Browsing by Subject "Security"

Now showing 1 - 10 of 12
  • Thumbnail Image
    Item
    Analyzing and evaluating security features in software requirements
    (2016-10-28) Hayrapetian, Allenoush; Raje, Rajeev
    Software requirements, for complex projects, often contain specifications of non-functional attributes (e.g., security-related features). The process of analyzing such requirements for standards compliance is laborious and error prone. Due to the inherent free-flowing nature of software requirements, it is tempting to apply Natural Language Processing (NLP) and Machine Learning (ML) based techniques for analyzing these documents. In this thesis, we propose a novel semi-automatic methodology that assesses the security requirements of the software system with respect to completeness and ambiguity, creating a bridge between the requirements documents and being in compliance. Security standards, e.g., those introduced by the ISO and OWASP, are compared against annotated software project documents for textual entailment relationships (NLP), and the results are used to train a neural network model (ML) for classifying security-based requirements. Hence, this approach aims to identify the appropriate structures that underlie software requirements documents. Once such structures are formalized and empirically validated, they will provide guidelines to software organizations for generating comprehensive and unambiguous requirements specification documents as related to security-oriented features. The proposed solution will assist organizations during the early phases of developing secure software and reduce overall development effort and costs.
  • Thumbnail Image
    Item
    Beyond Food Deserts: Assessing the Impact of Public Transit Availability Change on Spatial Access to Food
    (2021-03) Katz, Brandon P.; Wilson, Jeffrey S.; Johnson, Daniel P.; Thapa, Bhuwan; Dwyer, Owen J., III
    Food access is a dimension of food security that many struggle with even in high- income countries, which is a contributing factor to chronic diet-related disease. Inequalities in economic access to food has been addressed in public policy for several decades, but spatial access to food has only been seriously studied and addressed by policy for the past twenty-five years. After the food desert metaphor emerged, it was promptly accepted as a standard measure of food access for governments and a basis for policies created to address inequalities. Conceptual criticisms and methodological limitations of the metaphor have led the study of spatial access to food towards newer methods that measure food access more realistically and assist in the development and assessment of intervention strategies to inform policy decisions. This thesis describes the history of the food desert metaphor from its emergence until its adoption in US public policy, the conceptual criticisms and methodological limitations that surround it, and offers an analysis that measures the impact of change in the availability of public transportation on spatial access to food for various population subgroups that are more at risk of food insecurity in Marion County, Indiana. Results demonstrate that policies and plans designed without consideration for food access have an impact on it nevertheless, and that policymakers and planners can leverage such strategies to better coordinate efforts across government to reduce inequalities in spatial access to food and food insecurity overall.
  • Thumbnail Image
    Item
    Dependability and Security in Medical Information System
    (Springer Nature, 2007) Zou, Xukai; Dai, Yuan-Shun; Doebbeling, Bradley; Qi, Mingrui; Department of Computer and Information Science, School of Science
    Medical Information Systems (MIS) help medical practice and health care significantly. Security and dependability are two increasingly important factors for MIS nowadays. In one hand, people would be willing to step into the MIS age only when their privacy and integrity can be protected and guaranteed with MIS systems. On the other hand, only secure and reliable MIS systems would provide safe and solid medical and health care service to people. In this paper, we discuss some new security and reliability technologies which are necessary for and can be integrated with existing MISs and make the systems highly secure and dependable. We also present an implemented Middleware architecture which has been integrated with the existing VISTA/CPRS system in the U.S. Department of Veterans Affairs seamlessly and transparently.
