|
Citation | Technique | Description |
|
[34] | Quantitative assessment approach | This approach evaluates the component security level quantitatively and identifies efficiently the component security vulnerabilities. |
[35] | Secure multiparty computation (SMC) | This paper revisits the history of developments to SMC that completed the years and studies the opportunity of coupling reliable hardware with SMC. |
[36] | Software-defined networking (SDN) | The analysis demonstrated that SDN appears to be the most attractive developmental structure for upcoming networks. |
[37] | Conventional security mechanisms | They focus on emerging security threats aiming at vulnerabilities, human errors, and defects of a mobile device structure in existing schemes. |
[38] | Abstract network model | The analysis shows that the abstract network model is a valuable method for attack graph-based assessments. |
[39] | Logic programming | In this article, model-based testing and logic programming was introduced for detecting accessible SQL injection (SQLI) and cross-site scripting (XSS) of web applications. |
[40] | Cognitive dimensions questionnaire | Results revealed that the usability issues of security application programming interfaces (APIs) may be determined using this methodology with significantly good reliability and validity. |
[28] | Goal-question-metric (GQM) method | The proposed assessment methodology might help cloud service providers (CSPs) to practice a security self-evaluation and is suitable for the level of their security services within the cloud market. |
[29] | Threat model | This model is helpful for the evaluation of the Bluetooth interface on a range of built-in automotive infotainment systems. |
[41] | Security assessment | This study presents the cybersecurity associated principles for the smart grid which address the issue in different ways and to various extents. |
[42] | Semantic model | In this paper, a semantic model for structuring and risk visualization implemented into the metric visualization system (MVS) was presented. |
[43] | NIST national vulnerability database (NVD) combined with EBIOS risk analysis and evaluation methodology | The finding of this research has demonstrated that virtual networks, SDN controllers, and hypervisors continue to present new attack capabilities that are continually being exposed, further escalating the security risk of modern data centers. |
[44] | Security behavior | The research findings show that psychological ownership, descriptive norm, response cost, self-efficacy, and perceived vulnerability all were significant in determining personal computing security intentions and behavior for both the mobile device and home computer users. |
[45] | Countermeasure-cantered approach | In this article, a prototype implementing such a security management system is described. |
[46] | Threat model | This work presents a quantitative study on the security solutions for communication quality used in robotics, while security capabilities are enabled. |
[47] | Supervisory control and data acquisition (SCADA) systems security | This provides an insight into developing a framework that can be used to assist critical infrastructure sectors. |
[48] | Innovative ontology and graph-based approach | For network security evaluation, an innovative approach that uses ontology was proposed. The ontology is intended to illustrate security knowledge such as that of attacks, vulnerabilities, assets, and the relationships between them. |
[49] | Information-theoretic model | For the computer systems security analysis, the entropy concept was utilized and a quantitative model was derived. The assessment process consists of dynamic and static phases. |
[50] | International symposium on formal methods (FM 2012) | This short paper is intended to accompany a talk at the 18th international symposium (FM 2012). It discusses software security with a highlight on formal aspects, defenses, and low-level attacks. |
[51] | Security metrics and risk analysis | In this work, formal analysis of associations between risk and security metrics and formal definition of risk were provided. |
[52] | Security information and event management (SIEM) systems | The article proposed a general framework for the visualization of SIEM which permits integration of different visualization approaches and expands simply the application functionality. |
[53] | Big data framework | A framework for big data in this work was proposed to build up the security capability of small enterprises. |
[54] | Usability of security software | This article addresses the usability of security alerts across a wider range of security products. |
[55] | Security evaluation using Bayesian belief networks | This article demonstrates parts of the gap, in particular the challenges associated with variable quality of information, lack of empirical information, limited budget, short time-to-market, and lack of resources. |
[56] | Multimetrics approach for security | This article presents a multimetric approach jointly with a methodology to estimate the system security, privacy, and dependability (SPD) level throughout both the running and design process. |
[57] | Ontology-based model for security assessment | In this article, the ontology-based framework was classified in five dimensions for assessing attack effect; they are defense, vulnerability, attack target, attack vector, and attack impact. |
[58] | Vulnerability-centric requirements engineering framework | This paper gives an engineering framework to maintain the elicitation of security requirements and analysis based on vulnerabilities. |
[59] | Evaluation and assessment of the security of wearable devices | This paper examined the usefulness and design of SecuWear platform for recognizing vulnerabilities in these areas and assists wearable security research to mitigate them. |
[60] | Assessment of platforms | This paper explains how the PRIME platform trust can enhance trust and manager operates. |
[61] | Software-defined security framework | For protecting the distributed cloud, a software-defined security framework was proposed in this paper. |
[62] | Software-defined mobile network security | This article gives a survey of software-defined mobile network (SDMN) and its related security issues. |
[63] | Reputation model | In this article, the most critical as well as essential security threats for a utility-based reputation model in grids were assessed. |
[64] | IoT monitoring solution | A monitoring tool based on the extension of the Montimage network monitoring tools for IoT systems was presented in this paper. |
