This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
Side channel attack may result in user key leakage as scan test techniques are applied for crypto-graphic chips. Many secure scan designs have been proposed to protect the user key. This paper meticulously selects thr...Side channel attack may result in user key leakage as scan test techniques are applied for crypto-graphic chips. Many secure scan designs have been proposed to protect the user key. This paper meticulously selects three current scan test techniques, analyses their advantages and disadvantages and also compares them in security and area overhead. Users can choose one of them according to the requirements and further combination can be implemented to achieve better performance.展开更多
Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdi...Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.展开更多
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
文摘Side channel attack may result in user key leakage as scan test techniques are applied for crypto-graphic chips. Many secure scan designs have been proposed to protect the user key. This paper meticulously selects three current scan test techniques, analyses their advantages and disadvantages and also compares them in security and area overhead. Users can choose one of them according to the requirements and further combination can be implemented to achieve better performance.
文摘Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.