  • Thumbnail Image
    Item
    Importance of Emergency Preparedness for Cultural Museums
    (2023-04) Howell, LaQuita A.; Ray, Veto M.; Koo, Dan; Dalir, Hamid
    The DuSable Black History Museum and Education Center (DuSable) in Chicago, Illinois, has received threats in person and via mail from individuals and groups who disagree with the museum's mission. The museum's mission is "dedicated to the collection, documentation, preservation, study and the dissemination of the history and culture of Africans and African Americans" (The DuSable Black History Museum and Education Center, n.d., Our Mission). The threats received have directly implied that the sender planned to cause harm to the facility and the museum's occupants, which poses a risk to the museum's day-to-day operations. Knowing these threats, the DuSable Black History Museum and Education Center must have the appropriate Emergency Preparedness measures, including security management, fire protection, and an emergency response plan to mitigate risk to its facility, collections, and occupants. Studying cultural museum emergency preparedness aims to identify and assess the various threats to the safety and security of museum collections, the facility, visitors, and staff. By understanding the emergency preparedness needs of museums, specifically cultural museums, appropriate measures can be implemented to prevent and deter physical harm. The emergency preparedness plan must include physical security measures, including security staff, access controls, surveillance, and fire protection systems. The minimum safety measures for a museum include a fire protection system equipped with smoke alarms, sprinklers, and fire extinguishers. Access control should consist of a security system controlling access to restricted areas, including physical guards and electronic surveillance, depending on the access needs. A surveillance system should include closed-circuit or wireless cameras to monitor the interior and exterior of the building. Security personnel is needed in the security system and serve as in-person deterrents in the case of an incident. An emergency response plan is also necessary to plan for and mitigate risks in an organized manner.
  • Thumbnail Image
    Item
    Information Governance 101
    (2017-06-21) Hook, Sara Anne
    This informative and engaging session will cover the emerging field of Information Governance (IG) and why it is important for law firms and their clients. Information governance (IG) has been defined as the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements. Information governance is the first stage of an electronic discovery process, per the Electronic Discovery Reference Model (EDRM), and thus clients whose information/data is properly organized will be better prepared for e-discovery, which is particularly important with the shortened timelines under the amended Federal Rules of Civil Procedure. Moreover, information governance recognizes that information has a lifecycle and thus information governance plans typically include the preparation of a retention and destruction policies and procedures. Not only can law firms increase their efficiency and reduce costs and risks by using appropriate information governance strategies, this can also be a practice builder because many clients are woefully deficient in their approaches to information governance. The prediction is that the need for information governance professionals will increase in the future as organizations of all types recognize their information as a strategic asset that needs to be managed properly and yet there are not enough professionals with IG expertise available.
  • Thumbnail Image
    Item
    Online Social Deception and Its Countermeasures: A Survey
    (IEEE, 2021) Guo, Zhen; Cho, Jin-Hee; Chen, Ing-Ray; Sengupta, Srijan; Hong, Michin; Mitra, Tanushree; School of Social Work
    We are living in an era when online communication over social network services (SNSs) have become an indispensable part of people's everyday lives. As a consequence, online social deception (OSD) in SNSs has emerged as a serious threat in cyberspace, particularly for users vulnerable to such cyberattacks. Cyber attackers have exploited the sophisticated features of SNSs to carry out harmful OSD activities, such as financial fraud, privacy threat, or sexual/labor exploitation. Therefore, it is critical to understand OSD and develop effective countermeasures against OSD for building trustworthy SNSs. In this paper, we conduct an extensive survey, covering 1) the multidisciplinary concept of social deception; 2) types of OSD attacks and their unique characteristics compared to other social network attacks and cybercrimes; 3) comprehensive defense mechanisms embracing prevention, detection, and response (or mitigation) against OSD attacks along with their pros and cons; 4) datasets/metrics used for validation and verification; and 5) legal and ethical concerns related to OSD research. Based on this survey, we provide insights into the effectiveness of countermeasures and the lessons learned from the existing literature. We conclude our survey with in-depth discussions on the limitations of the state-of-the-art and suggest future research directions in OSD research.
