发布求助
文献互助 智能选刊 最新文献

2016 11th International Conference on Availability, Reliability and Security (ARES)最新文献

筛选
英文 中文
Using Expert Systems to Statically Detect "Dynamic" Conflicts in XACML 使用专家系统静态检测XACML中的“动态”冲突
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.22
B. Stepien, A. Felty
{"title":"Using Expert Systems to Statically Detect \"Dynamic\" Conflicts in XACML","authors":"B. Stepien, A. Felty","doi":"10.1109/ARES.2016.22","DOIUrl":"https://doi.org/10.1109/ARES.2016.22","url":null,"abstract":"Policy specification languages such as XACML often provide mechanisms to resolve dynamic conflicts that occur when trying to determine if a request should be permitted or denied access by a policy. Examples include \"deny-overrides\" or \"first-applicable.\" Such algorithms are primitive and potentially a risk for corporate computer security. While they can be useful for resolving dynamic conflicts, they are not justified for conflicts that can be easily detected statically. It is better to find those at compile time and remove them before run time. Many different approaches have been used for static conflict detection. However, most of them do not scale well because they rely on pair-wise comparison of the access control logic of policies and rules. We propose an extension of a Prolog-based expert system approach due to Eronen and Zitting. This approach uses constraint logic programming techniques (CLP), which are well-adapted to hierarchical XACML policy logic and avoid pair-wise comparisons altogether by taking advantage of Prolog's built-in powerful indexing system. We demonstrate that expert systems can indeed detect conflicts statically, even those that are generally believed to only be detectable at run time, by inferring the values of attributes that would cause a conflict. As a result, relying on the XACML policy combining algorithms can be avoided in most cases except in federated systems. Finally we provide performance measurements for two different architectures represented in Prolog and give some analysis.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132145383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Threat from Within: Case Studies of Insiders Who Committed Information Technology Sabotage 来自内部的威胁:实施信息技术破坏的内部人员案例研究
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.78
Jason W. Clark
{"title":"Threat from Within: Case Studies of Insiders Who Committed Information Technology Sabotage","authors":"Jason W. Clark","doi":"10.1109/ARES.2016.78","DOIUrl":"https://doi.org/10.1109/ARES.2016.78","url":null,"abstract":"In this paper, we investigate insider information technology sabotage. After an analysis of over 1200 cases in our insider threat corpus, we identified 97 insider information technology sabotage cases that are found in public records. In all of our cases, the insider has pleaded guilty or was convicted in a courtroom. The majority of the cases are (United States) domestic. We begin by providing an introduction to the problem space. Next, we provide an abridged case summary for a sample of the cases. Based on all of the cases, we perform an analysis to answer the following research questions: 1) Who are the insiders that commit insider information technology sabotage? 2) What is the motivation behind the insider attacking? 3) What technical means were used to launch the attack? 4) How were the insiders caught? 5) What damage did they cause? 6) What sentence did the insider receive? Lastly, we describe our aggregated results and provide best practices to help mitigate the type of insider threat we describe.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133018613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Classification of Short Messages Initiated by Mobile Malware 手机恶意软件发起的短信分类
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.53
Marián Kühnel, Ulrike Meyer
{"title":"Classification of Short Messages Initiated by Mobile Malware","authors":"Marián Kühnel, Ulrike Meyer","doi":"10.1109/ARES.2016.53","DOIUrl":"https://doi.org/10.1109/ARES.2016.53","url":null,"abstract":"In this paper we show that supervised machine learning algorithms can reliably detect short messages initiated by mobile malware based on features derived from the content of short messages. In particular, we compare the detection capabilities of the classifiers Support Vector Machines, K-Nearest Neighbor, Decision Trees, Random Forests, and Multinomial Naive Bayes in three different evaluation scenarios. The first scenario is the standard k-fold cross validation, treating all short messages as independent from each other. In the second scenario, we evaluate, how the classifiers perform if only a certain portion of malware families are known during training. Here, we are able to show that training with only 50% of the the malware families already lead to an accuracy of over 90%. Finally, in the third scenario we evaluate the performance chronologically, i.e. the classifiers are trained with the short messages available at a certain point in time and tested on the newly arriving messages. Here, we show that classifiers can detect the majority of new short messages initiated by mobile malware even months after the training.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133751376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
The Perfect Storm: The Privacy Paradox and the Internet-of-Things 《完美风暴:隐私悖论与物联网
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.25
Meredydd Williams, Jason R. C. Nurse, S. Creese
{"title":"The Perfect Storm: The Privacy Paradox and the Internet-of-Things","authors":"Meredydd Williams, Jason R. C. Nurse, S. Creese","doi":"10.1109/ARES.2016.25","DOIUrl":"https://doi.org/10.1109/ARES.2016.25","url":null,"abstract":"Privacy is a concept found throughout human history and opinion polls suggest that the public value this principle. However, while many individuals claim to care about privacy, they are often perceived to express behaviour to the contrary. This phenomenon is known as the Privacy Paradox and its existence has been validated through numerous psychological, economic and computer science studies. Several contributory factors have been suggested including user interface design, risk salience, social norms and default configurations. We posit that the further proliferation of the Internet-of-Things (IoT) will aggravate many of these factors, posing even greater risks to individuals' privacy. This paper explores the evolution of both the paradox and the IoT, discusses how privacy risk might alter over the coming years, and suggests further research required to address a reasonable balance. We believe both technological and socio-technical measures are necessary to ensure privacy is protected in a world of ubiquitous technology.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132345680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
