Survey and analysis on Security Requirements Engineering

Security Requirements Engineering is a new research area in software engineering, with the realization that security must be analyzed early during the requirements phase. Many researchers are working in this area; however, there is a lack in security requirements treatment. The security requirements are one of the non-functional requirements, which act as constraints on functions of the system. Organizations are depending on information systems for communicating and sharing information. Thus, IT security is becoming central in fulfilling business goals, to guard assets and to create trustworthy systems. To develop systems with adequate security features, it is essential to capture the security requirements. In this paper, we present a view on Security Requirements, issues, types, Security Requirements Engineering (SRE) and methods. We analyzed and compared different methods and found that SQUARE and Security Requirements Engineering Process methods cover most of the important activities of SRE. The developers can adopt these SRE methods and easily identify the security requirements for software systems.     

面向能力的航天业务网信息系统安全需求分析方法

为有效识别航天业务网信息系统安全需求,指导信息系统安全建设,提出一种面向能力的安全需求分析方法.该方法以信息系统承担职能为起点分析获取能力目标集,给出安全需求推理机模型识别安全资源需求,使用重叠度指标确定安全资源优先级,生成信息系统安全需求列表.在航天业务网某区域中心进行实际应用与有效性评估,结果表明,相较于传统基于威胁的安全需求分析方法,该方法能够有效提高安全资源需求的科学性,实现信息系统安全投资高效费比.     

Secure network coding for wireless mesh networks: Threats, challenges, and directions

In recent years, network coding has emerged as a new communication paradigm that can significantly improve the efficiency of network protocols by requiring intermediate nodes to mix packets before forwarding them. Recently, several real-world systems have been proposed to leverage network coding in wireless networks. Although the theoretical foundations of network coding are well understood, a real-world system needs to solve a plethora of practical aspects before network coding can meet its promised potential. These practical design choices expose network coding systems to a wide range of attacks.We identify two general frameworks (inter-flow and intra-flow) that encompass several network coding-based systems proposed in wireless networks. Our systematic analysis of the components of these frameworks reveals vulnerabilities to a wide range of attacks, which may severely degrade system performance. Then, we identify security goals and design challenges in achieving security for network coding systems. Adequate understanding of both the threats and challenges is essential to effectively design secure practical network coding systems. Our paper should be viewed as a cautionary note pointing out the frailty of current network coding-based wireless systems and a general guideline in the effort of achieving security for network coding systems.     

Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts

One of the major research challenges for the successful deployment of cloud services is a clear understanding of security and privacy issues on a cloud environment, since cloud architecture has dissimilarities compared to traditional distributed systems. Such differences might introduce new threats and require a different treatment of security and privacy issues. It is therefore important to understand security and privacy within the context of cloud computing and identify relevant security and privacy properties and threats that will support techniques and methodologies aimed to analyze and design secure cloud based systems.     

工业控制系统安全综述

工业控制系统除了应用于生产制造行业外,还广泛应用于交通、水利和电力等关键基础设施.随着工业数字化、网络化、智能化的推进,许多新技术应用于工业控制系统,提高了工业控制系统的智能化水平,但其也给工业控制系统的安全带来严峻的挑战.因此,工业控制系统的安全倍受研究人员的关注.为了让研究人员系统化地了解目前的研究进展,调研了近3年Web of Science核心数据库、EI数据库和CCF推荐网络与信息安全国际学术会议中发表的与工业控制系统安全相关论文以及其他相关的高水平研究工作.首先,介绍工业控制系统的体系结构及面临的威胁.然后,依据工业控制系统的体系结构,自上而下将其安全研究工作分为ICS-云平台通信安全、HMI-设备通信安全、设备固件安全以及其他安全研究,并从攻击和防御角度进行分析和整理.最后,提出当前工业控制系统安全研究依然面临的主要挑战,并指出未来研究发展的方向.     

