Search for: All records

As a foundational and disruptive technology with unique features, blockchains can provide distinct technology pushes for novel business models, strategies, processes, and applications. Revised or new business models can be iteratively refined and transformed to increasingly more detailed design and implementation models to be realized by applications supported by blockchains. Governance concerns with how decisions are made, implemented, and controlled. It is an important focal point of any model and process. Blockchain enables new governance opportunities that are trusted, decentralized, automated, accountable, secured, and privacy-protected. These opportunities can be used to analyze governance issues in constructing models, processes, and blockchain applications. Based on our prototyping experience in two permissioned blockchain platforms, we propose a framework of six governance attributes for constructing consortium blockchain applications: decision process, accountability and verifiability, trust, incentive, security and privacy, and effectiveness. The framework aids in exploring blockchain-created governance opportunities and driving future research. 

Identification is the core of any authentication protocol design as the purpose of the authentication is to verify the user’s identity. The efficient establishment and verification of identity remain a big challenge. Recently, biometrics-based identification algorithms gained popularity as a means of identifying individuals using their unique biological characteristics. In this paper, we propose a novel and efficient identification framework, ActID, which can identify a user based on his/her hand motion while walking. ActID not only selects a set of high-quality features based on Optimal Feature Evaluation and Selection and Correlation-based Feature Selection algorithms but also includes a novel sliding window based voting classifier. Therefore, it achieves several important design goals for gait authentication based on resource-constrained devices, including lightweight and real-time classification, high identification accuracy, a minimum number of sensors, and a minimum amount of data collected. Performance evaluation shows that ActID is cost-effective and easily deployable, satisfies real-time requirements, and achieves a high identification accuracy of 100%. 

Pervasive IoT applications enable us to perceive, analyze, control, and optimize the traditional physical systems. Recently, security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk. Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications. As an extension of the cloud, the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications. Although there are some research efforts in this area, edge-based security designs for IoT applications are still in its infancy. This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs. We first present an edge-centric IoT architecture. Then, we extensively review the edge-based IoT security research efforts in the context of security architecture designs, firewalls, intrusion detection systems, authentication and authorization protocols, and privacy-preserving mechanisms. Finally, we propose our insight into future research directions and open research issues. 

The need for cybersecurity professionals continues to grow and education systems are responding in a variety of ways. This study focusses on the “interdisciplinarity” of cybersecurity that contributes to the emerging dialogue on the direction, content and techniques involved in the growth and development of cybersecurity education and training. The study also recognizes the contributions of other disciplines to the field of cybersecurity by the discussion of relevant theories that contribute to understanding security in the context of legal, economics and criminology perspectives. Finally, quantitative analysis (security metrics) is done to understand the existing knowledge of security behaviors and beliefs among students from technical and non-technical majors, helps measure the interest fostered towards an academic pathway in cybersecurity and substantiates on the need for providing a level of cyber education for all individuals appropriate to their role in the society. 

Defending the cyberspace calls for troops of qualified cyber professionals (including architects, developers, managers, and various cyber operators) who possess the necessary set of knowledge and skills. Higher education institutions, especially computing related fields such as Computer Science, share the responsibility in producing the future cyber defense workforce. This paper describes our attempt in revamping a traditional CS curriculum at a teaching-oriented university in order to fulfill the Center of Academic Excellence in Cyber Defense Education (CAE-CDE) designation requirements. In details, we discuss how we overcome several resource constraints without sacrificing program quality. We also explain and illustrate the design rationale and process, which may interest other institutions with similar goals. Furthermore, we examine relevant frameworks and guidelines and show how they could be useful in our and other similar efforts. 

We discuss the NICE Cybersecurity Workforce Framework (NCWF), and its role in aligning cybersecurity jobs with candidates. As a workforce development tool, the NCWF can contribute to better retention, reduced new hire training, and cybersecurity education development. The effectiveness of the NCWF, however, requires discretion from hiring managers, academics, and job seekers. Through skills mapping and calibration, the NCWF helps to identify and resolve skill deficiencies; as a framework of core competencies for cybersecurity jobs, the NCWF helps employers to write job descriptions understood by applicants. We first review the NCWF, and then explain how it may enable mapping between jobs and qualifications. We also discuss the effects of job mapping on organizations and candidates, and its long-term benefits. 

Cybersecurity is a rapidly developing field in which job titles and role descriptions may vary from one organization to the others. The NICE Cybersecurity Workforce Framework (NCWF) provides a common language to categorize and describe cybersecurity work for organizations to build a strong workforce. As the predominant workforce prescribed by the NCWF is technical in nature, academic efforts targeted towards these career paths are likewise technical. Though technical security education is critical, an equal amount of knowledge outside the technical domain is pivotal to understand sophisticated challenges in cybersecurity. Articulating a concise, inclusive, meaningful, and unifying approach in cyber related education fosters a balanced motivation for students from both technical and non-technical majors (interdisciplinary) to pursue a career in cybersecurity. Towards this end, we analyzed competencies, knowledge, skills and abilities of interdisciplinary roles and other roles introduced in the NCWF; we then highlighted discrepancies observed.