This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies.
With a large percentage of the global workforce based remotely for the foreseeable future, more business than ever is being conducted over email. And while this modern convenience has been critical to the continued operation of many businesses in the current health crisis, it has also presented those businesses with new data security challenges. The unfamiliar environment of remote work -- not to mention its potential distractions, like children and pets -- leaves employees more vulnerable to misdirected emails and other mistakes that can lead to accidental data breaches. Scams aimed at both individuals and organizations (even healthcare facilities on the front lines of the pandemic have not been immune to their efforts) have also risen, attempting to capitalize on the situation. Accidental breaches are notoriously difficult to combat because they can be caused by something as simple as a typo in an email address.
The same attributes that give deep learning its ability to tell images apart are helping attackers break into the cryptoprocessors built into integrated circuits that were meant improve their security. The same technology may provide the tools that will let chip designers find effective countermeasures, but it faces an uphill struggle. Side-channel attacks have been a concern for decades, as they have been used in the hacking of smartcard-based payment systems and pay-TV decoders, as well as in espionage. Yet the rise of Internet of Things (IoT) and edge systems and their use in large-scale, commercially sensitive applications makes such attacks a growing worry for chipmakers. The innate connectivity of IoT devices means success in obtaining private encryption keys from them may open up network access on cloud-based systems that rely on their data.
Machine learning security is software security for machine learning systems. Like other types of software, machine learning software is at risk for security breaches and cyber attacks. Although machine learning has been around even longer than computer security, its security risks were some of the least understood. Over recent years, hackers have been working hard to figure out all the potential attacks an ML system could fall victim to, so that engineers know what potential risks to plan for and cover in their machine learning security plan.
Whenever you use a free application, website, or service, the companies behind it gain large amounts of information about you and then package you with other users with similar ages and interests to be sold to advertisers. This process is called data mining, is how Google generated a staggering $134.81 billion in advertising in 2019 alone. With advertising accounting for over 70% of Google's revenue, it has no other option than to try to convince us that we should not only tolerate its data collection and mining but accept it, because of its many advantages. Your phone is your personal assistant, and the more information about you it gets fed, the more things it can do for you. Would you care that your data is being collected if Google could use it to make things easier for you?
In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as the top incident responders. Now that the competition is over (however, the challenge website is still open for anyone who wants to practice solving the challenges), Cynet makes the detailed solutions available as a free resource for knowledge and inspiration. Providing the thought process and detailed steps to solve each of the challenges will serve as a training aid and knowledge base for incident responders.
No one could have predicted where 2020 would take us: The last six months alone have produced more digital transformation than the last decade, with every transformation effort already underway finding itself accelerated, and at scale. While many of my digital transformation predictions from a year ago benefited from this shift, others were displaced by more urgent needs, like 24/7 secure and reliable connectivity. What does this mean for 2021? Will core technologies like AI and data analytics still dominate headlines, or will we see newer, previously emerging technologies take the lead? Only time will tell, but here are my top ten digital transformation predictions for 2021.