信息安全风险评估分析方法简述

随着信息化的发展,信息系统依赖程度日益增强,采用风险管理的理念去识别安全风险,解决信息安全问题得到了广泛的认识和应用。该文首先介绍了风险评估工作的操作模式,指出了风险评估的实施过程阶段,简要阐述了信息安全风险评估的主要分析方法。     

A new cost-saving and efficient method for patch management using blockchain

In the corporate environment, we use a variety of software. To increase security, patch management systems are used to manage software patches. This study analyzes existing patch management systems to identify security threats. Furthermore, we utilized blockchain to manage patches safely and efficiently. Using this research, vendors operating patch management systems can connect to the blockchain network to share the verified patch information. It also stores the public key information required to verify the integrity of the patch and the information generated during patch management in the block. This effectively monitors the patch management process. It also reduces patch management costs and improves security.

     

基于系统理论过程分析的安全关键软件安全性验证方法

现代安全关键系统的功能实现越来越依赖于软件,这导致软件的安全性对系统安全至关重要,而软件的复杂性使得采用传统安全性分析方法很难捕获组件交互过程带来的危险。为保证安全关键系统的安全性,提出一种基于系统理论过程分析（STPA）的软件安全性验证方法。在安全控制结构基础上,通过构建带有软件过程模型变量的过程模型,细化分析危险行为发生的系统上下文信息,并以此生成软件安全性需求。然后通过设计起落架控制系统软件,采用模型检验技术对软件进行安全性验证。结果表明,所提方法能够在系统级层面有效识别出软件中潜在的危险控制路径,并可以减少对人工分析的依赖。     

Transaction processing in multilevel secure databases withkernelized architecture: Challenges and solutions

Multilevel security poses many challenging problems for transaction processing. The challenges are due to the conflicting requirements imposed by confidentiality, integrity, and availability-the three components of security. We identify these requirements on transaction processing in Multilevel Secure (MLS) database management systems (DBMSs) and survey the efforts of a number of researchers to meet these requirements. While our emphasis is primarily on centralized systems based on kernelized architecture, we briefly overview the research in the distributed MLS DBMSs as well     

Goal Setting and Trust in a Security Management Context

ABSTRACT

Information security can be viewed as the efficient control of uncertainty arising from malicious acts intended to exploit valuable assets and in the context of information systems the valuable assets under consideration are data. A large part of information security approaches is technical in nature with less consideration on people and organizational issues. The research presented in this paper adopts a broader perspective and presents an understanding of information security in terms of a socio-organizational perspective. In doing so, it uses the goal-setting approach to identify any possible weaknesses in security management procedures in relation to trust among the members of information technology groups in communicating efficiently security risk messages. Data for the research were collected through in-depth interviews within three case studies. Interview results suggest that goal setting and trust are interrelated in managing information security. The research contributes to interpretive information systems with the study of goal setting and trust in a security management context.     

Toward reliable user authentication through biometrics

Biometric authentication systems identify users by their measurable human characteristics. Although biometrics promise greater system security because identifying characteristics are tied to specific users, many issues remain unresolved.     

控制访问驱动器或文件夹的一种技术

计算机普及之后，以计算机病毒、非法存取等为代表的计算机安全问题成为了信息安全的新热点。人们研制各种反病毒的工具，并采用多种有效的身份识别和访问控制机制。针对公用计算机，进行驱动器或文件夹的访问控制，保证个人信息具有保密性。提出了一种密码访问驱动器或文件夹的关键技术，采用Web、Flash与VB技术集成，实现了计算机用户密码访问驱动器或文件夹的需求。     

Detection of control deterioration using decision support systems

Current audit practices limit the visibility of management to the effectiveness of controls between audit engagements. Controls can deteriorate between audits creating potential security vulnerabilities. The corporate environment contains automated data that can be analyzed to detect control deterioration. This paper suggests that audit management utilize decision support systems, management information systems and management science models to identify and project the deterioration of controls that can occur. The feedback to audit management should reduce operational costs, ensure the maintenance of controls and reduce security vulnerabilities.     

