Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematica...Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematical and computer modeling of a novel two-dimensional(2D)chaotic system for secure key generation in quantum image encryption(QIE).The proposed map employs trigonometric perturbations in conjunction with rational-saturation functions and hence,named as Trigonometric-Rational-Saturation(TRS)map.Through rigorous mathematical analysis and computational simulations,the map is extensively evaluated for bifurcation behaviour,chaotic trajectories,and Lyapunov exponents.The security evaluation validates the map’s non-linearity,unpredictability,and sensitive dependence on initial conditions.In addition,the proposed TRS map has further been tested by integrating it in a QIE scheme.The QIE scheme first quantum-encodes the classic image using the Novel Enhanced Quantum Representation(NEQR)technique,the TRS map is used for the generation of secure diffusion key,which is XOR-ed with the quantum-ready image to obtain the encrypted images.The security evaluation of the QIE scheme demonstrates superior security of the encrypted images in terms of statistical security attacks and also against Differential attacks.The encrypted images exhibit zero correlation and maximum entropy with demonstrating strong resilience due to 99.62%and 33.47%results for Number of Pixels Change Rate(NPCR)and Unified Average Changing Intensity(UACI).The results validate the effectiveness of TRS-based quantum encryption scheme in securing digital images against emerging quantum threats,making it suitable for secure image encryption in IoT and edge-based applications.展开更多
This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It i...This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It includes an introduction to the functions and information security of autonomous driving SoCs,as well as the main design strategies for the collaborative prevention and control mechanism of SoC functional safety and information security in autonomous driving.The research shows that in the field of autonomous driving,there is a close connection between the functional safety of SoCs and their information security.In the design of the safety collaborative protection mechanism,the overall collaborative protection architecture,SoC functional safety protection mechanism,information security protection mechanism,the workflow of the collaborative protection mechanism,and its strategies are all key design elements.It is hoped that this analysis can provide some references for the collaborative protection of SoC functional safety and information security in the field of autonomous driving,so as to improve the safety of autonomous driving technology and meet its practical application requirements.展开更多
Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation inform...Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.展开更多
With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQ...With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.展开更多
Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in ...Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.展开更多
In the contemporary era,the abundant availability of health information through internet and mobile technology raises concerns.Safeguarding and maintaining the confidentiality of patients’medical data becomes paramou...In the contemporary era,the abundant availability of health information through internet and mobile technology raises concerns.Safeguarding and maintaining the confidentiality of patients’medical data becomes paramount when sharing such information with authorized healthcare providers.Although electronic patient records and the internet have facilitated the exchange of medical information among healthcare providers,concerns persist regarding the security of the data.The security of Electronic Health Record Systems(EHRS)can be improved by employing the Cuckoo Search Algorithm(CS),the SHA-256 algorithm,and the Elliptic Curve Cryptography(ECC),as proposed in this study.The suggested approach involves usingCS to generate the ECCprivate key,thereby enhancing the security of data storage in EHR.The study evaluates the proposed design by comparing encoding and decoding times with alternative techniques like ECC-GA-SHA-256.The research findings indicate that the proposed design achieves faster encoding and decoding times,completing 125 and 175 iterations,respectively.Furthermore,the proposed design surpasses other encoding techniques by exhibiting encoding and decoding times that are more than 15.17%faster.These results imply that the proposed design can significantly enhance the security and performance of EHRs.Through the utilization of CS,SHA-256,and ECC,this study presents promising methods for addressing the security challenges associated with EHRs.展开更多
