Predictive Security Metrics - Security metrics for software products give a quantifiable assessment of a software system s trustworthiness. Metrics can also help detect vulnerabilities in systems, prioritize corrective actions, and raise the level of information security within the business. There is a lack of studies that identify measurements, metrics, and internal design properties used to assess software security. Therefore, this paper aims to survey security measurements used to assess and predict security vulnerabilities. We identified the internal design properties that were used to measure software security based on the internal structure of the software. We also identified the security metrics used in the studies we examined. We discussed how software refactoring had been used to improve software security. We observed that a software system with low coupling, low complexity, and high cohesion is more secure and vice versa. Current research directions have been identified and discussed.

Outsourced Database Security - The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to meet the demand of multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received extensive attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing works suffer from single-dimensional privacy leakage which would severely put the data at risk. Up to now, although a few existing solutions have been proposed to handle the problem of single-dimensional privacy, they are unsuitable in some practical scenarios due to inefficiency, inaccuracy, and lack of support for diverse data. Aiming at these issues, this paper mainly focuses on the secure range query over encrypted data. We first propose an efficient and private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dualserver model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.

Outsourced Database Security - Dynamic Spectrum Access (DSA) paradigm enabled through Cognitive Radio (CR) appliances is extremely well suited to solve the spectrum shortage problem. Crowd-sensing has been effectively used for dynamic spectrum access sensing by leveraging the power of the masses. Specifically in the DSA context, crowd-sensing allows end users to query a DSA database which is updated through crowd-sensing workers. Despite recent research proposals that address the privacy and confidentiality concerns of the querying user and crowd-sensing workers, personalized privacy-preserving database updates through crowdsensing workers remains an open problem. To this end we propose a personalized privacy-preserving database update scheme for the crowd-sensing model based on lightweight homomorphic encryption. We provide substantial experiments based on reallife mobility data sets which show that the proposed protocol provides realistic efficiency and security.

Outsourced Database Security - With the rapid development of information technology, it becomes more and more popular for the use of electronic information systems in medical institutions. To protect the confidentiality of private EHRs, attribute-based encryption (ABE) schemes that can provide one-to-many encryption are often used as a solution. At the same time, blockchain technology makes it possible to build distributed databases without relying on trusted third-party institutions. This paper proposes a secure and efficient attribute-based encryption with outsourced decryption scheme based on blockchain, which can realize flexible and fine-grained access control and further improve the security of blockchain data sharing.

Outsourced Database Security - Efficient sequencing methods produce a large amount of genetic data, and make it accessible to researchers. This leads genomics to be considered a legitimate big data field. Hence, outsourcing data to the cloud is necessary as the genomic dataset is large. Data owners encrypt sensitive data before outsourcing to maintain data confidentiality and outsourcing aids data owners in resolving the issue of local storage management. Because genomic data is so enormous, safely and effectively performing researchers’ queries is challenging. In this paper, we propose a method, PRESSGenDB, for securely performing string and substring searches on the encrypted genomic sequences dataset. We leverage searchable symmetric encryption (SSE) and design a new method to handle these queries. In comparison to the state-of-the-art methods, PRESSGenDB supports various types of queries over genomic sequences such as string search and substring searches with and without a given requested start position. Moreover, it supports strings of alphabets as sequences rather than just a binary sequence of 0, 1s. It can search for substrings (patterns) over a whole dataset of genomic sequences rather than just one sequence. Furthermore, by comparing PRESSGenDB’s search complexity analytically with the state-ofthe-art, we show that it outperforms the recent efficient works.

Outsourced Database Security - Verifiable Dynamic Searchable Symmetric Encryption (VDSSE) enables users to securely outsource databases (document sets) to cloud servers and perform searches and updates. The verifiability property prevents users from accepting incorrect search results returned by a malicious server. However, we discover that the community currently only focuses on preventing malicious behavior from the server but ignores incorrect updates from the client, which are very likely to happen since there is no record on the client to check. Indeed most existing VDSSE schemes are not sufficient to tolerate incorrect updates from the client. For instance, deleting a nonexistent keyword-identifier pair can break their correctness and soundness.

