发布求助
文献互助 智能选刊 最新文献

2020 16th European Dependable Computing Conference (EDCC)最新文献

筛选
英文 中文
Effect of Coding Styles in Detection of Web Application Vulnerabilities 编码风格在Web应用漏洞检测中的作用
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00027
Ibéria Medeiros, N. Neves
{"title":"Effect of Coding Styles in Detection of Web Application Vulnerabilities","authors":"Ibéria Medeiros, N. Neves","doi":"10.1109/EDCC51268.2020.00027","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00027","url":null,"abstract":"Web application security has become paramount for the organisation's operation, and therefore, static analysis tools (SAT) for vulnerability detection have been widely researched in the last years. Nevertheless, SATs often generate errors (false positives & negatives), whose cause is recurrently associated with very diverse coding styles, i.e., similar functionality is implemented in distinct manners, and programming practices that create ambiguity, such as the reuse and share of variables. The paper presents an analysis of SAT's behaviour and results when they process various relevant web applications coded with different coding styles. Furthermore, it discusses if the SQL injection vulnerabilities detected by SATs as true positives are really exploitable. Our results demonstrate that SATs are built having in mind how to detect specific vulnerabilities, without considering such forms of programming. They call to action for a new generation of SATs that are highly malleable to be capable of processing the codes observed in the wild.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128877323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Smart Building Risk Assessment Case Study: Challenges, Deficiencies and Recommendations 智能建筑风险评估案例研究:挑战、不足和建议
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00019
John C. Mace, R. Czekster, C. Morisset, C. Maple
{"title":"Smart Building Risk Assessment Case Study: Challenges, Deficiencies and Recommendations","authors":"John C. Mace, R. Czekster, C. Morisset, C. Maple","doi":"10.1109/EDCC51268.2020.00019","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00019","url":null,"abstract":"Inter-networked control systems make smart buildings increasingly efficient but can lead to severe operational disruptions and infrastructure damage. It is vital the security state of smart buildings is properly assessed so that thorough and cost effective risk management can be established. This paper uniquely reports on an actual risk assessment performed in 2018 on one of the world's most densely monitored, state-of-the-art, smart buildings. From our observations, we suggest that current practice may be inadequate due to a number of challenges and deficiencies, including the lack of a recognised smart building risk assessment methodology. As a result, the security posture of many smart buildings may not be as robust as their risk assessments suggest. Crucially, we highlight a number of key recommendations for a more comprehensive risk assessment process for smart buildings. As a whole, we believe this practical experience report will be of interest to a range of smart building stakeholders.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125111804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Improving Robustness-Aware Design Space Exploration for FPGA-Based Systems 基于fpga系统的鲁棒性感知设计空间探索改进
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00011
I. Tuzov, D. Andrés, J. Ruiz
{"title":"Improving Robustness-Aware Design Space Exploration for FPGA-Based Systems","authors":"I. Tuzov, D. Andrés, J. Ruiz","doi":"10.1109/EDCC51268.2020.00011","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00011","url":null,"abstract":"Thanks to their dynamic reconfiguration capabilities, FPGAs are used in application domains ranging from embedded systems to high performance computing. Nevertheless, as FPGAs usually rely on SRAM memories to keep their current configuration, they are highly sensitive to radiation. The robustness of FPGA-based implementations can be improved by tuning the configuration parameters of selected IP cores or EDA tools. As many different parameters can usually be set at several configuration levels, this constitutes a huge design space to be explored. Accordingly, not only suitable techniques are required to sample as many different configurations as possible, but also novel fault injection approaches are necessary to reduce the number of faults to be injected and speed up as much as possible the experimentation as a whole. To accomplish this goal, this paper integrates state of the art FPGA-based approaches to speed up the execution of individual fault injection experiments with a novel proposal that minimises the number of fault injection experiments required to successfully explore the design space with robustness in mind and following a genetic algorithm. This approach is exemplified by tuning the Vivado Design Suite to optimize the robustness and clock frequency of MC8051, AVR, and Microblaze soft-core processors.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131163945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Data-Driven Cross-Layer Fault Management Architecture for Sensor Networks 传感器网络数据驱动的跨层故障管理体系结构
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00015
Lauri Vihman, M. Kruusmaa, J. Raik
