发布求助
文献互助 智能选刊 最新文献

Proceedings of the 18th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices VeriDevOps软件方法论:DevOps实践的安全验证和确认
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605054
Eduard Paul Enoiu, D. Truscan, A. Sadovykh, Wissam Mallouli
{"title":"VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices","authors":"Eduard Paul Enoiu, D. Truscan, A. Sadovykh, Wissam Mallouli","doi":"10.1145/3600160.3605054","DOIUrl":"https://doi.org/10.1145/3600160.3605054","url":null,"abstract":"VeriDevOps offers a methodology and a set of integrated mechanisms that significantly improve automation in DevOps to protect systems at operations time and prevent security issues at development time by (1) specifying security requirements, (2) generating trace monitors, (3) locating root causes of vulnerabilities, and (4) identifying security flaws in code and designs. This paper presents a methodology that enhances productivity and enables the continuous integration/delivery of trustworthy systems. We outline the methodology, its application to relevant scenarios, and offer recommendations for engineers and managers adopting the VeriDevOps approach. Practitioners applying the VeriDevOps methodology should include security modeling in the DevOps process, integrate security verification throughout all stages, utilize automated test generation tools for security requirements, and implement a comprehensive security monitoring system, with regular review and update procedures to maintain relevance and effectiveness.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131059104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Evaluating Statistical Disclosure Attacks and Countermeasures for Anonymous Voice Calls 评估匿名语音呼叫的统计泄露攻击及对策
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600186
David Schatz, M. Rossberg, Guenter Schaefer
{"title":"Evaluating Statistical Disclosure Attacks and Countermeasures for Anonymous Voice Calls","authors":"David Schatz, M. Rossberg, Guenter Schaefer","doi":"10.1145/3600160.3600186","DOIUrl":"https://doi.org/10.1145/3600160.3600186","url":null,"abstract":"Assuming a threat model of a global observer, statistical disclosure attacks have been proposed to efficiently de-anonymize communication relationships in text-based mix networks over time. It is commonly assumed that such attacks are also able to disclose call relationships in anonymous communication networks (ACNs) that support voice calls. One straightforward countermeasure is to expect users to permanently send and receive packets that mimic a Voice over IP (VoIP) call. However, this is not practical in real world scenarios, like on mobile devices. In this article, we adapt one specific statistical disclosure attack (Z-SDA-MD) to voice calls and quantitatively study less resource-intensive countermeasures. As base countermeasure, we evaluate a round-based communication model, corresponding to a timed mix. A simulation study of this scenario shows that the Z-SDA-MD is not well suited for a general disclosure of call relationships because of too many false positives. Nevertheless, the attack is able to correctly identify the most frequent relationships. Still, the accuracy in that regard may significantly be decreased by increasing the duration of one round, by decoupling actions (call setup and teardown) of caller and callee by a random number of rounds, and by occasional fake calls to a fixed set of “fake friends”. Overall, our study shows that anonymous voice calls may be implemented with an acceptable trade-off between anonymity, call setup time, and bandwidth overhead.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130470063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Memory Forensics of the OpenDaylight Software-Defined Networking (SDN) Controller OpenDaylight软件定义网络(SDN)控制器内存取证
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600196
Abdullah Alshaya, Adam Kardorff, Christian Facundus, I. Baggili, Golden Richard III
{"title":"Memory Forensics of the OpenDaylight Software-Defined Networking (SDN) Controller","authors":"Abdullah Alshaya, Adam Kardorff, Christian Facundus, I. Baggili, Golden Richard III","doi":"10.1145/3600160.3600196","DOIUrl":"https://doi.org/10.1145/3600160.3600196","url":null,"abstract":"Software-Defined Networking (SDN) abstracts the underlying networking hardware by keeping the control plane and the data separated. SDNs use the control plane to direct network traffic, while OpenFlow switches and routers play a passive role in the system by forwarding packets. The centralization of the control plane on virtualized systems provide Digital Forensics (DF) an opportunity at acquiring and analyzing the memory of a controller. This provides forensically relevant data regarding the SDN’s operation. In our work, we examined the OpenDaylight (ODL) SDN controller to determine what forensically relevant information may be extracted from the controller’s memory. This was accomplished by creating controller memory samples with different networking configurations, and analyzing the memory samples, then constructing an SDN-Controller-Network-Discovery-Tool (SCoNDT). SCoNDT searches a memory dump for the ODL controller’s host tracker service. This service holds information on each host connected to the network, such as its internal IP address, MAC address, and the dates and times of its first and last network connections. It then generates an HTML report. SCoNDT was evaluated on memory samples with various network configurations and showed high efficacy in reconstructing the host IPs, the usernames, and hashed passwords.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131298010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Generic IoT Quantum-Safe Watchdog Timer Protocol 通用物联网量子安全看门狗定时器协议
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605169
Michael Eckel, Tanja Gutsche, Hagen Lauer, André Rein
