Biblio

Filters: Keyword is Companies  [Clear All Filters]
2021-03-04
Patil, A. P., Karkal, G., Wadhwa, J., Sawood, M., Reddy, K. Dhanush.  2020.  Design and Implementation of a Consensus Algorithm to build Zero Trust Model. 2020 IEEE 17th India Council International Conference (INDICON). :1—5.
Zero Trust Model ensures each node is responsible for the approval of the transaction before it gets committed. The data owners can track their data while it’s shared amongst the various data custodians ensuring data security. The consensus algorithm enables the users to trust the network as malicious nodes fail to get approval from all nodes, thereby causing the transaction to be aborted. The use case chosen to demonstrate the proposed consensus algorithm is the college placement system. The algorithm has been extended to implement a diversified, decentralized, automated placement system, wherein the data owner i.e. the student, maintains an immutable certificate vault and the student’s data has been validated by a verifier network i.e. the academic department and placement department. The data transfer from student to companies is recorded as transactions in the distributed ledger or blockchain allowing the data to be tracked by the student.
2021-02-22
Eftimie, S., Moinescu, R., Rǎcuciu, C..  2020.  Insider Threat Detection Using Natural Language Processing and Personality Profiles. 2020 13th International Conference on Communications (COMM). :325–330.
This work represents an interdisciplinary effort to proactively identify insider threats, using natural language processing and personality profiles. Profiles were developed for the relevant insider threat types using the five-factor model of personality and were used in a proof-of-concept detection system. The system employs a third-party cloud service that uses natural language processing to analyze personality profiles based on personal content. In the end, an assessment was made over the feasibility of the system using a public dataset.
2021-08-31
Hu, Hongsheng, Dobbie, Gillian, Salcic, Zoran, Liu, Meng, Zhang, Jianbing, Zhang, Xuyun.  2020.  A Locality Sensitive Hashing Based Approach for Federated Recommender System. 2020 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (CCGRID). :836–842.
The recommender system is an important application in big data analytics because accurate recommendation items or high-valued suggestions can bring high profit to both commercial companies and customers. To make precise recommendations, a recommender system often needs large and fine-grained data for training. In the current big data era, data often exist in the form of isolated islands, and it is difficult to integrate the data scattered due to privacy security concerns. Moreover, privacy laws and regulations make it harder to share data. Therefore, designing a privacy-preserving recommender system is of paramount importance. Existing privacy-preserving recommender system models mainly adapt cryptography approaches to achieve privacy preservation. However, cryptography approaches have heavy overhead when performing encryption and decryption operations and they lack a good level of flexibility. In this paper, we propose a Locality Sensitive Hashing (LSH) based approach for federated recommender system. Our proposed efficient and scalable federated recommender system can make full use of multiple source data from different data owners while guaranteeing preservation of privacy of contributing parties. Extensive experiments on real-world benchmark datasets show that our approach can achieve both high time efficiency and accuracy under small privacy budgets.
2020-12-28
Chaves, A., Moura, Í, Bernardino, J., Pedrosa, I..  2020.  The privacy paradigm : An overview of privacy in Business Analytics and Big Data. 2020 15th Iberian Conference on Information Systems and Technologies (CISTI). :1—6.
In this New Age where information has an indispensable value for companies and data mining technologies are growing in the area of Information Technology, privacy remains a sensitive issue in the approach to the exploitation of the large volume of data generated and processed by companies. The way data is collected, handled and destined is not yet clearly defined and has been the subject of constant debate by several areas of activity. This literature review gives an overview of privacy in the era of Business Analytics and Big Data in different timelines, the opportunities and challenges faced, aiming to broaden discussions on a subject that deserves extreme attention and aims to show that, despite measures for data protection have been created, there is still a need to discuss the subject among the different parties involved in the process to achieve a positive ideal for both users and companies.
2021-05-13
Peck, Sarah Marie, Khan, Mohammad Maifi Hasan, Fahim, Md Abdullah Al, Coman, Emil N, Jensen, Theodore, Albayram, Yusuf.  2020.  Who Would Bob Blame? Factors in Blame Attribution in Cyberattacks Among the Non-Adopting Population in the Context of 2FA 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :778–789.
This study focuses on identifying the factors contributing to a sense of personal responsibility that could improve understanding of insecure cybersecurity behavior and guide research toward more effective messaging targeting non-adopting populations. Towards that, we ran a 2(account type) x2(usage scenario) x2(message type) between-group study with 237 United States adult participants on Amazon MTurk, and investigated how the non-adopting population allocates blame, and under what circumstances they blame the end user among the parties who hold responsibility: the software companies holding data, the attackers exposing data, and others. We find users primarily hold service providers accountable for breaches but they feel the same companies should not enforce stronger security policies on users. Results indicate that people do hold end users accountable for their behavior in the event of a breach, especially when the users' behavior affects others. Implications of our findings in risk communication is discussed in the paper.
