发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference最新文献

筛选
英文 中文
Covert Channels in One-Time Passwords Based on Hash Chains 基于哈希链的一次性密码隐蔽通道
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424966
Jörg Keller, Steffen Wendzel
{"title":"Covert Channels in One-Time Passwords Based on Hash Chains","authors":"Jörg Keller, Steffen Wendzel","doi":"10.1145/3424954.3424966","DOIUrl":"https://doi.org/10.1145/3424954.3424966","url":null,"abstract":"We present a covert channel between two network devices where one authenticates itself with Lamport's one-time passwords based on a cryptographic hash function. Our channel enables plausible deniability. We also present countermeasures to detect the presence of such a covert channel, which are non-trivial because hash values are randomly looking binary strings, so that deviations are not likely to be detected.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123446376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Covert Channels in Transport Layer Security 传输层安全中的隐蔽通道
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424962
C. Heinz, W. Mazurczyk, L. Caviglione
{"title":"Covert Channels in Transport Layer Security","authors":"C. Heinz, W. Mazurczyk, L. Caviglione","doi":"10.1145/3424954.3424962","DOIUrl":"https://doi.org/10.1145/3424954.3424962","url":null,"abstract":"Network covert channels embedded within network conversations are becoming widely adopted to enforce privacy of users or bypass censorship attempts as well as by malware to remain unnoticed while exfiltrating data or coordinating an attack. As a consequence, being able to design a network covert channel or anticipate its exploitation is of paramount importance to fully assess the security of the Internet. Since prime requirements for a successful covert channel are its stealthiness and bandwidth, the popularity, availability and performances of the overt traffic flows used as the carrier play a major role. Therefore, in this paper we investigate the use of ubiquitous Transport Layer Security (TLS) to contain hidden information for implementing network covert channels. Specifically, we review seven methods targeting TLS traffic and investigate the performances of three covert channels through an experimental measurement campaign. Obtained results indicate the feasibility of using TLS traffic as the carrier and also allow to derive some general indications for the development of countermeasures.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"121 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121646162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Cross-domain meta-learning for bug finding in the source codes with a small dataset 使用小数据集在源代码中查找bug的跨域元学习
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424957
Jongho Shin
{"title":"Cross-domain meta-learning for bug finding in the source codes with a small dataset","authors":"Jongho Shin","doi":"10.1145/3424954.3424957","DOIUrl":"https://doi.org/10.1145/3424954.3424957","url":null,"abstract":"In terms of application security, detecting security vulnerabilities in prior and fixing them is one of the effective ways to prevent malicious activities. However, finding security bugs is highly reliant upon human experts due to its complexity. Therefore, source code auditing, one of the ways to find bugs, costs a lot, and the quality of auditing quite varies according to the performer. There have been many attempts to make automated systems for code auditing, but they have been suffered from huge false positives and false negatives. Meanwhile, machine learning technology is advancing dramatically in recent years, and it is outperforming humans in many tasks with high accuracy. Thus there have been lots of efforts to accommodate machine learning technology for security research. Most of the time, however, it is very difficult to obtain legitimate training data, and rarer often means more lethal in security. Therefore it is not easy to build reliable machine learning systems for security defects, and we are highly relying on human experts who can learn easily by a few examples. To overcome the obstacle, this paper proposes a deep neural network model for finding security bugs, which takes advantages of the recent developments in the machine learning technology; the language model adapted sub-word tokenization and self-attention based transformer from natural language processing for source code understanding, and a meta-learning technique from computer vision to overcome lack of legitimate vulnerability samples for the deep learning model. The model is also evaluated for finding DOM-based XSS bugs which is prevalent but hard to spot with traditional detection methods. The result shows that the model outperforms the baseline by 45% in the F1 score.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134244347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Privacy-Preserving Warning Management for an Identity Leakage Warning Network 身份泄露预警网络的隐私保护预警管理
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424955
Saffija Kasem-Madani, Timo Malderle, Felix Boes, M. Meier
