发布求助
文献互助 智能选刊 最新文献

Proceedings of the 15th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Integrating digital twin security simulations in the security operations center 在安全运营中心集成数字孪生安全仿真
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3407039
Marietheres Dietz, Manfred Vielberth, G. Pernul
{"title":"Integrating digital twin security simulations in the security operations center","authors":"Marietheres Dietz, Manfred Vielberth, G. Pernul","doi":"10.1145/3407023.3407039","DOIUrl":"https://doi.org/10.1145/3407023.3407039","url":null,"abstract":"While industrial environments are increasingly equipped with sensors and integrated to enterprise networks, current security strategies are generally not prepared for the growing attack surface that resides from the convergence of their IT infrastructure with the industrial systems. As a result, the organizations responsible for corporate security, the Security Operations Center (SOC), are overwhelmed with the integration of the industrial systems. To facilitate monitoring the industrial assets, digital twins represent a helpful novel concept. They are the virtual counterparts of such assets and provide valuable insights through collecting asset-centric data, analytic capabilities and simulations. Moreover, digital twins can assist enterprise security by simulating attacks and analyzing the effect on the virtual counterpart. However, the integration of digital twin security simulations into enterprise security strategies, that are mainly controlled by the SOC, is currently neglected. To close this research gap, this work develops a process-based security framework to incorporate digital twin security simulations in the SOC. In the course of this work, a use case along with a digital twin-based security simulation provides proof of concept. It is demonstrated how a man-in-the-middle attack can be performed in a simulated industry setting and how it affects the systems. Moreover, we show how the resulting system logs can support the SOC by building technical rules to implement in Security Information and Event Management (SIEM) systems.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129827864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Generalizing the phishing principle: analyzing user behavior in response to controlled stimuli for IT security awareness assessment 概括网络钓鱼原理:分析用户对受控刺激的响应,用于IT安全意识评估
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409205
Arnold Sykosch, Christian Doll, Matthias Wübbeling, M. Meier
{"title":"Generalizing the phishing principle: analyzing user behavior in response to controlled stimuli for IT security awareness assessment","authors":"Arnold Sykosch, Christian Doll, Matthias Wübbeling, M. Meier","doi":"10.1145/3407023.3409205","DOIUrl":"https://doi.org/10.1145/3407023.3409205","url":null,"abstract":"Capturing behavioral data to assess users' IT security awareness is state of the art. However, recording the click rate on a company wide phishing test for IT security awareness measurement does not suffice. Perceivable artifacts, that the user might be exposed to during an attack, are manifold. We introduce a framework that allows capturing user's responses to such artifacts similar to phishing tests. A field study among 259 users shows, that the expected effect of a well-established IT security awareness intervention can be demonstrated using arbitrary artifacts. It also shows that this intervention may impair the probability of a user reporting the sighting of an artifact and therefore impair an organization's capability to detect such events and possibly decrease overall security.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130576662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Disposable botnets: examining the anatomy of IoT botnet infrastructure 一次性僵尸网络:检查物联网僵尸网络基础设施的解剖结构
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409177
Rui Tanabe, Tatsuya Tamai, Akira Fujita, Ryoichi Isawa, K. Yoshioka, Tsutomu Matsumoto, C. Gañán, M. V. Eeten
{"title":"Disposable botnets: examining the anatomy of IoT botnet infrastructure","authors":"Rui Tanabe, Tatsuya Tamai, Akira Fujita, Ryoichi Isawa, K. Yoshioka, Tsutomu Matsumoto, C. Gañán, M. V. Eeten","doi":"10.1145/3407023.3409177","DOIUrl":"https://doi.org/10.1145/3407023.3409177","url":null,"abstract":"Large botnets made up of Internet-of-Things (IoT) devices have been a steady presence in the threat landscape since 2016. Earlier research has found preliminary evidence that the IoT binaries and C&C infrastructure were only seen for very brief periods. It has not explained how attackers maintain control over their botnets. We present a more comprehensive analysis of the infrastructure of IoT botnets based on 23 months of data gathered via honeypots and the monitoring of botnet infrastructure. We collected 59,884 IoT malware samples, 35,494 download servers, and 2,747 C&C servers. We focuse on three dominant families: Bashlite, Mirai, and Tsunami. The picture that emerges is that of highly disposable botnets. IoT botnet are not so much maintained as reconstituted from scratch all the time. Not only are most binaries distributed for less than three days, the connection of bots to the rest of the botnet is also short-lived. To reach the C&C