2021-09-16
Sun, Jin, Yao, Xiaomin, Wang, Shangping, Wu, Ying.  2020.  Non-Repudiation Storage and Access Control Scheme of Insurance Data Based on Blockchain in IPFS. IEEE Access. 8:155145–155155.
The insurance business plays a quite significant role in people's lives, but in the process of claim settlement, there are still various frauds such that the insurance companies' refusal to compensate or customers' malicious fraud to obtain compensation. Therefore, it is very important to ensure fair and just claims. In this paper, by combining the blockchain technology and the ciphertext-policy attribute-based encryption system, we build a scheme for secure storage and update for insurance records under the InterPlanetary File System (IPFS) storage environment in the insurance system. In this scheme, we use the fog node to outsource encryption of insurance records to improve the efficiency of the staff; In addition, we store encrypted insurance records on IPFS to ensure the security of the storage platform and avoid the single point failure of the centralized mechanism. In addition, we use the immutability of the blockchain to achieve the non-repudiation of both insurance companies and the client. The security proof shows that the proposed scheme can achieve selective security against selected keyword attacks. Our scheme is efficient and feasible under performance analysis and real data set experiments.
2021-06-24
Chen, Sen, Fan, Lingling, Meng, Guozhu, Su, Ting, Xue, Minhui, Xue, Yinxing, Liu, Yang, Xu, Lihua.  2020.  An Empirical Assessment of Security Risks of Global Android Banking Apps. 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). :1310—1322.
Mobile banking apps, belonging to the most security-critical app category, render massive and dynamic transactions susceptible to security risks. Given huge potential financial loss caused by vulnerabilities, existing research lacks a comprehensive empirical study on the security risks of global banking apps to provide useful insights and improve the security of banking apps. Since data-related weaknesses in banking apps are critical and may directly cause serious financial loss, this paper first revisits the state-of-the-art available tools and finds that they have limited capability in identifying data-related security weaknesses of banking apps. To complement the capability of existing tools in data-related weakness detection, we propose a three-phase automated security risk assessment system, named Ausera, which leverages static program analysis techniques and sensitive keyword identification. By leveraging Ausera, we collect 2,157 weaknesses in 693 real-world banking apps across 83 countries, which we use as a basis to conduct a comprehensive empirical study from different aspects, such as global distribution and weakness evolution during version updates. We find that apps owned by subsidiary banks are always less secure than or equivalent to those owned by parent banks. In addition, we also track the patching of weaknesses and receive much positive feedback from banking entities so as to improve the security of banking apps in practice. We further find that weaknesses derived from outdated versions of banking apps or third-party libraries are highly prone to being exploited by attackers. To date, we highlight that 21 banks have confirmed the weaknesses we reported (including 126 weaknesses in total). We also exchange insights with 7 banks, such as HSBC in UK and OCBC in Singapore, via in-person or online meetings to help them improve their apps. We hope that the insights developed in this paper will inform the communities about the gaps among multiple stakeholders, including banks, academic researchers, and third-party security companies.
2021-09-07
Franco, Muriel Figueredo, Rodrigues, Bruno, Scheid, Eder John, Jacobs, Arthur, Killer, Christian, Granville, Lisandro Zambenedetti, Stiller, Burkhard.  2020.  SecBot: a Business-Driven Conversational Agent for Cybersecurity Planning and Management. 2020 16th International Conference on Network and Service Management (CNSM). :1–7.
Businesses were moving during the past decades to-ward full digital models, which made companies face new threats and cyberattacks affecting their services and, consequently, their profits. To avoid negative impacts, companies' investments in cybersecurity are increasing considerably. However, Small and Medium-sized Enterprises (SMEs) operate on small budgets, minimal technical expertise, and few personnel to address cybersecurity threats. In order to address such challenges, it is essential to promote novel approaches that can intuitively present cybersecurity-related technical information.This paper introduces SecBot, a cybersecurity-driven conversational agent (i.e., chatbot) for the support of cybersecurity planning and management. SecBot applies concepts of neural networks and Natural Language Processing (NLP), to interact and extract information from a conversation. SecBot can (a) identify cyberattacks based on related symptoms, (b) indicate solutions and configurations according to business demands, and (c) provide insightful information for the decision on cybersecurity investments and risks. A formal description had been developed to describe states, transitions, a language, and a Proof-of-Concept (PoC) implementation. A case study and a performance evaluation were conducted to provide evidence of the proposed solution's feasibility and accuracy.
2021-03-29
Shaout, A., Schmidt, N..  2020.  Keystroke Identifier Using Fuzzy Logic to Increase Password Security. 2020 21st International Arab Conference on Information Technology (ACIT). :1—8.

