发布求助
文献互助 智能选刊 最新文献

Proceedings of the 15th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Cyber-risk identification for a digital substation 数字化变电站的网络风险识别
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409227
A. Khodabakhsh, Sule YAYILGAN YILDIRIM, Mohamed Abomhara, M. Istad, N. Hurzuk
{"title":"Cyber-risk identification for a digital substation","authors":"A. Khodabakhsh, Sule YAYILGAN YILDIRIM, Mohamed Abomhara, M. Istad, N. Hurzuk","doi":"10.1145/3407023.3409227","DOIUrl":"https://doi.org/10.1145/3407023.3409227","url":null,"abstract":"Power grids are rapidly evolving through digital transformation by adopting information and communication technologies. This evolution is creating concerns for electricity transmission and distribution companies to maintain security and reliability of the power grid. To safeguard the power grids, cyber-security risks and their consequences on security measures are required to be analyzed. This paper applies cyber-risk identification methodology with focus on digital substation for recognizing potential cyber-attacks, evaluates the cyber-risks and their impacts, and defines mitigation plans to ensure reliable operation of digital substations and safe and secure delivery of reliable power.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116949985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Automated modelling of security incidents to represent logging requirements in software systems 安全事件的自动建模,以表示软件系统中的日志记录需求
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407081
Fanny Rivera-Ortiz, L. Pasquale
{"title":"Automated modelling of security incidents to represent logging requirements in software systems","authors":"Fanny Rivera-Ortiz, L. Pasquale","doi":"10.1145/3407023.3407081","DOIUrl":"https://doi.org/10.1145/3407023.3407081","url":null,"abstract":"In 2017 the Open Web Application Security Project (OWASP) has identified insufficient logging and monitoring as one of the top ten security risks. Attackers can exploit insufficient logging in software systems to cause harm to an organisation while being undetected for long periods of time. Therefore, software systems used within an organisation should perform logging to collect data relevant to detect and/or diagnose potential security incidents. However, when implementing logging functionalities, software developers either do not log enough information or log too much information. In this paper, we provide an approach to help developers decide where to log and what to log for security purposes. Our approach allows a security engineer to replay potential security incidents on an instrumented version of the software system and generate automatically a model of such incidents. These are represented as a UML sequence diagram that contains the relevant method invocations occurring during and incident, without providing a representation of the entire software behaviour. Because our model refers to concrete system components, it provides immediate guidance to developers about what methods execution should be logged for security purposes.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133365272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Detecting double compression and splicing using benfords first digit law 利用本福德第一位数定律检测双压缩拼接
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409200
R. Frick, Huajian Liu, M. Steinebach
{"title":"Detecting double compression and splicing using benfords first digit law","authors":"R. Frick, Huajian Liu, M. Steinebach","doi":"10.1145/3407023.3409200","DOIUrl":"https://doi.org/10.1145/3407023.3409200","url":null,"abstract":"Detecting image forgeries in JPEG encoded images has been a research topic in the field of media forensics for a long time. Until today, it still holds a high importance as tools to create convincing manipulations of images have become more and more accessible to the public, which in return might be used to e.g. generate fake news. In this paper, a passive forensic detection framework to detect image manipulations is proposed based on compression artefacts and Benfords First Digit Law. It incorporates a supervised approach to reconstruct the compression history as well as provides an un-supervised detection approach to detect double compression for unknown quantization tables. The implemented algorithms were able to achieve high AUC values when classifying high quality images exceeding similar state-of-the-art methods.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130324991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
RESCURE: a security solution for IoT life cycle RESCURE:物联网生命周期安全解决方案
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407075
G. Selimis, Rui Wang, Roel Maes, G. Schrijen, M. Münzer, Stefan Ilić, F. Willems, L. Kusters
{"title":"RESCURE: a security solution for IoT life cycle","authors":"G. Selimis, Rui Wang, Roel Maes, G. Schrijen, M. Münzer, Stefan Ilić, F. Willems, L. Kusters","doi":"10.1145/3407023.3407075","DOIUrl":"https://doi.org/10.1145/3407023.3407075","url":null,"abstract":"We present RESCURE, a security solution built on software, which retrofits Internet of Things (IoT) devices to secure ones. RESCURE exploits the entropy originating from the random variations of silicon (transistors) during manufacturing and generates a unique unforgeable root key and an identity per device. In this way, root key and identity are inseparable from the IoT hardware. To achieve lifetime reliability (reproducibility) and security (randomness) for root key and identity, we apply error correcting and randomness amplification algorithms to the signals derived from silicon. RESCURE supports certificates