Free Q3. How Can The Model Be Validated To Ensure That The New Software Development Framework Would Avoid Privacy Leakage? Thesis Proposal Example
Type of paper: Thesis Proposal
Topic: Security, Internet, Information, Confidentiality, Infrastructure, Framework, Privacy, Computers
Terms like ‘work from anywhere’, ‘cloud’ and ‘mobile computing’ are no longer technical jargon as now these terms are everywhere. Almost everyone in the computing world and even otherwise is aware or probably using these technologies. Most of the users are already using some form of cloud computing, either in the form of emails, or sharing the data or office files and other similar applications. Although most of these applications were available in pre-cloud era, but making these applications available through cloud has its own advantages. People use new services unknowingly that they are perhaps using the advanced technologies, as they are more concerned about such features like availability, scalability, low cost and performance but, sometimes at the cost of security and privacy.
There are some known security issues inherent in cloud computing or mobile form of computing. For instance, mobile computing and application is the buzz word for today’s businesses. Every company, which is into online trading or dealing with ecommerce, tends to have their mobile application available for its use on the client’s Smartphone or handheld device. The clients can easily download the application onto their mobile devices and transact from their mobile screens. Even corporate world have some sort of application for their employees who can connect to their office network through their mobiles, using VPN and Internet. This lets them log into their respective accounts and work from anywhere. However, privacy can be severely affected as the sensitive data can be stolen through the mobiles. Mobile phones are known to be low on security as software exists in the market, which can easily replicate the mobiles so that the data is shared in two devices in parallel, without the knowledge of the right owner. This cellular counterfeiting and cloning can lead to stealing lot of data from the cell phone itself, ability to authenticate into the office network and even make fake calls, IMs or messages. .
These is known problems and an indication of the signs of times. Clearly the underlying software lacks the capabilities to make the system secure. There are certain security loopholes which are cleverly exploited by those who have in-depth knowledge of the working of these devices or environments. They take the advantage of these security lacunae in the systems and easily sneak into them. It is therefore necessary that the proper framework should be available which will help the making of these devices or environments secure. The purpose of this research is to determine the existing environments available, which have led to the development of such systems and finally to propose the framework which can be utilized to start building a much secured system from the deign levels.
1.1 Research Questions
Q1. How can we model and analyse dynamic privacy requirements in evolving technological environments?
Q2. What are the gaps in existing models that stops in providing strong software environment free from potential security breaches?
The aims of this research is to attempt and ascertain the nature of the gap which exists in the availability of software framework which may help in designing the dynamically secure systems and the actual need of the software design framework that should help in maintaining the privacy of the user data in highly active environs of computing. Post understanding the gap, the attempt of this research would be to propose a new software design framework which can help the designers and developers to design the system which is able to provide secure system, without compromising the privacy of the user’s confidential data.
Security and privacy issues are extremely important concerns as more and more companies and individuals opt for mobile computing, flexibility at work and cloud computing. Previously as the data or information was accessed between the four walls or behind the firewalls of the office premises, the data, privacy of the individual and the information could be secured in rather easier fashion. One firewall at times was enough. As the computing environments have attained more dynamics and attributes like flexibility to access from anywhere, so the objective of this research is to ascertain the state-of-art security framework available in designing a secure system.
Another objective of this research, compatible with the aims of the study as defined above, are determining the parameters which can define a system as secure, like the privacy of the individual, privacy of the data or confidentiality if the information and degree to which the data continues to be secure in a dynamic environment. It will also be illustrated that how the security and privacy of the data is affected as the nature of computing environment increasingly transforms from static to more exciting, as the companies launch their applications on websites, clouds and androids. The study will demonstrate as to how the privacy of individual can get compromised using the same corporate application when launched from a Smartphone as compared when launched from within the company’s desktop.
As other aim of this research is to attempt to propose a framework which can protect the safety, security and privacy of the customer data and information in highly dynamic environment, an extensive literature review, relevant to the context and as per the recommendation of the research process will be undertaken. There are standard texts which clearly recommend the best practices in conducting the literature review for a technical research. The research processes will be followed and primary and secondary sources will be identified to conduct the research. A detailed study will be conducted on the identified resources and the existing research available in this context. This will help to find out possible gaps in the available state-of-art frameworks meant to be used in designing the secure systems right from the design levels, such as Privacy by design. Based on this study, new framework system will be proposed which may be used by the designers and developers which can securely protect the data, information and privacy of the user and confidentiality of the company’s data. The framework should be such that it enables the system to scale to the new security requirements in pro-active systems.
