Cyber-Vigilance and digital trust : cyber security in the era of cloud computing and IoT / edited by Wiem Tounsi.

Contributor(s): Tounsi, Wiem [editor]
Language: English Series: Networks and telecommunications seriesPublisher: London, UK : ISTE, Ltd. ; Hoboken, NJ : John Wiley & Sons, Inc., 2019Description: 1 online resource (x, 230 pages) : illustrationsContent type: text Media type: computer Carrier type: online resourceISBN: 9781786304483 ; 9781119618393Subject(s): Computer security | Cloud computing -- Security measures | Internet of things -- Security measuresGenre/Form: Electronic booksDDC classification: 005.8 Online resources: Full text available at Wiley Online Library Click here to view
Contents:
Introduction ix Wiem TOUNSIChapter 1. What Is Cyber Threat Intelligence and How Is It Evolving? 1 Wiem TOUNSI1.1. Introduction 11.2. Background 31.2.1. New Generation Threats 31.2.2. Analytical Frameworks 61.3. Cyber Threat Intelligence 91.3.1. Cyber Threat Intelligence Sources 91.3.2. Cyber Threat Intelligence Sub-Domains 111.3.3. Technical Threat Intelligence (TTI) 131.4. Related Work 141.5. Technical Threat Intelligence Sharing Problems 161.5.1. Benefits of CTI Sharing for Collective Learning 161.5.2. Reasons for Not Sharing 171.6. Technical Threat Intelligence Limitations 211.6.1. Quantity Over Quality 211.6.2. IOC-Specific Limitations 221.7. Cyber Threat Intelligent Libraries or Platforms 251.7.1. Benefits of CTI Libraries Based In the Cloud 261.7.2. Reluctance to Use Cloud Services 261.8. Discussion 271.8.1. Sharing Faster Is Not Sufficient 271.8.2. Reducing the Quantity of Threat Feeds 281.8.3. Trust to Share Threat Data and to Save Reputation Concerns 301.8.4. Standards for CTI Representation and Sharing 311.8.5. Cloud-Based CTI Libraries for Collective Knowledge and Immunity 341.9. Evaluation of Technical Threat Intelligence Tools 361.9.1. Presentation of Selected Tools 371.9.2. Comparative Discussion 381.10. Conclusion and Future Work 391.11. References 40Chapter 2. Trust Management Systems: A Retrospective Study on Digital Trust 51 Reda YAICH2.1. Introduction 512.2. What Is Trust? 522.3. Genesis of Trust Management Systems 542.3.1. Access Control Model 542.3.2. Identity-Based Access Control 552.3.3. Lattice-Based Access Control 572.3.4. Role-Based Access Control 582.3.5. Organization-Based Access Control 592.3.6. Attribute-Based Access Control 612.4. Trust Management 622.4.1. Definition 622.4.2. Trust Management System 642.4.3. Foundations 652.4.4. Automated Trust Negotiation 702.5. Classification of Trust Management Systems 722.5.1. Authorization-Based TMSs 732.5.2. Automated Trust Negotiation Systems 812.6. Trust Management In Cloud Infrastructures 902.6.1. Credentials-Based Trust Models 902.6.2. SLA-Based Trust Models 902.6.3. Feedback-Based Trust Models 912.6.4. Prediction-Based Trust Models 922.7. Conclusion 932.8. References 94Chapter 3. Risk Analysis Linked to Network Attacks 105 Kamel KAROUI3.1. Introduction 1053.2. Risk Theory 1073.2.1. Risk Analysis Terminology 1073.2.2. Presentation of the Main Risk Methods 1093.2.3. Comparison of the Main Methods 1163.3. Analysis of IS Risk In the Context of IT Networks 1203.3.1. Setting