Cybersecurity is a major issue today. It is predicted that cybercrime will cost the world \$6 trillion annually by 2021. It is important to make logins secure as well as to make advances in security in order to catch cybercriminals. This paper will design and create a device that will use Fuzzy logic to identify a person by the rhythm and frequency of their typing. The device will take data from a user from a normal password entry session. This data will be used to make a Fuzzy system that will be able to identify the user by their typing speed. An application of this project could be used to make a more secure log-in system for a user. The log-in system would not only check that the correct password was entered but also that the rhythm of how the password was typed matched the user. Another application of this system could be used to help catch cybercriminals. A cybercriminal may have a certain rhythm at which they type at and this could be used like a fingerprint to help officials locate cybercriminals.

2021-06-24
King, Andrew, Kaleem, Faisal, Rabieh, Khaled.  2020.  A Survey on Privacy Issues of Augmented Reality Applications. 2020 IEEE Conference on Application, Information and Network Security (AINS). :32—40.
Privacy is one of the biggest concerns of the coming decade, ranking third among concerns of consumers. Data breaches and leaks are constantly in the news with companies like Facebook and Amazon being outed for their excessive data collection. With companies and governmental agencies tracking and monitoring individuals to a great degree, there are concerns that contemporary technologies that feed into these systems can be misused or misappropriated further. Frameworks currently in place fail to address many of these consumer's concerns and even the legal framework could use further elaboration to better control the way data is handled. In this paper, We address the current industrial standards, frameworks, and concerns of one of the biggest technology trends right now, the Augmented Reality. The expected prevalence of augmented reality applications necessitates a deeper study not only of their security but the expected challenges of users using such applications as well.
2021-03-29
Maklachkova, V. V., Dokuchaev, V. A., Statev, V. Y..  2020.  Risks Identification in the Exploitation of a Geographically Distributed Cloud Infrastructure for Storing Personal Data. 2020 International Conference on Engineering Management of Communication and Technology (EMCTECH). :1—6.

Throughout the life cycle of any technical project, the enterprise needs to assess the risks associated with its development, commissioning, operation and decommissioning. This article defines the task of researching risks in relation to the operation of a data storage subsystem in the cloud infrastructure of a geographically distributed company and the tools that are required for this. Analysts point out that, compared to 2018, in 2019 there were 3.5 times more cases of confidential information leaks from storages on unprotected (freely accessible due to incorrect configuration) servers in cloud services. The total number of compromised personal data and payment information records increased 5.4 times compared to 2018 and amounted to more than 8.35 billion records. Moreover, the share of leaks of payment information has decreased, but the percentage of leaks of personal data has grown and accounts for almost 90% of all leaks from cloud storage. On average, each unsecured service identified resulted in 33.7 million personal data records being leaked. Leaks are mainly related to misconfiguration of services and stored resources, as well as human factors. These impacts can be minimized by improving the skills of cloud storage administrators and regularly auditing storage. Despite its seeming insecurity, the cloud is a reliable way of storing data. At the same time, leaks are still occurring. According to Kaspersky Lab, every tenth (11%) data leak from the cloud became possible due to the actions of the provider, while a third of all cyber incidents in the cloud (31% in Russia and 33% in the world) were due to gullibility company employees caught up in social engineering techniques. Minimizing the risks associated with the storage of personal data is one of the main tasks when operating a company's cloud infrastructure.

