Proceedings of the 15th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
An overview of limitations and approaches in identity management 概述身份管理中的限制和方法
Daniela Pöhn, Wolfgang Hommel
{"title":"An overview of limitations and approaches in identity management","authors":"Daniela Pöhn, Wolfgang Hommel","doi":"10.1145/3407023.3407026","DOIUrl":"https://doi.org/10.1145/3407023.3407026","url":null,"abstract":"Identity and access management (I&AM) is the umbrella term for managing users and their permissions. It is required for users to access different services. These services can either be provided from their home organization, like a company or university, or from external service providers, e. g., cooperation partners. I&AM provides the management of identifiers with the attributes, credentials, roles, and permissions the user has. Today, the requirements have evolved from simply accessing individual web services in the internet or at a company to the majority of all IT services from different service providers with various accounts. Several identity management models have been created with different approaches within. In order to adjust to heterogeneous environments, use cases, and the evolution of identity management, this paper extends known requirements for identity management. Existing models and approaches for identity management are mapped to the derived requirements. Based on the mapping, advantages, disadvantages, and gaps are identified. Current approaches suffer, as an example, from trustworthiness and liability issues. Interoperability issues are even more inherent as the approaches partly develop apart, forming an heterogeneous environment. The results from this analysis emphasize the need for one holistic identity management framework.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114504521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
TAVeer
Oren Halvani, L. Graner, Roey Regev
{"title":"TAVeer","authors":"Oren Halvani, L. Graner, Roey Regev","doi":"10.1145/3407023.3409194","DOIUrl":"https://doi.org/10.1145/3407023.3409194","url":null,"abstract":"A central problem that has been researched for many years in the field of digital text forensics is the question whether two documents were written by the same author. Authorship verification (AV) is a research branch in this field that deals with this question. Over the years, research activities in the context of AV have steadily increased, which has led to a variety of approaches trying to solve this problem. Many of these approaches, however, make use of features that are related to or influenced by the topic of the documents. Therefore, it may accidentally happen that their verification results are based not on the writing style (the actual focus of AV), but on the topic of the documents. To address this problem, we propose an alternative AV approach that considers only topic-agnostic features in its classification decision. In addition, we present a post-hoc interpretation method that allows to understand which particular features have contributed to the prediction of the proposed AV method. To evaluate the performance of our AV method, we compared it with eight competing baselines (including the current state of the art) on four challenging data sets. The results show that our approach outperforms all baselines in two cases (with a maximum accuracy of 84%), while in the other two cases it performs as well as the strongest baseline.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116787323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
SysGen 系统产生
B. Lenard, J. Wagner, A. Rasin, Jonathan Grier
{"title":"SysGen","authors":"B. Lenard, J. Wagner, A. Rasin, Jonathan Grier","doi":"10.1145/3407023.3409202","DOIUrl":"https://doi.org/10.1145/3407023.3409202","url":null,"abstract":"Security investigations often rely on forensic tools to deliver the necessary supporting evidence. It is therefore imperative that forensic tools are scientifically tested in both their accuracy and capabilities. The primary means to develop and validate forensic tools is by evaluating them against a set of known answers (i.e., a data corpus). While researchers have long recognized the need for standardized forensic corpora, there are few such tools or datasets available, particularly for database management systems (DBMS). In fact, there are currently no publicly available tools that can generate a DBMS dataset for forensic testing. In this paper, we share SysGen, a customizeable data generator and a pre-built corpus that offers a reference for most major relational DBMSes. The pre-built corpus includes individual DBMS files, the full disk snapshot, the RAM snapshot, and network packets taken from a set of clean virtual machines. SysGen can be easily adapted to execute a custom workload scenario, capturing a new data corpus; it can also create other variations of full system snapshots, even beyond DBMS testing.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116883500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
AVRS avr的
Michaela Pucher, Christian Kudera, Georg Merzdovnik
{"title":"AVRS","authors":"Michaela Pucher, Christian Kudera, Georg Merzdovnik","doi":"10.1145/3407023.3407065","DOIUrl":"https://doi.org/10.1145/3407023.3407065","url":null,"abstract":"Embedded systems and microcontrollers are becoming more and more popular as the Internet of Things continues to spread. However, while there is a wealth of different methods and tools for analyzing software and firmware for architectures that are common to standard hardware, such as x86 or Arm, other systems have not been scrutinized so closely. One of these widely used architectures are AVR 8-bit microcontrollers, which are also used in projects like the Arduino platform. This lack of tools makes it more difficult to analyze such systems and identify potential security vulnerabilities. To get the most out of modern reverse engineering and debugging techniques such as fuzzing or concolic execution, sophisticated and correct emulators are required for dynamic analysis. The presented work tries to close this gap by introducing AVRS, a lean AVR emulator prototype developed with the goal of reverse engineering. It was implemented to overcome limitations in existing emulators, such as completeness or execution speed, and to provide simple interfaces for interaction with existing program analysis and reverse engineering tools. We provide an analysis of AVRS in relation to existing emulators and show the improvements in speed and completeness. In addition, we have created a setup that leverages AVRS to use fuzz tests to automatically identify errors in AVR firmware. Our results indicate that AVRS is a valuable addition to the arsenal of analysis tools for embedded firmware and can be easily extended to allow the use of existing analysis tools in the domain of AVR microcontrollers.