2. Literature Review
This section deals with the identification of resources in the context of this research. The section details about the current research and attempts to determine the gaps and approach to plug in those specific gaps.
2.1 Research Method
This research involves software engineering process improvement in the context of hardening the security and ensuring the privacy of the users. Hence, a systematic literature review method needs to be adopted. . Keele recommends adopting three phased research, which culminates into the summary of the review. These three phases are the initial planning phase, then executing the procedure phase and finally the summary of the review. As it was highlighted that it is important to identify certain parameters which are critical to achieve the research objectives, so this method actually helps, right from the initial planning phase. This phase controls and guides in forming the research parameters compatible with the research aims. Moreover the papers selected will pertain to the software model related to cloud or mobile security and the underlying framework, over which the security has been built in to the relevant environment and devices.
The research studies must be current (within 10 years). Following search terms will be used – “dynamic privacy”, “Security development framework”, “Software model”, “user Privacy”, “mobile computing”, “Security requirements” and “technological environments”.
2.2 Primary studies
The primary studies in this research will focus on investigating the best model to use and analyse dynamic privacy requirements in evolving technological environments. One of these models is Secure Tropos used to manage risks. Scholarly journals will also be used to explore the topic further. These scholarly journals include articles as primary source in which the authors put into writing the research they conducted.
2.3 Summary of Related Projects
Baracaldo and Joshi (237) claim that insider attacks are considered to be the most dangerous threats that many organizations are facing today. An insider attack happens when an individual who is authorized to conduct certain activities in the company chooses to mishandle the trust, and damage the organization. These assaults might contrarily affect the notoriety of the company, its productivity, and may create adversities in customers and income. Dodging insider attacks is an overwhelming assignment. While it is important to give benefits to representatives so they can perform their tasks productively, giving an excess of benefits may blowback when clients coincidentally or deliberately abuse their benefits. Subsequently, discovering a center ground, where the important benefits are given and harmful use is averted, is fundamental. Baracaldo and Joshi (237) created a structure that develops the role- based access control (RBAC) model by integrating a risk evaluation procedure, and the trust the framework has on its clients. The structure works by adjusting to suspicious changes in clients' conduct by eradicating benefits when clients' trust falls under a certain edge.
The fast development of online social networks has acquired a progressive change the way topographically scattered individuals cooperate and collaborate with one another toward accomplishing some basic objectives (Jung and Joshi 19). As of late, better approaches for specially appointed collaboration have been exhibited amid the quake in Japan and the storm Irene. In such circumstances, online social networks have effectively taken a noteworthy part as option online networking that support altruistic data sharing and participation among individuals. Be that as it may, existing collaboration methodologies have not been properly sorted out and are very defenseless against security dangers, for example, an exposure of clients' personalities and the spillage of other private information as a result of the absence of secured participation components. To support secure and successful collaboration in online social networks, Jung and Joshi (19) proposed the Community-driven Property Based Access Control (CPBAC) model, which develops the current Community-driven Role association Based Access Control (CRiBAC) model for utilization in online social networks to bolster participation among clients.
Vasilios (184) developed a model for online transactions by incorporating the social influence strategy, the theory of rational action, and the trust-risk framework. Vasilios (184) also tested the model in Greece. To perform this research, a structural equation model was utilized to survey information from 376 household participants from two residential departments of Thessaloniki so as to analyze causal inferences. The results showed that where the trust‐risk‐subjective standards framework facilitated the effect of information privacy on genuine transactions showed that the person's attitude toward utilizing technology, through the purpose of submitting individual information, led to positive real transaction outcomes. For snowballing online transactions, organizations must make their sites as basic and alluring as would be prudent, hone their image that they are concerned about clients and are reliable, and grow privacy‐friendly arrangements for increasing competitive advantage.
