2020 IEEE International Conference on Electro Information Technology (EIT)
Scamming users of online dating sites has rapidly increased in recent years. According to the Fed... more Scamming users of online dating sites has rapidly increased in recent years. According to the Federal Trade Commission, 21,000 online dating scams were reported in 2018, with total reported losses of $143 million. A common tactic used by scammers to trick dating site users is using celebrity profile photos to increase attractiveness. In this paper, we present a prototype tool to assist online dating users in identifying scammers and interacting safely on online dating platforms. The tool recognizes celebrity photos in online dating profiles and identifies the associated profiles as possible fakes, thereby equipping online dating site users with a method to discover scammers. We created fake profiles using celebrity and non-celebrity photos to evaluate the tool's effectiveness. The tool evaluation results were satisfactory. This work aims to increase public awareness of and alert users to signs of scams on online dating websites.
2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)
ICASSP '77. IEEE International Conference on Acoustics, Speech, and Signal Processing
Any digital transfer function can be realized in a multitude of configurations (structures). Seve... more Any digital transfer function can be realized in a multitude of configurations (structures). Several procedures for analyzing the quantization characteristics have appeared in literature. This paper unifies these analysis procedures to select an optimum structure for a given transfer function. The procedure scales the filter modules to prevent overflow, selects the coefficient word lengths by sensitivity considerations, selects the quantizer
Security and privacy are among the key barriers to adopting the Internet of Medical Things (IoMT)... more Security and privacy are among the key barriers to adopting the Internet of Medical Things (IoMT) solutions. IoMT adopters have to adhere to security and privacy policies to ensure that patient data remains confidential and secure. However, there is confusion among IoMT stakeholders as to what security measures they should expect from the IoMT manufacturers and whether these measures would comply with the adopter's security and compliance requirements. In this paper, we present a recommendation tool that models IoMT concepts and security issues in addition to successively recommending security measures. The presented tool utilizes semantically enriched ontology to model the IoMT components, security issues, and measures. The developed ontology is equipped with context-aware rules to enable reasoning in order to build a recommendation system that empowers users to make well-educated decisions. The recommendation tool classifies IoMT security threats faced by IoMT stakeholders and automatically recommends security controls that have to be enforced for each threat. We have experimented the proposed tool with respect to the completeness and effectiveness of its output (i.e., security issues and recommended security measures). The results show that the tool was effectively able to recommend necessary security measures.
International Journal of Cyber Security and Digital Forensics, 2012
Software systems, like web applications, are often used to provide reliable online services such ... more Software systems, like web applications, are often used to provide reliable online services such as banking, shopping, social networking, etc., to users. The increasing use of such systems has led to a high need for assuring confidentiality, integrity, and availability of user data. SQL Injection Attacks (SQLIAs) is one of the major security threats to web applications. It allows attackers to get unauthorized access to the back-end database consisting of confidential user information. In this paper we present and evaluate a Runtime Monitoring Technique to detect and prevent tautology based SQLIAs in web applications. Our technique monitors the behavior of the application during its post- deployment to identify all the tautology based SQLIAs. A framework called Runtime Monitoring Framework, that implements our technique, is used in the development of runtime monitors. The framework uses two pre-deployment testing techniques, such as basis-path and data-flow to identify a minimal set of all legal/valid execution paths of the application. Runtime monitors are then developed and integrated to perform runtime monitoring of the application, during its post-deployment for the identified valid/legal execution paths. For evaluation we targeted a subject application with a large number of both legitimate inputs and illegitimate tautology based inputs, and measured the performance of the proposed technique. The results of our study show that runtime monitor developed for the application was successfully able to ABSTRACT detect all the tautology based attacks without generating any false positives.
Building software systems with using modules has been a popular trend. The concept of the &am... more Building software systems with using modules has been a popular trend. The concept of the 'module' has changed from a subroutine, to object, to component (DCOM, JavaBean) and now to an 'agent'. Various definitions of the agent have been used over the past few years. In general, a software agent is a component that can exhibit both proactive and reactive
Abstract This paper explores three widely published agent-based software development methodologie... more Abstract This paper explores three widely published agent-based software development methodologies, Multiagent Systems Engineering Methodology (MaSE), Prometheus, and Tropos, using the traditional Waterfall model of software engineering as a baseline. ...