{"title":"Data-Driven Cross-Layer Fault Management Architecture for Sensor Networks","authors":"Lauri Vihman, M. Kruusmaa, J. Raik","doi":"10.1109/EDCC51268.2020.00015","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00015","url":null,"abstract":"The paper proposes a data-driven cross-layer resilient architecture for sensor networks. The novelty of the approach lies in combining fault detection across data and network layers into a coordinated system health management architecture.The implemented fault detection is entirely data-driven: data are collected exclusively by the functional sensors that are part of the system. Thus, there is no need for additional hardware resources.The data layers considered include the raw sensor data layer, the processed data layer and the data aggregation layer. The proposed cross-layer fault management architecture utilizes a hierarchical health-map structure for fault detection and data aggregation. A practical case study of an underwater sensor network for harbor water flow monitoring application based on the proposed architecture is presented. Synthetic experiments with real data demonstrate the effectiveness of the approach in fault detection and diagnosis. The experiments show that the data-driven cross-layer fault management allows improving the sensor group measurement accuracy by 35% in case of single sensor errors and nearly twofold in case of double sensor errors. The paper also presents examples of system health-map aggregation and fault diagnosis based on faults manifesting at the different layers for real incidents occurring in the field.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"5 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114133570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Atomic Appends in Asynchronous Byzantine Distributed Ledgers 异步拜占庭分布式账本中的原子追加
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00022
V. Cholvi, Antonio Fernández, Chryssis Georgiou, N. Nicolaou, M. Raynal
{"title":"Atomic Appends in Asynchronous Byzantine Distributed Ledgers","authors":"V. Cholvi, Antonio Fernández, Chryssis Georgiou, N. Nicolaou, M. Raynal","doi":"10.1109/EDCC51268.2020.00022","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00022","url":null,"abstract":"A Distributed Ledger Object (DLO) is a concurrent object that maintains a totally ordered sequence of records, and supports two operations:APPEND, which appends a record at the end of the sequence, andGET, which returns the whole sequence of records. The work presented in this article is made up of two main contributions.The first contribution is a formalization of aByzantine-tolerantDistributed Ledger Object(BDLO), which is a DLO in which clients and servers processes may deviate arbitrarily from their intended behavior (i.e. they may be Byzantine). The proposed formal definition is accompanied by algorithms that implementBDLOs on top of an underlying Byzantine Atomic Broadcast service.The second contribution is a suite of algorithms, based on the previous BDLO implementations, that solve the Atomic Appends problem in the presence of asynchrony, Byzantine clients and Byzantine servers. This problem occurs when clients have a composite record (set of basic records) to append to different BDLOs, in such a way that either each basic record is appended to its BDLO (and this must occur in good circumstances),or no basic record is appended. Distributed algorithms are presented, which solve the Atomic Appends problem when the clients (involved in theAtomic Appends) and the servers (which maintain the BDLOs) may be Byzantine.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130609945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
SafeOps: A Concept of Continuous Safety 安全操作:持续安全的概念
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00020
Camille Fayollas, H. Bonnin, Olivier Flébus
{"title":"SafeOps: A Concept of Continuous Safety","authors":"Camille Fayollas, H. Bonnin, Olivier Flébus","doi":"10.1109/EDCC51268.2020.00020","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00020","url":null,"abstract":"Improved safety is one of the key benefits expected from autonomous vehicles. This can only be achieved if the autonomous vehicles are guaranteed to be safe enough. This paper proposes a potential approach contributing to this safety improvement: it describes and investigates \"SafeOps\", a concept of \"continuous safety\", based on the DevOps approach, unifying development and operations. DevOps consists in a set of practices intended to reduce the time between committing a change to a system and the change being deployed into production, while ensuring high quality. DevOps benefits to system development and delivery by enabling software continuous delivery, faster changes management with faster issues resolution, and improved reliability. SafeOps key principle is to monitor the system in operation and to use this information for validating and certifying a certain safety assurance level. Following this approach, a system could be compliant to a first safety assurance level when it's first delivered and compliant to higher ones when validated in operation.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"344 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124253494","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Developing Complex Safety Critical Systems in Complex Supply Chains 在复杂供应链中开发复杂安全关键系统
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00024
C. Temple
{"title":"Developing Complex Safety Critical Systems in Complex Supply Chains","authors":"C. Temple","doi":"10.1109/EDCC51268.2020.00024","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00024","url":null,"abstract":"The emergence of high performance high complexity automotive systems for autonomous driving involves introducing complex supply chains to the system design and managing them in a structured way. Based on current estimates a fully autonomous car could require up to 1 billion lines of code with a code base involving dozens of suppliers. This paper identifies and discusses the complexities involved when such a complex safety critical system is designed using a high number of interacting safety elements that have been designed out of context of the target system by a multitude of suppliers. The paper details the complexities of the integration task. It argues in favour of introducing additional error containment boundaries and safety mechanisms to help manage the integration complexity.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"1219 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114052005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Availability Model for DSS and OLTP Applications in Virtualized Environments 虚拟环境中DSS和OLTP应用的可用性模型