{"title":"A Generic IoT Quantum-Safe Watchdog Timer Protocol","authors":"Michael Eckel, Tanja Gutsche, Hagen Lauer, André Rein","doi":"10.1145/3600160.3605169","DOIUrl":"https://doi.org/10.1145/3600160.3605169","url":null,"abstract":"This paper presents a quantum-safe watchdog timer protocol designed and implemented using various quantum-safe digital signature algorithms. The protocol is specifically tailored to be used in the context of the Internet of Things (IoT) to address the security risks posed by quantum computing to classical protocols. Our approach replaces the classical protocol with a quantum-safe watchdog timer protocol, which ensures that an IoT device’s communication channels remain secure from adversarial attacks. To demonstrate the effectiveness of our proposed protocol, we develop a proof-of-concept (PoC) implementation using an actor framework in Python. We evaluate the performance impact of the proposed protocol based on several IoT scenarios. We also compare the performance of different quantum-safe algorithms using measurements of CPU cycles, and quantitatively evaluate the results using statistical methods. Our results indicate that the performance of the tested quantum-safe algorithms is better or similar to that of the tested classical algorithms. Based on these results, we recommend a specific quantum-safe algorithm for use with the watchdog timer protocol in the IoT context. The proposed protocol and recommended quantum-safe algorithm offer an effective way to address the security risks posed by quantum computing to IoT devices, and are a significant contribution to the field of quantum-safe cryptography.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123348945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Beware the Doppelgänger: Attacks against Adaptive Thresholds in Facial Recognition Systems 注意Doppelgänger:对面部识别系统中自适应阈值的攻击
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600179
Willem Verheyen, Tim Van hamme, Sander Joos, D. Preuveneers, W. Joosen
{"title":"Beware the Doppelgänger: Attacks against Adaptive Thresholds in Facial Recognition Systems","authors":"Willem Verheyen, Tim Van hamme, Sander Joos, D. Preuveneers, W. Joosen","doi":"10.1145/3600160.3600179","DOIUrl":"https://doi.org/10.1145/3600160.3600179","url":null,"abstract":"Biometric recognition systems typically use a fixed threshold to differentiate between legitimate users and imposters. Yet, this method can be problematic due to differences in individual user performance, whereas some users are more easily recognizable than others. Furthermore, fixed thresholds require extensive tuning on a large test set a priori to determine an optimal threshold value. Adaptive thresholds address these shortcomings by adjusting threshold values based on population characteristics. However, our research demonstrates that adaptive thresholds suffer from a significant weakness as they inadvertently increase the attack surface against face recognition systems. We do so by introducing a novel attack, the doppelgänger attack, where a malicious actor inserts adversarial examples that mimic legitimate users and increase the false rejection rate for these legitimate users by 70%. Consequently, we enhance the performance of face recognition systems by introducing identity-level thresholds and developing a defensive mechanism to prevent the enrollment of doppelgängers. Our novel identity-level thresholding approach customizes the threshold for each individual user in the system. We demonstrate that this approach outperforms both static thresholds and the previously proposed adaptive methodologies, even when dealing with a large number of users. These results have significant implications for the design and implementation of face recognition systems, improving their reliability and enhancing their security.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123089163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Long-Term Analysis of the Dependability of Cloud-based NISQ Quantum Computers 基于云的NISQ量子计算机可靠性的长期分析
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600192
Chuan Xu, Jakub Szefer
{"title":"Long-Term Analysis of the Dependability of Cloud-based NISQ Quantum Computers","authors":"Chuan Xu, Jakub Szefer","doi":"10.1145/3600160.3600192","DOIUrl":"https://doi.org/10.1145/3600160.3600192","url":null,"abstract":"Numerous public cloud infrastructure providers today allow for access to Noisy Intermediate-Scale Quantum (NISQ) computers. Changes in the environment or the machine configuration may affect their dependability. Through analysis of real quantum computer calibration data, this work demonstrates that quantum computers available from IBM Quantum experience periods of fluctuation or abrupt qubit frequency changes. This work further analyzes the correlation between the frequency change events, decoherence times, gate errors, and machine maintenance or offline periods. The results highlight that the properties of NISQ computers change over time, affecting their dependability, but not all of the changes can be explained with publicly available data.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127608884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automatic Test Generation to Improve Scrum for Safety Agile Methodology 自动生成测试以改进Scrum安全敏捷方法
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605061
M. Barbareschi, Salvatore Barone, V. Casola, Salvatore Della Torca, Daniele Lombardi
{"title":"Automatic Test Generation to Improve Scrum for Safety Agile Methodology","authors":"M. Barbareschi, Salvatore Barone, V. Casola, Salvatore Della Torca, Daniele Lombardi","doi":"10.1145/3600160.3605061","DOIUrl":"https://doi.org/10.1145/3600160.3605061","url":null,"abstract":"Continuous compliance and living traceability, i.e., assure the technical quality of the software during the incremental flow of the agile process and trace the requirements’ implementation at any time during the development cycle, are two of the most challenging aspects of adopting agile methodologies in the safety critical domain. This is even more true when either user requirements are unstable, the knowledge of the product to be delivered is not enough, or there is no clear interfaces between various hardware/software subsystems, as it may be in a research and development context. In order to reduce the overall cost of these activities, in this manuscript, we discuss benefits resulting from adopting a semi-automatic method to perform continuous compliance and living traceability. The method aims to finding inconsistency between artifacts produced at the end of each iteration by exploit automatic generation of unit tests and coverage metrics. We validated the applicability of the proposed methodology over a real case study from the railway domain, proving it can find inconsistency between several regulations-required artifacts, including the requirements specification, the architectural specification, test specifications and their implementation, and the software implementation.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127715989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multi-Attribute Decision Making-based Trust Score Calculation in Trust Management in IoT 物联网信任管理中基于多属性决策的信任评分计算
