发布求助
文献互助 智能选刊 最新文献

Proceedings of the 15th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Jit fault detection: increasing availability in 1oo2 systems just-in-time Jit故障检测:实时提高102个系统的可用性
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407054
L. Botler, N. Kajtazovic, K. Diwold, K. Römer
{"title":"Jit fault detection: increasing availability in 1oo2 systems just-in-time","authors":"L. Botler, N. Kajtazovic, K. Diwold, K. Römer","doi":"10.1145/3407023.3407054","DOIUrl":"https://doi.org/10.1145/3407023.3407054","url":null,"abstract":"With silicon technology decreasing in size, memories get more susceptible to external influences, which can lead to soft errors. Although temporary, these errors constitute a challenge for safety-critical systems. Redundancy-based error detection is commonly used in industry to increase safety and mitigate these errors. When an error is detected, safety-critical systems are usually switched to a safe state. While this prevents failures, it negatively affects the system's availability. In this work, we propose Just-in-Time fault detection, a novel method which enables a system to be switched to the safe state only in case a detected error would affect the system's behavior. A software tool enabling the deployment of this method on an off-the-shelf processor is implemented, and the method is validated and compared with a state-of-the-art alternative approach using mixed-critical memories. Our results show an availability gain between 25.2% and 100% compared with the state-of-the-art approach while executing two different standard algorithms.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124764273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Distributed packet inspection for network security purposes in software-defined networking environments 在软件定义的网络环境中,用于网络安全目的的分布式数据包检测
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409210
P. Nowakowski, Piotr Żórawski, Krzysztof Cabaj, Marcin Gregorczyk, Maciej Purski, W. Mazurczyk
{"title":"Distributed packet inspection for network security purposes in software-defined networking environments","authors":"P. Nowakowski, Piotr Żórawski, Krzysztof Cabaj, Marcin Gregorczyk, Maciej Purski, W. Mazurczyk","doi":"10.1145/3407023.3409210","DOIUrl":"https://doi.org/10.1145/3407023.3409210","url":null,"abstract":"5G networks are foreseen to offer rich ubiquitous communication infrastructure with wide range of high-quality services. However, as they are formed using a mix of modern network technologies ensuring their security is crucial. Currently, Software Defined Networking is envisioned as a key technology to provide security in 5G. However, due to its centralized nature SDN-based systems may suffer from performance issues and are difficult to scale. That is why in this paper, we propose a novel distributed packet inspection method which is easy to scale, migrate and is able to utilize any existing SDN controller software. Instead of running a single instance of SDN controller process we propose to utilize multiple processes and to distribute the traffic in a fair manner across running instances. In result, such a load-balancing solution is able to run independently on multiple machines allowing for highly scalable solution. Performed experimental evaluation proves that such solution is efficient and effective.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"33 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128170939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Non-blind steganalysis 非盲隐写式密码解密
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409221
Niklas Bunzel, M. Steinebach, Huajian Liu
{"title":"Non-blind steganalysis","authors":"Niklas Bunzel, M. Steinebach, Huajian Liu","doi":"10.1145/3407023.3409221","DOIUrl":"https://doi.org/10.1145/3407023.3409221","url":null,"abstract":"The increasing digitization offers new ways, possibilities and needs for a secure transmission of information. Steganography and its analysis constitute an essential part of IT-Security. In this work we show how methods of blind-steganalysis can be improved to work in non-blind scenarios. The main objective was to examine how to take advantage of the knowledge of reference images to maximize the accuracy-rate of the analysis. Therefore we evaluated common stego-tools and their embedding algorithms and established a dataset of 353110 images. The images have been applied to test the potency of the improved methods of the non-blind steganalysis. The results show that the accuray can be significantly improved by using cover-images to produce reference images. Also the aggregation of the outcomes has shown to have a positive impact on the accuracy. Particularly noteworthy is the correlation between the qualities of the stego- and cover-images. Only by consindering both, the accuracy could strongly be improved. Interestingly the difference between both qualities also has a deep impact on the results.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130085480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Balancing trust and privacy in computer-mediated introduction: featuring risk as a determinant for trustworthiness requirements elicitation 在计算机中介引入中平衡信任和隐私:将风险作为可信度要求引出的决定因素