server, the binaries typically contain only a single hard-coded IP address or domain. The C&C servers themselves also have a short lifespan. Long-term dynamic analysis finds no mechanism for the attackers to migrate the bots to a new C&C server. In other words, bots are used only immediately after capture and then abandoned---perhaps to be recaptured again via the aggressive scanning practices that these botnets are known for. While IoT botnets appear less advanced than Windows-based botnets, the advantage of being disposable means that they are very resistant to blacklisting and C&C takedown. Most IP addresses are used only once and never seen again. The question that arises is how attackers source these addresses. We speculate that they might be abusing the IP address allocation practices of cloud providers.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"220 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117010717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Post-quantum MACsec key agreement for ethernet networks 以太网络的后量子MACsec密钥协议
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI: 10.1145/3407023.3409220
J. Cho, Andrew Sergeev
{"title":"Post-quantum MACsec key agreement for ethernet networks","authors":"J. Cho, Andrew Sergeev","doi":"10.1145/3407023.3409220","DOIUrl":"https://doi.org/10.1145/3407023.3409220","url":null,"abstract":"The industrial demand on MACsec in Ethernet networks is increasing substantially, in particular for 5G networks, mainly due to its efficiency paired with strong security. MKA (MACsec Key Agreement) is a companion protocol of MACsec that provides methods of authentication and cryptographic key establishment. In this paper, the MACsec and MKA protocol are analysed under a quantum attack scenario. Even though the threat of quantum computers should not be overstated, it is necessary to provide a new countermeasure that is robust against this potential, yet critical risk. Symmetric-key crypto algorithms defined in MACsec and MKA can achieve 128-bit quantum security if 256-bit keys are mandated. However, classical public-key crypto schemes are known to be vulnerable to quantum attacks so that MKA protocol needs to support post-quantum public-key crypto schemes. We implemented a McEliece-based key establishment which is the most conservative post-quantum public-key cryptosystem with a large size of key, yet feasible for MKA. For entity authentication, we implemented a XMSS hash-based signature scheme that is standardised in IETF. We verified by experiments that selected schemes fit well for a MACsec-enabled Ethernet network.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126099223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Leveraging eBPF to preserve user privacy for DNS, DoT, and DoH queries 利用eBPF保护DNS、DoT和DoH查询的用户隐私
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-01 DOI: 10.1145/3407023.3407041
Sean Rivera, V. Gurbani, S. Lagraa, Antonio Ken Iannillo, R. State
{"title":"Leveraging eBPF to preserve user privacy for DNS, DoT, and DoH queries","authors":"Sean Rivera, V. Gurbani, S. Lagraa, Antonio Ken Iannillo, R. State","doi":"10.1145/3407023.3407041","DOIUrl":"https://doi.org/10.1145/3407023.3407041","url":null,"abstract":"The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the field of DNS privacy and security in the form of the DNS over TLS (DoT) and DNS over HTTPS (DoH) protocols. The advent of these protocols and recent advancements in large-scale data processing have drastically altered the threat model for DNS privacy. Users can no longer rely on traditional methods, and must instead take active steps to ensure their privacy. In this paper, we demonstrate how the extended Berkeley Packet Filter (eBPF) can assist users in maintaining their privacy by leveraging eBPF to provide privacy across standard DNS, DoH, and DoT communications. Further, we develop a method that allows users to enforce application-specific DNS servers. Our method provides users with control over their DNS network traffic and privacy without requiring changes to their applications while adding low overhead.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124523376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
HIP 臀部
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-07-30 DOI: 10.1145/3407023.3407066
Andreas Fuchs, Dustin Kern, C. Krauß, M. Zhdanova
{"title":"HIP","authors":"Andreas Fuchs, Dustin Kern, C. Krauß, M. Zhdanova","doi":"10.1145/3407023.3407066","DOIUrl":"https://doi.org/10.1145/3407023.3407066","url":null,"abstract":"Plug-and-Charge (PnC) standards such as ISO 15118 enable Electric Vehicle (EV) authentication against Charge Points (CPs) without driver intervention. Credentials are stored in the vehicle itself making methods using RFID cards obsolete. However, credentials are generated in service provider backend systems and provisioned via the Internet and not in a secure Hardware Security Module (HSM) within the vehicle. In this paper, we propose HIP, a backwards compatible protocol extension for ISO 15118 where keys are generated and stored in a Trusted Platform Module (TPM) within the vehicle. Our implementation and evaluation show that our solution is feasible and is a viable option for future editions of ISO 15118.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"212 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114413409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
