Shadi Aljawarneh

Cloud Security Engineering: Avoiding Security Threats the Right Way

Information security is a key challenge in the Cloud because the data will be virtualized across different host machines, hosted on the Web. Cloud provides a channel to the service or platform in which it operates. However, the owners of data will be worried because their data and software are not under their control. In addition, the data owner may not recognize where data is geographically located at any particular time. So there is still a question mark over how data will be more secure if the owner does not control its data and software. Indeed, due to shortage of control over the Cloud infrastructure, use of ad-hoc security tools is not sufficient to protect the data in the Cloud; this paper discusses this security. Furthermore, a vision and strategy is proposed to mitigate or avoid the security threats in the Cloud. This broad vision is based on software engineering principles to secure the Cloud applications and services. In this vision, security is built into all phases of Service Development Life Cycle SDLC, Platform Development Life Cycle PDLC or Infrastructure Development Life Cycle IDLC.

Investigations of automatic methods for detecting the polymorphic worms signatures

This paper investigates the current automatics methods used to generate efficient and accurate signatures to create countermeasures against attacks by polymorphic worms. These strategies include autograph, polygraph and Simplified Regular Expression (SRE). They rely on network-based signature detection and filtering content network traffic, as the signature generated by these methods can be read by Intrusion Prevention systems and firewalls. In this paper, we also present the architecture and evaluation of each method, and the implementation used as patterns by SRE mechanism to extract accurate signatures. Such implementation was accomplished through use of the Needleman-Wunsch algorithm, which was inadequate to manage the invariant parts and distances restrictions of the polymorphic worm. Consequently, an Enhanced Contiguous Substring Rewarded (ECSR) algorithm is developed to improve the result extraction from the Needleman-Wunsch algorithm and generate accurate signatures. The signature generation by SRE is found to be more accurate and efficient as it preserves all the important features of polymorphic worms. The evaluation results show that the signature contains conjunctions of tokens, or token subsequence can produce a loss of vital information such as ignoring one byte token or neglecting the restriction distances. Furthermore, the Simplified Regular Expression needs to be updated and accurate when compared with autograph and polygraph methods. An Enhanced Contiguous Substring Rewarded (ECSR) algorithm is developed.The signature can produce a loss of vital information such as ignoring one byte token.The SRE needs to be updated and accurate when compared with autograph and polygraph methods.

G-SPAMINE

Temporal data is one of the most common form of data in internet of things. Data from various sources such as sensors, smart phones, smart homes and smart vehicles in near future shall be of temporal nature with generated information recorded at different timestamps. We call all such data as time stamped temporal data. Discovery of temporal patterns and temporal trends from such temporal data requires new algorithms and methodologies as most of the existing algorithms do not reveal emerging, seasonal and diminishing patterns. In this paper, the objective is to find temporal patterns whose true prevalence values vary similar to a reference support time sequence satisfying subset constraints through estimating temporal pattern support bounds and using a novel fuzzy dissimilarity measure. We name our approach as G-SPAMINE. Experiment results show that G-SPAMINE out performs naive and sequential approaches and comparatively better to or atleast same as SPAMINE. In addition, the stamped temporal data adds extra level of privacy for temporal patterns in the IoT. A Novel fuzzy Gaussian dissimilarity measure which retains monotonicity property.Design of novel expressions to estimate maximum possible prevalence and minimum possible prevalence values of temporal association patterns.Defining standard deviation and threshold equation for proposed fuzzy Gaussian membership function.

Feature: A web engineering security methodology for e-learning systems

There is no one-stop shop protection method that can meet all the security requirements and design specifications of new or existing distributed e-learning systems. However, a novel web engineering security methodology, based on software engineering principles, could help to secure these systems. In this proposed methodology, security needs to be built into all phases of the System Development Life Cycle (SDLC). Many universities now employ e-learning systems, but security is often an afterthought. Their ICT organisations still use ad hoc security tools such as firewalls and anti-virus software that are not capable of offering sufficient security. This is because firewalls and anti-virus cannot distinguish between an original HTTP conversation and faked or compromised connections. Dr Shadi Aljawarneh believes security should be an intrinsic part of the System Development Life Cycle (SDLC), and presents a web engineering security methodology, based on software engineering principles, to secure distributed e-learning systems.

Cloud security engineering

Security vulnerabilities and defects are results of poorly constructed software that can lead to easy exploitation by the cyber criminals. A large number of Cloud software systems are facing security threats, and even the sophisticated security tools and mechanisms are not able to detect it. Such prevailing problem necessitates the monitoring and controlling of the software development process and its maintenance. Security is considered to be one of the nonfunctional requirements that have significant effect on the architectural designing of the Cloud Software as a Service (SaaS). In addition, there is prevalence of differential views between the two software engineering concepts, i.e., conventional and contemporary and then this presents a significant challenge for the software development team to deal with security at the implementation and maintenance stage of the SDLC. Thus, we have discussed a real world case study includes 103 failed real cases that were generated manually or automatically by real applications through various testing techniques and we have illustrated some preliminary results. The evaluation results showed appearance of a significant number of security vulnerabilities in the early stages of Cloud Software/Service Development Life Cycle (CSDLC). Hence, this needs to be maintained in advance. Based on such results, this paper presents a generic framework to deal with such security at the early stages of the CSDLC. This framework aims at adding an extra security level at the early stages of the CSDLC, which has been further illustrated by a case study showing the applicability of the framework.

A resource-efficient encryption algorithm for multimedia big data

Nowadays, multimedia is considered to be the biggest big data as it dominates the traffic in the Internet and mobile phones. Currently symmetric encryption algorithms are used in IoT but when considering multimedia big data in IoT, symmetric encryption algorithms incur more computational cost. In this paper, we have designed and developed a resource-efficient encryption system for encrypting multimedia big data in IoT. The proposed system takes the advantages of the Feistel Encryption Scheme, an Advanced Encryption Standard (AES), and genetic algorithms. To satisfy high throughput, the GPU has also been used in the proposed system. This system is evaluated on real IoT medical multimedia data to benchmark the encryption algorithms such as MARS, RC6, 3-DES, DES, and Blowfish in terms of computational running time and throughput for both encryption and decryption processes as well as the avalanche effect. The results show that the proposed system has the lowest running time and highest throughput for both encryption and decryption processes and highest avalanche effect with compared to the existing encryption algorithms. To satisfy the security objective, the developed algorithm has better Avalanche Effect with compared to any of the other existing algorithms and hence can be incorporated in the process of encryption/decryption of any plain multimedia big data. Also, it has shown that the classical and modern ciphers have very less Avalanche Effect and hence cannot be used for encryption of confidential multimedia messages or confidential big data. The developed encryption algorithm has higher Avalanche Effect and for instance, AES in the proposed system has an Avalanche Effect of %52.50. Therefore, such system is able to secure the multimedia big data against real-time attacks.

A novel fuzzy gaussian-based dissimilarity measure for discovering similarity temporal association patterns

Mining temporal association patterns from time-stamped temporal databases, first introduced in 2009, remain an active area of research. A pattern is temporally similar when it satisfies certain specified subset constraints. The naive and apriori algorithm designed for non-temporal databases cannot be extended to find similar temporal patterns in the context of temporal databases. The brute force approach requires performing

A multithreaded programming approach for multimedia big data: encryption system

2^{n }