which are able to prove the device identity and authenticity. RESCURE supports multiple keys derivation (private keys or private/public key pairs) and End-to-End security. In this way an IoT device is able to communicate securely and independently with multiple actors (e.g., Service Providers). It supports secure storage so it is able to encrypt sensitive data such as application keys, sensitive data or software Intellectual Properties (IP). Finally, the entire device software is protected by secure boot and secure software update mechanisms allowing for malware-free software execution and renewable security and features. RESCURE has been prototyped on an ST32L4 device and its performance is presented across real use case scenarios covering the entire life cycle of the device. It is a low-cost solution for all the devices manufacturers that want to achieve high standard security without redesigning the hardware of their IoT product.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132052950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Security impacts of sub-optimal DevSecOps implementations in a highly regulated environment 在高度规范的环境中,次优DevSecOps实现的安全影响
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409186
J. Morales, Thomas P. Scanlon, A. Volkmann, Joseph Yankel, Hasan Yasar
{"title":"Security impacts of sub-optimal DevSecOps implementations in a highly regulated environment","authors":"J. Morales, Thomas P. Scanlon, A. Volkmann, Joseph Yankel, Hasan Yasar","doi":"10.1145/3407023.3409186","DOIUrl":"https://doi.org/10.1145/3407023.3409186","url":null,"abstract":"This work presents lessons learned from a multi-year support effort of a large and well-funded software development project. The focus is on the security impacts to the DevSecOps culture, process, and pipeline. These impacts stem from faulty implementations of requirements in order to achieve a full DevSecOps environment. The faulty implementations resulted in a lax security posture facilitating potential compromise in many areas of the software development environment. We discuss each of the faulty implementations in detail and provide recommendations to avoid in future engagements. The main lesson learned was the organization's inability to strictly adhere to DevSecOps principles resulted in a dysfunctional software development environment and a reduced security posture.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"115 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113935105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Contract-based design patterns: a design by contract approach to specify security patterns 基于契约的设计模式:一种指定安全模式的契约设计方法
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409185
Caine Silva, Sylvain Guérin, R. Mazo, J. Champeau
{"title":"Contract-based design patterns: a design by contract approach to specify security patterns","authors":"Caine Silva, Sylvain Guérin, R. Mazo, J. Champeau","doi":"10.1145/3407023.3409185","DOIUrl":"https://doi.org/10.1145/3407023.3409185","url":null,"abstract":"With the ever growing digitization of activities, software systems are getting more and more complex. They must comply with new usages, varied needs, and are permanently exposed to new security vulnerabilities. Security concerns must be addressed throughout the entire development process and in particular through appropriate architectural choices. The security patterns are the founding principles to provide the architectural and design guidelines. Nevertheless, researchers have pointed out the need for further research investigations to improve quality and effectiveness of security patterns. In this paper, we focus on enhancing security patterns specification to improve the security of the systems using them. Thus, to reach this goal, we present a formal Design by Contract approach to improve the behavioral definition of the security patterns. This approach seeks to define both functional behavior and implicit parts of security design patterns. Our approach includes the contract formalization of security patterns and a comparative implementation on two Java annotation frameworks. The application of the proposal in a proof of concept case highlights the security enforcement at design time or on a legacy source code.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114195340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
An empirical study on the impact of GDPR and right to be forgotten - organisations and users perspective GDPR与被遗忘权影响的实证研究——组织与用户视角
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407080
Vincenzo Mangini, Irina Tal, Arghir-Nicolae Moldovan
{"title":"An empirical study on the impact of GDPR and right to be forgotten - organisations and users perspective","authors":"Vincenzo Mangini, Irina Tal, Arghir-Nicolae Moldovan","doi":"10.1145/3407023.3407080","DOIUrl":"https://doi.org/10.1145/3407023.3407080","url":null,"abstract":"The General Data Protection Regulation (GDPR) is a prescriptive legislation in the European Union (EU) for privacy and data protection that applies to every organisation within the EU and any organisation outside the EU if they offer goods or services to EU citizens. The enforcement of GDPR created a big challenge for organisations which were required to create new professional figures, system, policies, procedures and standards, budget for new investments, and to set up a project plan or catalogue specific to the GDPR. This paper focuses on the GDPR 'right to be forgotten' and the specific implementation challenges it poses. The research study used two surveys to collect data from both organisations and users. The results show that while organisations are struggling with GDPR and right to be forgotten, there are also positive aspects about its implementation that translate into improved data privacy. The findings related to the users show that they are in general happy with the legislation.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114441221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Design and performance evaluation of reversible network covert channels 可逆网络隐蔽信道的设计与性能评价
