Monthly Archives: January 2016

New IoT Journal to be Launced

25 Monday Jan 2016

Posted by in Uncategorized

Comments Off on New IoT Journal to be Launced

Tags

, , , ,

The International Journal of Hyperconnectivity and the Internet of Things (IJHIoT) is set to be officially launched in 2017.  The IJHIoT shall focus on a variety of topics relating to IoT and the current age of hyperconnectivity including security concerns, applications of IoT, development and management of the IoT, wearable computing, IoT for home automation, smart cities, etc. The editor-in-chief of the journal shall be Dr. Maurice Dawson who is a faculty member in the Information Systems Department.

See schedule below that shows the dates for the IJHIoT.

Screenshot from 2016-01-25 21-31-45

The signed contract can be viewed by clicking on the following link Dawson_IJHIoT agreement_signed_IGI

AAEAAQAAAAAAAAY_AAAAJGUxOTg1OTNlLTQyZmEtNDUwOC1hNGY5LTNhMzZjOTEyM2ZlNg

- Share/Bookmark -

Student projects in Cloud Computing

14 Thursday Jan 2016

Posted by in Student Projects

Comments Off on Student projects in Cloud Computing

Tags

,

In this semester-wide project, students are required to design cloud architecture for a hypothetical company.  They are required to address all aspects of cloud, including security and auditing.  Two of the projects are added here.

- Share/Bookmark -

Mobile Cloud Computing: Cloudlets, Offloading, and Other Platform Specific Concerns

14 Thursday Jan 2016

Posted by in Student Research Papers

Comments Off on Mobile Cloud Computing: Cloudlets, Offloading, and Other Platform Specific Concerns

Tags

Mobile Cloud Computing is the intersection of mobile computing devices (cellphones, tablets, etc.) and familiar cloud computing concepts; mobile devices can see significant benefits from leveraging the cloud, from increased computational speed and extended battery-life (generally a major concern for mobile devices), to the ability for a resource poor device to run resource intensive mobile applications. The presentation therefore will be about cloud computing as it applies specifically to mobile devices. The vast majority of the discussion is applicable to general cloud computing (and thus of broader interest to the class), but there will be a focus on the challenges pertinent to a mobile device using cloud computing (some cursory background on necessary included topics, for example, mobile network tower handoff, will be provided as needed). Such challenges include, but are not limited to: latency and connectivity (both of which effect seamlessness and QoS); and computational offloading which has many subproblems such as how much of the/which of the computations do we offload, why, and what are the structural/architectural limitations thereof. Further discussion will explore proposed/tested solutions to these specific issues, while also elaborating on some of the measurable benefits of adopting cloud computing for mobile devices: device-battery savings, faster processing, and the ability for resource poor devices to run resource intensive applications. Many, quite possibly all, of the issues discussed won’t have “given”/standard answers as they are areas of open research (especially where the limitations imposed by mobile devices are applied), but the discussion will be backed with hard data and specific approaches to these issues drawn from the available research literature. Expected topics of discussion relating to the problems presented by mobile cloud computing will include cloudlets (vs cloud frameworks) with regard to seamlessness and QoS, and methods of offloading computations (theory/algorithms for execution offloading: why dynamic not static code partitioning, minimizing state transfer costs, and other possible considerations).

The complete presentation is available here: MobileCloudComputing

- Share/Bookmark -

FALL 2015 INFSYS 6868 Software Assurance – Student Research Papers

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on FALL 2015 INFSYS 6868 Software Assurance – Student Research Papers

Tags

,

INFSYS 6868 Software Assurance – Student Research Papers

Software Development Security: Security Driven Development

Abstract: Security design patterns in the software development life cycle has taken a back seat to create better user experience. At the cost of this better user experience is the risk associated with the lack of focus in security. This becomes an issue for companies that experience major security breaches and must continue to patch their patterns rather than, taking a security driven approach to designing their software. In this paper we will explore the benefits of moving toward a security driven development pattern. In the paper the focus will be centered on business processes and involving security throughout the organizational ecosystem. The benefits and challenges that is associated with moving toward a security driven development pattern and how to build a security driven organization.

