Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques

This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.

Security for Industrial Communication Systems

B. Remote Access to Stand-Alone Embedded Systems Industrial controllers, especially for power system and transportation applications, are often deployed as stand-alone systems in a geographically dispersed area. Maintenance and service costs of stand-alone embedded systems can be reduced when they can be

Security for Industrial Communication Systems

B. Network Architectures This section describes the main types of industrial and utility communication network topologies and protocols, in preparation for the discussion of specific security issues in the later sections. Communication networks for industrial automation are typically built in hierarchi-

Security for Industrial Communication Systems

D.Security on the Field Bus and Device Level As described in SectionⅢ-B,Fig.2,in- dustrial communication networks involve a number of levels.The lowest level\is closest to the application specific devices such as sensors,meters,and actuators.A large number of specialized and partly proprietary commu- nication systems,media,and protocols can be found on this level.Most were developed at a time when security issues were of lesser con- cern than today,and when no practical secu- rity measures were available.

Security for Industrial Communication Systems

E. Security of Embedded Systems for Industrial Control and Communication Industrial automation controllers are typically implemented on embedded computers. Such embedded systems have to cope with restrictions on cost, real-time performance, power consumption, and other constraints which are even more demanding than in large workstations. A reference discusses these aspects with the example of a thermostat con-

Code mechanical solidification and verification in MEMS security devices

The virtual machine of code mechanism （VMCM） as a new concept for code mechanical solidification and verification is proposed and can be applied in MEMS （micro-electromechanical systems） security device for high consequence systems. Based on a study of the running condition of physical code mechanism, VMCM＇s configuration, ternary encoding method, running action and logic are derived. The cases of multi-level code mechanism are designed and verified with the VMCM method, showing that the presented method is effective.

Information security through controlled quantum teleportation networks

Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new models to ensure the safe transmission of information through such systems.Recently,quantum systems have drawn much attention since they are expected to have a significant impact on the research in information security.This paper proposes a quantum teleportation scheme based on controlled multi-users to ensure the secure information transmission among users.Quantum teleportation is an original key element in a variety of quantum information tasks as well as quantum-based technologies,which plays a pivotal role in the current progress of quantum computing and communication.In the proposed scheme,the sender transmits the information to the receiver under the control of a third user or controller.Here,we show that the efficiency of the proposed scheme depends on the properties of the transmission channel and the honesty of the controller.Compared with various teleportation scheme presented recently in the literature,the most important difference in the proposed scheme is the possibility of suspicion about the honesty of the controller and,consequently,taking proper precautions.

Application of Physical Unclonable Function for Lightweight Authentication in Internet of Things

IoT devices rely on authentication mechanisms to render secure message exchange.During data transmission,scalability,data integrity,and processing time have been considered challenging aspects for a system constituted by IoT devices.The application of physical unclonable functions(PUFs)ensures secure data transmission among the internet of things(IoT)devices in a simplified network with an efficient time-stamped agreement.This paper proposes a secure,lightweight,cost-efficient reinforcement machine learning framework(SLCR-MLF)to achieve decentralization and security,thus enabling scalability,data integrity,and optimized processing time in IoT devices.PUF has been integrated into SLCR-MLF to improve the security of the cluster head node in the IoT platform during transmission by providing the authentication service for device-to-device communication.An IoT network gathers information of interest from multiple cluster members selected by the proposed framework.In addition,the software-defined secured(SDS)technique is integrated with SLCR-MLF to improve data integrity and optimize processing time in the IoT platform.Simulation analysis shows that the proposed framework outperforms conventional methods regarding the network’s lifetime,energy,secured data retrieval rate,and performance ratio.By enabling the proposed framework,number of residual nodes is reduced to 16%,energy consumption is reduced by up to 50%,almost 30%improvement in data retrieval rate,and network lifetime is improved by up to 1000 msec.

