International Conferences: IEEE World Congress on Services (2014) Alaska |
The 2014 IEEE World Congress on Services (SERVICES) was held at Anchorage, Alaska on June 27 2014-July 2, 2014. This Congress included four core conferences- the IEEE International Conference on Web Services (ICWS 2014); the IEEE International Conference on Cloud Computing (CLOUD 2014); the IEEE International Conference on Services Computing (SCC 2014); and the IEEE International Conference on Mobile Services (MS 2014) and hosted the third IEEE International Congress on Big Data (BigData 2014).
The works cited here are science of security-related.
Taherimakhsousi, N.; Muller, H.A., "Context-Based Face Recognition for Smart Web Tasking Applications," Services (SERVICES), 2014 IEEE World Congress on , vol., no., pp.21,23, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.14 This position paper illustrates applications of a context-based face recognition system for smart web tasking. Context-based face recognition can provide a personalized service based on recognition face and derived context information. Using selected smart applications, we show how context-based face recognition system could help deliver personalized services.
Keywords: Internet; face recognition; ubiquitous computing; context-based face recognition system; personalized service; smart Web tasking applications; Conferences; Context; Face; Face recognition; Image recognition; Media; Mobile communication; commercial video chat; context-aware; face recognition; web-based class environment (ID#: 15-3500)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903238&isnumber=6903223
Murugesan, P.; Ray, I., "Audit Log Management in MongoDB," Services (SERVICES), 2014 IEEE World Congress on, pp.53,57, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.19 In the past few years, web-based applications and their data management needs have changed dramatically. Relational databases are often being replaced by other viable alternatives, such as NoSQL databases, for reasons of scalability and heterogeneity. MongoDB, a NoSQL database, is an agile database built for scalability, performance and high availability. It can be deployed in single server environment and also on complex multi-site architectures. MongoDB provides high performance for read and write operations by leveraging in-memory computing. Although researchers have motivated the need for MongoDB, not much appears in the area of log management. Efficient log management techniques are needed for various reasons including security, accountability, and improving the performance of the system. Towards this end, we analyze the different logging methods offered by MongoDB and compare them to the NIST standard. Our analysis indicates that profiling and mongosniff are useful for log management and we present a simple model that combines the two techniques.
Keywords: Internet; database management systems; MongoDB; NIST standard; NoSQL databases; Web-based applications; agile database; audit log management; complex multisite architectures; data management; log management techniques; mongosniff; single server environment; Indexes; Monitoring; NIST; Security; Servers; Audit Trail; Log Management; MongoDB; NoSQL (ID#: 15-3501)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903243&isnumber=6903223
Sen, A.; Madria, S., "Off-Line Risk Assessment of Cloud Service Provider," Services (SERVICES), 2014 IEEE World Congress on, pp.58,65, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.20 The acceptance of cloud as a platform to migrate applications has seen a boom in the past few decades. Hosting applications on the cloud cuts down its maintenance and infrastructure costs. Nonetheless security of these applications on the cloud is one of the primary concerns which prevents complete adoption of cloud. Although cloud provides security, they do not address it in terms of application security and thus organizations cannot fully comprehend them. In this paper, we propose an off-line risk assessment framework to evaluate a cloud service provider's security from the point of view of an application to be migrated there. Once the most secure cloud service provider is determined for an application, the framework will perform a cost-benefit tradeoff analysis to estimate an optimal cloud migration strategy.
Keywords: cloud computing; security of data; cloud service provider security; cost-benefit tradeoff analysis ;infrastructure costs; offline risk assessment; optimal cloud migration strategy; secure cloud service provider; Computer crime; Motion pictures; Ontologies; Organizations; Risk management; System analysis and design; cloud migration; cloud service provider; cost-benefit tradeoff analysis; risk assessment; vulnerability assessment (ID#: 15-3502)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903244&isnumber=6903223
llin, C.; Haney, M., "Preventing the Mistraining of Anomaly-Based IDSs through Ensemble Systems," Services (SERVICES), 2014 IEEE World Congress on, pp.66, 68, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.21 The security of cloud networks is heavily contingent upon their ability to detect incoming attacks. An Intrusion Detection System (IDS) monitors a network for precisely this purpose. IDSs fall into one of two categories: signature-based and anomaly-based IDSs. Whereas signature-based IDSs rely upon pre-programmed matching rules designed by security experts and are therefore limited to pre-existing attacks in their coverage, anomaly-based IDSs attempt to identify normal and abnormal traffic, generally using machine learning, and therefore hold the promise of being able to identify novel attacks. Anomaly-based IDSs can be divided into IDSs that are trained online and IDSs that are trained offline. While IDSs that are trained online allow greater flexibility, such IDSs could be trained by an adversary to allow specific attacks. This work-in-progress paper proposes a methodology for protecting against the mistraining of an IDS trained online. Two IDSs begin with identical rule sets, but one is allowed to adjust its data to include online data while the other remains static. Both systems can report anomalies, and if the online IDS attempts to let through too much that the offline IDS does not, the decision boundaries of the online IDS are adjusted as a safeguard against mistraining. An experiment for testing the approach is proposed.