Situational method engineering has as a center an archive of system sections, gathered from surviving strategies and best practices. Utilizing one such case, the OPEN Process Framework, Low et al. recognize deficiencies in the current situational method engineering support for security related issues in the setting of specialists situated programming designing. In particular, hypothetical proposition for the improvement of reusable security-related strategy sections from the specialists arranged approach Secure Tropos is talked about. Since the OPEN Process Framework vault has been upgraded by pieces from Tropos and other non-security-focused specialists arranged programming advancement approaches, the main technique sections from Secure Tropos that are not effectively contained in this storehouse are those that are particularly security-related (Low et al.) These are recognized, plainly characterized and prescribed for incorporation in the current OPEN Process Framework vault of system pieces.
In the unverifiable environment, trust and danger are both key components for making trust-based choices. Danger is viewed as a supplement to trust or even discarded in the most existing trust models, which will prompt uneven or subjective choices. To comprehend the issues, a risk-aware versatile trust transaction system is suggested (Ma et al. 171). As per the particular arrangement connection, the system examines the potential dangers and adjusts element access control levels fittingly with danger administration strategies. The utilization case results show that this structure can distinguish the potential hazard and adjust access control polices as indicated by the particular element and exchange, which maintain a strategic distance from dangers and gives more effective trust transaction administrations.
Security Requirements Engineering is a rising field which lies at the intersection of Security and Software Engineering. Much research has concentrated on this field lately, impelled by the acknowledgment that security must be managed in the soonest periods of the product advancement prepare as these stages cover a more extensive authoritative viewpoint (Masacci et al. 147). Agent-oriented procedures have demonstrated to be particularly helpful in this setting as they bolster the displaying of the social connection in which the framework to-be will work. In our past work, we proposed the SI* demonstrating language to manage security and trust, and the Secure Tropos philosophy for outlining secure programming frameworks (Masacci et al. 147). From that point forward, both have been overhauled and refined in light of experience picked up from their application to a few industry case studies.
Security is a significant focus throughout today's data frameworks designers (Matulevicius et al. 541). Security displaying languages exist to reason on security in the early periods of IS advancement, when the most pivotal outline choices are made. Thinking on security includes investigating danger, and adequately imparting danger related data. Be that as it may, Matulevicius et al. (541) feel that current languages can be enhanced in this admiration. In this paper, we talk about this issue for Secure Tropos; the language supporting the eponymous specialists based IS advancement. Matulevicius et al. (541) examine it and propose enhancements in the light of a current reference model for IS security hazard administration. This takes into consideration checking Secure Tropos ideas and phrasing against those of current danger administration measures, along these lines enhancing the reasonable suitability of the language.
Insider threats evoke huge difficulties to any association. Numerous arrangements have been proposed in the past to identify insider threats. Undesirably, given the multifaceted nature of the issue and the human elements included, numerous arrangements which have been proposed face strict imperatives and restrictions in the matter of the workplace (Zeadally et al. 183). Subsequently, numerous past insider risk arrangements have by and by fizzled in their executions. In this work, we audit a portion of the late insider danger location arrangements and investigate their profits and impediments. We likewise talk about insider danger issues for rising territories, for example, distributed computing, virtualization, and informal communication.
Agent orientation is presently sought after principally as a product ideal model. Programming with qualities, for instance, independence, sociality, reactivity and proactivity, and informative and agreeable capacities are required to offer more prominent usefulness and higher quality, in examination to prior standards, for example, object introduction (Yu 1). Agent orientation models and languages are in this manner proposed as reflections of computational conduct, in the end to be acknowledged in programming projects. Then again, for the fruitful utilization of any product innovation, the product framework must be comprehended and broke down in the setting of its surroundings on the planet. Yu (1) contends for an idea of agents suitable for displaying the key connections among specialists on the world, so that clients and partners can reason about the ramifications of interchange innovation arrangements and social structures, along these lines to better choose arrangements that address their vital intrigues and needs.