Click here to view research paper Secuirty_Driven_Dev_Sasa_Basara

Third Party Risk Management: Cost-effective Approach

Abstract: This paper focuses on importance of third-party risk management and outsourcing risks. Specifically this paper will emphasize the importance of building supplier relationships in safe, secure and productive way applying risk-based approach to supplier oversight and relationship management. Benefits and challenges outlined along with recommendations on how to build risk averse and policy compliant corporate culture.

Click here to view research paper Third Party Risk Management

Improving Web Application Security by Eliminating CWEs

Abstract: This study examined improving web application security by eliminating CWEs. With the developing of web application, securities are becoming more and more important and complicated. The article states the current situation of the web application security and provides possible solution method. By understanding the CWEs and eliminating CWEs can help web application developers to solve or minimizing the security problems. The study listed three CWEs as examples to show how to understand and eliminate CWEs. Problem-solving based method can help people quickly understand the advantage of using CWEs to improve web application. Cloud Computing is also covered in the study for the future research directions.

Click here to view research paper  Weijie_Chen_ResearchPaper

- Share/Bookmark -

Code Analysis Research & Presentation

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on Code Analysis Research & Presentation

Tags

,

INFSYS 6868 Software Assurance & INFSYS 3868 Secure Software Development

In this assignment, students were broken up into groups to perform the following tasks below.

Task
Select source code (minimum of 2 applications)
Select tool(s)
Run the tools and obtain reports
Create a presentation based upon reports (no more than 10 slides)
Defend how to fix deficiencies, errors, or vulnerabilities found
Present finding to class/instructor

Click to view this group’s final submission INFSYS6868_StaticAnalysis_Basara_Want_Fillipets

Click to view this group’s final submission Static Code Analysis_Meyer_Zahniel

- Share/Bookmark -

Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Mission Assurance Category (MAC) I Classified Requirements Student Exercise

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Mission Assurance Category (MAC) I Classified Requirements Student Exercise

Overview

This task is creating threshold (shall) requirements for the DoD 8500.2 IA Controls.  Students required to select a classification and Mission Assurance Category (MAC) level.

Goals

  1. Become familiar with authoring Information Assurance (IA) requirements.
  2. Develop skills in developing security focused requirements.

Requirements Matrix

A total of 35 requirements are chosen from the MAC [#], [Classification].

Screenshot from 2016-01-13 12-31-57

Click the following link to view the student research assignment Student Assignment_Req_Docs_Sasa_basara.  Requirements can be viewed by clicking the following attachment ia_cv_diacap_MACI_Classifed_Requirements

- Share/Bookmark -

Cloud Environments and Security

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on Cloud Environments and Security

In a Fall 2015 course CMP SCI 4730 Computer Communications and Networks, an undergraduate student Luke Bicklein did research on Cloud Environment security and submitted the research paper. The following is the major content.

Cloud Environments and Security

Luke Bicklein , bicklein (at) umsl.edu (A paper written under the guidance of Prof. Jianli Pan)

Download paper here: Cloud Computing Security

Abstract:

Large virtual environments are a rapidly being deployed and utilized in many (if not most) large institutions. Private industries, public institutions, and individuals everywhere continue to migrate their data and shared resources to cloud environments. This paper details modern Cloud environments, security concerns involved in large environments, as well as current and possible future solutions to securing them.

Keywords:

Cloud, Cloud Computing, Cloud Stotage, Virtual Environment, Virtual Machine, data warehouse, virtual firewall

Table of Contents

  • 1. Introduction
    • 1.1 What is Cloud Computing?
    • 1.2 The Importance of a Secure Cloud
  • 2. Large-Scale Enviroments
    • 2.1 Intentions of Large Environments
    • 2.2 Modern Deployment and Utilization
    • 2.3 Infastructure: Under the Hood
  • 3. Security Concerns
    • 3.1 Identifying Threats
    • 3.2 Modern Threats
    • 3.3 Virtual Firewalls
  • 4. Summary
  • 5. References
  • 6. List of Acronyms

 

- Share/Bookmark -