the Context 1203.3.2. Risk Assessment 1273.3.3. Risk Treatment 1333.3.4. Acceptance of Risks 1363.3.5. Risk Communication 1373.3.6. Risk Monitoring 1383.4. Conclusion 1383.5. References 138Chapter 4. Analytical Overview on Secure Information Flow In Android Systems: Protecting Private Data Used By Smartphone Applications 141 Mariem GRAA4.1. Introduction 1424.2. Information Flow 1434.2.1. Explicit Flows 1434.2.2. Implicit Flows 1434.2.3. Covert Channels 1444.3. Data Tainting 1454.3.1. Interpreter Approach 1454.3.2. Architecture-Based Approach 1464.3.3. Static Taint Analysis 1464.3.4. Dynamic Taint Analysis 1474.4. Protecting Private Data In Android Systems 1494.4.1. Access Control Approach 1494.4.2. Preventing Private Data Leakage Approach 1534.4.3. Native Libraries Approaches 1574.5. Detecting Control Flow 1604.5.1. Technical Control Flow Approaches 1604.5.2. Formal Control Flow Approaches 1624.6. Handling Explicit and Control Flows In Java and Native Android Apps? Code 1644.6.1. Formal Specification of the Under-Tainting Problem 1644.6.2. Formal Under-Tainting Solution 1664.6.3. System Design 1754.6.4. Handling Explicit and Control Flows In Java Android Apps? Code 1764.6.5. Handling Explicit and Control Flows In Native Android Apps? Code 1804.6.6. Evaluation 1844.6.7. Discussion 1874.7. Protection Against Code Obfuscation Attacks Based on Control Dependencies In Android Systems 1884.7.1. Code Obfuscation Definition 1884.7.2. Types of Program Obfuscations 1894.7.3. Obfuscation Techniques 1894.7.4. Code Obfuscation In Android System 1904.7.5. Attack Model 1914.7.6. Code Obfuscation Attacks 1924.7.7. Detection of Code Obfuscation Attacks 1944.7.8. Obfuscation Code Attack Tests 1954.8. Detection of Side Channel Attacks Based on Data Tainting In Android Systems 1984.8.1. Target Threat Model 1994.8.2. Side Channel Attacks 2004.8.3. Propagation Rules for Detecting Side Channel Attacks 2034.8.4. Implementation 2054.8.5. Evaluation 2074.9. Tracking Information Flow In Android Systems Approaches Comparison: Summary 2104.10. Conclusion and Highlights 2154.11. References 216List of Authors 227Index 229
Summary: Cyber threats are ever increasing. Adversaries are getting more sophisticated and cyber criminals are infiltrating companies in a variety of sectors. In today's landscape, organizations need to acquire and develop effective security tools and mechanisms - not only to keep up with cyber criminals, but also to stay one step ahead. Cyber-Vigilance and Digital Trust develops cyber security disciplines that serve this double objective, dealing with cyber security threats in a unique way. Specifically, the book reviews recent advances in cyber threat intelligence, trust management and risk analysis, and gives a formal and technical approach based on a data tainting mechanism to avoid data leakage in Android systems.
Tags from this library: No tags from this library for this title. Log in to add tags.
    Average rating: 0.0 (0 votes)
Item type Current location Home library Call number Status Date due Barcode Item holds
EBOOK EBOOK COLLEGE LIBRARY
COLLEGE LIBRARY
LIC Gateway 		005.8 C9921 2019 (Browse shelf) Available CL-50345
Total holds: 0

