China
Africa
Explore chapters and articles related to this topic
Introduction
Published in James F. Ransome, Anmol, Mark S. Merkow, Practical Core Software Security, 2023
James F. Ransome, Anmol, Mark S. Merkow
Confidentiality is achieved by keeping unauthorized users (human or software) from accessing confidential information. By maintaining confidentiality, the software will be considered trustworthy. Authorization and authentication are the two properties that support confidentiality in that authorization ensures that the user has the appropriate role and privilege to view data, and authentication ensures that the user is who he or she claims to be and that the data come from the appropriate place. The integrity of the application is defined by the way in which the application accepts, transmits, and stores data. The data must remain unchanged by unauthorized users and remain very reliable from the data entry point all the way to the database and back. Data encryption, digital signatures, and public keys are just some examples of how to maintain integrity and confidentiality. Excluding any scheduled downtimes, availability refers to the percentage of time a system or software is available during its normally scheduled hours of operations. As key components of software security, the lack of confidentiality, availability, and integrity will degrade the reputation of the product, resulting in both loss of reputation and loss of sales. In the end, software security is as much about a good business process as it is about quality.
Overview of Cyber-Physical Systems and Cybersecurity
Published in Chong Li, Meikang Qiu, Reinforcement Learning for Cyber-Physical Systems, 2019
One way to enforce confidentiality is to use formal models to check the flow of confidential information. Akella et al. [3] presented a semantic model for information flow analysis in a CPS. An interesting point, uniquely pertaining to CPSs, is made in this paper. That is, in traditional computing, a confidentiality breach is usually a leak of digital data from the servers. However, since CPSs can control physical systems, information can also be leaked through the behaviors of the systems they control. For example, if one observes that the throughput of a gas pipeline suddenly increases, then it must be the case that someone in the downstream of the pipeline has increased his or her demand. As the authors summarized, “an observation about commodity flow could permit an observer to infer possibly sensitive cyber actions.” Starting from this premise, the authors proposed a formal language to describe the correlation between cyber and physical processes in a CPS. This description may be analyzed with formal verification methods to ensure confidentiality of the whole system.
Fundamentals of Multimedia Encryption Techniques
Published in Borko Furht, Darko Kirovski, Multimedia Encryption and Authentication Techniques and Applications, 2006
Borko Furht, Daniel Socek, Ahmet M. Eskicioglu
Confidentiality refers to the protection of information from unauthorized access. An undesired communicating party, called an adversary, must not be able to access the communication material. Data integrity ensures that information has not been manipulated in an unauthorized way. Finally, authentication methods are studied in two groups: entity authentication and message authentication. Message authentication provides assurance of the identity of the sender of a message. This type of authentication also includes evidence of data integrity because if the data is modified during transmission, the sender cannot be the originator of the message. Entity authentication ensures the receiver of a message of both the identity of the sender and his active participation.
Digital Transformation Security Challenges
Published in Journal of Computer Information Systems, 2023
A cyber threat is defined as any harmful behavior aimed at causing harm to cyberspace (anything connected to a computer): Cyber threats include data breaches, identity fraud, ransomware, data corruption, and so on.28,97 Once an attacker strives to infiltrate a system, they are attempting to undermine the system”s confidentiality, integrity, and availability (CIA).68 These three concepts form the CIA triad, sometimes referred to as the AIC triad. Confidentiality preserves the privacy of the data or information, i.e. access to confidential data must be restricted to authorized persons. Integrity preserves the legitimacy and integrity of the data or information, i.e. both data and information must not be manipulated by an unauthorized user during transmission or storage. Availability refers to the accessibility of the service or data, i.e. authorized users should be able to access the services and data at any given time.
A Comprehensive Literature of Genetics Cryptographic Algorithms for Data Security in Cloud Computing
Published in Cybernetics and Systems, 2023
Ozgu Can, Fursan Thabit, Asia Othman Aljahdali, Sharaf Al-Homdy, Hoda A. Alkhzaimi
According to NIST (Mauritsius and Saputra 2019), the critical security criteria of cloud computing, like any other information technology management system, are confidentiality, availability, and integrity. Additional authorization, authentication, accountability, and privacy criteria are added for cloud protection. As shown in Figure 3. Confidentiality refers to maintaining client information and only allowing specific individuals to access data.Integrity is the commitment to prevent information from being manipulated or altered during processing or transmission. Consumers are merely permitted to modify, repeat, or delete data.Availability refers to the continual availability of the requested services or the stated information wherever and whenever needed.Authentication To provide access to services, authentication must ensure the customer’s integrity, which can be accomplished by using such insurance on their accounts.The authorization ensures that the options to obtain it are reserved for users who have provided unique information.
A distributed dynamic authorisation method for Internet+ medical & healthcare data access based on consortium blockchain
Published in Enterprise Information Systems, 2022
Boyi Xu, Li Da Xu, Yuxiao Wang, Hongming Cai
Confidentiality is the prevention of data access by unauthorised users. In order to maintain confidentiality, some protection such as encryption or permissions are usually applied during the processing, transmission and storage of data. Due to all data put on the blockchain in MedChain, other members in consortium blockchain can monitor the transaction. AFaas uses IAT to ensure data confidentiality, but it does not avoid the problem of multiple use with a single licence. Both of them use the static authorisation method, resulting in multiple uses with a single authorisation, easily causing the data misuse and breach. While our approach designs a dynamic authorisation mechanism, which requires authorisation from the data owner for each data use, strictly ensuring patient ownership of the data. In addition, our approach support Role-Based Access Control(RBAC) more flexibly than MedChain and AFaaS. Every member in consortium blockchain can become different role, such as Data Demander, Data Possessor and Data Owner, which has access to different rights.