发布求助
文献互助 智能选刊 最新文献

Proceedings of the 18th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Exploring NFT Validation through Digital Watermarking 通过数字水印探索NFT验证
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605063
Mila Dalla Preda, Francesco Masaia
{"title":"Exploring NFT Validation through Digital Watermarking","authors":"Mila Dalla Preda, Francesco Masaia","doi":"10.1145/3600160.3605063","DOIUrl":"https://doi.org/10.1145/3600160.3605063","url":null,"abstract":"Blockchain technology has brought notable advancements to diverse industries. The introduction of non-fungible tokens (NFTs) has particularly led to a lucrative market for unique digital asset ownership verification, including digital artworks. However, this trend has also given rise to concerns such as fraud, stolen works, authenticity, and copyright issues. Illicit traders exploit the market by trading unauthorized copies of digital objects as NFTs. In this study, we propose the use of digital watermarking as a means to establish the authenticity of NFTs and enhance the marketplace’s credibility.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133207487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities 用户声明的跨域共享:OpenID连接属性授权的设计方案
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600183
Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, R. Carbone, Silvio Ranise
{"title":"Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities","authors":"Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, R. Carbone, Silvio Ranise","doi":"10.1145/3600160.3600183","DOIUrl":"https://doi.org/10.1145/3600160.3600183","url":null,"abstract":"An Attribute Authority is an entity responsible for establishing, maintaining, and sharing a subject’s qualified attributes, such as titles and qualifications. In the OpenID Connect digital identity ecosystem, In the OpenID Connect digital identity ecosystem, for privacy reasons, this entity is distinct from Identity Providers that manage only the basic identity profile information. A relevant scenario is as follows: the User first logs in to an online service using his/her identity managed by an Identity Provider. Then, the online service asks the Attribute Authority for the additional User’s attributes (e.g., entitlements) before granting access to its resources. In some high-sensitive cases, an Attribute Authority needs proof of the User’s authentication before releasing the User’s attributes to the online service. The challenge of this scenario involving usability, security, and privacy requirements lies in finding the right mechanism to share (the minimum and necessary set of) claims of the User who is currently authenticated with the online service across multiple domains without requiring his or her re-authentication. In this paper, we present the design of two solutions based on OpenID Connect to share User claims across domains. We provide security and privacy analysis for the two solutions and a brief comparison between them.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115648176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Enhancing Cybersecurity Education in Europe: The REWIRE’s Course Selection Methodology 加强欧洲网络安全教育:REWIRE的选课方法
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605091
Alan Briones Delgado, Sara Ricci, Argyro Chatzopoulou, Jakub Cegan, Petr Dzurenda, Ioannis Koutoudis
{"title":"Enhancing Cybersecurity Education in Europe: The REWIRE’s Course Selection Methodology","authors":"Alan Briones Delgado, Sara Ricci, Argyro Chatzopoulou, Jakub Cegan, Petr Dzurenda, Ioannis Koutoudis","doi":"10.1145/3600160.3605091","DOIUrl":"https://doi.org/10.1145/3600160.3605091","url":null,"abstract":"The European Cybersecurity Skills Framework (ECSF) was introduced by the European Union Agency for Cybersecurity (ENISA) to identify the necessary competencies, knowledge, and skills required for European cybersecurity professionals. The ECSF condenses all cybersecurity-related positions into 12 role profiles, aiming to establish a mutual understanding of essential roles and support the creation of cybersecurity training programs. In order to address the shortage of cybersecurity experts, a multi-criteria selection method is developed to increase the availability, accessibility, and quality of cybersecurity courses and certifications. This Course Selection methodology ensures high-quality training materials that meet the current and future needs of the cybersecurity industry and benefit a wide range of participants. The methodology considers six criteria and provides a scoring system to rank the occupational profiles and select the most relevant profiles for the course design. Our final score formula identifies Chief Information Security Officer (CISO), Cyber Incident Responder, Cyber Threat Intelligence Specialist, and Penetration Tester for the Course creation.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116170751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Creating a Decryption Proof Verifier for the Estonian Internet Voting System 为爱沙尼亚互联网投票系统创建解密证明验证器
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605467
J. Willemson
