FTP is a widely used protocol for working with remote file systems. Various FTP implementations have had security problems reported as late as 2010. There lacks a systematic analysis of FTP security. In this paper, threat models are built to provide a systematic coverage of potential security attacks against an FTP server. Security tests are then generated from the threat models and applied to ...

Connected and intelligent vehicles create new risks to cybersecurity and road safety. Threat modeling is a building block in automotive security engineering that identifies potential threats for corresponding mitigations. In this paper, we address how to conduct threat modeling for automotive security analysis during the development lifecycle. We propose a practical and efficient approach to th...

Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) metho...

This paper examines malicious insider threat and explains the key differences from other types of insider threat and from external threat actors. A phase based “kill-chain” malicious insider threat model is developed and proposed to help inform selection of mitigation countermeasures which are complementary or incremental to a typically implemented traditional ISO 17799/27002 information securi...

Insider threat is a great challenge for most organizations in today’s digital world. It has received substantial research attention as a significant source of information security threat that could cause more financial losses and damages than any other threats. However, designing an effective monitoring and detection framework is a very challenging task. In this paper, we examine the use of hum...

Despite the well documented and emerging insider threat to information systems, there is currently no substantial effort devoted to addressing the problem of internal IT misuse. In fact, the great majority of misuse countermeasures address forms of abuse originating from external factors (i.e. the perceived threat from unauthorized users). This paper suggests a new and innovative approach of de...

In recent years we have witnessed the emergence and establishment of research in sensor network security. The majority of the literature has focused on discovering numerous vulnerabilities and attacks against sensor networks, along with suggestions for corresponding countermeasures. However, there has been little guidance for understanding the holistic nature of sensor network security for prac...

Agent technology is a novel approach for the development of distributed systems. In particular, mobile agents can provide much greater flexibility and robustness than the traditional distributed system methodologies since they provide mobility from platform to platform. Thus, they form a vast area of research. One key problem faced by the mobile agent systems is security. A migrating agent can ...

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a very worrying situation, as insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. As a result, organizations can suffer financial losses and damage to assets and to reputation. Despite their importance, insider threats are still not ...

The fifth generation wireless system (5G) is expected to handle an unpredictable number of heterogeneous connected devices and to guarantee at least the same level of security provided by the contemporary wireless standards, including the Authentication and Key Agreement (AKA) protocol. The current AKA protocol has not been designed to efficiently support a very large number of devices. Hence, ...