Security vulnerabilities in various web applications may bring about taking of secret information, breaking of information trustworthiness or influence accessibility of web application (Petukhov and Kozlov 1). Therefore the assignment of securing web applications is considered to be the one that most deserves the attention at the moment. 60% of discovered vulnerabilities influence web applications (Petukhov and Kozlov 1). The most widely recognized way of securing web applications is looking and disposing of vulnerabilities in that. Cases of other methods for securing web application incorporate safe improvement, actualizing interruption identification and/or assurance frameworks, and web application firewalls. As per OWASP, the most effective method for discovering security vulnerabilities in web applications is manual code survey (Petukhov and Kozlov 1). This strategy is extremely drawn out, urges master abilities, and is inclined to disregarded lapses. Along these lines, security society effectively creates computerized ways to deal with discovering security vulnerabilities. These methodologies can be isolated into two wide classes: discovery and white-box testing. The main methodology is in light of web application investigation from the client side, expecting that source code of an application is not accessible. The thought is to submit different examples (cross-site scripting assaults or executing for SQL infusion) into web application structures and to investigate its yield from that point. In case any application lapses are watched a suspicion of conceivable helplessness is made. This methodology does ensure neither precision nor fulfillment of the acquired results (Petukhov and Kozlov).
2.4 Novelty of Research
This research is highly significant and beneficial especially in the inevitable growing aspect of online users. The need to protect the users from potential abuses is imperative and must be taken into account. The different models suggested in this research offer a safer and more secured transactions and activities online.
Baracaldo, Nathalie, and James Joshi. 'An Adaptive Risk Management And Access Control Framework To Mitigate Insider Threats'. Computers & Security 39 (2013): 237-254. Web.
Brechbühl, Hans et al. 'Protecting Critical Information Infrastructure: Developing Cybersecurity Policy'.Information Technology for Development 16.1 (2010): 83-91. Web.
DePerry, D, T. Ritter and A Rahimi. Traffic Interception & Remote Mobile Phone Cloning with a Compromised CDMA Femtocell. ISecPartners, n.d. <https://www.isecpartners.com/media/106086/femtocell.pdf>.
Durkee, D. Why Cloud Computing Will Never Be Free. ACM, 2009.
Jung, Youna, and James B.D. Joshi. 'CPBAC: Property-Based Access Control Model For Secure Cooperation In Online Social Networks'. Computers & Security 41 (2014): 19-39. Web.
Katos, Vasilios. 'An Integrated Model For Online Transactions: Illuminating The Black Box'. Information Management & Computer Security 20.3 (2012): 184-206. Web.
Keele, S. Guidelines for performing systematic literature reviews in software engineering. 2007.
Low, Graham, Haris Mouratidis, and Brian Henderson-Sellers. 'Using A Situational Method Engineering Approach To Identify Reusable Method Fragments From The Secure TROPOS Methodology.'. JOT 9.4 (2010): 93. Web.
Ma, Yao, Hong Wei Lu, and Yi Zhu Zhao. 'Building A Risk-Aware Adaptive Trust Negotiation Framework'.AMR 171-172 (2010): 7-10. Web.
Massacci, Fabio, John Mylopoulos, and Nicola Zannone. 'Security Requirements Engineering: The SI* Modeling Language And The Secure Tropos Methodology'. Studies in Computational Intelligence 265 (2010): 147-174. Print.
Matulevicius, Raimundas et al. 'Adapting Secure Tropos For Security Risk Management In The Early Phases Of Information Systems Development'. Z. Bellahs`ene and M. L´eonard (Eds.) (2008): 541-555. Print.
Petukhov, Andrey, and Dmitry Kozlov. 'Detecting Security Vulnerabilities In Web Applications Using Dynamic Analysis With Penetration Testing'. Computing Systems Lab, Department of Computer Science, Moscow State University (2008): 1. Print.
Saunders, T, P Lewis and A Thornhill. Research Methods. Pearson Education, 2009.
Torok, Robyn. 'Developing An Explanatory Model For The Process Of Online Radicalisation And Terrorism'.Security Informatics 2.1 (2013): 6. Web.
Yu, Eric. 'Agent-Oriented Modelling: Software Versus The World'. Faculty of Information Studies 1-17. Print.
Zeadally, Sherali et al. 'Detecting Insider Threats: Solutions And Trends'. Information Security Journal: A Global Perspective 21.4 (2012): 183-192. Web.