2021-08-31
Zhang, Zehao, Yu, Zhen, Weng, Wei, Guan, Cheng.  2020.  Study on the Digitalization Method of Intelligent Emergency Plan of Power System. 2020 International Conference on Artificial Intelligence and Computer Engineering (ICAICE). :179—182.
This paper puts forward a formalized method of emergency plan based on ontology, sums up the main concepts such as system, event, rule, measure, constraint and resource, and analyzes the logical relationship among concepts. A digital intelligent emergency plan storage scheme based on relational database model is proposed. In this paper, full-text search, data search and knowledge search are comprehensively used to adapt to the information needs and characteristics of different users' query plans. Finally, an example of emergency plan made by a power supply company is given to illustrate the effectiveness of the method.
2020-11-20
Demjaha, A., Caulfield, T., Sasse, M. Angela, Pym, D..  2019.  2 Fast 2 Secure: A Case Study of Post-Breach Security Changes. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :192—201.
A security breach often makes companies react by changing their attitude and approach to security within the organization. This paper presents an in-depth case study of post-breach security changes made by a company and the consequences of those changes. We employ the principles of participatory action research and humble inquiry to conduct a long-term study with employee interviews while embedded in the organization's security division. Despite an extremely high level of financial investment in security, and consistent attention and involvement from the board, the interviews indicate a significant level of friction between employees and security. In the main themes that emerged from our data analysis, a number of factors shed light on the friction: fear of another breach leading to zero risk appetite, impossible security controls making non-compliance a norm, security theatre underminining the purpose of security policies, employees often trading-off security with productivity, and as such being treated as children in detention rather than employees trying to finish their paid jobs. This paper shows that post-breach security changes can be complex and sometimes risky due to emotions often being involved. Without an approach considerate of how humans and security interact, even with high financial investment, attempts to change an organization's security behaviour may be ineffective.
2020-10-12
Luma, Artan, Abazi, Blerton, Aliu, Azir.  2019.  An approach to Privacy on Recommended Systems. 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). :1–5.
Recommended systems are very popular nowadays. They are used online to help a user get the desired product quickly. Recommended Systems are found on almost every website, especially big companies such as Facebook, eBay, Amazon, NetFlix, and others. In specific cases, these systems help the user find a book, movie, article, product of his or her preference, and are also used on social networks to meet friends who share similar interests in different fields. These companies use referral systems because they bring amazing benefits in a very fast time. To generate more accurate recommendations, recommended systems are based on the user's personal information, eg: different ratings, history observation, personal profiles, etc. Use of these systems is very necessary but the way this information is received, and the privacy of this information is almost constantly ignored. Many users are unaware of how their information is received and how it is used. This paper will discuss how recommended systems work in different online companies and how safe they are to use without compromising their privacy. Given the widespread use of these systems, an important issue has arisen regarding user privacy and security. Collecting personal information from recommended systems increases the risk of unwanted exposure to that information. As a result of this paper, the reader will be aware of the functioning of Recommended systems, the way they receive and use their information, and will also discuss privacy protection techniques against Recommended systems.
2020-09-28
Becher, Kilian, Beck, Martin, Strufe, Thorsten.  2019.  An Enhanced Approach to Cloud-based Privacy-preserving Benchmarking. 2019 International Conference on Networked Systems (NetSys). :1–8.
Benchmarking is an important measure for companies to investigate their performance and to increase efficiency. As companies usually are reluctant to provide their key performance indicators (KPIs) for public benchmarks, privacy-preserving benchmarking systems are required. In this paper, we present an enhanced privacy-preserving benchmarking protocol, which we implemented and evaluated based on the real-world scenario of product cost optimisation. It is based on homomorphic encryption and enables cloud-based KPI comparison, providing a variety of statistical measures. The theoretical and empirical evaluation of our benchmarking system underlines its practicability.
2020-03-18
jaidane, Emna, Hamdi, Mohamed, Aguili, Taoufik, Kim, Tai-hoon.  2019.  A new vehicular blackbox architecture based on searchable encryption. 2019 15th International Wireless Communications Mobile Computing Conference (IWCMC). :1073–1078.
Blackboxes are being increasingly used in the vehicular context to store and transmit information related to safety, security and many other applications. The plethora of sensors available at the different parts of the vehicle can provide enriched gathering of the data related to these applications. Nonetheless, to support multiple use cases, the blackbox must be accessible by various actors (e.g. vehicle owner, insurance company, law enforcement authorities). This raises significant challenges regarding the privacy of the data collected and stored in the blackbox. In fact, these data can often lead to tracing back accurate facts about the behaviour of the owner of the vehicle. To cope with this problem, we propose a new blackbox architecture supporting searchable encryption. This feature allows multiple users who are not able to decipher the content of the blackbox to validate properties such as path traceback and velocity. To illustrate the implementation of the proposed technique in practice, we discuss a case study related to post-accident processing by insurance companies.
2020-04-13
Horne, Benjamin D., Gruppi, Mauricio, Adali, Sibel.  2019.  Trustworthy Misinformation Mitigation with Soft Information Nudging. 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :245–254.