A Security Game Model for Remote Software Protection 远程软件保护的安全博弈模型
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.96
Nicola Basilico, A. Lanzi, Mattia Monga
{"title":"A Security Game Model for Remote Software Protection","authors":"Nicola Basilico, A. Lanzi, Mattia Monga","doi":"10.1109/ARES.2016.96","DOIUrl":"https://doi.org/10.1109/ARES.2016.96","url":null,"abstract":"When a piece of software is loaded on an untrusted machine it can be analyzed by an attacker who could discover any secret information hidden in the code. Software protection by continuously updating the components deployed in an untrusted environment forces a malicious user to restart her or his analyses, thus reducing the time window in which the attack is feasible. In this setting, both the attacker and the defender need to know how to direct their(necessarily limited) efforts. In this paper, we analyze the problem from a game theoretical perspective in order to devise a rational strategy to decide when and which orthogonal updates have to be scheduled in order to minimize the security risks of tampering. We formalize the problem of protecting a set of software modules and we cast it as a game. Since the update strategy is observable by the attacker, we show that the Leader-Follower equilibrium is the proper solution concept for such a game and we describe the basic method to compute it.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130488384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Recognizing Time-Efficiently Local Botnet Infections - A Case Study 识别时间效率本地僵尸网络感染-一个案例研究
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.16
Tanja Heuer, Ina Schiering, F. Klawonn, Alexander Gabel, Martin Seeger
{"title":"Recognizing Time-Efficiently Local Botnet Infections - A Case Study","authors":"Tanja Heuer, Ina Schiering, F. Klawonn, Alexander Gabel, Martin Seeger","doi":"10.1109/ARES.2016.16","DOIUrl":"https://doi.org/10.1109/ARES.2016.16","url":null,"abstract":"The domain name system (DNS) is often abused by criminals as resilient infrastructure for their network architecture. Examples for malicious activities based on these networks comprise e.g. phishing, click fraud, spam, command and control structure of botnets. Most of the proposed detection methods rely on machine learning based on complex feature sets which require a considerable computational power. This paper investigates the approach of passively monitoring and analyzing DNS traffic in a time efficient manner based on machine learning on a reduced and robust feature set. For the evaluation the full DNS data stream of a regional ISP is used. To enhance the amount of traffic that can be labeled for the training process and reduce the number of false negatives in the case study, this is combined with a semi-manual labeling approach which addresses domains created by Domain-Generation-Algorithms (DGAs). That allows also medium sized, regional service providers to train classifiers with typical DNS traffic and to deploy systems based on the approach proposed here, in the network of organizations as an alternative to cloud services. The evaluation shows that this approach is feasible and prototypes are already deployed. Hence this approach can serve as an important aspect of the internal risk management of organizations.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130666414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
On Analyzing Program Behavior under Fault Injection Attacks 故障注入攻击下程序行为分析
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.4
J. Breier
{"title":"On Analyzing Program Behavior under Fault Injection Attacks","authors":"J. Breier","doi":"10.1109/ARES.2016.4","DOIUrl":"https://doi.org/10.1109/ARES.2016.4","url":null,"abstract":"Fault attacks pose a serious threat to cryptographic algorithm implementations. It is a non-trivial task to design a code that minimizes the risk of exploiting the incorrect output that was produced by inducing faults in the algorithm execution process. In this paper we propose a design of an instruction set simulator capable of analyzing the code behavior under fault attack conditions. Our simulator is easy to use and provides a valuable insights for the designers that could help to harden the code they implement.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133991395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Access Control and Data Separation Metrics in Cloud Infrastructures 云基础设施中的访问控制和数据分离度量
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.9
Bernd Jäger, Reiner Kraft, Sebastian Luhn, Ann Selzer, Ulrich Waldmann
{"title":"Access Control and Data Separation Metrics in Cloud Infrastructures","authors":"Bernd Jäger, Reiner Kraft, Sebastian Luhn, Ann Selzer, Ulrich Waldmann","doi":"10.1109/ARES.2016.9","DOIUrl":"https://doi.org/10.1109/ARES.2016.9","url":null,"abstract":"An automatically controlled and analyzed privacy level in cloud environments would probably help to allay or at least reduce privacy concerns of prospective clients, in particular if the clients themselves can check the compliance with a required privacy level during regular data processing. However, for each intended control firstly an appropriate set of data sources has to be determined carefully, then the results have to be combined to useful metrics, so that the measurements results approximate specific privacy objectives. This paper proposes appropriate data sources and a partly automatic approach to collect measurement data for controls of separate data processing and access control for clients of cloud infrastructure services (IaaS).","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121840910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Security Risk Assessment and Risk Treatment for Integrated Modular Communication 集成模块化通信的安全风险评估与风险处理
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.6
H. Asgari, Sarah Haines, A. Waller
{"title":"Security Risk Assessment and Risk Treatment for Integrated Modular Communication","authors":"H. Asgari, