Visible to the public Biblio

Filters: Keyword is database  [Clear All Filters]
2021-09-16
Sarker, Partha S., Singh Saini, Amandeep, Sajan, K S, Srivastava, Anurag K..  2020.  CP-SAM: Cyber-Power Security Assessment and Resiliency Analysis Tool for Distribution System. 2020 Resilience Week (RWS). :188–193.
Cyber-power resiliency analysis of the distribution system is becoming critical with increase in adverse cyberevents. Distribution network operators need to assess and analyze the resiliency of the system utilizing the analytical tool with a carefully designed visualization and be driven by data and model-based analytics. This work introduces the Cyber-Physical Security Assessment Metric (CP-SAM) visualization tool to assist operators in ensuring the energy supply to critical loads during or after a cyber-attack. CP-SAM also provides decision support to operators utilizing measurement data and distribution power grid model and through well-designed visualization. The paper discusses the concepts of cyber-physical resiliency, software design considerations, open-source software components, and use cases for the tool to demonstrate the implementation and importance of the developed tool.
2021-08-31
Fadolalkarim, Daren, Bertino, Elisa, Sallam, Asmaa.  2020.  An Anomaly Detection System for the Protection of Relational Database Systems against Data Leakage by Application Programs. 2020 IEEE 36th International Conference on Data Engineering (ICDE). :265—276.
Application programs are a possible source of attacks to databases as attackers might exploit vulnerabilities in a privileged database application. They can perform code injection or code-reuse attack in order to steal sensitive data. However, as such attacks very often result in changes in the program's behavior, program monitoring techniques represent an effective defense to detect on-going attacks. One such technique is monitoring the library/system calls that the application program issues while running. In this paper, we propose AD-PROM, an Anomaly Detection system that aims at protecting relational database systems against malicious/compromised applications PROgraMs aiming at stealing data. AD-PROM tracks calls executed by application programs on data extracted from a database. The system operates in two phases. The first phase statically and dynamically analyzes the behavior of the application in order to build profiles representing the application's normal behavior. AD-PROM analyzes the control and data flow of the application program (i.e., static analysis), and builds a hidden Markov model trained by the program traces (i.e., dynamic analysis). During the second phase, the program execution is monitored in order to detect anomalies that may represent data leakage attempts. We have implemented AD-PROM and carried experimental activities to assess its performance. The results showed that our system is highly accurate in detecting changes in the application programs' behaviors and has very low false positive rates.
2021-05-20
Razaque, Abdul, Frej, Mohamed Ben Haj, Sabyrov, Dauren, Shaikhyn, Aidana, Amsaad, Fathi, Oun, Ahmed.  2020.  Detection of Phishing Websites using Machine Learning. 2020 IEEE Cloud Summit. :103—107.

Phishing sends malicious links or attachments through emails that can perform various functions, including capturing the victim's login credentials or account information. These emails harm the victims, cause money loss, and identity theft. In this paper, we contribute to solving the phishing problem by developing an extension for the Google Chrome web browser. In the development of this feature, we used JavaScript PL. To be able to identify and prevent the fishing attack, a combination of Blacklisting and semantic analysis methods was used. Furthermore, a database for phishing sites is generated, and the text, links, images, and other data on-site are analyzed for pattern recognition. Finally, our proposed solution was tested and compared to existing approaches. The results validate that our proposed method is capable of handling the phishing issue substantially.