{"title":"Creating a Decryption Proof Verifier for the Estonian Internet Voting System","authors":"J. Willemson","doi":"10.1145/3600160.3605467","DOIUrl":"https://doi.org/10.1145/3600160.3605467","url":null,"abstract":"This paper describes the efforts made for and lessons learnt from creating a decryption proof verifier for the Estonian IVXV Internet voting system. Our main conclusion is that cryptographic protocols aiming at providing transparency through verifiability should also take into account a non-functional requirement of low implementation complexity. We identify several steps of the verification protocol that could be made easier to implement without sacrificing security. A side-product of our effort is a fully functional IVXV decryption proof verifier written in Go that we used during the latest Estonian parliamentary elections of March 2023.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115308078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Characterizing the Use of Code Obfuscation in Malicious and Benign Android Apps 描述代码混淆在恶意和良性Android应用程序中的使用
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3600194
Ulf Kargén, Noah Mauthe, N. Shahmehri
{"title":"Characterizing the Use of Code Obfuscation in Malicious and Benign Android Apps","authors":"Ulf Kargén, Noah Mauthe, N. Shahmehri","doi":"10.1145/3600160.3600194","DOIUrl":"https://doi.org/10.1145/3600160.3600194","url":null,"abstract":"Obfuscation is frequently used by both benign and malicious Android apps. Since static analysis of obfuscated apps often produces incomplete or misleading results, the problems of identifying and quantifying the use of specific obfuscation techniques in apps has received significant attention. Even though several existing works have addressed these problems, most studies focus on data obfuscation methods such as identifier renaming and string obfuscation, while more advanced code obfuscation methods, such as reflection and control-flow obfuscation, have received less attention. Moreover, existing approaches to detecting Android code obfuscation have significant limitations, as shown by a detailed survey that we present as part of this paper. This is in part due to a fundamental “bootstrapping” problem: since, on one hand, the landscape of Android code obfuscation is poorly known, researchers have very little guidance when designing new detection methods. On the other hand, the lack of detection methods mean that the obfuscation landscape is bound to remain largely unexplored. In this work, we aim to take the first steps towards addressing this “bootstrapping” problem. To this end, we propose two novel approaches to obfuscation detection and perform a study on over 200,000 malicious apps, in addition to 13,436 apps from Google Play. In particular, we propose a new anomaly-detection-based method for identifying likely control-flow obfuscation, and use it to perform what is, to the best of our knowledge, the first empirical study of control-flow obfuscation in Android apps. In addition to presenting new insights into the use of control-flow obfuscation, we also propose a new approach to characterizing the use of reflection-based obfuscation, which allows us to corroborate earlier findings indicating that this type of obfuscation is much more common in malware than in benign apps.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114850719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Key Management Systems for Large-Scale Quantum Key Distribution Networks 大规模量子密钥分配网络的密钥管理系统
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605050
Paul James, Stephan Laschet, Sebastian Ramacher, Luca Torresetti
{"title":"Key Management Systems for Large-Scale Quantum Key Distribution Networks","authors":"Paul James, Stephan Laschet, Sebastian Ramacher, Luca Torresetti","doi":"10.1145/3600160.3605050","DOIUrl":"https://doi.org/10.1145/3600160.3605050","url":null,"abstract":"The Key Management System (KMS) is an important component in scaling up from link-to-link key generation to large key distribution networks. In this work we provide an overview of a KMS in the context of Quantum Key Distribution Networks (QKDN) and give a thorough summary of the functionality of a KMS in such an application. Beyond classical QKDNs, we discuss Post Quantum Cryptography (PQC) hybridization techniques at the KMS level. These methods add an additional layer of security against quantum computer driven attacks. We also discuss selected topics regarding the development, deployment and operation of components for such security infrastructure. In addition, relevant standards in the realm of Quantum Key Distribution (QKD) are outlined and analyzed. As some of the necessary interfaces have not been standardized, namely the interface between two KMS instances and the interface between the KMS and the Software Defined Network (SDN) Agent, we propose APIs for these two cases. The design of the interface between the KMS and QKD modules is discussed and, considering their resource constraints, a push mode for the ETSI GS QKD 004 standard is proposed. Finally, implementation details of a prototype KMS are outlined and trade-offs are discussed.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128430880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On Deploying Quantum-Resistant Cybersecurity in Intelligent Infrastructures 在智能基础设施中部署抗量子网络安全
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605038
L. Malina, P. Dobias, J. Hajny, K. Choo