Hybrid of Distributed Cumulative Histograms and Classification Model for Attack Detection

Traditional security systems are exposed to many various attacks,which represents a major challenge for the spread of the Internet in the future.Innovative techniques have been suggested for detecting attacks using machine learning and deep learning.The significant advantage of deep learning is that it is highly efficient,but it needs a large training time with a lot of data.Therefore,in this paper,we present a new feature reduction strategy based on Distributed Cumulative Histograms(DCH)to distinguish between dataset features to locate the most effective features.Cumulative histograms assess the dataset instance patterns of the applied features to identify the most effective attributes that can significantly impact the classification results.Three different models for detecting attacks using Convolutional Neural Network(CNN)and Long Short-Term Memory Network(LSTM)are also proposed.The accuracy test of attack detection using the hybrid model was 98.96%on the UNSW-NP15 dataset.The proposed model is compared with wrapper-based and filter-based Feature Selection(FS)models.The proposed model reduced classification time and increased detection accuracy.

A review of security issues and solutions for precision health in Internet-of-Medical-Things systems

Precision medicine provides a holistic perspective of an individual's health,including genetic,environmental,and lifestyle aspects to realize individualized therapy.The development of the internet of things(IoT)devices,the widespread emergence of electronic medical records(EMR),and the rapid progress of cloud computing and artificial intelli-gence provide an opportunity to collect healthcare big data throughout the lifespan and analyze the disease risk at all stages of life.Thus,the focus of precision medicine is shift-ing from treatment toward prediction and prevention,i.e.,precision health.To this end,various types of data such as omics,imaging,EMR,continuous physiological monitoring,lifestyle,and environmental information,need to be collected,tracked,managed and shared.Thus,internet-of-medical things(IoMT)is crucial for assimilating the health systems,appli-cations,services,and devices that can improve the speed and accuracy of diagnosis and treatments along with real-time monitoring and modification of patient behavior as well as health status.However,security has emerged as a growing concern owing to the prolifera-tion of IoMT devices.The increasing interconnectivity of IoMT-enabled devices with health data reception,transmission,and processing significantly increases the number of potential vulnerabilities within a system.To address the security issues of precision health in IoMT systems,this study reviews the state-of-the-art techniques and schemes from the perspective of a hierarchical system architecture.We present an IoMT system model comprising three layers:the sensing layer,network layer,and cloud infrastructure layer.In particular,we dis-cuss the vulnerabilities and threats to security in each layer and review the existing security techniques and schemes corresponding to the system components along with their function-alities.Owing to the unique nature of biometric features in medical and health services,we highlight the biometrics-based technologies applied in IoMT systems,which contribute toward a considerable difference between the security solutions of existing IoT systems.Fur-thermore,we summarize the challenges and future research directions of IoMT systems to ensure an improved and more secure future of precision health.

Design of secure operating systems with high security levels

Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level （hereafter simply referred to as ANSHENG OS）, this paper addresses the following key issues in the design of secure operating systems with high security levels： security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models： confidentiality, integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated. Cover channel analysis （CCA） is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

Analysis of security in cyber-physical systems

In recent years,cyber-physical systems(CPSs)have received much attention from both the academic world and the industrial world,which refer to a deep integration and coordination of physical and computational resources[1,2].Typical examples of CPSs can be found in smart grids,smart transportation systems,industrial control systems,water supply systems,and so on.Furthermore,many military systems

A note on diagnosis and performance degradation detection in automatic control systems towards functional safety and cyber security

This note addresses diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems.It calls for more research attention on three aspects:(i)application of control and detection uni ed framework to enhancing the diagnosis capability of feedback control systems,(ii)projection-based fault detection,and complementary and explainable applications of projection-and machine learning-based techniques,and(iii)system performance degradation detection that is of elemental importance for today's automatic control systems.Some ideas and conceptual schemes are presented and illustrated by means of examples,serving as convincing arguments for research e orts in these aspects.They would contribute to the future development of capable diagnosis systems for functionality safe and cyber secure automatic control systems.