All modern computer users need to be concerned about information system security (individuals and organisations). Many businesses established various security structures to protect information system security from har...All modern computer users need to be concerned about information system security (individuals and organisations). Many businesses established various security structures to protect information system security from harmful occurrences by implementing security procedures, processes, policies, and information system security organisational structures to ensure data security. Despite all the precautions, information security remains a disaster in Tanzania’s learning institutions. The fundamental issue appears to be a lack of awareness of crucial information security factors. Various companies have different security issues due to differences in ICT infrastructure, implementations, and usage. The study focuses on identifying information system security threats and vulnerabilities in public higher learning institutions in Tanzania, particularly the Institute of Accountancy Arusha (IAA). The study involved all employees of IAA, academics, and other supporting staff, which totalled 302, and the sample size was 170. The study utilised a descriptive research design, where the quantitative methodology was used through a five-point Likert scale questionnaire, and found that key factors that affect the security of information systems at IAA include human factors, policy-related issues, work environment and demographic factors. The study proposed regular awareness and training programs;an increase in women’s awareness of information system security;proper policy creation and reviews every 4 years;promote actions that lessen information system security threats and vulnerabilities, and the creation of information system security policy documents independently from ICT policy.展开更多
The current situation,information technology and problems of logistics for agricultural products were summarized.Some key technologies involved in mobilebased logistics information system for Hainan agricultural produ...The current situation,information technology and problems of logistics for agricultural products were summarized.Some key technologies involved in mobilebased logistics information system for Hainan agricultural products were analyzed,such as information classification and retrieval,user information authentication via QR code,and logistics information services based on WEB and mobile devices.Emphasis was given to study the design idea,content,method for the system.展开更多
In order to solve principal-agent problems caused by interest inconformity and information asymmetry during information security outsourcing, it is necessary to design a reasonable incentive mechanism to promote clien...In order to solve principal-agent problems caused by interest inconformity and information asymmetry during information security outsourcing, it is necessary to design a reasonable incentive mechanism to promote client enterprises to complete outsourcing service actively. The incentive mechanism model of information security outsourcing is designed based on the principal-agent theory. Through analyzing the factors such as enterprise information assets value, invasion probability, information security environment, the agent cost coefficient and agency risk preference degree how to impact on the incentive mechanism, conclusions show that an enterprise information assets value and invasion probability have a positive influence on the fixed fee and the compensation coefficient; while information security environment, the agent cost coefficient and agency risk preference degree have a negative influence on the compensation coefficient. Therefore, the principal enterprises should reasonably design the fixed fee and the compensation coefficient to encourage information security outsourcing agency enterprises to the full extent.展开更多
RSA public key cryptosystem is extensively used in information security systems. However, key generation for RSA cryptosystem requires multiplicative inversion over finite field, which has higher computational complex...RSA public key cryptosystem is extensively used in information security systems. However, key generation for RSA cryptosystem requires multiplicative inversion over finite field, which has higher computational complexity, compared with either multiplication in common sense or modular multiplication over finite field. In order to improve the performance of key generation, we propose a batch private keys generation method in this paper. The method derives efficiency from cutting down multiplicative inversions over finite field. Theoretical analysis shows that the speed of batch private keys generation for s users is faster than that of s times solo private key generation. It is suitable for applications in those systems with large amount of users.展开更多
The development of the Internet of Things(IoT)calls for a comprehensive in-formation security evaluation framework to quantitatively measure the safety score and risk(S&R)value of the network urgently.In this pape...The development of the Internet of Things(IoT)calls for a comprehensive in-formation security evaluation framework to quantitatively measure the safety score and risk(S&R)value of the network urgently.In this paper,we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback.The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection.Firstly,we establish an overall evaluation indicator system that includes four primary indicators of threat information,asset,vulnerability,and management,respectively.It also includes eleven secondary indicators of system protection rate,attack detection rate,confidentiality,availability,controllability,identifiability,number of vulnerabilities,vulnerability hazard level,staff organization,enterprise grading and service continuity,respectively.Then,we build the core algorithm to enable the evaluation model,wherein a novel weighting technique is developed and a quantitative method is proposed to measure the S&R value.Moreover,in order to better supervise the performance of the proposed evaluation model,we present four novel indicators includes residual risk,continuous conformity of residual risk,head-to-tail consistency and decrease ratio,respectively.Simulation results show the advantages of the proposed model in the evaluation of information security for IoT.展开更多
Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between u...Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between users and virtual machines.Whether direct or indirect data leakage,it can be regarded as illegal information flow.Methods,such as access control models can control the information flow,but not the covert information flow.Therefore,it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing architecture.Typical noninterference models are not suitable to certificate information flow in cloud computing architecture.In this paper,we propose several information flow models for cloud architecture.One model is for transitive cloud computing architecture.The others are for intransitive cloud computing architecture.When concurrent access actions execute in the cloud architecture,we want that security domain and security domain do not affect each other,that there is no information flow between security domains.But in fact,there will be more or less indirect information flow between security domains.Our models are concerned with how much information is allowed to flow.For example,in the CIP model,the other domain can learn the sequence of actions.But in the CTA model,the other domain can’t learn the information.Which security model will be used in an architecture depends on the security requirements for that architecture.展开更多
Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new m...Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new models to ensure the safe transmission of information through such systems.Recently,quantum systems have drawn much attention since they are expected to have a significant impact on the research in information security.This paper proposes a quantum teleportation scheme based on controlled multi-users to ensure the secure information transmission among users.Quantum teleportation is an original key element in a variety of quantum information tasks as well as quantum-based technologies,which plays a pivotal role in the current progress of quantum computing and communication.In the proposed scheme,the sender transmits the information to the receiver under the control of a third user or controller.Here,we show that the efficiency of the proposed scheme depends on the properties of the transmission channel and the honesty of the controller.Compared with various teleportation scheme presented recently in the literature,the most important difference in the proposed scheme is the possibility of suspicion about the honesty of the controller and,consequently,taking proper precautions.展开更多
Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings ...Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.展开更多
In the field of information security,a gap exists in the study of coreference resolution of entities.A hybrid method is proposed to solve the problem of coreference resolution in information security.The work consists...In the field of information security,a gap exists in the study of coreference resolution of entities.A hybrid method is proposed to solve the problem of coreference resolution in information security.The work consists of two parts:the first extracts all candidates(including noun phrases,pronouns,entities,and nested phrases)from a given document and classifies them;the second is coreference resolution of the selected candidates.In the first part,a method combining rules with a deep learning model(Dictionary BiLSTM-Attention-CRF,or DBAC)is proposed to extract all candidates in the text and classify them.In the DBAC model,the domain dictionary matching mechanism is introduced,and new features of words and their contexts are obtained according to the domain dictionary.In this way,full use can be made of the entities and entity-type information contained in the domain dictionary,which can help solve the recognition problem of both rare and long entities.In the second part,candidates are divided into pronoun candidates and noun phrase candidates according to the part of speech,and the coreference resolution of pronoun candidates is solved by making rules and coreference resolution of noun phrase candidates by machine learning.Finally,a dataset is created with which to evaluate our methods using information security data.The experimental results show that the proposed model exhibits better performance than the other baseline models.展开更多
The goal of this manuscript is to present a research finding, based on a study conducted to identify, examine, and validate Social Media (SM) socio-technical information security factors, in line with usable-security ...The goal of this manuscript is to present a research finding, based on a study conducted to identify, examine, and validate Social Media (SM) socio-technical information security factors, in line with usable-security principles. The study followed literature search techniques, as well as theoretical and empirical methods of factor validation. The strategy used in literature search includes Boolean keywords search, and citation guides, using mainly web of science databases. As guided by study objectives, 9 SM socio-technical factors were identified, verified and validated. Both theoretical and empirical validation processes were followed. Thus, a theoretical validity test was conducted on 45 Likert scale items, involving 10 subject experts. From the score ratings of the experts, Content Validity Index (CVI) was calculated to determine the degree to which the identified factors exhibit appropriate items for the construct being measured, and 7 factors attained an adequate level of validity index. However, for reliability test, 32 respondents and 45 Likert scale items were used. Whereby, Cronbach’s alpha coefficient (α-values) were generated using SPSS. Subsequently, 8 factors attained an adequate level of reliability. Overall, the validated factors include;1) usability—visibility, learnability, and satisfaction;2) education and training—help and documentation;3) SM technology development—error handling, and revocability;4) information security —security, privacy, and expressiveness. In this case, the confirmed factors would add knowledge by providing a theoretical basis for rationalizing information security requirements on SM usage.展开更多