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409208
Angela Borchert, N. E. D. Ferreyra, M. Heisel
{"title":"Balancing trust and privacy in computer-mediated introduction: featuring risk as a determinant for trustworthiness requirements elicitation","authors":"Angela Borchert, N. E. D. Ferreyra, M. Heisel","doi":"10.1145/3407023.3409208","DOIUrl":"https://doi.org/10.1145/3407023.3409208","url":null,"abstract":"In requirements elicitation methods, it is not unusual that conflicts between software requirements or between software goals and requirements can be detected. It is efficient to deal with those conflicts before further costs are invested to implement a solution that includes insufficient software features. This work introduces risk as an extension of a method for eliciting trust-related software features for computer-mediated introduction (CMI) so that software engineers can i) decide on the implementation of conflicting requirements in the problem space and ii) additionally reduce risks that accompany CMI use. CMI describes social media platforms on which strangers with compatible interests get acquainted online and build trust relationships with each other for potential offline encounters (e.g.: online dating and sharing economy). CMI involves security and safety risks such as data misuse, deceit or violence. In the engineering process, software goals and requirements for trust building often come along with the disclosure of personal data, which may result in conflicts with goals and requirements for privacy protection. In order to tackle i) conflicting requirements and goals and ii) CMI risks, our approach involves risk assessment of user concerns and requirements in order to rank goals by their importance for the application. Based on the prioritization, conflicting requirements can be managed. The findings are presented with explicit examples of the application field online dating.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128883170","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Vector packet encapsulation: the case for a scalable IPsec encryption protocol 矢量包封装:一个可扩展的IPsec加密协议的情况
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407060
M. Pfeiffer, Franz Girlich, M. Rossberg, G. Schäfer
{"title":"Vector packet encapsulation: the case for a scalable IPsec encryption protocol","authors":"M. Pfeiffer, Franz Girlich, M. Rossberg, G. Schäfer","doi":"10.1145/3407023.3407060","DOIUrl":"https://doi.org/10.1145/3407023.3407060","url":null,"abstract":"The IPsec protocol family, although not always undisputed, has shown to be extremely reliable over the last two decades. However, given the fact that communication networks evolved tremendously since ESP was standardized, this paper proposes changes to the security protocol to accommodate for the needs of modern wide area and data center networks. In particular it addresses optimizations for high-speed software implementations as well as use cases in data center networks. The evaluation shows that rather small yet targeted changes are sufficient to allow for more flexible and scalable implementations.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130563586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Refining the evaluation of the degree of security of a system built using security patterns 改进使用安全模式构建的系统的安全程度评估
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407070
Olga Villagrán-Velasco, E. Fernández, J. Ortega-Arjona
{"title":"Refining the evaluation of the degree of security of a system built using security patterns","authors":"Olga Villagrán-Velasco, E. Fernández, J. Ortega-Arjona","doi":"10.1145/3407023.3407070","DOIUrl":"https://doi.org/10.1145/3407023.3407070","url":null,"abstract":"Evaluating the degree of security of a specific software system is a difficult problem and many metrics have been proposed. However, if the system has been built with a methodology that uses patterns as artifacts, a systematic and rather simple evaluation is possible and a metric has been proposed for this evaluation: perform threat enumeration, check if the patterns in the system can stop the identified threats, and calculate the coverage of these threats by the patterns. We refine here that approach by considering the additional effect of the policies (requirements) defined for the system and by using weights for threats and policies.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116146566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
SOK 势利小人
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407043
M. Dotan, Y. Pignolet, S. Schmid, Saar Tochner, Aviv Zohar