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605074
Michail Bampatsikos, Ilias Politis, Vaios Bolgouras, C. Xenakis
{"title":"Multi-Attribute Decision Making-based Trust Score Calculation in Trust Management in IoT","authors":"Michail Bampatsikos, Ilias Politis, Vaios Bolgouras, C. Xenakis","doi":"10.1145/3600160.3605074","DOIUrl":"https://doi.org/10.1145/3600160.3605074","url":null,"abstract":"The proliferation of IoT networks across various sectors necessitates robust Trust Management mechanisms for secure and reliable operations. This paper proposes a Multi-Attribute Decision Making (MADM)-based approach for trust score calculation in IoT Trust Management. This solution addresses limitations of existing methods by considering multiple attributes and providing a comprehensive evaluation of trustworthiness. The methodology computes a device's trust score by integrating factors such as Cyber Risk, Ease of Access, and Security Level using a weighted sum-based calculation. The Analytical Hierarchy Process (AHP) to determine the factors’ weights is utilized, contributing a novel approach to IoT Trust Management. Furthermore, this approach includes dynamic trust score updates throughout the device's lifetime, accommodating changes in the device's Cyber Risk for accurate trust assessment. A trust score penalization mechanism for devices below a predefined threshold is also introduced, enabling prompt risk mitigation. A simulated assessment, considering varying numbers of IoT devices, evaluates the effectiveness of the proposed methodology. By addressing limitations and introducing innovative components, the proposed MADM-based approach enhances security, reliability, and overall performance of IoT networks. This research advances trust management in IoT and provides valuable insights for developing secure and trustworthy IoT ecosystems.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115228739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities 用户声明的跨域共享:OpenID连接属性授权的设计方案
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600183
Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, R. Carbone, Silvio Ranise
{"title":"Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities","authors":"Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, R. Carbone, Silvio Ranise","doi":"10.1145/3600160.3600183","DOIUrl":"https://doi.org/10.1145/3600160.3600183","url":null,"abstract":"An Attribute Authority is an entity responsible for establishing, maintaining, and sharing a subject’s qualified attributes, such as titles and qualifications. In the OpenID Connect digital identity ecosystem, In the OpenID Connect digital identity ecosystem, for privacy reasons, this entity is distinct from Identity Providers that manage only the basic identity profile information. A relevant scenario is as follows: the User first logs in to an online service using his/her identity managed by an Identity Provider. Then, the online service asks the Attribute Authority for the additional User’s attributes (e.g., entitlements) before granting access to its resources. In some high-sensitive cases, an Attribute Authority needs proof of the User’s authentication before releasing the User’s attributes to the online service. The challenge of this scenario involving usability, security, and privacy requirements lies in finding the right mechanism to share (the minimum and necessary set of) claims of the User who is currently authenticated with the online service across multiple domains without requiring his or her re-authentication. In this paper, we present the design of two solutions based on OpenID Connect to share User claims across domains. We provide security and privacy analysis for the two solutions and a brief comparison between them.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115648176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Confidential Quantum Computing 机密量子计算
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3604982
Barbora Hrdá, Sascha Wessel
{"title":"Confidential Quantum Computing","authors":"Barbora Hrdá, Sascha Wessel","doi":"10.1145/3600160.3604982","DOIUrl":"https://doi.org/10.1145/3600160.3604982","url":null,"abstract":"Quantum computing is becoming more accessible with increasing numbers of quantum platforms. The confidentiality and integrity of data and algorithms running on these systems are important assets that need to be protected from untrusted parties. Previous approaches focus on the encryption of individual sub-areas, often using at least hybrid clients, and do not take the entire path from the classical client via a platform to the quantum computing hardware into consideration. Based on the classification of quantum algorithms we show the assets worth protecting, evolve the data flow on third-party quantum hardware and quantum computing platforms, and propose a concept architecture addressing confidentiality and integrity of processed data and code. Our approach shows that confidentiality can already be achieved for data with classical clients, while code confidentiality remains an open question. Our approach covers integrity for most complexity classes.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114176413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信