Latifa Ben Arfa Rabai

A Security Framework for Secure Cloud Computing Environments

Cloud computing technology is a relatively new concept of providing scalable and virtualized resources, software and hardware on demand to consumers. It presents a new technology to deliver computing resources as a service. It offers a variety of benefits like services on demand and provisioning and suffers from several weaknesses. In fact, security presents a major obstacle in cloud computing adoption. In this paper, the authors will deal with security problems in cloud computing systems and show how to solve these problems using a quantitative security risk assessment model named Multi-dimensional Mean Failure Cost (M2FC). In fact, they summarize first security issues related to cloud computing environments and then propose a generic framework that analysis and evaluate cloud security problems and then propose appropriate countermeasures to solve these problems.

Quantifying security threats for E-learning systems

As the reach of the internet expands to cover ever broader aspects of our economic and social welfare, cyber security is emerging as a major concern for researchers and practitioners, dealing as it does with privacy, confidentiality, user authentication, etc. E-learning systems epitomize computing systems and networks of the internet generation, since they involve multiple stakeholders, geographically distributed resources and data, and special requirements for confidentiality, authentication, and privacy. In this paper, we discuss the application of a cyber security metric to E-learning systems, in light of their standard architecture, their well-defined classes of stakeholders, and their specific security requirements.

A Multidimensional Approach towards a Quantitative Assessment of Security Threats

Abstract Information security is the most challenging aspect of information processing. Organizations, governments, and individuals are facing many information security risks. These risks can cause serious damages that might lead to significant financial losses, breach of the confidentiality of sensitive information, or loss of integrity or availability of sensitive data. To facilitate effective protection of information, a better identification, understanding, and assessment of security threat and their characteristics are crucial for system security managers. In order to define and then assess security threats, we propose a new threat identification approach on which we build a quantitative security risk model for information systems. The proposed model is systematic, extendable, and modular. The aim is to help managers accurately assess security threat in an incremental and comprehensive way.

Comparative Study of Information Security Risk Assessment Models for Cloud Computing systems

Abstract This paper reviews the state of the art in cyber security risk assessment of Cloud Computing systems. We select and examine in detail the quantitative security risk assessment models developed for or applied especially in the context of a Cloud Computing system. We review and then analyze existing models in terms of aim; the stages of risk management addressed; key risk management concepts covered; and sources of probabilistic data. Based on the analysis, we propose as well a comparison between these models to pick out limits and advantages of every presented model.

Deploying Suitable Countermeasures to Solve the Security Problems within an E-learning Environment

In earlier works, we present the quantification of security threats of e-learning systems using an economic measure abridged by MFC (Mean Failure Cost). It allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. This paper provides an understanding of the security problems and risks related to e-learning systems. Then to control the MFC matrix, in particular its first matrix (the stake matrix) and to reduce its values we propose a classification of security problems versus the security requirements taxonomy of the MFC cyber-security model. The strength of the paper is in designing and deploying security measures and solutions to requirements.

Modeling the prediction of student's satisfaction in face to face learning: An empirical investigation

Quality is a multi-perspective construct varying from one context to another and difficult to define. In this paper, we focus on studying ways to improve quality in education based on students perceptions through the assessment of educational processes. In the literature, we notice that there is no detailed assessment model that adapts to all face to face teaching methods and contexts. Based on rigorous theoretical assessment foundations, we propose a novel assessment model, it includes 5 dimensions refined into 15 criteria. A survey methodology is adopted in order to assess the Certificate of Informatics and Internet Training and to validate the proposed model. The participants of this study were undergraduate students in two Tunisian universities. Findings from the empirical study show the key factors that affect the success of a given face to face learning situation and increase students satisfaction. This result leads to a better understanding of evaluating the mechanisms of face to face education. Our assessment model can be used to assess other fields; it is useful for teachers and organisations for assessing quality classroom teaching as perceived by students. The paper attempts to develop and validate an original detailed model to assess the quality of all face to face learning and teaching processes from the perspective of students satisfaction.

Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy

In security risk management practices if we cannot measure, we can neither control nor improve. A challenging issue in the context of cyber security is to deal with the orthogonal classification of security requirements. A literature review has shown that there are different models of security requirements. Everyone examines some requirements and neglects others. In this paper, the authors intend to answer the question: what taxonomy of security requirements should we use in a security quantification process? It is thus imperative to build a standard, unified and hierarchical taxonomy which incorporates 13 security requirements and then refined in layer into 31 sub-factors referring to the variety of the proposed models based on previous works. The Mean Failure Cost model (MFC) is a recent, strong and structural risk management model. It is a cascade of linear models to quantify security threats in term of loss that results from systems vulnerabilities. It computes for each systems stakeholders his loss of operation (

Quantifying availability in SCADA environments using the cyber security metric MFC

/H) while taking account of its respective users, security requirements, systems components and the complete list of security threats. The proposed taxonomy is used to optimize quantification using the MFC metric by reducing the redundancy in estimating the security requirements values, and increasing accuracy in estimation. The authors applied the expansion of the MFC model to the context of e-learning platforms.

Towards a New Framework of Software Reliability Measurement Based on Software Metrics

Supervisory Control and Data Acquisition (SCADA) systems are distributed networks dispersed over large geographic areas that aim to monitor and control industrial processes from remote areas and/or a centralized location. They are used in the management of critical infrastructures such as electric power generation, transmission and distribution, water and sewage, manufacturing/industrial manufacturing as well as oil and gas production. The availability of SCADA systems is tantamount to assuring safety, security and profitability. SCADA systems are the backbone of the national cyber-physical critical infrastructure. Herein, we explore the definition and quantification of an econometric measure of availability, as it applies to SCADA systems; our metric is a specialization of the generic measure of mean failure cost.

A Multi-Dimensional Mean Failure Cost Model to Enhance Security of Cloud Computing Systems

Abstract: Measuring software reliability is one of the most important concerns for software engineers and decisions makers since if we cant measure it we cant master it. For engineers, the system reliability level can be used to measure the progress of system testing by comparing the current software failure intensity with the desired one. For decision makers,the system reliability level Guarantee better exploitation by the users therefore better customer satisfaction. A literature review shows a lack of studies focusing on the reliability measurement processes related to software development life cycle (SDLC). In this paper, our intention is to propose a thoroughly analysis of the software reliability measurement processes. Since the current software measurement trends are focusing on software metrics, we will propose a new framework of reliability measurement based on software metrics. This new framework is required by developers to assess their software reliability and by decision makers to make appropriate quality improvements.