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116384793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Ransomware 2.0: to sell, or not to sell a game-theoretical model of data-selling Ransomware 勒索软件2.0:卖,还是不卖一个数据卖勒索软件的博弈论模型
Zhen Li, Qi Liao
{"title":"Ransomware 2.0: to sell, or not to sell a game-theoretical model of data-selling Ransomware","authors":"Zhen Li, Qi Liao","doi":"10.1145/3407023.3409196","DOIUrl":"https://doi.org/10.1145/3407023.3409196","url":null,"abstract":"Cybercrime such as ransomware denies access to valuable data until a ransom is paid. Recent ransomware attacks on organizations such as hospitals, schools, government agencies and private businesses raise public awareness of the severe impact on the society. In this paper, we propose a hypothetical new revenue model for the ransomware, i.e., selling the stolen data. Through a game-theoretical analysis between attackers and victims, we contribute a novel model to understand the critical decision variables between the traditional ransomware (ransomware 1.0) - demanding ransom only and the new type of ransomware (ransomware 2.0) - selling the data as well as demanding ransom. Both theoretical modeling and simulation studies suggest that in general ransomware 2.0 is more profitable than ransomware 1.0. Common defensive measures that may work to eliminate the financial incentives of ransomware 1.0 may not work on ransomware 2.0, in particular the data backup practice and the never-pay-ransom strategy. Nevertheless, the uncertainties created by this new revenue model may affect attackers' reputation and users' willingness-to-pay. In turn, ransomware 2.0 may not always increase the profitability of attackers. Another finding of the study suggests that reputation maximization is critical in ransomware 1.0 but not in ransomware 2.0, where attackers should seek imperfect reputation for profit maximization.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"187 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133699616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
AndroPRINT AndroPRINT
Gerald Palfinger, Bernd Prünster
{"title":"AndroPRINT","authors":"Gerald Palfinger, Bernd Prünster","doi":"10.1145/3407023.3407055","DOIUrl":"https://doi.org/10.1145/3407023.3407055","url":null,"abstract":"In recent Android versions, access to various (unique) identifiers has been restricted or completely removed for third-party applications. However, many information sources can still be combined to create a fingerprint, effectively substituting the need for these unique identifiers. Until now, finding these fingerprintable sources required manually sifting through the API documentation to identify each information source individually. This paper presents AndroPRINT, a framework that automatically recognizes fingerprintable information sources on Android devices. For this purpose it automatically invokes methods, queries fields, and retrieves data from content providers. We show that this framework allows automating the elaborate task of finding such fingerprintable information sources in different experiments. In these experiments, a variety of information sources could be identified, which provide a vast amount of unique features for fingerprinting. Furthermore, AndroPRINT detected undocumented unique device identification features, which are a result of manufacturer adaptations. These vendor customisations even revealed personal data, such as the user's email address and cryptographic keys used for cross-device communication. The fact that this information can be retrieved without the user noticing means that vendor customisations can effectively defeat the tight permission system of modern smartphone operating systems.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114976260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
INSPIRE-5Gplus: intelligent security and pervasive trust for 5G and beyond networks INSPIRE-5Gplus: 5G及以后网络的智能安全和普遍信任
Jordi Ortiz Murillo, R. Sanchez-Iborra, Jorge Bernal Bernabé, A. Gómez-Skarmeta, Chafika Benzaid, T. Taleb, P. Alemany, R. Muñoz, R. Vilalta, Chrystel Gaber, Jean-Philippe Wary, D. Ayed, P. Bisson, M. Christopoulou, G. Xilouris, Edgardo Montes de Oca, Gürkan Gür, Gianni Santinelli, Vincent Lefebvre, A. Pastor, D. López
{"title":"INSPIRE-5Gplus: intelligent security and pervasive trust for 5G and beyond networks","authors":"Jordi Ortiz Murillo, R. Sanchez-Iborra, Jorge Bernal Bernabé, A. Gómez-Skarmeta, Chafika Benzaid, T. Taleb, P. Alemany, R. Muñoz, R. Vilalta, Chrystel Gaber, Jean-Philippe Wary, D. Ayed, P. Bisson, M. Christopoulou, G. Xilouris, Edgardo Montes de Oca, Gürkan Gür, Gianni Santinelli, Vincent Lefebvre, A. Pastor, D. López","doi":"10.1145/3407023.3409219","DOIUrl":"https://doi.org/10.1145/3407023.3409219","url":null,"abstract":"The promise of disparate features envisioned by the 3GPP for 5G, such as offering enhanced Mobile Broadband connectivity while providing massive Machine Type Communications likely with very low data rates and maintaining Ultra Reliable Low Latency Communications requirements, create a very challenging environment for protecting the 5G networks themselves and associated assets. To