An informational theory of security

This presentation of a systems theory is applicable to security in the private sector which is profit dependent. At a time of heightened security specialization, it is necessary to establish a professional consensus that all private security areas are unified at the basic conceptual level. Business and industry face numerous threats to profitability. Threats applicable to the mission of security have been organized here by the WAECUP (waste, accident, error, crime, unethical practice) acronym. WAECUP threats are shown to be so interrelated that a security department that ignores even one threat is bound to fail. Computer security and all private sector security are shown linked in efforts to make loss control (the author's term for modern security) effective. The most common fallacy about private security is to equate it with police activity. This myth is dismantled and security is defined by a careful comparison between law enforcement and private security with respect to their clients, goals, focus, environmental restructuring abilities, and movement (access) controls. A graphic Loss Control Model is offered to explain how informational transfer minimizes loss and tends to stabilize any corporation. It is an open-ended systems model that all private security practitioners can identify with and utilize as a heuristic tool.     

A survey of security in multi-agent systems

Multi-agent systems (MAS) are a relatively new software paradigm that is being widely accepted in several application domains to address large and complex tasks. However, with the use of MAS in open, distributed and heterogeneous applications, the security issues may endanger the success of the application. The goal of this research is to identify the security issues faced by MAS and to survey the current state of the art of this field of knowledge. In order to do it, this paper examines the basic concepts of security in computing, and some characteristics of agents and multi-agent systems that introduce new threats and ways to attack. After this, some models and architectures proposed in the literature are presented and analyzed.     

A tour of secure software engineering solutions for connected vehicles

The growing number of vehicles daily moving on roads increases the need of protecting the safety and security of passengers, pedestrians, and vehicles themselves. This need is intensified when considering the pervasive introduction of Information and Communication Technologies (ICT) systems into modern vehicles, because this makes such vehicles potentially vulnerable from the point of view of security. The convergence of safety and security requirements is one of the main outstanding research challenges in software-intensive systems. This work reviews existing methodologies and solutions addressing security issues in the automotive domain with a focus on the integration between safety and security aspects. In particular, we identify the main security issues with vehicular communication technologies and existing gaps between state-of-the-art methodologies and their implementation in the real world. Starting from a literature survey and referring to widely accepted standards of the domain, such as AUTOSAR and ISO 26262, we discuss research challenges and set baselines for a holistic secure-by-design approach targeting safety and security aspects all along the different phases of the development process of automotive software.     

基于Shibboleth的企业信息系统统一身份认证

主要介绍企业信息系统中的统一身份认证研究和实践情况.对于一些大型企业而言,其信息系统往往是由不同的业务系统组成的,而且具有分布式的特点,其统一的身份认证就是提高系统运行效率,保证安全性关键之一.就以烟草行业信息系统为例,利用Shibboleth构建了一个统一身份认证系统,对相关的系统建设具有一定的借鉴作用.     

Security invariants in discrete transition systems

The Shadow semantics is a qualitative model for noninterference security for sequential programs. In this paper, we first extend the Shadow semantics to Event-B, to reason about discrete transition systems with noninterference security properties. In particular, we investigate how these security properties can be specified and proved as machine invariants. Next we highlight the role of security invariants during refinement and identify some common patterns in specifying them. Finally, we propose a practical extension to the supporting Rodin platform of Event-B, with the possibility of having some properties to be invariants-by-construction.     

基于多因素的网络身份认证

在Internet／Intranet的应用中,安全性面临着严重的挑战。用户在进入系统时,传统方法是通过口令验证其身份。这在某种程度上虽确保了计算机系统的安全,但同时存在着记忆烦琐、易丢失、易遗忘等弊端。另一方面,各种应用多样的身份认证机制。不仅繁杂而且给客户的访问增加了安全隐患。为此本文提出一种结合指纹识别、证书和身份令牌USBKey的多因素的具有强身份认证和一次性登录功能的认证及授权系统。     

Precluding incongruous behavior by aligning software requirements with security and privacy policies

Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirements and policies enables analysts to prevent incongruous behavior, misalignments and unfulfilled requirements, ensuring that security and privacy are built in rather than added on as an afterthought. Validated techniques to identify conflicts between system requirements and the governing security and privacy policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.