This paper presents an in-depth understanding of Availability, which is one of the important pillars of Information Security and yet is not taken too seriously while talking about the security of an information system...This paper presents an in-depth understanding of Availability, which is one of the important pillars of Information Security and yet is not taken too seriously while talking about the security of an information system. The paper highlights the importance of Availability w.r.t. Security of information and the other attributes of security and also gives a realistic shape to the existing CIA triad security model. An in-depth understanding of the various factors that can impact the Availability of an information system (Software, Hardware and Network) is given. The paper also gives a categorization of the type of Availability that a system can have. The paper also explains the relation between Availability and other security attributes and also explains through what issues an information system may go while providing Availability.展开更多
In recent years,China has witnessed continuous development and progress in its scientific and technological landscape,with widespread utilization of computer networks.Concurrently,issues related to computer network in...In recent years,China has witnessed continuous development and progress in its scientific and technological landscape,with widespread utilization of computer networks.Concurrently,issues related to computer network information security,such as information leakage and virus invasions,have become increasingly prominent.Consequently,there is a pressing need for the implementation of effective network security measures.This paper aims to provide a comprehensive summary and analysis of the challenges associated with computer network information security processing.It delves into the core concepts and characteristics of big data technology,exploring its potential as a solution.The study further scrutinizes the application strategy of big data technology in addressing the aforementioned security issues within computer networks.The insights presented in this paper are intended to serve as a valuable reference for individuals involved in the relevant fields,offering guidance on effective approaches to enhance computer network information security through the application of big data technology.展开更多
The increasing quantity of sensitive and personal data being gathered by data controllers has raised the security needs in the cloud environment.Cloud computing(CC)is used for storing as well as processing data.Theref...The increasing quantity of sensitive and personal data being gathered by data controllers has raised the security needs in the cloud environment.Cloud computing(CC)is used for storing as well as processing data.Therefore,security becomes important as the CC handles massive quantity of outsourced,and unprotected sensitive data for public access.This study introduces a novel chaotic chimp optimization with machine learning enabled information security(CCOML-IS)technique on cloud environment.The proposed CCOML-IS technique aims to accomplish maximum security in the CC environment by the identification of intrusions or anomalies in the network.The proposed CCOML-IS technique primarily normalizes the networking data by the use of data conversion and min-max normalization.Followed by,the CCOML-IS technique derives a feature selection technique using chaotic chimp optimization algorithm(CCOA).In addition,kernel ridge regression(KRR)classifier is used for the detection of security issues in the network.The design of CCOA technique assists in choosing optimal features and thereby boost the classification performance.A wide set of experimentations were carried out on benchmark datasets and the results are assessed under several measures.The comparison study reported the enhanced outcomes of the CCOML-IS technique over the recent approaches interms of several measures.展开更多
The Intemet is a popular channel for allowing more and more users to exchange information without geographical limitations and time restrictions. Therefore, a large amount of digital data, such as digital images, text...The Intemet is a popular channel for allowing more and more users to exchange information without geographical limitations and time restrictions. Therefore, a large amount of digital data, such as digital images, text, audio, and video, is transmitted over the Intemet. Unfortunately, sensitive digital data can be intercepted by malicious users of the Internet, so the development of techniques for ensuring the secrecy and security of data during transmission has become a top priority.展开更多
基金funded by Deanship of Research and Graduate Studies at King Khalid University.The authors extend their appreciation to the Deanship of Research and Graduate Studies at King Khalid University for funding this work through Large Group Project under grant number(RGP.2/556/45).