Outsourced Database Security - Applications today rely on cloud databases for storing and querying time-series data. While outsourcing storage is convenient, this data is often sensitive, making data breaches a serious concern. We present Waldo, a time-series database with rich functionality and strong security guarantees: Waldo supports multi-predicate filtering, protects data contents as well as query filter values and search access patterns, and provides malicious security in the 3-party honest-majority setting. In contrast, prior systems such as Timecrypt and Zeph have limited functionality and security: (1) these systems can only filter on time, and (2) they reveal the queried time interval to the server. Oblivious RAM (ORAM) and generic multiparty computation (MPC) are natural choices for eliminating leakage from prior work, but both of these are prohibitively expensive in our setting due to the number of roundtrips and bandwidth overhead, respectively. To minimize both, Waldo builds on top of function secret sharing, enabling Waldo to evaluate predicates non-interactively. We develop new techniques for applying function secret sharing to the encrypted database setting where there are malicious servers, secret inputs, and chained predicates. With 32-core machines, Waldo runs a query with 8 range predicates over 218 records in 3.03s, compared to 12.88s for an MPC baseline and 16.56s for an ORAM baseline. Compared to Waldo, the MPC baseline uses 9 − 82× more bandwidth between servers (for different numbers of records), while the ORAM baseline uses 20 − 152× more bandwidth between the client and server(s) (for different numbers of predicates).

Outsourced Database Security - The outsourced data inside the data dispersion middle server are calm and unsecure when compared with the current methods and security measures. Lost in Client get to benefits control tends to unsecure data sharing inside the stockroom. Existing Login affirmation is executed by utilizing extraordinary username and mystery word as substance organize. But this system faces colossal challenges from software engineers; organize interlopers or irregular works out where people can get the user’s mystery word easily by a number of hacking techniques. In this way, this paper proposes the system for multilevel secured login confirmation system utilizing OTP, picture hotspot security and capture methodologies. The building for picture hot spot is utilized to avoid the unauthorized client looking over the system and it as well avoid from hacking the watchword and unusual works out inside the stockroom So that we propose a Methodology based on guidelines such as Multilevel secured confirmation system to secure from harmful clients Secured Client control benefits for data scrutinized and sort in and Taking after the client conduct plan based on development log and Within the occasion that any unordinary activity is done by the individuals who are getting to data stockroom, the admin will be educated and this irregular development will be captured by keeping up a log record of all the clients. Cutting edge shows up has been proposed utilizing four level security techniques by checking the Picture Hotspot Security. AES Calculation is utilized to scramble and translate the login inconspicuous components in database for more information security to administer information proprietorship and security. For blended information capacity in information stockroom framework utilizing progressed record security and Information advantage Official.

Outsourced Database Security - Inference attacks on statistical databases represent a complex issue in institutions and corporates since it is hard to detect and prevent, especially when it is committed by an internal adversary. The issue has been manifested further with the widespread of data analytics techniques in industry and academia, besides outsourced services. Even when the released statistical data has been anonymized and the identifying attributes are removed, targeted individuals can be spotted in such data. Therefore, preventing sensitive statistical data leakage is crucial for protecting the privacy of individuals or events, but such measures should not form utilization obstacles or degrade the data utility. This paper proposes an antiinference technique for preserving the privacy of sensitive data in statistical databases. Unlike existing solutions, which either require considerable computing resources or trade-off between statistical data accuracy and its privacy, our solution is designed to maintain the accuracy while privacy is ensured.

Outsourced Database Security - Cyber attacks are causing tremendous damage around the world. To protect against attacks, many organizations have established or outsourced Security Operation Centers (SOCs) to check a large number of logs daily. Since there is no perfect countermeasure against cyber attacks, it is necessary to detect signs of intrusion quickly to mitigate damage caused by them. However, it is challenging to analyze a lot of logs obtained from PCs and servers inside an organization. Therefore, there is a need for a method of efficiently analyzing logs. In this paper, we propose a recommendation system using the ATT\&CK technique, which predicts and visualizes attackers’ behaviors using collaborative filtering so that security analysts can analyze logs efficiently.

Outsourced Database Security - The outsourcing of databases is very popular among IT companies and industries. It acts as a solution for businesses to ensure availability of the data for their users. The solution of outsourcing the database is to encrypt the data in a form where the database service provider can perform relational operations over the encrypted database. At the same time, the associated security risk of data leakage prevents many potential industries from deploying it. In this paper, we present a secure outsourcing database search scheme (BASDB) with the use of a smart contract for search operation over index of encrypted database and storing encrypted relational database in the cloud. Our proposed scheme BASDB is a simple and practical solution for effective search on encrypted relations and is well resistant to information leakage against attacks like search and access pattern leakage.

Oscillating Behaviors - A single-axis Microelectromechanical system gravimeter has recently been developed at the University of Glasgow. The sensitivity and stability of this device was demonstrated by measuring the Earth tides. The success of this device was enabled in part by its extremely low resonant frequency. This low frequency was achieved with a geometric anti-spring design, fabricated using well-established photolithography and dry etch techniques. Analytical models can be used to calculate the results of these non-linear oscillating systems, but the power of finite element analysis has not been fully utilised to explore the parameter space before now. In this article finite element models are used to investigate the behaviour of geometric anti-springs. These computer models provide the ability to investigate the effect of the fabrication material of the device: anisotropic \textless100\textgreater crystalline silicon. This is a parameter that is difficult to investigate analytically, but finite element modelling is used to take anisotropy into account. The finite element models are then used to demonstrate the design of a three-axis gravimeter enabling the gravity tensor to be measured - a significantly more powerful tool than the original single-axis device.