Keywords: cloud computing; digital signatures; anomaly-based IDS; cloud networks; ensemble systems; intrusion detection system; security; signature-based IDS; Educational institutions; Intrusion detection; Machine learning algorithms; Training; Training data; information security; intrusion detection; machine learning algorithms (ID#: 15-3503)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903245&isnumber=6903223
Felici, M.; Pearson, S., "Accountability, Risk, and Trust in Cloud Services: Towards an Accountability-Based Approach to Risk and Trust Governance," Services (SERVICES), 2014 IEEE World Congress on, pp.105, 112, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.29 In this paper we propose an approach for enhanced data protection in the cloud, based upon accountability governance. Specifically, the relationships between accountability, risk and trust are analyzed in order to suggest characteristics and means to address data governance issues involved when organizations or individuals adopt cloud computing. This analysis takes into account insights from a variety of stakeholders within cloud ecosystems obtained by running an elicitation workshop.
Keywords: cloud computing; risk management ;trusted computing; accountability governance; accountability-based approach; cloud computing; cloud ecosystems; cloud services; data governance; data protection; elicitation workshop; risk; trust governance; Context; Ecosystems; Law; Organizations; Risk management; Security; Standards organizations; accountability; cloud computing; risk; trust (ID#: 15-3504)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903252&isnumber=6903223
Hale, M.; Gamble, R., "Toward Increasing Awareness of Suspicious Content through Game Play," Services (SERVICES), 2014 IEEE World Congress on, pp.113, 120, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.30 Phishing, elicitation, and impersonation techniques are performed using multiple forms, targeting content specific to the delivery modality, such as email, social media, and general browser communications. Education to increase awareness is one mechanism to combat phishing. Average email and internet users are less attentive to media warnings and training materials provided by employers than they are in interactive environments. In this paper, we overview a game concept that immerses users in a role play challenge where they must send email, use social media, and browse the web and determine whether content received within these modalities is trustworthy or not. The game, built as a Javascript framework, simulates phishing scams, measures trust and suspicion levels, and individualizes training for users. The game architecture employs components that facilitate dynamic content generation in each of the modalities, customize experiment design for specific assessment and training, and perform sophisticated tracking for automated analysis of user trust content assessments. We discuss the game content, the specific requirements the game must comply with, and the experiments to be conducted using the game.
Keywords: computer based training; message authentication; serious games (computing);social networking (online);unsolicited e-mail; Internet; Javascript framework; dynamic content generation; elicitation technique; email; game play; impersonation technique; phishing scams; role play challenge; social media; suspicious content; user trust content assessment; Browsers; Companies; Degradation; Electronic mail; Games; Media; Training; assessment; awareness; game; phishing; security (ID#: 15-3505)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903253&isnumber=6903223
Takahashi, T.; Kannisto, J.; Harju, J.; Kanaoka, A.; Takano, Y.; Matsuo, S., "Expressing Security Requirements: Usability of Taxonomy-Based Requirement Identification Scheme," Services (SERVICES), 2014 IEEE World Congress on, pp.121,128, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.31 Users want to enjoy online services without sacrificing their security. Although there is a trade-off between the security of a service and its usability, the level of security required will differ depending on the user and the situation. To optimize the balance between security and usability, it can be customized for each user and each online transaction. Yet in order to do that, both users and service providers need to stipulate their security requirements. We have been working on a framework that provides security requirement classifications in multiple dimensions to help users identify and select their security requirements, and then apply these requirements to different dimensions. This paper shows how we implemented this framework and then evaluated it by conducting a user study along with our implementation. The study verifies that ordinary users without any particular technical knowledge prefer to clarify their security requirements using a taxonomy-based selection scheme (our scheme) as opposed to a free-form input scheme. It also discusses the coverage of pre-defined taxonomies and users' requirements. Through this study, we clarify the future direction of our research.