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00023
Matheus Torquato, Charles F. Gonçalves, M. Vieira
{"title":"An Availability Model for DSS and OLTP Applications in Virtualized Environments","authors":"Matheus Torquato, Charles F. Gonçalves, M. Vieira","doi":"10.1109/EDCC51268.2020.00023","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00023","url":null,"abstract":"Decision support systems (DSS) and online transaction processing applications (OLTP) are crucial for several organizations and frequently require high levels of availability. Many organizations moved their systems to the virtualized environment aiming at improving system availability. Despite the flexibility and manageability features provided by virtualization, a question arises on what policies to apply in order to achieve high availability. Usual approaches highlight redundancy as a strategy for high availability. Still, a concern persists on what components we should consider for redundancy. This paper proposes a hierarchical availability model for evaluating different redundancy allocations for DSS and OLTP systems in virtualized environments. We present three case studies investigating only-Virtual Machine (VM) redundancy and physical machine redundancy strategies. The results provide an overview of the availability impact due to each strategy. We noticed that the physical machine failure rate limits the maximum availability obtained from only-VM redundancy. We exercise our model with a genetic algorithm to find alternatives for high availability. The presented models and results may bring insights when designing availability policies.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"174 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122050364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CINNAMON: A Module for AUTOSAR Secure Onboard Communication 肉桂:AUTOSAR安全机载通信模块
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00026
G. Bella, Pietro Biondi, Gianpiero Costantino, I. Matteucci
{"title":"CINNAMON: A Module for AUTOSAR Secure Onboard Communication","authors":"G. Bella, Pietro Biondi, Gianpiero Costantino, I. Matteucci","doi":"10.1109/EDCC51268.2020.00026","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00026","url":null,"abstract":"This paper introduces CINNAMON, a software module that extends and seamlessly integrates with the AUTOSAR \"Secure Onboard Communication\" (SecOC) module to also account for confidentiality of data in transit. It stands for Confidential, INtegral aNd Authentic on board coMunicatiON (CINNAMON). It takes a resource-efficient and practical approach to ensure, at the same time, confidentiality, integrity and authenticity of frames. The main new requirement that CINNAMON puts forward is the use of encryption and thus, as a result, CINNAMON exceeds SecOC against information gathering attacks. This paper sets forth the essential requirements and specification of the new module by detailing where and how to position it within AUTOSAR and by emphasizing the relevant upgrades with respect to SecOC. The presentation continues with the definition of a Security Profile and a summary of a prototype implementation of ours. While CINNAMON is easily extensible, for example through the definition of additional profiles, the current performances obtained on inexpensive boards support the claim that the approach is feasible.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"38 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126959688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
SINADRA: Towards a Framework for Assurable Situation-Aware Dynamic Risk Assessment of Autonomous Vehicles SINADRA:为自动驾驶汽车建立可靠的态势感知动态风险评估框架
2020 16th European Dependable Computing Conference (EDCC) Pub Date : 2020-09-01 DOI: 10.1109/EDCC51268.2020.00017
Jan Reich, M. Trapp
{"title":"SINADRA: Towards a Framework for Assurable Situation-Aware Dynamic Risk Assessment of Autonomous Vehicles","authors":"Jan Reich, M. Trapp","doi":"10.1109/EDCC51268.2020.00017","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00017","url":null,"abstract":"Assuring an adequate level of safety is the key challenge for the approval of autonomous vehicles (AV). The full performance potential of AV cannot be exploited at present because traditional assurance methods at design time are based on a risk assessment involving worst-case assumptions about the operating environment. Dynamic Risk Assessment (DRA) is a novel technique that shifts this activity to runtime and enables the system itself to assess the risk of the current situation. However, existing DRA approaches neither consider environmental knowledge for risk assessments, as humans do, nor are they based on systematic design-time assurance methods. To overcome these issues, in this paper we introduce the model-based SINADRA framework for situation-aware dynamic risk assessment. It aims at the systematic synthesis of probabilistic runtime risk monitors employing tactical situational knowledge to imitate human risk reasoning with uncertain knowledge. To that end, a Bayesian network synthesis and assurance process is outlined for DRA in different operational design domains and integrated into an adaptive safety management architecture. The SINADRA monitor intends to provide an information basis at runtime to optimally balance residual risk and driving performance, in particular in non-worst-case situations.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125832834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信