Research in combating misinformation reports many negative results: facts may not change minds, especially if they come from sources that are not trusted. Individuals can disregard and justify lies told by trusted sources. This problem is made even worse by social recommendation algorithms which help amplify conspiracy theories and information confirming one's own biases due to companies' efforts to optimize for clicks and watch time over individuals' own values and public good. As a result, more nuanced voices and facts are drowned out by a continuous erosion of trust in better information sources. Most misinformation mitigation techniques assume that discrediting, filtering, or demoting low veracity information will help news consumers make better information decisions. However, these negative results indicate that some news consumers, particularly extreme or conspiracy news consumers will not be helped. We argue that, given this background, technology solutions to combating misinformation should not simply seek facts or discredit bad news sources, but instead use more subtle nudges towards better information consumption. Repeated exposure to such nudges can help promote trust in better information sources and also improve societal outcomes in the long run. In this article, we will talk about technological solutions that can help us in developing such an approach, and introduce one such model called Trust Nudging.

2020-06-02
Krawec, Walter O..  2019.  Multi-Mediated Semi-Quantum Key Distribution. 2019 IEEE Globecom Workshops (GC Wkshps). :1—6.

A semi-quantum key distribution (SQKD) protocol allows two users A and B to establish a shared secret key that is secure against an all-powerful adversary E even when one of the users (e.g., B) is semi-quantum or classical in nature while the other is fully-quantum. A mediated SQKD protocol allows two semi-quantum users to establish a key with the help of an adversarial quantum server. We introduce the concept of a multi-mediated SQKD protocol where two (or more) adversarial quantum servers are used. We construct a new protocol in this model and show how it can withstand high levels of quantum noise, though at a cost to efficiency. We perform an information theoretic security analysis and, along the way, prove a general security result applicable to arbitrary MM-SQKD protocols. Finally, a comparison is made to previous (S)QKD protocols.

2020-04-03
Fawaz, Kassem, Linden, Thomas, Harkous, Hamza.  2019.  Invited Paper: The Applications of Machine Learning in Privacy Notice and Choice. 2019 11th International Conference on Communication Systems Networks (COMSNETS). :118—124.
For more than two decades since the rise of the World Wide Web, the “Notice and Choice” framework has been the governing practice for the disclosure of online privacy practices. The emergence of new forms of user interactions, such as voice, and the enforcement of new regulations, such as the EU's recent General Data Protection Regulation (GDPR), promise to change this privacy landscape drastically. This paper discusses the challenges towards providing the privacy stakeholders with privacy awareness and control in this changing landscape. We will also present our recent research on utilizing Machine learning to analyze privacy policies and settings.
2020-08-28
Molesky, Mason J., Cameron, Elizabeth A..  2019.  Internet of Things: An Analysis and Proposal of White Worm Technology. 2019 IEEE International Conference on Consumer Electronics (ICCE). :1—4.

The quantity of Internet of Things (IoT) devices in the marketplace and lack of security is staggering. The interconnectedness of IoT devices has increased the attack surface for hackers. "White Worm" technology has the potential to combat infiltrating malware. Before white worm technology becomes viable, its capabilities must be constrained to specific devices and limited to non-harmful actions. This paper addresses the current problem, international research, and the conflicting interest of individuals, businesses, and governments regarding white worm technology. Proposed is a new perspective on utilizing white worm technology to protect the vulnerability of IoT devices, while overcoming its challenges.

2020-01-27
Álvarez Almeida, Luis Alfredo, Carlos Martinez Santos, Juan.  2019.  Evaluating Features Selection on NSL-KDD Data-Set to Train a Support Vector Machine-Based Intrusion Detection System. 2019 IEEE Colombian Conference on Applications in Computational Intelligence (ColCACI). :1–5.
The integrity of information and services is one of the more evident concerns in the world of global information security, due to the fact that it has economic repercussions on the digital industry. For this reason, big companies spend a lot of money on systems that protect them against cyber-attacks like Denial of Service attacks. In this article, we will use all the attributes of the data-set NSL-KDD to train and test a Support Vector Machine model. This model will then be applied to a method of feature selection to obtain the most relevant attributes within the aforementioned data-set and train the model again. The main goal is comparing the results obtained in both instances of training and validate which was more efficient.
2020-08-28
Duncan, Adrian, Creese, Sadie, Goldsmith, Michael.  2019.  A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1—9.