... Sankardas Roy Postdoctoral Researcher Team Members Harkeerat Bedi, Vivek Datla, Charles Ellis... more ... Sankardas Roy Postdoctoral Researcher Team Members Harkeerat Bedi, Vivek Datla, Charles Ellis, Nisrine Enyinda, Beata Kubiak, Vivek Shandilya, and Chris Simmons Department of Computer Science University of Memphis Memphis, TN, USA Technical Report No. ...
It has been widely accepted that service oriented architecture (SoA), has been a promising approa... more It has been widely accepted that service oriented architecture (SoA), has been a promising approach for business development and growth. SoA principles (also known as SoA qualities) attempt to guide development, maintenance, and usage of the SoA. These principles provide benefits like: ease of reuse, service automation, and lowering integration costs. However, they can also lead to security issues. These issues are augmented especially when SoAs are deployed in multi-tenancy third party clouds. SoA has benefited from the existence of cloud computing (CC) as it provided SoA with a flexible deployment medium. However, the advantageous collaboration of SoAs and CC has led to a larger set of privacy and security issues (e.g. compliance issues, QoS issues). Additionally, we observe newer kinds of security and privacy risks that are now required to be monitored and mitigated. In this paper we highlight the security and privacy challenges associated with the utilization of the SoA principles on cloud based solutions. We identify the origin and severity of these issues followed by several recommendations to guide the utilization of SoA principles in off-premise clouds.
AbstractCyber attacks have greatly increased over the years, where the attackers have progressiv... more AbstractCyber attacks have greatly increased over the years, where the attackers have progressively improved in devising attacks towards a specific target. To aid in identifying and defending against cyber attacks we propose a cyber attack taxonomy called AVOIDIT (Attack Vector, ...
2020 IEEE International Conference on Electro Information Technology (EIT)
Scamming users of online dating sites has rapidly increased in recent years. According to the Fed... more Scamming users of online dating sites has rapidly increased in recent years. According to the Federal Trade Commission, 21,000 online dating scams were reported in 2018, with total reported losses of $143 million. A common tactic used by scammers to trick dating site users is using celebrity profile photos to increase attractiveness. In this paper, we present a prototype tool to assist online dating users in identifying scammers and interacting safely on online dating platforms. The tool recognizes celebrity photos in online dating profiles and identifies the associated profiles as possible fakes, thereby equipping online dating site users with a method to discover scammers. We created fake profiles using celebrity and non-celebrity photos to evaluate the tool's effectiveness. The tool evaluation results were satisfactory. This work aims to increase public awareness of and alert users to signs of scams on online dating websites.
2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)
ICASSP '77. IEEE International Conference on Acoustics, Speech, and Signal Processing
Any digital transfer function can be realized in a multitude of configurations (structures). Seve... more Any digital transfer function can be realized in a multitude of configurations (structures). Several procedures for analyzing the quantization characteristics have appeared in literature. This paper unifies these analysis procedures to select an optimum structure for a given transfer function. The procedure scales the filter modules to prevent overflow, selects the coefficient word lengths by sensitivity considerations, selects the quantizer
Security and privacy are among the key barriers to adopting the Internet of Medical Things (IoMT)... more Security and privacy are among the key barriers to adopting the Internet of Medical Things (IoMT) solutions. IoMT adopters have to adhere to security and privacy policies to ensure that patient data remains confidential and secure. However, there is confusion among IoMT stakeholders as to what security measures they should expect from the IoMT manufacturers and whether these measures would comply with the adopter's security and compliance requirements. In this paper, we present a recommendation tool that models IoMT concepts and security issues in addition to successively recommending security measures. The presented tool utilizes semantically enriched ontology to model the IoMT components, security issues, and measures. The developed ontology is equipped with context-aware rules to enable reasoning in order to build a recommendation system that empowers users to make well-educated decisions. The recommendation tool classifies IoMT security threats faced by IoMT stakeholders and automatically recommends security controls that have to be enforced for each threat. We have experimented the proposed tool with respect to the completeness and effectiveness of its output (i.e., security issues and recommended security measures). The results show that the tool was effectively able to recommend necessary security measures.