New Approach for Information Security Evaluation and Management of IT Systems in Educational Institutions

Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.

Analysis and design of secure cyber-physical systems

Cyber-physical systems （CPSs） are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons （e.g., by reducing or even not paying electricity charge） and terrorism the purpose of which is apparent.

An efficient deep learning-assisted person re-identification solution for intelligent video surveillance in smart cities

Innovations on the Internet of Everything(IoE)enabled systems are driving a change in the settings where we interact in smart units,recognized globally as smart city environments.However,intelligent video-surveillance systems are critical to increasing the security of these smart cities.More precisely,in today’s world of smart video surveillance,person re-identification(Re-ID)has gained increased consideration by researchers.Various researchers have designed deep learningbased algorithms for person Re-ID because they have achieved substantial breakthroughs in computer vision problems.In this line of research,we designed an adaptive feature refinementbased deep learning architecture to conduct person Re-ID.In the proposed architecture,the inter-channel and inter-spatial relationship of features between the images of the same individual taken from nonidentical camera viewpoints are focused on learning spatial and channel attention.In addition,the spatial pyramid pooling layer is inserted to extract the multiscale and fixed-dimension feature vectors irrespective of the size of the feature maps.Furthermore,the model’s effectiveness is validated on the CUHK01 and CUHK02 datasets.When compared with existing approaches,the approach presented in this paper achieves encouraging Rank 1 and 5 scores of 24.6% and 54.8%,respectively.

Research on medical data storage and sharing model based on blockchain

With the process of medical informatization,medical diagnosis results are recorded and shared in the form of electronic data in the computer.However,the security of medical data storage cannot be effectively protected and the unsafe sharing of medical data among different institutions is still a hidden danger that cannot be underestimated.To solve the above problems,a secure storage and sharing model of private data based on blockchain technology and homomorphic encryption is constructed.Based on the idea of blockchain decentralization,the model maintains a reliable medical alliance chain system to ensure the safe transmission of data between different institutions;A privacy data encryption and computing protocol based on homomorphic encryption is constructed to ensure the safe transmission of medical data;Using its complete anonymity to ensure the Blockchain of medical data and patient identity privacy;A strict transaction control management mechanism of medical data based on Intelligent contract automatic execution of preset instructions is proposed.After security verification,compared with the traditional medical big data storage and sharing mode,the model has better security and sharing.

A survey of practical adversarial example attacks

Adversarial examples revealed the weakness of machine learning techniques in terms of robustness,which moreover inspired adversaries to make use of the weakness to attack systems employing machine learning.Existing researches covered the methodologies of adversarial example generation,the root reason of the existence of adversarial examples,and some defense schemes.However practical attack against real world systems did not appear until recent,mainly because of the difficulty in injecting a artificially generated example into the model behind the hosting system without breaking the integrity.Recent case study works against face recognition systems and road sign recognition systems finally abridged the gap between theoretical adversarial example generation methodologies and practical attack schemes against real systems.To guide future research in defending adversarial examples in the real world,we formalize the threat model for practical attacks with adversarial examples,and also analyze the restrictions and key procedures for launching real world adversarial example attacks.

Design of object surveillance system based on enhanced fish-eye lens

A new method is proposed for the object surveillance system based on the enhanced fish-eye lens and the high speed digital signal processor （DSP）. The improved fish-eye lens images an ellipse picture on the charge-coupled device （CCD） surface, which increases both the utilization rate of the 4：3 rectangular CCD and the imaging resolution, and remains the view angle of 183° The algorithm of auto-adapted renewal background subtraction （ARBS） is also explored to extract the object from the monitoring image. The experimental result shows that the ARBS algorithm has high anti-jamming ability and high resolution, leading to excellent object detecting ability from the enhanced elliptical fish-eye image under varies environments. This system has potential applications in different security monitoring fields due to its wide monitoring space, simple structure, working stability, and reliability.