Attacks on cloud-computing services are becoming more prevalent with recent victims including Tesla, Aviva Insurance and SIM-card manufacturer Gemalto[1]. The risk posed to organisations from malicious insiders is becoming more widely known about and consequently many are now investing in hardware, software and new processes to try to detect these attacks. As for all types of attack vector, there will always be those which are not known about and those which are known about but remain exceptionally difficult to detect - particularly in a timely manner. We believe that insider attacks are of particular concern in a cloud-computing environment, and that cloud-service providers should enhance their ability to detect them by means of indirect detection. We propose a combined attack-tree and kill-chain based method for identifying multiple indirect detection measures. Specifically, the use of attack trees enables us to encapsulate all detection opportunities for insider attacks in cloud-service environments. Overlaying the attack tree on top of a kill chain in turn facilitates indirect detection opportunities higher-up the tree as well as allowing the provider to determine how far an attack has progressed once suspicious activity is detected. We demonstrate the method through consideration of a specific type of insider attack - that of attempting to capture virtual machines in transit within a cloud cluster via use of a network tap, however, the process discussed here applies equally to all cloud paradigms.

2020-02-17
Zhao, Guowei, Zhao, Rui, Wang, Qiang, Xue, Hui, Luo, Fang.  2019.  Virtual Network Mapping Algorithm for Self-Healing of Distribution Network. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :1442–1445.
This paper focuses on how to provide virtual network (VN) with the survivability of node failure. In the SVNE that responds to node failures, the backup mechanism provided by the VN initial mapping method should be as flexible as possible, so that backup resources can be shared among the VNs, thereby providing survivability support for the most VNs with the least backup overhead, which can improve The utilization of backup resources can also improve the survivability of VN to deal with multi-node failures. For the remapping method of virtual networks, it needs to be higher because it involves both remapping of virtual nodes and remapping of related virtual links. The remapping efficiency, so as to restore the affected VN to a normal state as soon as possible, to avoid affecting the user's business experience. Considering that the SVNE method that actively responds to node failures always has a certain degree of backup resource-specific phenomenon, this section provides a SVNE method that passively responds to node failures. This paper mainly introduces the survivability virtual network initial mapping method based on physical node recoverability in this method.
2019-10-30
Bugeja, Joseph, Vogel, Bahtijar, Jacobsson, Andreas, Varshney, Rimpu.  2019.  IoTSM: An End-to-End Security Model for IoT Ecosystems. 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). :267-272.

The Internet of Things (IoT) market is growing rapidly, allowing continuous evolution of new technologies. Alongside this development, most IoT devices are easy to compromise, as security is often not a prioritized characteristic. This paper proposes a novel IoT Security Model (IoTSM) that can be used by organizations to formulate and implement a strategy for developing end-to-end IoT security. IoTSM is grounded by the Software Assurance Maturity Model (SAMM) framework, however it expands it with new security practices and empirical data gathered from IoT practitioners. Moreover, we generalize the model into a conceptual framework. This approach allows the formal analysis for security in general and evaluates an organization's security practices. Overall, our proposed approach can help researchers, practitioners, and IoT organizations, to discourse about IoT security from an end-to-end perspective.

2020-11-16
Belesioti, M., Makri, R., Fehling-Kaschek, M., Carli, M., Kostopoulos, A., Chochliouros, I. P., Neri, A., Frosali, F..  2019.  A New Security Approach in Telecom Infrastructures: The RESISTO Concept. 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). :212–218.
Communications play a fundamental role in the economic and social well-being of the citizens and on operations of most of the critical infrastructures (CIs). Extreme weather events, natural disasters and criminal attacks represent a challenge due to their increase in frequency and intensity requiring smarter resilience of the Communication CIs, which are extremely vulnerable due to the ever-increasing complexity of the architecture also in light of the evolution towards 5G, the extensive use of programmable platforms and exponential growth of connected devices. In this paper, we present the aim of RESISTO H2020 EU-funded project, which constitutes an innovative solution for Communication CIs holistic situation awareness and enhanced resilience.