  • Thumbnail Image
    Item
    Privacy preservation for federated learning in health care
    (Elsevier, 2024-07-12) Pati, Sarthak; Kumar, Sourav; Varma, Amokh; Edwards, Brandon; Lu, Charles; Qu, Liangqiong; Wang, Justin J.; Lakshminarayanan, Anantharaman; Wang, Shih-han; Sheller, Micah J.; Chang, Ken; Singh, Praveer; Rubin, Daniel L.; Kalpathy-Cramer, Jayashree; Bakas, Spyridon; Pathology and Laboratory Medicine, School of Medicine
    Artificial intelligence (AI) shows potential to improve health care by leveraging data to build models that can inform clinical workflows. However, access to large quantities of diverse data is needed to develop robust generalizable models. Data sharing across institutions is not always feasible due to legal, security, and privacy concerns. Federated learning (FL) allows for multi-institutional training of AI models, obviating data sharing, albeit with different security and privacy concerns. Specifically, insights exchanged during FL can leak information about institutional data. In addition, FL can introduce issues when there is limited trust among the entities performing the compute. With the growing adoption of FL in health care, it is imperative to elucidate the potential risks. We thus summarize privacy-preserving FL literature in this work with special regard to health care. We draw attention to threats and review mitigation approaches. We anticipate this review to become a health-care researcher's guide to security and privacy in FL.
  • Thumbnail Image
    Item
    The Privacy, Security and Discoverability of Data on Wearable Health Devices: Fitness or Folly?
    (2017-07-12) Kumari, Vishakha; Hook, Sara Anne
    With data from wearable health devices increasing at a rapid rate, it is important for lawmakers to make sure that this data remains well protected. This paper will question the perceptions of people with respect to current and future use of wear-able health devices, especially if the security and privacy risks to their data are more commonly understood, and particularly if this data is discoverable and ad-missible in court. It will explore the electronic discovery issues with data from wearable health devices in the context of litigation and examine how the current rules of court procedure and evidence would be applied. The paper will review the federal and state legislation that may or may not provide protection for data from wearable health devices. The authors intend to use their paper as a vehicle to advocate for stronger statutory protection and greater clarity about the use of and potential risks to this data, including when the data becomes evidence in liti-gation.
  • Thumbnail Image
    Item
    Progress in Healthcare: Securing a New Common Norm in Medical Technology
    (2016-04-08) Gookins, Alexandra
    In the modern age of Healthcare Technology, there are vast changes in patient records. In the 1960s, the first use of EHRs (Electronic Health Records) was implemented in the Mayo Clinic of Rochester, Minnesota. (Earl) However, EHRs continue to enhance at a rapid rate and are becoming one of the fastest growing industries worldwide. The problem that arises with keeping confidential patient information on the cloud or servers is the access to hackers looking to steal information for misuse and causing detrimental harm to patients’ privacy. Thus, HIMSS (Healthcare Information and Management Systems Society) has continued to put rules and regulations into effect across the board of EHR systems. The issue is that these security measures do not fall on to the EHR system software creators but the medical practices themselves. (Health IT) But who in these practices or hospitals are going to regulate these significant measures? Many do not know that there is a software on the market today what will handle these tedious adjustments for the safety of the businesses and patients. Software companies like HIPAA One will do just that. (HIPAA One) These small companies will work with your current EHRs in compliance with the federally regulated HIPAA laws to ensure practices and hospitals alike are providing safety of patient information by using security risk assessment tools. However, numerous users of electronic health records do not use these critical tools because there are not well known. I have observed many EHR systems, leading me to believe the importance of an EHR software that will integrate HIPAA compliant technology without a middle man such as HIPAA One; putting this responsibility on software designers instead of practices. 1. Earl, Elizabeth. Health IT & CIO Review. 16 Februrary 2015. 01 March 2016. . 2. Health IT. n.d. https://www.healthit.gov/providers-professionals/security-risk-assessment-tool. 01 March 2016. 3. HIPAA One. n.d. 05 March 2016.
  • Thumbnail Image
    Item
    Secure data aggregation protocol for sensor networks
    (2015-02-20) Shah, Kavit; King, Brian; El-Sharkawy, Mohammed; Salama, Paul
    We propose a secure in-network data aggregation protocol with internal verification, to gain increase in the lifespan of the network by preserving bandwidth. For doing secure internal distributed operations, we show an algorithm for securely computing the sum of sensor readings in the network. Our algorithm can be generalized to any random tree topology and can be applied to any combination of mathematical functions. In addition, we represent an efficient way of doing statistical analysis for the protocol. Furthermore, we propose a novel, distributed and interactive algorithm to trace down the adversary and remove it from the network. Finally, we do bandwidth analysis of the protocol and give the proof for the efficiency of the protocol.