[65] | A comprehensive pattern-driven security methodology | ASE—a comprehensive pattern-driven security methodology intended particularly for (common) distributed systems—focuses on the early life cycle phases and particularly the design phase. |
[66] | Contract-based security assertion monitoring | This article demonstrates how in a live environment on Linux a contract-based security assertion monitoring can be attained. |
[67] | Network security visualization | For the security visualization systems evaluation such as ranking and rating, a framework was proposed in this paper. |
[68] | Empirical study | This article empirically examines how refactoring can progress the security of an application by removing code bad smells. |
[69] | Computational approach | For the standardization of the software development process, a computational approach was proposed in this work. |
[70] | Multitarget approach | In this paper, for the estimation of scores and vulnerability characteristics from the technical description, a model of the combination of multitarget classification and text analysis approaches was created. |
[71] | A new threat identification approach | In this paper, for the assessment of security threats quantitatively, a new approach was adopted, which is modular, extendable, and systematic. |
[72] | Regression model | For the identification of security requirements, a linear based approach was proposed in this work. |
[73] | Problem-oriented security patterns | Based on the problem frames technique, a systematic approach was proposed in this work for the iterative development of software architectures and requirements analysis. |
[74] | A framework for semiautomated coevolution | For the security maintenance and support, a model-based framework was addressed in this paper for a software system during the long-term evolution. |
[75] | A manual approach | The legal and security risks were discussed in this paper which arise from reuse. |
[76] | A coarse approach to quantitative modeling and analysis | For the integrated vulnerability assessment, a methodology using a coarse approach to quantitative analysis and modeling was discussed in this paper. |
[77] | Cyberdefense and cloud vulnerability assessment | In order to decrease, evaluate, and assess the vulnerability level of distributed computing systems (DCIs), an IT security audit framework was created in this paper. |
[1] | Analytic network process (ANP) | For the component security evaluation, an ANP was proposed in this paper. |
[78] | Distributed security systems | Distributed security systems were examined in this paper with devoted server modules that perform client modules’ monitoring and managing. |
[79] | Threatened-based software security evaluation method | In software security literature, for the software security assessment, a new concept was introduced in this paper: the threatened-based method. |
[80] | Measurement frameworks | This paper reports a measurement framework for software development. |
[81] | A cloud data monitoring system | Based on autonomic computing, a data security monitoring approach was proposed in this paper for the feasibility verification through simulation. |
[82] | Hybrid reputation model | Based on both explicit definition of reputation and implicit reputation calculation, a hybrid reputation model is presented in this article. |
[83] | Security architecture | In this paper, the implementation and design of a security framework to FPGA-based heterogeneous systems developed on top of MAC-based OS/Hypervisors was presented. |
[84] | Website security analysis | A model-based website security testing method was proposed in this paper. |
[85] | Methodology for enhancing software security | For enhancing software security in the development life cycle, a methodology was proposed in this paper. |
[86] | Dynamic disassembly of machine instructions | This paper talks about a novel concept RECSRF, consisting of the runtime execution complexity (REC) and its evaluation method security risk factor (SRF). |
[87] | Protection of IoT devices using Berkeley packet filters | This paper reports a practical approach which is an easy-to-use framework to protect IoT devices against attacks. |
[88] | Software security knowledge | For the secure software development that incorporates an artifact and a knowledge-based management system, a case-based management system (CBMS) was proposed in this work. |
[89] | Security analysis of android applications | This paper addresses a mobile app security investigation tool StaDART that merges dynamic and static examination to present the existence of dynamic code update. |
[90] | Surveys and overviews | This paper summarizes the field of software vulnerability examination and discovery that uses machine learning and data mining approaches. |
[91] | Security and privacy | This paper talks about safe patch fingerprinting. |
[92] | Text mining | This paper focuses on text mining approaches and their different classification techniques (support vector machines, neural networks, and decision trees). |
[93] | Software security engineering | This paper described an attempt to benchmark and baseline the state of company software and also incorporates state of software reliability data across the company's products. |
[94] | Quantitative measurement | In this paper, for software engineering service bus (EngSB) platform assessment, a set of quantitative metrics was proposed. |
[95] | Common vulnerability scoring system | This article reports which information cues decrease or increase vulnerability evaluation by humans. |
[96] | Automatic approach | In this article, an automatic approach was proposed for detecting the software vulnerabilities on multiple systems using/sharing API libraries or similar code. |
[97] | Software and application security | This paper talks about the software vulnerabilities by means of descriptions only via deep learning and word embedding approaches. |
[98] | Threat analysis | This paper talks about the threat agent approach. |
[99] | Machine learning techniques | This paper reports a lightweight dynamic and static features approach for the software vulnerability testing detection by means of machine learning methods. |
[100] | Models of computation | In this paper, a cryptographically secure attestation scheme was proposed, which detects direct memory access (DMA) attacks. |
[101] | Understanding security requirements and challenges | This work describes the state-of-the-art efforts in ensuring security in the IoT network. |
|