文摘Ensuring information security in the quantum era is a growing challenge due to advancements in cryptographic attacks and the emergence of quantum computing.To address these concerns,this paper presents the mathematical and computer modeling of a novel two-dimensional(2D)chaotic system for secure key generation in quantum image encryption(QIE).The proposed map employs trigonometric perturbations in conjunction with rational-saturation functions and hence,named as Trigonometric-Rational-Saturation(TRS)map.Through rigorous mathematical analysis and computational simulations,the map is extensively evaluated for bifurcation behaviour,chaotic trajectories,and Lyapunov exponents.The security evaluation validates the map’s non-linearity,unpredictability,and sensitive dependence on initial conditions.In addition,the proposed TRS map has further been tested by integrating it in a QIE scheme.The QIE scheme first quantum-encodes the classic image using the Novel Enhanced Quantum Representation(NEQR)technique,the TRS map is used for the generation of secure diffusion key,which is XOR-ed with the quantum-ready image to obtain the encrypted images.The security evaluation of the QIE scheme demonstrates superior security of the encrypted images in terms of statistical security attacks and also against Differential attacks.The encrypted images exhibit zero correlation and maximum entropy with demonstrating strong resilience due to 99.62%and 33.47%results for Number of Pixels Change Rate(NPCR)and Unified Average Changing Intensity(UACI).The results validate the effectiveness of TRS-based quantum encryption scheme in securing digital images against emerging quantum threats,making it suitable for secure image encryption in IoT and edge-based applications.
文摘This article takes the current autonomous driving technology as the research background and studies the collaborative protection mechanism between its system-on-chip(SoC)functional safety and information security.It includes an introduction to the functions and information security of autonomous driving SoCs,as well as the main design strategies for the collaborative prevention and control mechanism of SoC functional safety and information security in autonomous driving.The research shows that in the field of autonomous driving,there is a close connection between the functional safety of SoCs and their information security.In the design of the safety collaborative protection mechanism,the overall collaborative protection architecture,SoC functional safety protection mechanism,information security protection mechanism,the workflow of the collaborative protection mechanism,and its strategies are all key design elements.It is hoped that this analysis can provide some references for the collaborative protection of SoC functional safety and information security in the field of autonomous driving,so as to improve the safety of autonomous driving technology and meet its practical application requirements.
文摘Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.
基金supported in part by the National Key R&D Program of China under Grant 2019YFB2102400,2016YFF0204001in part by the BUPT Excellent Ph.D.Students Foundation under Grant CX2019117.
文摘With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.
基金the Science and Technology Innovation Program of Shanghai Science and Technology Commit-tee(No.19511103500)。
文摘Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.
文摘In the contemporary era,the abundant availability of health information through internet and mobile technology raises concerns.Safeguarding and maintaining the confidentiality of patients’medical data becomes paramount when sharing such information with authorized healthcare providers.Although electronic patient records and the internet have facilitated the exchange of medical information among healthcare providers,concerns persist regarding the security of the data.The security of Electronic Health Record Systems(EHRS)can be improved by employing the Cuckoo Search Algorithm(CS),the SHA-256 algorithm,and the Elliptic Curve Cryptography(ECC),as proposed in this study.The suggested approach involves usingCS to generate the ECCprivate key,thereby enhancing the security of data storage in EHR.The study evaluates the proposed design by comparing encoding and decoding times with alternative techniques like ECC-GA-SHA-256.The research findings indicate that the proposed design achieves faster encoding and decoding times,completing 125 and 175 iterations,respectively.Furthermore,the proposed design surpasses other encoding techniques by exhibiting encoding and decoding times that are more than 15.17%faster.These results imply that the proposed design can significantly enhance the security and performance of EHRs.Through the utilization of CS,SHA-256,and ECC,this study presents promising methods for addressing the security challenges associated with EHRs.