2021-04-08
Althebyan, Q..  2019.  A Mobile Edge Mitigation Model for Insider Threats: A Knowledgebase Approach. 2019 International Arab Conference on Information Technology (ACIT). :188—192.
Taking care of security at the cloud is a major issue that needs to be carefully considered and solved for both individuals as well as organizations. Organizations usually expect more trust from employees as well as customers in one hand. On the other hand, cloud users expect their private data is maintained and secured. Although this must be case, however, some malicious outsiders of the cloud as well as malicious insiders who are cloud internal users tend to disclose private data for their malicious uses. Although outsiders of the cloud should be a concern, however, the more serious problems come from Insiders whose malicious actions are more serious and sever. Hence, insiders' threats in the cloud should be the top most problem that needs to be tackled and resolved. This paper aims to find a proper solution for the insider threat problem in the cloud. The paper presents a Mobile Edge Computing (MEC) mitigation model as a solution that suits the specialized nature of this problem where the solution needs to be very close to the place where insiders reside. This in fact gives real-time responses to attack, and hence, reduces the overhead in the cloud.
2020-03-30
Tabassum, Anika, Nady, Anannya Islam, Rezwanul Huq, Mohammad.  2019.  Mathematical Formulation and Implementation of Query Inversion Techniques in RDBMS for Tracking Data Provenance. 2019 7th International Conference on Information and Communication Technology (ICoICT). :1–6.
Nowadays the massive amount of data is produced from different sources and lots of applications are processing these data to discover insights. Sometimes we may get unexpected results from these applications and it is not feasible to trace back to the data origin manually to find the source of errors. To avoid this problem, data must be accompanied by the context of how they are processed and analyzed. Especially, data-intensive applications like e-Science always require transparency and therefore, we need to understand how data has been processed and transformed. In this paper, we propose mathematical formulation and implementation of query inversion techniques to trace the provenance of data in a relational database management system (RDBMS). We build mathematical formulations of inverse queries for most of the relational algebra operations and show the formula for join operations in this paper. We, then, implement these formulas of inversion techniques and the experiment shows that our proposed inverse queries can successfully trace back to original data i.e. finding data provenance.
2020-02-10
Sun, Shuang, Chen, Shudong, Du, Rong, Li, Weiwei, Qi, Donglin.  2019.  Blockchain Based Fine-Grained and Scalable Access Control for IoT Security and Privacy. 2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC). :598–603.
In this paper, we focuses on an access control issue in the Internet of Things (IoT). Generally, we firstly propose a decentralized IoT system based on blockchain. Then we establish a secure fine-grained access control strategies for users, devices, data, and implement the strategies with smart contract. To trigger the smart contract, we design different transactions. Finally, we use the multi-index table struct for the access right's establishment, and store the access right into Key-Value database to improve the scalability of the decentralized IoT system. In addition, to improve the security of the system we also store the access records on the blockchain and database.
2019-10-28
Trunov, Artem S., Voronova, Lilia I., Voronov, Vyacheslav I., Ayrapetov, Dmitriy P..  2018.  Container Cluster Model Development for Legacy Applications Integration in Scientific Software System. 2018 IEEE International Conference "Quality Management, Transport and Information Security, Information Technologies" (IT QM IS). :815–819.
Feature of modern scientific information systems is their integration with computing applications, providing distributed computer simulation and intellectual processing of Big Data using high-efficiency computing. Often these software systems include legacy applications in different programming languages, with non-standardized interfaces. To solve the problem of applications integration, containerization systems are using that allow to configure environment in the shortest time to deploy software system. However, there are no such systems for computer simulation systems with large number of nodes. The article considers the actual task of combining containers into a cluster, integrating legacy applications to manage the distributed software system MD-SLAG-MELT v.14, which supports high-performance computing and visualization of the computer experiments results. Testing results of the container cluster including automatic load sharing module for MD-SLAG-MELT system v.14. are given.
2019-02-25
Katole, R. A., Sherekar, S. S., Thakare, V. M..  2018.  Detection of SQL injection attacks by removing the parameter values of SQL query. 2018 2nd International Conference on Inventive Systems and Control (ICISC). :736–741.

Internet users are increasing day by day. The web services and mobile web applications or desktop web application's demands are also increasing. The chances of a system being hacked are also increasing. All web applications maintain data at the backend database from which results are retrieved. As web applications can be accessed from anywhere all around the world which must be available to all the users of the web application. SQL injection attack is nowadays one of the topmost threats for security of web applications. By using SQL injection attackers can steal confidential information. In this paper, the SQL injection attack detection method by removing the parameter values of the SQL query is discussed and results are presented.

2018-08-23
Crooks, Natacha, Pu, Youer, Alvisi, Lorenzo, Clement, Allen.  2017.  Seeing is Believing: A Client-Centric Specification of Database Isolation. Proceedings of the ACM Symposium on Principles of Distributed Computing. :73–82.

This paper introduces the first state-based formalization of isolation guarantees. Our approach is premised on a simple observation: applications view storage systems as black-boxes that transition through a series of states, a subset of which are observed by applications. Defining isolation guarantees in terms of these states frees definitions from implementation-specific assumptions. It makes immediately clear what anomalies, if any, applications can expect to observe, thus bridging the gap that exists today between how isolation guarantees are defined and how they are perceived. The clarity that results from definitions based on client-observable states brings forth several benefits. First, it allows us to easily compare the guarantees of distinct, but semantically close, isolation guarantees. We find that several well-known guarantees, previously thought to be distinct, are in fact equivalent, and that many previously incomparable flavors of snapshot isolation can be organized in a clean hierarchy. Second, freeing definitions from implementation-specific artefacts can suggest more efficient implementations of the same isolation guarantee. We show how a client-centric implementation of parallel snapshot isolation can be more resilient to slowdown cascades, a common phenomenon in large-scale datacenters.

2018-01-16
Chen, Jeang-Kuo, Lee, Wei-Zhe.  2017.  Enterprise Data Integration by Internal and External Systems. Proceedings of the 2017 International Conference on E-Business and Internet. :50–53.

ERP helps enterprises to integrate internal information and to improve operating performance and reaction capability. However, it is not enough to depend on ERP if enterprises want to develop quickly. The enterprise also needs several external supporting sub-systems such as personnel management system, equipment management system, etc. These sub-systems maybe outsourcing customized or developed by internal IT staff. They may be distributed in many branches or headquarter to collect the first line of data and then to deliver data to ERP for data integration. Most enterprises use human or timing batch process via internet to deliver data to ERP, but the two methods are not ideal from the view point of efficiency and security. This paper proposes a fast and safe way with both trigger and data replication techniques to deliver in time the distributed data to ERP for data integration.

