Search Results

1 - 8 of 8 items :

  • "software security" x
Clear All

Abstract

In accordance with European efforts related to Critical Information Infrastructure Protection, in Hungary a special department called LRL-IBEK has been formed which is designated under the Disaster Management. While specific security issues of commercial applications are well understood and regulated by widely applied standards, increasing share of information systems are developed partly or entirely in a different way, by the community. In this paper different issues of the open development style will be discussed regarding the high requirements of Critical Information Infrastructures, and possible countermeasures will be suggested for the identified problems.

Abstract

The article describes the main requirements of the software subsystems management development. Standard IEC 61508-3 provides an overview at all stages of the life cycle of all security systems, including E/E/PE of a security system from initial concept, design, and implementation to operation maintenance. In this paper we analyzed set out requirements for the drafting of a software architecture that is consistent with the hardware architecture while meeting specified requirements for software safety.

Abstract

Brain emulation is a hypothetical but extremely transformative technology which has a non-zero chance of appearing during the next century. This paper investigates whether such a technology would also have any predictable characteristics that give it a chance of being catastrophically dangerous, and whether there are any policy levers which might be used to make it safer. We conclude that the riskiness of brain emulation probably depends on the order of the preceding research trajectory. Broadly speaking, it appears safer for brain emulation to happen sooner, because slower CPUs would make the technology‘s impact more gradual. It may also be safer if brains are scanned before they are fully understood from a neuroscience perspective, thereby increasing the initial population of emulations, although this prediction is weaker and more scenario-dependent. The risks posed by brain emulation also seem strongly connected to questions about the balance of power between attackers and defenders in computer security contests. If economic property rights in CPU cycles1 are essentially enforceable, emulation appears to be comparatively safe; if CPU cycles are ultimately easy to steal, the appearance of brain emulation is more likely to be a destabilizing development for human geopolitics. Furthermore, if the computers used to run emulations can be kept secure, then it appears that making brain emulation technologies ―open‖ would make them safer. If, however, computer insecurity is deep and unavoidable, openness may actually be more dangerous. We point to some arguments that suggest the former may be true, tentatively implying that it would be good policy to work towards brain emulation using open scientific methodology and free/open source software codebases

References 1. Jin, T., D. Coit. Variance of System-Reliability Estimates with Arbitrarily Repeated Components. - IEEE Transactions on Reliability, Vol. 50, 2001, No 4, 409-413. 2. Jin, T. Hierarchical Variance Decomposition of System Reliability Estimates with Duplicated Components. - IEEE Transactions on Reliability, Vol. 57, 2008, No 4, 564-573. 3. Mohamed, A., M. Zulkernine. A Control Flow Representation for Component-Based Software Reliability Analysis. - In: Proceedings of International Conference on Software Security and Reliability, IEEE, 2008, 1-10. 4

. Yang. Test-Case Reduction for C Compiler Bugs. – SIGPLAN Not., Vol. 47 , 2012, No 6, pp. 335-346. 17. Erlingsson, U., Y. Younan, F. Piessens. Low-Level Software Security by Example, Springer, Germany, Berlin, 2010, pp. 633-658. 18. Brun, R., F. Rademakers. ROOT – An Object Oriented Data Analysis Framework. – Nuclear Instruments and Methods in Physics Research Section A: Accelerators, Spectrometers, Detectors and Associated Equipment, Vol. 389 , 1997, No 1, pp. 81-86. 19. Regression in the Constant Evaluation of “Switch” Statements. https://llvm.org/PR43674 . 20

://dx.doi.org/10.1007/978-0-387-09762-6_5 McGraw, G. (2006). Software Security: Building Security In . Addison-Wesley Prof . National Institute of Standards and Technology. (2004). Mapping Types of Information and Information Systems to Security Categories. Special Publication 800-60. Gaithersburg, Md. National Institute of Standards and Technology (2005). An Introduction to Computer Security: The NIST Handbook. Special Publication 800-12. Gaithersburg, Md. Ryan, J., & Ryan, D. (2006). Expected benefits of information security investments. Computers & Security , 25

. Tan, K. S. Bauer, and M. Sherr. An Empirical Evaluation of Relay Selection in Tor. In 20th Network and Distributed System Security Symposium (NDSS) , 2013. [74] D. S. Wallach. A Survey of Peer-to-Peer Security Issues. In 2002 Mext-NSF-JSPS International Conference on Software Security: Theories and Systems (ISSS) . Springer, 2003. [75] P. Wang and Y. Kim. Myrmic: Secure and Robust DHT Routing, 2006. [76] Q. Wang, P. Mittal, and N. Borisov. In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems. In 17th ACM

Coast Guard Agency Frontex, border agencies are advised to evaluate system risks particularly in the planning phase of a deployment process. Specifically, authorities should focus their assessment on the technical and operational requirements, which define the system’s biometric matching performance and ensure secure flow of data. Software security on the other hand should be managed in cooperation with the technology vendors. In addition to this, the system’s risk assessment should address user-related aspects, as the automation of control procedures changes