Asad Raza

Security characterization for evaluation of software architectures using ATAM

Significant technological advancement in the current electronic era has influenced the work processes of private and government business entities. E-Government is one such area where almost every country is emphasizing and automating their work processes. Software architecture is the integral constituent of any software system with not only cumbersome modeling and development but require heedful evaluation. Considering this aspect we have highlighted in this paper, security evaluation of an ongoing e-society project ESAM using Architectural Tradeoff Analysis Method (ATAM). ESAM is a web based system intended to provide e-services to the Swedish community residents. ATAM is primarily used for architectural evaluation aligned with the quality goals i.e. performance, availability and modifiability of an organization. We present research analysis for characterization, stimuli, and architectural decisions to evaluate software architecture with respect to security measures using ATAM. This security characterization will serve as a tool to evaluate security aspects of a software architecture using ATAM. We believe that ATAM capability of evaluating software security will provide potential benefits in secure software development.

A Survey on Network Layer Attacks and AODV Defense in Mobile Ad Hoc Networks

Rapid progress in technology have also increased the demand of networked systems. Due to the significance of information that travels through these systems, security issues in wired and wireless networks have become a prime concern. Mobile Ad hoc Networks (MANET) is a promising technology that provides robust and convenient networking options in a number of situations. However, MANETs are more vulnerable to security threats due to their dynamic and undefined organization structure. This paper presents a detailed review analysis of the security requirements of MANETs. The focus of this research is the network layer security problems in MANETs. The study was carried out for network layer attacks and Ad-hoc On Demand Distance Vector (AODV) routing protocol and some of its variants that provide security solutions to network layer attacks in MANETs.

Electronic crime investigations in a virtualised environment: a forensic process and prototype for evidence collection and analysis

Abstract The constant evolution of virtualisation technologies and the availability of anti-forensic techniques and tools complicate efforts by forensic investigators to investigate a crime or a cyber security incident. Forensic collection can be complicated and requires significant efforts to investigate incidents involving contemporary technologies (e.g. crime launched from a virtual machine and there had been attempts to erase evidence after the incident). This paper presents a forensic process to collect and analyse traces of a virtual machine and its corresponding manager, recorded across multiple sources including the file system, Windows registry, history, and log files from a forensic viewpoint. To demonstrate utility of the forensic mechanism, the Virtual Machine Forensic Artefact Collector (VMFAC) prototype is developed and presented in this paper.

A unified framework for automated inspection of handheld safety critical devices in production assemblies

Abstract Due to portability and ease of usage, handheld devices are widely used in various safety critical industrial applications. A failure in such devices either can endanger life of human(s) or can lead to substantial economic/environmental damage. Therefore, production inspection of handheld safety critical devices requires rigorous verification and validation prior to a field deployment to gain certain level of assurance. The research is aimed at devising a unified inspection framework for automated inspection of hardware, software and mechanical characteristics of handheld safety critical devices in production assemblies for smooth integration of all the required tools and technologies. The framework provides system and process level integration of all the stages of the inspection lifecycle for an end-to-end automated production inspection system. The testbeds are geared towards for reusability, flexibility and configurability of all the resources across various inspection stages. AVI (Automated Visual Inspection) system which exhibit specific characteristics is a core component of the proposed framework. The specific characteristics of the AVI system, a generalized architecture of the handheld safety critical devices for which the proposed framework is applicable. Also an integrated production inspection lifecycle for production assemblies of handheld safety critical devices is presented in this research paper.

Analyzing Packet Forwarding Schemes for Selfish Behavior in MANETs

The selfish behavior of nodes in Mobile Ad hoc Networks (MANETs) is a serious issue, which negatively impacts the packet forwarding service, causes the issue of availability and degrades the quality of service in networks. The nodes behave selfishly to save their resources such as energy and bandwidth and avoid participation in packet forwarding. To address this problem, the research community has proposed many solutions. We have studied these solutions from two perspectives i.e. context based solutions and context free solutions. In this paper, we are going to present the analysis of some of the well-known protocols which offer solutions to mitigate selfish behavior of nodes.

Secure SMS based automatic device pairing approach for mobile phones

Bluetooth is recognized as one of the efficient way of data transmission at short distances wirelessly. Despite the fact that Bluetooth is widely accepted wireless standard for data transmission, there are also some security issues associated with Bluetooth. The pairing of Bluetooth and secure sharing of the Bluetooth pairing key is the challenge faced by the Bluetooth infrastructure today. This paper proposes the use of Out Of Band (OOB) channel for key exchange; hence proposing the use of security strengths of Global System for Mobiles (GSM) to securely communicate the encryption keys between the mobile devices, even if the users are not in the visibility range of each other. Once users accept the request to pair their devices, keys are exchanged between them and are used to set a secure communication channel between the mobile devices. The keys are exchanged via Short Message Service (SMS a service provided by GSM) and are automatically delivered to the Bluetooth pairing procedure by eliminating the need to manually communicate the Keys.