2017-12-12
Wei, B., Liao, G., Li, W., Gong, Z..  2017.  A Practical One-Time File Encryption Protocol for IoT Devices. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). 2:114–119.

Security and privacy issues of the Internet of Things (IoT in short, hereafter) attracts the hot topic of researches through these years. As the relationship between user and server become more complicated than before, the existing security solutions might not provide exhaustive securities in IoT environment and novel solutions become new research challenges, e.g., the solutions based on symmetric cryptosystems are unsuited to handle with the occasion that decryption is only allowed in specific time range. In this paper, a new scalable one-time file encryption scheme combines reliable cryptographic techniques, which is named OTFEP, is proposed to satisfy specialized security requirements. One of OTFEP's key features is that it offers a mechanism to protect files in the database from arbitrary visiting from system manager or third-party auditors. OTFEP uses two different approaches to deal with relatively small file and stream file. Moreover, OTFEP supports good node scalability and secure key distribution mechanism. Based on its practical security and performance, OTFEP can be considered in specific IoT devices where one-time file encryption is necessary.

2017-03-07
Iyengar, Varsha, Coleman, Grisha, Tinapple, David, Turaga, Pavan.  2016.  Motion, Captured: An Open Repository for Comparative Movement Studies. Proceedings of the 3rd International Symposium on Movement and Computing. :17:1–17:6.

This paper begins to describe a new kind of database, one that explores a diverse range of movement in the field of dance through capture of different bodies and different backgrounds - or what we are terming movement vernaculars. We re-purpose Ivan Illich's concept of 'vernacular work' [11] here to refer to those everyday forms of dance and organized movement that are informal, refractory (resistant to formal analysis), yet are socially reproduced and derived from a commons. The project investigates the notion of vernaculars in movement that is intentional and aesthetic through the development of a computational approach that highlights both similarities and differences, thereby revealing the specificities of each individual mover. This paper presents an example of how this movement database is used as a research tool, and how the fruits of that research can be added back to the database, thus adding a novel layer of annotation and further enriching the collection. Future researchers can then benefit from this layer, further refining and building upon these techniques. The creation of a robust, open source, movement lexicon repository will allow for observation, speculation, and contextualization - along with the provision of clean and complex data sets for new forms of creative expression.

2017-02-23
V. S. Gutte, P. Deshpande.  2015.  "Cost and Communication Efficient Auditing over Public Cloud". 2015 International Conference on Computational Intelligence and Communication Networks (CICN). :807-810.

Cloud Computing is one of the large and essential environment now a days to work for the storage collection and privacy preserve to that data. Cloud data security is most important and major concern for the client while use of the cloud services provided by the different service providers. There can be some major security concern and conflicts between the client and the service provider. To get out from those issues, a third party auditor uses as an auditor for assurance of data in the environment. Storage systems for the cloud has many fundamental challenges still today. All basic as well critical challenges among which storage space and security is generally the top concern in the cloud environment. To give the appropriate security issues we have proposed third party authentication system. The cloud not only for the simplified data storage but also secure data acquisition in cloud environment. At last we have perform different security analysis as well performance analysis. It give the results that proposed scheme has significant increases in efficiency for maintaining highly secure data storage and acquisition. The proposed method also helps to minimize the cost in environment and also increases communication efficiency in the cloud environment.

2015-05-06
Xingbang Tian, Baohua Huang, Min Wu.  2014.  A transparent middleware for encrypting data in MongoDB. Electronics, Computer and Applications, 2014 IEEE Workshop on. :906-909.

Due to the development of cloud computing and NoSQL database, more and more sensitive information are stored in NoSQL databases, which exposes quite a lot security vulnerabilities. This paper discusses security features of MongoDB database and proposes a transparent middleware implementation. The analysis of experiment results show that this transparent middleware can efficiently encrypt sensitive data specified by users on a dataset level. Existing application systems do not need too many modifications in order to apply this middleware.

Alshammari, H., Elleithy, K., Almgren, K., Albelwi, S..  2014.  Group signature entanglement in e-voting system. Systems, Applications and Technology Conference (LISAT), 2014 IEEE Long Island. :1-4.

In any security system, there are many security issues that are related to either the sender or the receiver of the message. Quantum computing has proven to be a plausible approach to solving many security issues such as eavesdropping, replay attack and man-in-the-middle attack. In the e-voting system, one of these issues has been solved, namely, the integrity of the data (ballot). In this paper, we propose a scheme that solves the problem of repudiation that could occur when the voter denies the value of the ballot either for cheating purposes or for a real change in the value by a third party. By using an entanglement concept between two parties randomly, the person who is going to verify the ballots will create the entangled state and keep it in a database to use it in the future for the purpose of the non-repudiation of any of these two voters.