and domain-specific applications. Some high-end devices would benefit from running a mobile agent platform that lets agents run locally, but this would not be beneficial to others because of processing power and memory constraints or for security reasons.     

Abstracts & Commentary

Abstract

Whether you are responsible for ensuring the availability of your enterprise network or you are a chief technology officer or information security manager, you will likely ask yourself these questions: How much should I spend on security? Am I more secure today than I was yesterday? What metrics can I use to measure whether my security is improving or not? When can I stop patching so I can get back to doing real work?     

无线传感器网络中的跨层安全设计

无线传感器网络(WSNs)发展迅速,可广泛应用于军事、工业及科学等领域。传感器网络在无线信道中工作,其节点有限的能源、计算能力、存储能力使得其面临着严重的安全问题。已提出的许多安全方法都基于分层设计的概念。分析了分层安全设计的局限性,回顾了现存的W SNs的安全设计方案,提出了一些新的跨层解决办法,并指出了传感器网络中跨层安全的研究方向。     

Dynamic Game Theoretic Model of Multi-Layer Infrastructure Networks

Due to similarities in terms of network structure and interactions among them, most infrastructure systems can be viewed as coupled layers of a generalized transportation network in which the passenger, freight, data, water, and energy flows are the commodities in the different layers. The coupling is due to the varying degrees of interactions among these layers in terms of shared physical networks, budgetary constraints, socio-economic environments, environmental concerns, information/other resources, and in particular, functional interdependencies. However, these interactions are normally ignored in the engineering planning, design and analysis of infrastructure systems. Identifying and understanding these interactions using a holistic perspective can lead to more efficient infrastructure systems. This paper presents a preliminary network flow equilibrium model of dynamic multi-layer infrastructure networks in the form of a differential game involving two essential time scales. In particular, three coupled network layers—automobiles, urban freight and data—are modeled as being comprised of Cournot-Nash dynamic agents. An agent-based simulation solution structure is introduced to solve the flow equilibrium and optimal budget allocation problem for these three layers under the assumption of a super authority that oversees investments in the infrastructure of all three technologies and thereby creates a dynamic Stackelberg leader-follower game.