文摘All modern computer users need to be concerned about information system security (individuals and organisations). Many businesses established various security structures to protect information system security from harmful occurrences by implementing security procedures, processes, policies, and information system security organisational structures to ensure data security. Despite all the precautions, information security remains a disaster in Tanzania’s learning institutions. The fundamental issue appears to be a lack of awareness of crucial information security factors. Various companies have different security issues due to differences in ICT infrastructure, implementations, and usage. The study focuses on identifying information system security threats and vulnerabilities in public higher learning institutions in Tanzania, particularly the Institute of Accountancy Arusha (IAA). The study involved all employees of IAA, academics, and other supporting staff, which totalled 302, and the sample size was 170. The study utilised a descriptive research design, where the quantitative methodology was used through a five-point Likert scale questionnaire, and found that key factors that affect the security of information systems at IAA include human factors, policy-related issues, work environment and demographic factors. The study proposed regular awareness and training programs;an increase in women’s awareness of information system security;proper policy creation and reviews every 4 years;promote actions that lessen information system security threats and vulnerabilities, and the creation of information system security policy documents independently from ICT policy.
基金Supported by the Key Science and Technology Planning Project of Hainan Province(ZDXM2014082)the China Spark Program(2012GA8000022)the Natural Science Foundation of Hainan Province(613172)~~
文摘The current situation,information technology and problems of logistics for agricultural products were summarized.Some key technologies involved in mobilebased logistics information system for Hainan agricultural products were analyzed,such as information classification and retrieval,user information authentication via QR code,and logistics information services based on WEB and mobile devices.Emphasis was given to study the design idea,content,method for the system.
基金The National Natural Science Foundation of China(No.71071033)the Youth Foundation of Humanity and Social Scienceof Ministry of Education of China(No.11YJC630234)
文摘In order to solve principal-agent problems caused by interest inconformity and information asymmetry during information security outsourcing, it is necessary to design a reasonable incentive mechanism to promote client enterprises to complete outsourcing service actively. The incentive mechanism model of information security outsourcing is designed based on the principal-agent theory. Through analyzing the factors such as enterprise information assets value, invasion probability, information security environment, the agent cost coefficient and agency risk preference degree how to impact on the incentive mechanism, conclusions show that an enterprise information assets value and invasion probability have a positive influence on the fixed fee and the compensation coefficient; while information security environment, the agent cost coefficient and agency risk preference degree have a negative influence on the compensation coefficient. Therefore, the principal enterprises should reasonably design the fixed fee and the compensation coefficient to encourage information security outsourcing agency enterprises to the full extent.
基金Supported by National Laboratory for Modern Communications Foundation (No. 5143 6010404DZ0235)
文摘RSA public key cryptosystem is extensively used in information security systems. However, key generation for RSA cryptosystem requires multiplicative inversion over finite field, which has higher computational complexity, compared with either multiplication in common sense or modular multiplication over finite field. In order to improve the performance of key generation, we propose a batch private keys generation method in this paper. The method derives efficiency from cutting down multiplicative inversions over finite field. Theoretical analysis shows that the speed of batch private keys generation for s users is faster than that of s times solo private key generation. It is suitable for applications in those systems with large amount of users.
基金This work was supported in part by National Key R&D Program of China under Grant 2019YFB2102400in part by the BUPT Excellent Ph.D.Students Foundation under Grant CX2019117.
文摘The development of the Internet of Things(IoT)calls for a comprehensive in-formation security evaluation framework to quantitatively measure the safety score and risk(S&R)value of the network urgently.In this paper,we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback.The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection.Firstly,we establish an overall evaluation indicator system that includes four primary indicators of threat information,asset,vulnerability,and management,respectively.It also includes eleven secondary indicators of system protection rate,attack detection rate,confidentiality,availability,controllability,identifiability,number of vulnerabilities,vulnerability hazard level,staff organization,enterprise grading and service continuity,respectively.Then,we build the core algorithm to enable the evaluation model,wherein a novel weighting technique is developed and a quantitative method is proposed to measure the S&R value.Moreover,in order to better supervise the performance of the proposed evaluation model,we present four novel indicators includes residual risk,continuous conformity of residual risk,head-to-tail consistency and decrease ratio,respectively.Simulation results show the advantages of the proposed model in the evaluation of information security for IoT.