Introduction ix Wiem TOUNSIChapter 1. What Is Cyber Threat Intelligence and How Is It Evolving? 1 Wiem TOUNSI1.1. Introduction 11.2. Background 31.2.1. New Generation Threats 31.2.2. Analytical Frameworks 61.3. Cyber Threat Intelligence 91.3.1. Cyber Threat Intelligence Sources 91.3.2. Cyber Threat Intelligence Sub-Domains 111.3.3. Technical Threat Intelligence (TTI) 131.4. Related Work 141.5. Technical Threat Intelligence Sharing Problems 161.5.1. Benefits of CTI Sharing for Collective Learning 161.5.2. Reasons for Not Sharing 171.6. Technical Threat Intelligence Limitations 211.6.1. Quantity Over Quality 211.6.2. IOC-Specific Limitations 221.7. Cyber Threat Intelligent Libraries or Platforms 251.7.1. Benefits of CTI Libraries Based In the Cloud 261.7.2. Reluctance to Use Cloud Services 261.8. Discussion 271.8.1. Sharing Faster Is Not Sufficient 271.8.2. Reducing the Quantity of Threat Feeds 281.8.3. Trust to Share Threat Data and to Save Reputation Concerns 301.8.4. Standards for CTI Representation and Sharing 311.8.5. Cloud-Based CTI Libraries for Collective Knowledge and Immunity 341.9. Evaluation of Technical Threat Intelligence Tools 361.9.1. Presentation of Selected Tools 371.9.2. Comparative Discussion 381.10. Conclusion and Future Work 391.11. References 40Chapter 2. Trust Management Systems: A Retrospective Study on Digital Trust 51 Reda YAICH2.1. Introduction 512.2. What Is Trust? 522.3. Genesis of Trust Management Systems 542.3.1. Access Control Model 542.3.2. Identity-Based Access Control 552.3.3. Lattice-Based Access Control 572.3.4. Role-Based Access Control 582.3.5. Organization-Based Access Control 592.3.6. Attribute-Based Access Control 612.4. Trust Management 622.4.1. Definition 622.4.2. Trust Management System 642.4.3. Foundations 652.4.4. Automated Trust Negotiation 702.5. Classification of Trust Management Systems 722.5.1. Authorization-Based TMSs 732.5.2. Automated Trust Negotiation Systems 812.6. Trust Management In Cloud Infrastructures 902.6.1. Credentials-Based Trust Models 902.6.2. SLA-Based Trust Models 902.6.3. Feedback-Based Trust Models 912.6.4. Prediction-Based Trust Models 922.7. Conclusion 932.8. References 94Chapter 3. Risk Analysis Linked to Network Attacks 105 Kamel KAROUI3.1. Introduction 1053.2. Risk Theory 1073.2.1. Risk Analysis Terminology 1073.2.2. Presentation of the Main Risk Methods 1093.2.3. Comparison of the Main Methods 1163.3. Analysis of IS Risk In the Context of IT Networks 1203.3.1. Setting the Context 1203.3.2. Risk Assessment 1273.3.3. Risk Treatment 1333.3.4. Acceptance of Risks 1363.3.5. Risk Communication 1373.3.6. Risk Monitoring 1383.4. Conclusion 1383.5. References 138Chapter 4. Analytical Overview on Secure Information Flow In Android Systems: Protecting Private Data Used By Smartphone Applications 141 Mariem GRAA4.1. Introduction 1424.2. Information Flow 1434.2.1. Explicit Flows 1434.2.2. Implicit Flows 1434.2.3. Covert Channels 1444.3. Data Tainting 1454.3.1. Interpreter Approach 1454.3.2. Architecture-Based Approach 1464.3.3. Static Taint Analysis 1464.3.4. Dynamic Taint Analysis 1474.4. Protecting Private Data In Android Systems 1494.4.1. Access Control Approach 1494.4.2. Preventing Private Data Leakage Approach 1534.4.3. Native Libraries Approaches 1574.5. Detecting Control Flow 1604.5.1. Technical Control Flow Approaches 1604.5.2. Formal Control Flow Approaches 1624.6. Handling Explicit and Control Flows In Java and Native Android Apps? Code 1644.6.1. Formal Specification of the Under-Tainting Problem 1644.6.2. Formal Under-Tainting Solution 1664.6.3. System Design 1754.6.4. Handling Explicit and Control Flows In Java Android Apps? Code 1764.6.5. Handling Explicit and Control Flows In Native Android Apps? Code 1804.6.6. Evaluation 1844.6.7. Discussion 1874.7. Protection Against Code Obfuscation Attacks Based on Control Dependencies In Android Systems 1884.7.1. Code Obfuscation Definition 1884.7.2. Types of Program Obfuscations 1894.7.3. Obfuscation Techniques 1894.7.4. Code Obfuscation In Android System 1904.7.5. Attack Model 1914.7.6. Code Obfuscation Attacks 1924.7.7. Detection of Code Obfuscation Attacks 1944.7.8. Obfuscation Code Attack Tests 1954.8. Detection of Side Channel Attacks Based on Data Tainting In Android Systems 1984.8.1. Target Threat Model 1994.8.2. Side Channel Attacks 2004.8.3. Propagation Rules for Detecting Side Channel Attacks 2034.8.4. Implementation 2054.8.5. Evaluation 2074.9. Tracking Information Flow In Android Systems Approaches Comparison: Summary 2104.10. Conclusion and Highlights 2154.11. References 216List of Authors 227Index 229

Cyber threats are ever increasing. Adversaries are getting more sophisticated and cyber criminals are infiltrating companies in a variety of sectors. In today's landscape, organizations need to acquire and develop effective security tools and mechanisms - not only to keep up with cyber criminals, but also to stay one step ahead. Cyber-Vigilance and Digital Trust develops cyber security disciplines that serve this double objective, dealing with cyber security threats in a unique way. Specifically, the book reviews recent advances in cyber threat intelligence, trust management and risk analysis, and gives a formal and technical approach based on a data tainting mechanism to avoid data leakage in Android systems.

600-699

There are no comments for this item.

to post a comment.