Irena Bojanova

Learning Internet-of-Things Security "Hands-On"

What can you glean from using inexpensive, off-the-shelf parts to create Internet of Things (IoT) use cases? As it turns out, a lot. The fast productization of IoT technologies is leaving users vulnerable to security and privacy risks.

Cyber-Physical-Human Systems: Putting People in the Loop

This article outlines the challenges of understanding how to integrate people into a new generation of cyber-physical-human systems (CPHSs) and proposes a human service capability description model to help.

The Bugs Framework (BF): A Structured Approach to Express Bugs

To achieve higher levels of assurance for digital systems, we need to answer questions such as does this software have bugs of these critical classes? Do two software assurance tools find the same set of bugs or different, complimentary sets? Can we guarantee that a new technique discovers all problems of this type? To answer such questions, we need a vastly improved way to describe classes of vulnerabilities and chains of failures. We present the Bugs Framework (BF), which raises the current realm of best efforts and useful heuristics. Our BF includes rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate, secondary and tertiary causes, consequences and sites. The paper discusses the buffer overflow class, the injection class and the control of interaction frequency class, and provides examples of applying our BF taxonomy to describe particular vulnerabilities.

IEEE Transactions on Cloud Computing : Entering Its Fourth Year with Confidence

WELCOME to the fourth year of IEEE Transactions on Cloud Computing (TCC). TCC is entering 2016 as an established, highly reputable, quarterly publication for innovative research and applications in cloud computing, and with a new Editor-in-Chief (EIC), who is promising to bring it to its next level of excellence. With great pleasure, I would like to introduce here Dr. Hui Lei, the newly appointed EIC, TCC.

Defeating Buffer Overflow: A Trivial but Dangerous Bug

With the C programming language comes buffer overflows. Because it is unlikely that the use of C will stop any time soon, the authors present some ways to deal with buffer overflows--both how to detect and prevent them.

Trusting the Internet of Things

The Internet of Things (IoT) appears to be the next great technology revolution. It is expected to affect everything from healthcare delivery, to food production, to how we work, to all forms of transportation and communication, and to automation. The IoT will impact everyone, and in multiple ways. With a technology revolution with such a large impact on society, it is imperative that IoT-based systems can be trusted. This special issue presents articles on security and privacy, authentication and authorization, and security risk assessment in the IoT.