Keywords: human factors; information services; security of data; systems analysis; free-form input scheme; online services; online transaction; pre-defined taxonomies; security requirements; service providers ;taxonomy-based requirement identification scheme usability; taxonomy-based selection scheme; user requirements; user study; Computers; Educational institutions; Electronic mail; Prototypes; Security; Taxonomy; Usability; security requirement; taxonomy; usability; user study (ID#: 15-3506)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903254&isnumber=6903223
Todoran, I.; Glinz, M., "Quest for Requirements: Scrutinizing Advanced Search Queries for Cloud Services with Fuzzy Galois Lattices," Services (SERVICES), 2014 IEEE World Congress on, pp.234, 241, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.49 In software and requirements engineering, requirements elicitation is considered an essential step towards building successful systems. Despite extensive existing research in the field of distributed requirements engineering, the topic of requirements elicitation for cloud systems remains still uncovered. Cloud challenges (e.g., heterogeneous and globally distributed users, volatile requirements, frequent change requests) cannot always be satisfied by existing methods. We present a new approach for eliciting requirements for cloud services by analyzing advanced search queries. Our approach builds fuzzy Galois lattices for the terms that compose advanced search queries, thus enabling a thorough analysis of stored search data. This can support cloud providers in observing requirements clusters and new classes of cloud services, identifying the threshold for achieving satisfied consumers with a minimal set of requirements implemented, and thus designing novel solutions, based on market trends. Moreover, the Galois lattices approach enables large-scale consumers' involvement and ensures the elicitation of real requirements unobtrusively.
Keywords: cloud computing; fuzzy set theory; query formulation; query processing; cloud services; cloud systems; fuzzy Galois lattices; requirements elicitation; requirements engineering; search data; search queries; Cloud computing; Context; Encryption; Lattices; Mobile communication; Reliability; Galois lattice; advanced search query; cloud computing; data analysis; requirements elicitation (ID#: 15-3507)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903271&isnumber=6903223
Rosa, T.A.; Donizetti Zorzo, S., "Model of Location-Sharing-Based Services with Privacy Guarantee," Services (SERVICES), 2014 IEEE World Congress on, pp.271,278, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.56 The mobile devices can perform many tasks including the processing of complex calculations, reproduction of high quality media and connection with the Internet. These tasks enable many new services to users which explore their locations in order to provide, for instance, information about the weather forecast, traffic monitoring, among others. Services which use information about location of users are called Location-Based Services (LBS). These services can also group users according to the geographical region and they are called Location-Sharing-Based Services(LSBS). The main feature of LSBS is that it explores the information from a group of users and not just from individuals, offering services based on the group position. However, with these services, users are subject to several threats to their privacy. This article presents the implementation of a model of LSBS with privacy guarantees. The model is based on levels and it guarantees not only the privacy of the group but also the privacy of each one inside the group. This guarantee is due to homomorphic encryption and privacy techniques like anonymity. Tests were performed aiming at developing this model. The results show that it is viable the use of model of LSBS in real devices.
Keywords: Internet; cryptography; data privacy; mobile computing; Internet; LSBS; anonymity; complex calculations; group position; group privacy; homomorphic encryption; location-sharing-based services; mobile devices; privacy guarantee; Accuracy; Data privacy; Encryption; Performance evaluation; Privacy; Reliability; Location-Based Services; Location-Sharing-Based Services; Privacy (ID#: 15-3508)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903278&isnumber=6903223
Cecchinel, C.; Jimenez, M.; Mosser, S.; Riveill, M., "An Architecture to Support the Collection of Big Data in the Internet of Things," Services (SERVICES), 2014 IEEE World Congress on, pp.442, 449, June 27 2014-July 2 2014. doi: 10.1109/SERVICES.2014.83 The Internet of Things (IoT) relies on physical objects interconnected between each others, creating a mesh of devices producing information. In this context, sensors are surrounding our environment (e.g., cars, buildings, smartphones) and continuously collect data about our living environment. Thus, the IoT is a prototypical example of Big Data. The contribution of this paper is to define a software architecture supporting the collection of sensor-based data in the context of the IoT. The architecture goes from the physical dimension of sensors to the storage of data in a cloud-based system. It supports Big Data research effort as its instantiation supports a user while collecting data from the IoT for experimental or production purposes. The results are instantiated and validated on a project named SMARTCAMPUS, which aims to equip the SophiaTech campus with sensors to build innovative applications that supports end-users.
Keywords: Big Data; Internet of Things; cloud computing; software architecture; Big Data; Internet of Things; IoT; SMARTCAMPUS; SophiaTech campus; cloud-based system; sensor-based data; software architecture; Big data; Bridges; Computer architecture; Middleware; Temperature measurement; Temperature sensors; Architecture; Data collection; Distributed Computing; Sensors; Software Engineering (ID#: 15-3509)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903302&isnumber=6903223
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.