Majid A. Malaika - Dr.Eng

The era of quantum computing is about to begin, with profound implications for the global economy and the financial system. Rapid development of quantum computing brings both benefits and risks. Quantum computers can revolutionize industries and fields that require significant computing power, including modeling financial markets, designing new effective medicines and vaccines, and empowering artificial intelligence, as well as creating a new and secure way of communication (quantum Internet)… Show more

The era of quantum computing is about to begin, with profound implications for the global economy and the financial system. Rapid development of quantum computing brings both benefits and risks. Quantum computers can revolutionize industries and fields that require significant computing power, including modeling financial markets, designing new effective medicines and vaccines, and empowering artificial intelligence, as well as creating a new and secure way of communication (quantum Internet). But they would also crack many of the current encryption algorithms and threaten financial stability by compromising the security of mobile banking, e-commerce, fintech, digital currencies, and Internet information exchange. While the work on quantum-safe encryption is still in progress, financial institutions should take steps now to prepare for the cryptographic transition, by assessing future and retroactive risks from quantum computers, taking an inventory of their cryptographic algorithms (especially public keys), and building cryptographic agility to improve the overall cybersecurity resilience. Show less

This paper examines key considerations around central bank digital currency (CBDC) for use by the general public, based on a comprehensive review of recent research, central bank experiments, and ongoing discussions among stakeholders. It looks at the reasons why central banks are exploring retail CBDC issuance, policy and design considerations; legal, governance and regulatory perspectives; plus cybersecurity and other risk considerations. This paper makes a contribution to the CBDC literature… Show more

This paper examines key considerations around central bank digital currency (CBDC) for use by the general public, based on a comprehensive review of recent research, central bank experiments, and ongoing discussions among stakeholders. It looks at the reasons why central banks are exploring retail CBDC issuance, policy and design considerations; legal, governance and regulatory perspectives; plus cybersecurity and other risk considerations. This paper makes a contribution to the CBDC literature by suggesting a structured framework to organize discussions on whether or not to issue CBDC, with an operational focus and a project management perspective. Show less

Abstract: This paper presents how smart contracts and blockchains can be potentially abused to create seemingly unassailable botnets. This involves publishing command and control (C2) logic in the form of smart contracts to the blockchain and then calling the functions of the smart contract for sending and receiving commands and keeping track of the state of bots. We call this technique Botract derived by merging two words: bot and contract. In addition to describing how hackers can exploit… Show more

Abstract: This paper presents how smart contracts and blockchains can be potentially abused to create seemingly unassailable botnets. This involves publishing command and control (C2) logic in the form of smart contracts to the blockchain and then calling the functions of the smart contract for sending and receiving commands and keeping track of the state of bots. We call this technique Botract derived by merging two words: bot and contract. In addition to describing how hackers can exploit smart contracts for C2, we also explain why is it difficult to disarm Botract given the distributed nature of the blockchain and the persistent nature of smart contracts deployed on top of them. Next, we describe the architecture for deploying blockchain-based botnets and implement a proof-of-concept using isolated testnet environments. Our goal is to prove the feasibility of our approach, hoping to create awareness among the community on the importance of auditing smart contracts on the blockchain and defending against these botnets before they become widespread.

Keywords: smart contract; blockchain; security; botnets; Ethereum. Show less

In this paper, we expose application security issues by presenting the usage of N-Version programming methodology to produce a new architectural framework to automate and enhance application security. Web applications and cloud computing are dominating the digital world; therefore, our goal is to build resilient systems that can detect and prevent both known and zero-day application attacks. Automated process flow not only reduces security efforts during the Software Development Life Cycle… Show more

In this paper, we expose application security issues by presenting the usage of N-Version programming methodology to produce a new architectural framework to automate and enhance application security. Web applications and cloud computing are dominating the digital world; therefore, our goal is to build resilient systems that can detect and prevent both known and zero-day application attacks. Automated process flow not only reduces security efforts during the Software Development Life Cycle (SDLC), but also enhances the overall application security. In addition, we propose compartmentalizing the application into separate components and applying the N-Version methodology to the critical ones to reduce the additional overhead introduced by the N-Version methodology.

http://www.crosstalkonline.org/storage/issue-archives/2014/201409/201409-0-Issue.pdf Show less

As organizations evaluate the benefits of migrating services to cloud based computing environments, there are multiple economic factors including avoidance of capital expenditure for infrastructure, service level agreements, and pay as you go subscriptions. In addition to the cost benefits, management aspects such as reliability, continuity, and scalability among others are touted. However, trust and security concerns are among the biggest issues facing cloud computing acceptance; in addition… Show more

As organizations evaluate the benefits of migrating services to cloud based computing environments, there are multiple economic factors including avoidance of capital expenditure for infrastructure, service level agreements, and pay as you go subscriptions. In addition to the cost benefits, management aspects such as reliability, continuity, and scalability among others are touted. However, trust and security concerns are among the biggest issues facing cloud computing acceptance; in addition, cloud architecture creates anxiety in regards to customer versus provider security responsibilities. This paper details the usage of N-Version programming methodology to produce a new architectural framework (N-Version Architecture Framework for Application Security Automation [NVASA]) to enhance and automate security; therefore, building resilient applications/services on the cloud that can detect and nullify both known and unknown application attacks. An experimental implementation was constructed that successfully validated the NVASA architecture. Show less