Toward a Formal Traceability Model for Efficient Security Validation
A formal traceability model is presented with a real-world application of a gray-box penetration test. Such formal traceability improves test effectiveness and efficiency, thus underlining the applicability and value of formal methods in an industry context.
Christof Ebert (firstname.lastname@example.org), Senior Member, IEEE; Ruschil Ray (email@example.com), researcher, University of Stuttgart.
Zero Trust: The What, How, Why, and When
Trust is a critical characteristic of computer systems, but the traditional approach of evaluating systems has failed to deliver the required levels of confidence. We review the emerging zero trust paradigm and propose a new set of zero trust tenets and an enhanced zero trust model.
Malcolm Shore (firstname.lastname@example.org), adjunct professor, Deakin University; Sherali Zeadally (email@example.com), professor, University of Kentucky; Astha Keshariya (firstname.lastname@example.org), researcher, IBM.
Cloud-Native Application Security: Risks, Opportunities, and Challenges in Securing the Evolving Attack Surface
Insecure cloud-native applications will continue to experience security compromises including data breaches due to their dynamic, complex, and varied threat landscape. We review current application security techniques, examine their benefits and shortcomings in the context of CNAs, and point out future research opportunities.
Maxim Chernyshev (email@example.com), Ph.D. candidate, Zubair Baig (firstname.lastname@example.org), senior lecturer, Deakin University; Sherali Zeadally (email@example.com), professor, University of Kentucky.
The Other Artificial Intelligence Hardware Problem
The consolidation of leading-edge semiconductor manufacturing in one company in one country poses two problems: a short-term strategic risk and a long-term innovation risk. Both problems remain underexplored because advances in artificial intelligence (AI) algorithms have compensated for a relative lack of advances in AI hardware.
John Verwey (firstname.lastname@example.org), advisor, pacific northwest national laboratory (pnnl).
On the Way to Intelligent Infrastructure
The use of AI in development and operation of cyberphysical systems can offer a potential way to address the IT infrastructure complexity issue while significantly accelerating software creation.
Alexander Prozorov (email@example.com), fellow, Moscow Institute of Physics and Technology; Roman Shnyrev (firstname.lastname@example.org), area manager, Sberbank New Technology Solutions Lab; Dmitry Volkov (email@example.com), senior fellow, M. V. Keldysh Institute of Applied Mathematics (Moscow).
When issues of data quality management in corporate systems are discussed, the data validation questions are raised rarely, as there are no absolutely reliable tools for the task. However, there is a way to minimize the probability of errors.
Sergei Gorshkov (firstname.lastname@example.org), director, TriniData (Yekaterinburg).
OS MEETING ROOM
Within a Short Step of Phantom OS
The Phantom OS is a Russian secure operating system with reliable applications, variables instead of a file system, guaranteed data integrity, and low-cost software development.
Dmitry Volkov (email@example.com), fellow, M. V. Keldysh Institute of Applied Mathematics (Moscow).
The Era of a Programmer
The history of Russia has many examples when the fate of just a single person reflected the development trends of the entire country, especially at the critical points in history. One of such persons is Alexander Tomilin, one of the first Russian programmers.
Leonid Karpov (firstname.lastname@example.org), lead scientist, V. P. Ivannikov Institute for Systems Programming (Moscow).
Big Data for Regions
Federal and regional government agencies are among the largest users of big data, which they hope will help them improve the efficiency of policy decision making. The Ministry of Economic Development of Primorsky Krai is no exception to this trend.
Stanislav Kuzora (email@example.com), assistant professor, Far Eastern Federal University; Ivan Natarov (firstname.lastname@example.org), data analyst, Ministry of Economic Development of Primorsky Krai (Vladivostok).
Software Engineering and AI Systems: Forward-Looking Ideas
The December, January, and February Issues of Computer Magazine (IEEE Computer Society, Vol. 54, No. 12, 2021, Vol. 55, No. 1, 2, 2022) cover subjects including forward-looking IT ideas, forensics, diagnostics, and tracing.
Alexander Tyrenko (email@example.com), independent expert (Moscow).