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409215
Przemysław Szary, W. Mazurczyk, S. Wendzel, L. Caviglione
{"title":"Design and performance evaluation of reversible network covert channels","authors":"Przemysław Szary, W. Mazurczyk, S. Wendzel, L. Caviglione","doi":"10.1145/3407023.3409215","DOIUrl":"https://doi.org/10.1145/3407023.3409215","url":null,"abstract":"Covert channels nested within network traffic are important tools for allowing malware to act unnoticed or to stealthily exchange and exfiltrate information. Thus, understanding how to detect or mitigate their utilization is of paramount importance, especially to counteract the rise of increasingly sophisticated threats. In this perspective, the literature proposed various approaches, including distributed wardens, which can be used to collect traffic in different portions of the network and compare the samples to check for discrepancies revealing hidden communications. However, the use of some form of reversibility, i.e., being able to restore the exploited network carrier to its original form before the injection, can challenge such a detection scheme. Therefore, in this work we introduce and evaluate the performances of different techniques used to endow network covert channels with reversibility. Results indicate the feasibility of achieving reversibility but the used protocol plays a major role.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122659259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Improving security in industry 4.0 by extending OPC-UA with usage control 通过扩展OPC-UA和使用控制来提高工业4.0的安全性
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407077
F. Martinelli, Oleksii Osliak, P. Mori, A. Saracino
{"title":"Improving security in industry 4.0 by extending OPC-UA with usage control","authors":"F. Martinelli, Oleksii Osliak, P. Mori, A. Saracino","doi":"10.1145/3407023.3407077","DOIUrl":"https://doi.org/10.1145/3407023.3407077","url":null,"abstract":"This work presents a framework that provides ongoing control on actions execution in the industrial environment exploiting the OPC Unified Architecture (OPC-UA) framework and the Usage Control (UCON) paradigm. We present a fine-grained usage control model, referred as OPC-UCON, satisfying security and privacy needs of the OPC-UA framework. Our proposed framework exploits the OPC-UA connectivity between simulated industrial components and uses the UCON paradigm for dynamically controlling actions execution according to fine-grained policies reported in the standardized format. The UCON paradigm, in a form of the system, is in charge of controlling the process of dynamic policy reevaluation and the possibility of revoking already granted authorization by stopping previously authorized actions if conditions do not satisfy policy anymore. We presented the implementation and deployment of the proposed framework in a simulated industrial environment with relevant security policies to reflect the advantages of the OPC-UCON model.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124014333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
SoK 势利小人
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407061
G. Riva, A. Vasenev, Nicola Zannone
{"title":"SoK","authors":"G. Riva, A. Vasenev, Nicola Zannone","doi":"10.1145/3407023.3407061","DOIUrl":"https://doi.org/10.1145/3407023.3407061","url":null,"abstract":"The processing of personal data is becoming a key business factor, especially for high-tech system industries such as automotive and healthcare service providers. To protect such data, the European Union (EU) has introduced the General Data Protection Regulation (GDPR), with the aim to standardize and strengthen data protection policies across EU countries. The GDPR defines stringent requirements on the collection and processing of personal data and imposes severe fines and penalties on data controllers and processors for non-compliance. Although the GDPR is enforce since 2018, many public and private organizations are still struggling to fully comply with the regulation. A main reason for this is the lack of usable methodologies that can support developers in designing of GDPR-complaint high-tech systems. This paper examines the growing literature on methodologies for the design of privacy-aware systems, and identifies the main challenges to be addressed in order to facilitate developers in the design of such systems. In particular, we investigate to what extent existing methodologies (i) cover GDPR and privacy-by-design principles, (ii) address different levels of system design concerns, and (iii) have demonstrated their suitability for the purpose. Our literature study shows that the domain landscape appears to be heterogeneous and disconnected, as existing methodologies often focus only on subsets of the GDPR principles and/or on specific angles of system design. Based on our findings, we provide recommendations on the definition of comprehensive methodologies tailored to designing GDPR-compliant high-tech systems.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"206 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122600186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信