{"title":"Privacy-Preserving Warning Management for an Identity Leakage Warning Network","authors":"Saffija Kasem-Madani, Timo Malderle, Felix Boes, M. Meier","doi":"10.1145/3424954.3424955","DOIUrl":"https://doi.org/10.1145/3424954.3424955","url":null,"abstract":"Identity leakage is the public disclosure of user accounts that were stolen from an online service provider, e.g. email adresses and passwords. Identity leakage is an emerging threat to the security of user accounts because the number of online identities grows notably faster than the amount of used email adresses and passwords. In order to protect users against potential identity thefts after a cyber heist, a system that proactively warns the victims seems inevitable. In the design of such a system, there are technical, legal and psychological goals, e.g., the system has to fulfill the General Data Protection Regulation and users do not want to be flooded with warnings about potential identity thefts. In this paper, we propose a warning management system for online service providers that want to cooperate whilst keeping their users' data private from each other. Most importantly, victims will be informed only once if their user identity was found in an identity leak and the cooperating service providers preserve the privacy of the victims by design. Therefore, our warning system complies with the NIST recommendation.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121648493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Shadow-Heap: Preventing Heap-based Memory Corruptions by Metadata Validation Shadow-Heap:通过元数据验证防止基于堆的内存损坏
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424956
Johannes Bouché, Lukas Atkinson, Martin Kappes
{"title":"Shadow-Heap: Preventing Heap-based Memory Corruptions by Metadata Validation","authors":"Johannes Bouché, Lukas Atkinson, Martin Kappes","doi":"10.1145/3424954.3424956","DOIUrl":"https://doi.org/10.1145/3424954.3424956","url":null,"abstract":"In the past, stack smashing attacks and buffer overflows were some of the most insidious data-dependent bugs leading to malicious code execution or other unwanted behavior in the targeted application. Since reliable mitigations such as fuzzing or static code analysis are readily available, attackers have shifted towards heap-based exploitation techniques. Therefore, robust methods are required which ensure application security even in the presence of such intrusions, but existing mitigations are not yet adequate in terms of convenience, reliability, and performance overhead. We present a novel method to prevent heap corruption at runtime: by maintaining a copy of heap metadata in a shadow-heap and verifying the heap integrity upon each call to the underlying allocator we can detect most heap metadata manipulation techniques. The results demonstrate that Shadow-Heap is a practical mitigation approach, that our prototypical implementation only requires reasonable overhead due to a user-configurable performance-security tradeoff, and that existing programs can be protected without recompilation.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126281731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Raising Security Awareness on Mobile Systems through Gamification 通过游戏化提高移动系统的安全意识
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424958
Kris Heid, J. Heider, Kasra Qasempour
{"title":"Raising Security Awareness on Mobile Systems through Gamification","authors":"Kris Heid, J. Heider, Kasra Qasempour","doi":"10.1145/3424954.3424958","DOIUrl":"https://doi.org/10.1145/3424954.3424958","url":null,"abstract":"Smartphones are more and more included into our personal and business environment. A data leakage of personal data violates our privacy, leaked business data might even mean a huge financial loss. Thus, many companies provide IT-security training to their employers. Classic security workshops are often considered old-fashioned and boring. Thus, this work presents a novel, continuous mobile security training concept. This concept provides mechanism to generate game data based on automated IT-security analysis of installed apps on the user's smartphone. Thus, raising personal concern through revealing vulnerabilities of the user's own work environment. We also increase the user engagement through the identification of new game mechanisms such as multi-player and rewards through badges, levels or experience points.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121040076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Anomaly Detection in ICS based on Data-history Analysis 基于数据历史分析的ICS异常检测
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424963
Laura Hartmann, S. Wendzel