{"title":"On Deploying Quantum-Resistant Cybersecurity in Intelligent Infrastructures","authors":"L. Malina, P. Dobias, J. Hajny, K. Choo","doi":"10.1145/3600160.3605038","DOIUrl":"https://doi.org/10.1145/3600160.3605038","url":null,"abstract":"As quantum-safe algorithms are increasingly implemented in security protocols used in current and emerging digital services, there is also a corresponding need to map the current state of security protocols and applications and their preparedness for the post-quantum era. In this paper, we review current security recommendations, existing security libraries, and the support of Post-Quantum Cryptography (PQC) in widely-used security protocols. We also present a practical assessment of recently selected PQC algorithms by the National Institute of Standards and Technologies (NIST) PQC standardization on typical platforms that can be deployed in intelligent infrastructures (e.g., smartphones and single-boards), and recently recommended hash-based signatures for software/firmware signing. Finally, we discuss how incoming post-quantum migration affects selected areas in intelligent infrastructures.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117064757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Confidential Quantum Computing 机密量子计算
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3604982
Barbora Hrdá, Sascha Wessel
{"title":"Confidential Quantum Computing","authors":"Barbora Hrdá, Sascha Wessel","doi":"10.1145/3600160.3604982","DOIUrl":"https://doi.org/10.1145/3600160.3604982","url":null,"abstract":"Quantum computing is becoming more accessible with increasing numbers of quantum platforms. The confidentiality and integrity of data and algorithms running on these systems are important assets that need to be protected from untrusted parties. Previous approaches focus on the encryption of individual sub-areas, often using at least hybrid clients, and do not take the entire path from the classical client via a platform to the quantum computing hardware into consideration. Based on the classification of quantum algorithms we show the assets worth protecting, evolve the data flow on third-party quantum hardware and quantum computing platforms, and propose a concept architecture addressing confidentiality and integrity of processed data and code. Our approach shows that confidentiality can already be achieved for data with classical clients, while code confidentiality remains an open question. Our approach covers integrity for most complexity classes.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114176413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Reconstructing Timelines: From NTFS Timestamps to File Histories 重建时间线:从NTFS时间戳到文件历史
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605027
Jelle Bouma, Hugo Jonker, Vincent van der Meer, Eddy Van Den Aker
{"title":"Reconstructing Timelines: From NTFS Timestamps to File Histories","authors":"Jelle Bouma, Hugo Jonker, Vincent van der Meer, Eddy Van Den Aker","doi":"10.1145/3600160.3605027","DOIUrl":"https://doi.org/10.1145/3600160.3605027","url":null,"abstract":"File history facilitates the creation of a timeline of attributed events, which is crucial in digital forensics. Timestamps play an important role for determining what happened to a file. Previous studies into leveraging timestamps to determine file history focused on identification of the last operation applied to a file. In contrast, in this paper, we determine all possible file histories given a file’s current NTFS timestamps. That is, we infer all possible sequences of file system operations which culminate in the file’s current NTFS timestamps. This results in a tree of timelines, with root node the current file state. Our method accounts for various forms of timestamp forgery. We provide an implementation of this method that depicts possible histories graphically.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114575721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
OpenScope-sec: An ADS-B Simulator to Support the Security Research OpenScope-sec:支持安全研究的 ADS-B 模拟器
Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI: 10.1145/3600160.3605065
Riccardo Cestaro, M. Conti, Elonora Mancini, F. Turrin
{"title":"OpenScope-sec: An ADS-B Simulator to Support the Security Research","authors":"Riccardo Cestaro, M. Conti, Elonora Mancini, F. Turrin","doi":"10.1145/3600160.3605065","DOIUrl":"https://doi.org/10.1145/3600160.3605065","url":null,"abstract":"Automatic Dependent Surveillance–Broadcast (ADS-B) protocol is employed in air-ground communication systems to replace legacy radar-based air traffic control systems. However, despite being a recent technology, ADS-B communication does not include security measures. This exposes the communication to potential threats, including message spoofing or fake aircraft generation. To cope with such a security lack, the security community is actively proposing innovative solutions to protect ADS-B communication. However, testing and evaluating security frameworks is complex due to the limited number of simulators and the impossibility of conducting real-world experiments. In this paper, we present an OpenScope-sec an ADS-B simulator to support the security research and the implementation of novel anomaly detection systems. Our simulator extends the existing ADS-B simulator tools with the possibility of implementing a wider range of attacks. The list of attacks included is based on a preliminary analysis of the current literature, where we collected the most common attacks proposed on ADS-B communication and the existing simulators. Finally, for each attack implemented, we discuss possible anomaly detection approaches to detect the attacks and the consequent changes in legitimate parameters. order to detect possible attacks in real ADS-B messages.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126602507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信