{"title":"SOK","authors":"M. Dotan, Y. Pignolet, S. Schmid, Saar Tochner, Aviv Zohar","doi":"10.1145/3407023.3407043","DOIUrl":"https://doi.org/10.1145/3407023.3407043","url":null,"abstract":"Cryptocurrencies such as Bitcoin are realized using distributed systems and hence critically rely on the performance and security of the interconnecting network. The requirements on these networks and their usage, however can differ significantly from traditional communication networks, with implications on all layers of the protocol stack. This paper is motivated by these differences, and in particular by the observation that many fundamental design aspects of these networks are not well-understood today. In order to support the networking community to contribute to this emerging application domain, we present a structured overview of the field, from topology and neighbor discovery to block and transaction propagation. In particular, we provide the context, highlighting differences and commonalities with traditional networks, review the state-of-the-art, and identify open research challenges. Our paper can hence also be seen as a call-to-arms to improve the foundation on top of which cryptocurrencies are built.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116615644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Attacker-centric thinking in security: perspectives from financial services practitioners 安全中以攻击者为中心的思维:来自金融服务从业者的观点
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407082
Caroline Moeckel
{"title":"Attacker-centric thinking in security: perspectives from financial services practitioners","authors":"Caroline Moeckel","doi":"10.1145/3407023.3407082","DOIUrl":"https://doi.org/10.1145/3407023.3407082","url":null,"abstract":"In response to diverging perspectives on the usefulness of attacker-centric approaches in security, this paper examines the current role of such thinking in security, incorporating 12 in-depth interviews with senior financial services practitioners working in the areas of security, fraud and risk. The presentation of results is supported by a condensed systematic literature review on the topic and followed by the provision of a list of suggested guidelines on practical implementation strategies, enabling further theoretical reframing and extension.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"178 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114293602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
STALK: security analysis of smartwatches for kids 儿童智能手表的安全性分析
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407037
Christoph Saatjohann, Fabian Ising, Luise Krings, Sebastian Schinzel
{"title":"STALK: security analysis of smartwatches for kids","authors":"Christoph Saatjohann, Fabian Ising, Luise Krings, Sebastian Schinzel","doi":"10.1145/3407023.3407037","DOIUrl":"https://doi.org/10.1145/3407023.3407037","url":null,"abstract":"Smart wearable devices become more and more prevalent in the age of the Internet of Things. While people wear them as fitness trackers or full-fledged smartphones, they also come in unique versions as smartwatches for children. These watches allow parents to track the location of their children in real-time and offer a communication channel between parent and child. In this paper, we analyzed six smartwatches for children and the corresponding backend platforms and applications for security and privacy concerns. We structure our analysis in distinct attacker scenarios and collect and describe related literature outside academic publications. Using a cellular network Man-in-the-Middle setup, reverse engineering, and dynamic analysis, we found several severe security issues, allowing for sensitive data disclosure, complete watch takeover, and illegal remote monitoring functionality.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122623972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Quantifying autonomous system IP churn using attack traffic of botnets 利用僵尸网络攻击流量量化自治系统IP流失
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407051
H. Griffioen, C. Doerr
{"title":"Quantifying autonomous system IP churn using attack traffic of botnets","authors":"H. Griffioen, C. Doerr","doi":"10.1145/3407023.3407051","DOIUrl":"https://doi.org/10.1145/3407023.3407051","url":null,"abstract":"To connect to the Internet, hosts are assigned an IP address by their network provider by which they exchange data. As such, IP addresses are frequently used as a proxy metric to count the number of hosts on a network, or to quantify particular phenomena such as the size of botnets or the infection statistics of malware. Although a single host is typically linked to a single IP address at a given moment, this relationship is frequently not stable over time due to IP churn. As network operators dynamically assign IP addresses to clients for a specific lease duration, after expiry of this lease a host obtains a new IP address, thereby leading to overestimations of active host counts or malware infections. In this paper, we present a novel method to detect and quantify IP churn in autonomous systems on the Internet by exploiting a weakness in the packet generation algorithm and random number generation of the Mirai IoT malware. These design shortcomings allow us to re-identify the same IoT infection when the host resurfaces on the Internet with a different IP address with very high confidence, and thereby characterize how IP addresses in provider netblocks churn over time. As Mirai is widespread with hundreds of thousands of infected devices worldwide and uses the faulty RNG output to actively scan the Internet, our methods enables worldwide measurements of IP churn to be done efficiently and completely passively.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131095468","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信