基金Natural Science Research Project of Jiangsu Province Universities and Colleges(No.17KJD520005,Congdong Lv).
文摘Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between users and virtual machines.Whether direct or indirect data leakage,it can be regarded as illegal information flow.Methods,such as access control models can control the information flow,but not the covert information flow.Therefore,it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing architecture.Typical noninterference models are not suitable to certificate information flow in cloud computing architecture.In this paper,we propose several information flow models for cloud architecture.One model is for transitive cloud computing architecture.The others are for intransitive cloud computing architecture.When concurrent access actions execute in the cloud architecture,we want that security domain and security domain do not affect each other,that there is no information flow between security domains.But in fact,there will be more or less indirect information flow between security domains.Our models are concerned with how much information is allowed to flow.For example,in the CIP model,the other domain can learn the sequence of actions.But in the CTA model,the other domain can’t learn the information.Which security model will be used in an architecture depends on the security requirements for that architecture.
文摘Information security is the backbone of current intelligent systems,such as the Internet of Things(IoT),smart grids,and Machine-to-Machine(M2M)communication.The increasing threat of information security requires new models to ensure the safe transmission of information through such systems.Recently,quantum systems have drawn much attention since they are expected to have a significant impact on the research in information security.This paper proposes a quantum teleportation scheme based on controlled multi-users to ensure the secure information transmission among users.Quantum teleportation is an original key element in a variety of quantum information tasks as well as quantum-based technologies,which plays a pivotal role in the current progress of quantum computing and communication.In the proposed scheme,the sender transmits the information to the receiver under the control of a third user or controller.Here,we show that the efficiency of the proposed scheme depends on the properties of the transmission channel and the honesty of the controller.Compared with various teleportation scheme presented recently in the literature,the most important difference in the proposed scheme is the possibility of suspicion about the honesty of the controller and,consequently,taking proper precautions.
基金supported by National Key Technology Support Program(No.2013BAD17B06)Major Program of National Social Science Fund(No.15ZDB154)
文摘Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.
基金This work was supported by the National Natural Science Foundation of China(grant no.61602515).
文摘In the field of information security,a gap exists in the study of coreference resolution of entities.A hybrid method is proposed to solve the problem of coreference resolution in information security.The work consists of two parts:the first extracts all candidates(including noun phrases,pronouns,entities,and nested phrases)from a given document and classifies them;the second is coreference resolution of the selected candidates.In the first part,a method combining rules with a deep learning model(Dictionary BiLSTM-Attention-CRF,or DBAC)is proposed to extract all candidates in the text and classify them.In the DBAC model,the domain dictionary matching mechanism is introduced,and new features of words and their contexts are obtained according to the domain dictionary.In this way,full use can be made of the entities and entity-type information contained in the domain dictionary,which can help solve the recognition problem of both rare and long entities.In the second part,candidates are divided into pronoun candidates and noun phrase candidates according to the part of speech,and the coreference resolution of pronoun candidates is solved by making rules and coreference resolution of noun phrase candidates by machine learning.Finally,a dataset is created with which to evaluate our methods using information security data.The experimental results show that the proposed model exhibits better performance than the other baseline models.