{"title":"Anomaly Detection in ICS based on Data-history Analysis","authors":"Laura Hartmann, S. Wendzel","doi":"10.1145/3424954.3424963","DOIUrl":"https://doi.org/10.1145/3424954.3424963","url":null,"abstract":"Data of industrial control systems (ICS) are increasingly subject to cyber attacks which should be detected by approaches such as anomaly detection before they can take effect. However, examples such as Stuxnet, Industroyer or Triton show that, despite all the precautions taken, it is still possible to overcome anomaly detection systems and cause damage. Similarly, damage can be made by intentional malicious and unintentional changes by employees in programming or configuration of ICS components. An example is an employee who unintentionally manipulates a machine's configuration to a higher temperature limit than it should have. The potential consequence would be that the machine overheats and breaks. The aim of the project MADISA (Machine Learning for Attack Detection Using Data of Industrial Control Systems) is to identify such anomalies in the data of ICS by examining the data-sets and creating a machine learning system (MLS) based on heuristics over meta-data, configurations and code content. For this purpose, this poster provides a structured analysis of real-world projects from a German automobile manufacturer which lead to first attributes in this unexplored approach for creating heuristics to anomaly detection of historic data in ICS.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126292599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
The role of information sensitivity in adoption of E2EE communication software 信息敏感性在E2EE通信软件采用中的作用
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424967
Luka Jelovčan, Damjan Fujs, Simon L. R. Vrhovec, Anže Mihelič
{"title":"The role of information sensitivity in adoption of E2EE communication software","authors":"Luka Jelovčan, Damjan Fujs, Simon L. R. Vrhovec, Anže Mihelič","doi":"10.1145/3424954.3424967","DOIUrl":"https://doi.org/10.1145/3424954.3424967","url":null,"abstract":"This poster reports on an exploratory study of E2EE communication software adoption factors among academics at five Slovenian universities (N = 367). The results of the study suggest that information sensitivity plays an important role in adoption of E2EE communication software. Privacy concerns and fear of government intrusions affect adoption only when information sensitivity is high. Protection motivation may not be applicable to this context as only perceived vulnerability affected adoption for high information sensitivity.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116697286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Data hiding: New opportunities for security and privacy? 数据隐藏:安全和隐私的新机遇?
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3425511
D. Megías
{"title":"Data hiding: New opportunities for security and privacy?","authors":"D. Megías","doi":"10.1145/3424954.3425511","DOIUrl":"https://doi.org/10.1145/3424954.3425511","url":null,"abstract":"Data hiding provides a collection of techniques that can be used within a wider cybersecurity or privacy framework, making it possible, for example, to protect the users' privacy in streaming or broadcasting of multimedia contents or to detect cyberattacks in IoT networks when combined with machine learning solutions. However, criminals and terrorists are also aware and these techniques and can exploit them for malicious purposes. This contribution provides an overview of the traditional data hiding applications and the current trends in this field, pointing out prospective uses of data hiding in the context of information security and privacy, but also introducing potential threats for users and the society as a whole when they are applied for evil.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123919611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
What Brings Women to Cybersecurity?: A Qualitative Study of Women's Pathways to Cybersecurity in Norway 是什么让女性投身网络安全?:挪威女性网络安全路径的定性研究
Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference Pub Date : 2020-11-18 DOI: 10.1145/3424954.3424965
H. Corneliussen
{"title":"What Brings Women to Cybersecurity?: A Qualitative Study of Women's Pathways to Cybersecurity in Norway","authors":"H. Corneliussen","doi":"10.1145/3424954.3424965","DOIUrl":"https://doi.org/10.1145/3424954.3424965","url":null,"abstract":"The proportion of women in information technology (IT) work is low, however, the growing field of cybersecurity attracts even fewer women. This paper reports from a study exploring what motivates women to enter IT in general and cybersecurity in particular, with the aim of developing strategies to recruit women to these fields. The analysis builds on in-depth interviews with 24 female students and researchers at universities, 12 in cybersecurity and 12 in other IT disciplines. There are some similarities between the two groups, like the lack of knowledge about any IT disciplines, leaving gender stereotypes to lead their images of IT. There are also differences: a wider set of interests and disciplines motivate women to choose cybersecurity. The women find it easier to identify with cybersecurity, seeing it as a field concerning \"everybody\", different from core fields of IT. IT is still an important gateway and gender stereotypes about IT are a challenge for recruiting women to IT as well as cybersecurity.","PeriodicalId":166844,"journal":{"name":"Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference","volume":"519 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123128175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信