Oscillating Behaviors - In this paper, we examine the asymptotic behavior of an equation that describes two rotors installed on a common oscillating platform. Namely, we establish analytic criteria for self-synchronization of the rotors by means of the Popov method of “a priori integral indices”.

Oscillating Behaviors - There is a constant push for ever increasing performance in traditional computing systems, leading to high power consumption and, in the end, to the incapacity of conventional electronics to handle heavy computing tasks, which usually require learning features. Thus, the development of novel nanoelectronic devices with inherent neuromorphic characteristics and a low energy footprint has become a viable alternative. In order to simulate neuromorphic features utilizing memristive devices, the threshold switching effect is critical, which can be seen in the rich dynamics of metallic conductive filament (CF). In this paper, a realistic model of the unipolar nature of CBRAM devices is exploited to create a memristor-based oscillator that can integrate neuromorphic features. Bipolar memristive devices have been used to match the weight of the neurons in a crossbar configuration. The used physical model for these memristors was fitted to fabricated devices in order to achieve the expected accuracy in the circuit simulation. The oscillator’s output signal and behavior matched the theoretical background of biological neurons. Thus, this approach can be considered as the first step towards the development of low-power oscillation-based neuromorphic hardware with biological-like behavior.

Oscillating Behaviors - The majority of space science missions aim to measure weak slow varying electromagnetic fields and in order to do so, need to meet strict cleanliness requirements. The accurate characterization of equipment in the extremely lowfrequency domain (below several hundred kHz) should include the direct emitted electric field as well as the induced behavior of the device due to the unit-to-unit interaction. Following a detailed characterization at the unit level, the unit-to-unit interaction is attributed to the near field scattering effect, usually considering the scatterer as a small sphere. This way the induced behavior of the unit can be described by an oscillating dipole coherent to the incident field. This work highlights the importance of induced behavior of the units at the system level for accurate system predictions in the case that the scatterer can’t be considered as a small sphere due to dielectric materials or complex unit geometry. The authors aim to characterize the induced behavior by solving the inverse electromagnetic scattering problem through a customized measurement procedure.

Oscillating Behaviors - Wave energy converters (WECs) are still at an earlier stage of development when compared to variable renewable energy systems based on wind or solar power. Indeed, only a few WECs have exported power to electric grids until recently. Thus, the development of mathematical models able to represent essential aspects of the system and its connection to the grid becomes fundamental to assess the impact of integrating wave power to grids. This work develops a fully integrated waveto-wire model, where the electrical model has re-configurable dynamic models of rotary and linear generators (with controllers) to accommodate different types of oscillating-body systems. Such an electrical model is interfaced with the WEC hydrodynamic and mechanical models. A complete wave-to-grid model is presented by integrating the generator system model, an electrical grid interface unit and a network equivalent for the receiving grid in a unified simulation environment with the WEC-Sim, an open-source tool for simulating the dynamic behaviour of WECs. Numerical simulation studies are presented considering different operating conditions for the grid integration of a floating body that is connected to either an hydraulic power take-off system or a direct-drive system.

Oscillating Behaviors - Animals successfully perform many behavioral tasks within the framework of a closed-loop sensorimotor control system during their daily lives. To achieve this, animals receive sensory signals from their environment through various sensory receptors and process these signals in their central nervous systems (CNS). Then, using this sensory feedback, animals produce necessary motor signals and transmit them to their muscles to perform the desired behavior. During this process, animals integrate sensory information perceived by different sensory receptors and they simultaneously stimulate multiple muscle combinations. The goal of this study is to identify the closed-loop sensorimotor control processes of animals during their unconstrained behaviors. To achieve this, we built a novel experimental setup that allows data-driven system identification of the target tracking behavior of zebrafish during rheotaxis. In that, a stimulus target oscillating in the frequency range of 0-2 Hz was presented to the zebrafish. Then, frequency response of the target tracking performance for N=5 fish were estimated.

Oscillating Behaviors - This work presents a self-oscillating mixer (SOM) based on a slow-wave structure for phase-noise reduction. Emphasis is placed on the analysis/optimization methods, which include aspects such as conversion gain, nonlinear distortion, and operation boundaries. In a first stage, the parameters of the slowwave structure are optimized to obtain a low phase-noise spectral density. As an example, a structure based on a unit cell containing a Schiffman section is considered. Then, the SOM behavior is addressed through an analytical model that should enable an understanding of its main operation characteristics. A practical FET-based circuit at 2.3 GHz is simulated with some novel harmonic-balance techniques and experimentally characterized.