文摘The goal of this manuscript is to present a research finding, based on a study conducted to identify, examine, and validate Social Media (SM) socio-technical information security factors, in line with usable-security principles. The study followed literature search techniques, as well as theoretical and empirical methods of factor validation. The strategy used in literature search includes Boolean keywords search, and citation guides, using mainly web of science databases. As guided by study objectives, 9 SM socio-technical factors were identified, verified and validated. Both theoretical and empirical validation processes were followed. Thus, a theoretical validity test was conducted on 45 Likert scale items, involving 10 subject experts. From the score ratings of the experts, Content Validity Index (CVI) was calculated to determine the degree to which the identified factors exhibit appropriate items for the construct being measured, and 7 factors attained an adequate level of validity index. However, for reliability test, 32 respondents and 45 Likert scale items were used. Whereby, Cronbach’s alpha coefficient (α-values) were generated using SPSS. Subsequently, 8 factors attained an adequate level of reliability. Overall, the validated factors include;1) usability—visibility, learnability, and satisfaction;2) education and training—help and documentation;3) SM technology development—error handling, and revocability;4) information security —security, privacy, and expressiveness. In this case, the confirmed factors would add knowledge by providing a theoretical basis for rationalizing information security requirements on SM usage.
文摘This paper presents an in-depth understanding of Availability, which is one of the important pillars of Information Security and yet is not taken too seriously while talking about the security of an information system. The paper highlights the importance of Availability w.r.t. Security of information and the other attributes of security and also gives a realistic shape to the existing CIA triad security model. An in-depth understanding of the various factors that can impact the Availability of an information system (Software, Hardware and Network) is given. The paper also gives a categorization of the type of Availability that a system can have. The paper also explains the relation between Availability and other security attributes and also explains through what issues an information system may go while providing Availability.
基金supported by the Hainan Provincial Key Laboratory of Philosophy and Social Sciences for Hainan Free Trade Port International Shipping Development and Property Rights Digitization,Hainan Vocational University of Science and Technology(Qiong Social Science[2022]No.26).
文摘In recent years,China has witnessed continuous development and progress in its scientific and technological landscape,with widespread utilization of computer networks.Concurrently,issues related to computer network information security,such as information leakage and virus invasions,have become increasingly prominent.Consequently,there is a pressing need for the implementation of effective network security measures.This paper aims to provide a comprehensive summary and analysis of the challenges associated with computer network information security processing.It delves into the core concepts and characteristics of big data technology,exploring its potential as a solution.The study further scrutinizes the application strategy of big data technology in addressing the aforementioned security issues within computer networks.The insights presented in this paper are intended to serve as a valuable reference for individuals involved in the relevant fields,offering guidance on effective approaches to enhance computer network information security through the application of big data technology.
基金The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work under Grant Number(RGP 2/49/42)Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R237),Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘The increasing quantity of sensitive and personal data being gathered by data controllers has raised the security needs in the cloud environment.Cloud computing(CC)is used for storing as well as processing data.Therefore,security becomes important as the CC handles massive quantity of outsourced,and unprotected sensitive data for public access.This study introduces a novel chaotic chimp optimization with machine learning enabled information security(CCOML-IS)technique on cloud environment.The proposed CCOML-IS technique aims to accomplish maximum security in the CC environment by the identification of intrusions or anomalies in the network.The proposed CCOML-IS technique primarily normalizes the networking data by the use of data conversion and min-max normalization.Followed by,the CCOML-IS technique derives a feature selection technique using chaotic chimp optimization algorithm(CCOA).In addition,kernel ridge regression(KRR)classifier is used for the detection of security issues in the network.The design of CCOA technique assists in choosing optimal features and thereby boost the classification performance.A wide set of experimentations were carried out on benchmark datasets and the results are assessed under several measures.The comparison study reported the enhanced outcomes of the CCOML-IS technique over the recent approaches interms of several measures.
文摘The Intemet is a popular channel for allowing more and more users to exchange information without geographical limitations and time restrictions. Therefore, a large amount of digital data, such as digital images, text, audio, and video, is transmitted over the Intemet. Unfortunately, sensitive digital data can be intercepted by malicious users of the Internet, so the development of techniques for ensuring the secrecy and security of data during transmission has become a top priority.