overcome such complexity, future 5G networks must employ a very high degree of network and service management automation, which is a security challenge by itself as well as an opportunity for smarter and more efficient security functions. In this paper, we present the smart, trustworthy and liable 5G security platform being designed and developed in the INSPIRE-5Gplus1 project. This platform takes advantage of new techniques such as Machine Learning (ML), Artificial Intelligence (AI), Distributed Ledger Technologies (DLT), network softwarization and Trusted Execution Environment (TEE) for closed-loop and end-to-end security management following a zero-touch model in 5G and Beyond 5G networks. To this end, we specifically elaborate on two key aspects of our platform, namely security management with Security Service Level Agreements (SSLAs) and liability management, in addition to the description of the overall architecture.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116527237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Critical traffic analysis on the tor network tor网络关键流量分析
Florian Platzer, Marcel Schäfer, M. Steinebach
{"title":"Critical traffic analysis on the tor network","authors":"Florian Platzer, Marcel Schäfer, M. Steinebach","doi":"10.1145/3407023.3409180","DOIUrl":"https://doi.org/10.1145/3407023.3409180","url":null,"abstract":"Tor is a widely-used anonymity network with more than two million daily users. A special feature of Tor is the hidden service architecture. Hidden services are a popular method for anonymous communication or sharing web contents anonymously. A specialty in Tor is that all data packets that are sent are structured completely identical for security reasons. They are encrypted using the TLS protocol and have a fixed size of exactly 512 bytes. In an earlier implementation, Tor was an example of networks without generated traffic noise to make traffic analysis more difficult. In this work we describe a method to deanonymize any hidden service on Tor based on traffic analysis, which is a threat to anonymity online. This method allows an attacker with modest resources to deanonymize any hidden services in less than 12.5 days.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125051784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Privacy-enhanced robust image hashing with bloom filters 隐私增强鲁棒图像哈希与布隆过滤器
Uwe Breidenbach, M. Steinebach, Huajian Liu
{"title":"Privacy-enhanced robust image hashing with bloom filters","authors":"Uwe Breidenbach, M. Steinebach, Huajian Liu","doi":"10.1145/3407023.3409212","DOIUrl":"https://doi.org/10.1145/3407023.3409212","url":null,"abstract":"Robust image hashes are used to detect known illegal images, even after image processing. This is, for example, interesting for a forensic investigation, or for a company to protect their employees and customers by filtering content. The disadvantage of robust hashes is that they leak structural information of the pictures, which can lead to privacy issues. Our scientific contribution is to extend a robust image hash with privacy protection. We thus introduce and discuss such a privacy-preserving concept. The approach uses a probabilistic data structure - known as Bloom filter - to store robust image hashes. Bloom filter store elements by mapping hashes of each element to an internal data structure. We choose a cryptographic hash function to one-way encrypt and store elements. The privacy of the inserted elements is thus protected. We evaluate our implementation, and compare it to its underlying robust image hashing algorithm. Thereby, we show the cost with respect to error rates for introducing a privacy protection into robust hashing. Finally, we discuss our approach's results and usability, and suggest possible future improvements.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125521532","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Blockchain-based chain of custody: towards real-time tamper-proof evidence management 基于区块链的监管链:迈向实时防篡改证据管理
Liza Ahmad, S. Khanji, Farkhund Iqbal, F. Kamoun
{"title":"Blockchain-based chain of custody: towards real-time tamper-proof evidence management","authors":"Liza Ahmad, S. Khanji, Farkhund Iqbal, F. Kamoun","doi":"10.1145/3407023.3409199","DOIUrl":"https://doi.org/10.1145/3407023.3409199","url":null,"abstract":"Evidence is a tangible demonstrative artifact that proves a fact and shapes the investigation of various misconduct cases involving for instance corruption, misbehavior, or violation. It is imperative to maintain proper evidence management to guarantee the admissibility of an evidence in a court of law. Chain of custody forms the forensic link of evidence sequence of control, transfer, and analysis to preserve evidence's integrity and to prevent its contamination. Blockchain, a distributed tamper-resistant ledger can be leveraged to offer a decentralized secure digital evidence system. In this paper, we propose a secure chain of custody framework by utilizing the blockchain technology to store evidence metadata while the evidence is stored in a reliable storage medium. The framework is built on top of a private Ethereum blockchain to document every transmission from the moment the evidence is seized, thus ensuring that evidence can only be accessed or possessed by authorized parties. The framework is integrated with the digital evidence system where evidence is physically stored and locked using smart locks. To secure the sequence of evidence submission and retrieval, only an authorized party can possess the key to unlock the evidence. Our proposed framework offers a secure solution that maintains evidence integrity and admissibility among multiple stakeholders such as law enforcement agencies, lawyers, and forensic professionals. The research findings shed light on hidden opportunities for the efficient usage of blockchain in other realms beyond finance and cryptocurrencies.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114721632","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信