Operating Systems Security - Aiming at the problem of Disturbance Error of dynamic random access memory (DRAM) on domestic NeoKylin operating system, this article analyzes the reasons for rowhammer attacks, proposes a rowhammer attack scheme based on domestic NeoKylin operating system, and designs a tool to implement the attack. The results of the attack on domestic NeoKylin operating system demonstrate that this attack scheme can achieve bit flips by rapid and repeated access (hammer) to the neighboring rows of the target cell.

Operating Systems Security - Now personal computers are used in which the user has free access to all the resources of the machine. This opened the door to the danger known as computer virus. The purpose of the work is to introduce the user to the basics of computer virology, to identify viruses and to teach them how to combat them. The method of the work is the analysis of printed publications on this topic. Several attempts to provide a "modern" definition of the virus have been unsuccessful. To realize the complexity of the problem, for example, try to define the concept of "editor". In this paper, the modern Antivirus security classification model to enhance the protection for commercial computer networks. The either come up with the most common one or start listing all the known types of editors. Neither can be considered acceptable. Therefore, we will limit ourselves to considering some characteristics of computer viruses that allow us to speak of certain types of programs.

Operating Systems Security - Design of the high-confidence embedded operating system based on artificial intelligence and smart chips is studied in this paper. The cooperative physical layer security system is regarded as a state machine. Relay nodes with untrusted behavior will affect the physical layer security of the system, and the system tries to prevent the untrusted behavior of relay nodes. While implementing public verification, it realizes the protection of data privacy. The third party can directly verify the data holding of the data stored in the cloud without verification by the user, and in the process of system expansion and growth, software can ensure vigorous vitality. For the verification, the smart chips are combined for the systematic implementations. The experimental results have shown the satisfactory results.

Operating Systems Security - The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safetycritical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both highcriticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).

Operating Systems Security - Drive Backup is an application for backing up data, including creating copies of partitions for quick recovery in case of an accident, virus attack or, if necessary, replacing all data, including the operating system and installed ones. Software, plus a new hard drive. Reinstalling the operating system and applications after a hardware failure or virus attack does not take you much time and effort. The best way to protect your computer is to create a backup of the system partition with the operating system installed on it and all the necessary applications. In this paper, The commercial hard disk backup system for quick recovery operating system in cloud storage system. Copies can be made to hard drives and removable media as well as network-connected drives. If you need a disk management program, check out the corporate version of this package. A multicast function for transferring copies of an image to multiple computers at the same time, well suited to the needs of corporate offices (for example, to create or restore multiple workstations). But for home backup, you may need to think about other programs - simpler and faster.

Operating Systems Security - The era of technology has seen many rising inventions and with that rise, comes the need to secure our systems. In this paper we have discussed how the old generation of people are falling behind at being updated in tandem with technology, and losing track of the knowledge required to process the same. In addition this factor leads to leakage of critical personal information. This paper throws light upon the steps taken in order to exploit the pre-existing operating system, Windows 7, Ultimate, using a ubiquitous framework used by everyone, i.e. Metasploit. It involves installation of a backdoor on the victim machine, from a remote setup, mostly Kali Linux operating machine. This backdoor allows the attackers to create executable files and deploy them in the windows system to gain access on the machine, remotely. After gaining access, manipulation of sensitive data becomes easy. Access to the admin rights of any system is a red alert because it means that some outsider has intense access to personal information of a human being and since data about someone explains a lot of things about them. It basically is exposing and human hate that. It depraves one of their personal identity. Therefore security is not something that should be taken lightly. It is supposed to be dealt with utmost care.

Operating Systems Security - IoT technology is finding new applications every day and everywhere in our daily lives. With that, come new use cases with new challenges in terms of device and data security. One of such challenges arises from the fact that many IoT devices/nodes are no longer being deployed on owners’ premises, but rather on public or private property other than the owner’s. With potential physical access to the IoT node, adversaries can launch many attacks that circumvent conventional protection methods. In this paper, we propose Secure SoC (SecSoC), a secure system-on-chip architecture that mitigates such attacks. This include logical memory dump attacks, bus snooping attacks, and compromised operating systems. SecSoC relies on two main mechanisms, (1) providing security extensions to the compute engine that runs the user application without changing its instruction set, (2) adding a security management unit (SMU) that provide HW security primitives for encryption, hashing, random number generators, and secrets store (keys, certificates, etc.). SecSoC ensures that no secret or sensitive data can leave the SoC IC in plaintext. SecSoC is being implemented in Bluespec SystemVerilog. The experimental results will reveal the area, power, and cycle time overhead of these security extensions. Overall performance (total execution time) will also be evaluated using IoT benchmarks.