SoK 势利小人
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-07-30 DOI: 10.1145/3407023.3407062
Matěj Husák, Tomás Jirsík, S. Yang
{"title":"SoK","authors":"Matěj Husák, Tomás Jirsík, S. Yang","doi":"10.1145/3407023.3407062","DOIUrl":"https://doi.org/10.1145/3407023.3407062","url":null,"abstract":"Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116739356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
ASAINT
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-07-30 DOI: 10.1145/3407023.3407076
M. Conti, Giulio Rigoni, Flavio Toffalini
{"title":"ASAINT","authors":"M. Conti, Giulio Rigoni, Flavio Toffalini","doi":"10.1145/3407023.3407076","DOIUrl":"https://doi.org/10.1145/3407023.3407076","url":null,"abstract":"Spy app is a class of malware for mobile devices that allows an adversary to steal sensitive information. Detecting spy apps is challenging because they do not rely on classic malware techniques, for instance, they use standard services to store stolen data, and do not perform privileges escalation on the victim phone. Thus, their behavior is generally closer to the benign apps and poses new challenges for their detection. In this paper, we propose ASAINT: A Spy App Identification System based on Network Traffic. To the best of our knowledge, ASAINT is the first system capable of detecting spy apps in a network without any physical or software control of the victim mobile device. Core of our approach is a wide range of non-intrusive network detection methods designed by studying several popular spy apps. We test ASAINT on a self-collected dataset containing network traffic from both spy and benign applications, either on Android and iOS. Our result is an F1-score of 0.85 on average, that confirms the effectiveness of ASAINT. Moreover, our analysis provides a methodological classification of the exfiltration strategies used by spy apps in different operating systems. In sum, our work gives new and practical insights about the detection of modern spy apps, paving the way for future research in detecting this class of malware.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129742615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Advanced metering infrastructures: security risks and mitigation 高级计量基础设施:安全风险和缓解措施
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-07-30 DOI: 10.1145/3407023.3409312
G. Bendiab, Konstantinos-Panagiotis Grammatikakis, Ioannis Koufos, N. Kolokotronis, S. Shiaeles
{"title":"Advanced metering infrastructures: security risks and mitigation","authors":"G. Bendiab, Konstantinos-Panagiotis Grammatikakis, Ioannis Koufos, N. Kolokotronis, S. Shiaeles","doi":"10.1145/3407023.3409312","DOIUrl":"https://doi.org/10.1145/3407023.3409312","url":null,"abstract":"Energy providers are moving to the smart meter era, encouraging consumers to install, free of charge, these devices in their homes, automating consumption readings submission and making consumers life easier. However, the increased deployment of such smart devices brings a lot of security and privacy risks. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. In this context, this paper is exploring the problems of Advanced Metering Infrastructures (AMI) and proposing a novel Machine Learning (ML) Intrusion Prevention System (IPS) to get optimal decisions based on a variety of factors and graphical security models able to tackle zero-day attacks.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130294993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
A silver bullet?: a comparison of accountants and developers mental models in the raise of blockchain 银弹?: b区块链开发过程中会计人员与开发人员心理模型的比较
Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-07-30 DOI: 10.1145/3407023.3409193
Rose Esmander, P. Lafourcade, Marius Lombard-Platet, Claudia Negri Ribalta
{"title":"A silver bullet?: a comparison of accountants and developers mental models in the raise of blockchain","authors":"Rose Esmander, P. Lafourcade, Marius Lombard-Platet, Claudia Negri Ribalta","doi":"10.1145/3407023.3409193","DOIUrl":"https://doi.org/10.1145/3407023.3409193","url":null,"abstract":"This exploratory paper intends to drive preliminary insights on the different mental models accountants and blockchain developers have on the implementation of blockchain for accounting. Based on the question of whether blockchain applications for accounting could be revolutionary, this paper employs a ground theory methodology based on semi-structured interviews and concept analysis to highlight the different approaches to transparency and trust between the selected groups, the challenges of blockchain and the potential effects of this technology in accounting. Although deeper studies are needed, the conclusions highlight the socio-technical nature of accounting; the relevance and changes of the concepts of trust and transparency when marrying both disciplines; and the real relevance of this technology for the processes of auditing and accounting.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116353604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信