Deploying cloud computing in an enterprise infrastructure bring significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures befor...

In current practices security concerns are typically addressed at the design or implementation stages, leaving aside the rationale for security analysis. The reason is that a systematic approach to address security from late development stages to early analysis stages does not exist. This paper presents transformation rules to perform model translation from misuse case diagram to Secure Tropos ...

Security attacks are hard to understand, often expressed with unfriendly and limited details, making it difficult for security experts and for security analysts to create intelligible security specifications. For instance, to explain Why (attack objective), What (i.e., system assets, goals, etc.), and How (attack method), adversary achieved his attack goals. We introduce in this paper a securit...

Model-Driven Security (MDS) has emerged as a promising sound methodology for supporting the development of secure systems nowadays. Following the advances in MDS, this research work aims at 1) developing new modeling techniques to represent multiple security concerns, 2) (automatically) composing security models with the business logic model (called target model), and 3) testing the security mo...

This paper discusses Aspect-Oriented Programming (AOP) as an efficient way to handle security concerns in Web services. Without AOP, the necessary security code would be mixed with the business logic that a Web service implements. This renders the maintenance of both code and business logic tedious and prone to errors. AOP allows confining codes of non-functional concerns like security and self...

High-status decision makers are often in a position to make choices with security and privacy relevance not only for themselves but also for groups, or even society at-large. For example, decisions about security technology investments, anti-terrorism activities, and domestic security, broadly shape the balance between security and privacy. However, it is unclear to what extent the mass of indi...

Business mobility is rapidly becoming an everyday way of doing business. Mobile technologies, such as smartphones and connected devices, are enabling this business evolution. However, they are also creating new security concerns for the enterprise and its employees. Security experts are studying these increased security concerns to develop more secure practices and policies for the next generat...

In 2013, people will purchase 1.2 billion mobile devices, surpassing PC’s as the most common method for accessing the Internet. The leading two mobile device platforms, Android and iOS, both have security concerns surrounding their operating systems and application markets. The popularity of Bring Your Own Device (BYOD), where employees use their own devices for both personal and work situation...

Cloud computing becomes the next-generation architecture of IT Enterprises. Cloud computing is a technology. It enables clients to use high-end services in a form of software as a service. These reside on different servers all over the world. There are many security threats in cloud computing. Data security is one of them. Data security raises client concerns. There are many issues of data secu...

Realizing large-scale active networks is heavily contingent upon addressing security concerns at the outset. Various approaches have been taken toward integrating security within an active node, each defining the mechanisms required to be in place within the NodeOS or the EE in order to provide security guarantees within the system. An acceptable short-term solution to security in deploying a p...