International Journal of Cyber Security and Digital Forensics, 2012
Software systems, like web applications, are often used to provide reliable online services such ... more Software systems, like web applications, are often used to provide reliable online services such as banking, shopping, social networking, etc., to users. The increasing use of such systems has led to a high need for assuring confidentiality, integrity, and availability of user data. SQL Injection Attacks (SQLIAs) is one of the major security threats to web applications. It allows attackers to get unauthorized access to the back-end database consisting of confidential user information. In this paper we present and evaluate a Runtime Monitoring Technique to detect and prevent tautology based SQLIAs in web applications. Our technique monitors the behavior of the application during its post- deployment to identify all the tautology based SQLIAs. A framework called Runtime Monitoring Framework, that implements our technique, is used in the development of runtime monitors. The framework uses two pre-deployment testing techniques, such as basis-path and data-flow to identify a minimal set of all legal/valid execution paths of the application. Runtime monitors are then developed and integrated to perform runtime monitoring of the application, during its post-deployment for the identified valid/legal execution paths. For evaluation we targeted a subject application with a large number of both legitimate inputs and illegitimate tautology based inputs, and measured the performance of the proposed technique. The results of our study show that runtime monitor developed for the application was successfully able to ABSTRACT detect all the tautology based attacks without generating any false positives.
Building software systems with using modules has been a popular trend. The concept of the &am... more Building software systems with using modules has been a popular trend. The concept of the 'module' has changed from a subroutine, to object, to component (DCOM, JavaBean) and now to an 'agent'. Various definitions of the agent have been used over the past few years. In general, a software agent is a component that can exhibit both proactive and reactive
Abstract This paper explores three widely published agent-based software development methodologie... more Abstract This paper explores three widely published agent-based software development methodologies, Multiagent Systems Engineering Methodology (MaSE), Prometheus, and Tropos, using the traditional Waterfall model of software engineering as a baseline. ...
... Sankardas Roy Postdoctoral Researcher Team Members Harkeerat Bedi, Vivek Datla, Charles Ellis... more ... Sankardas Roy Postdoctoral Researcher Team Members Harkeerat Bedi, Vivek Datla, Charles Ellis, Nisrine Enyinda, Beata Kubiak, Vivek Shandilya, and Chris Simmons Department of Computer Science University of Memphis Memphis, TN, USA Technical Report No. ...
It has been widely accepted that service oriented architecture (SoA), has been a promising approa... more It has been widely accepted that service oriented architecture (SoA), has been a promising approach for business development and growth. SoA principles (also known as SoA qualities) attempt to guide development, maintenance, and usage of the SoA. These principles provide benefits like: ease of reuse, service automation, and lowering integration costs. However, they can also lead to security issues. These issues are augmented especially when SoAs are deployed in multi-tenancy third party clouds. SoA has benefited from the existence of cloud computing (CC) as it provided SoA with a flexible deployment medium. However, the advantageous collaboration of SoAs and CC has led to a larger set of privacy and security issues (e.g. compliance issues, QoS issues). Additionally, we observe newer kinds of security and privacy risks that are now required to be monitored and mitigated. In this paper we highlight the security and privacy challenges associated with the utilization of the SoA principles on cloud based solutions. We identify the origin and severity of these issues followed by several recommendations to guide the utilization of SoA principles in off-premise clouds.
AbstractCyber attacks have greatly increased over the years, where the attackers have progressiv... more AbstractCyber attacks have greatly increased over the years, where the attackers have progressively improved in devising attacks towards a specific target. To aid in identifying and defending against cyber attacks we propose a cyber attack taxonomy called AVOIDIT (Attack Vector, ...
Uploads
Papers by Sajjan Shiva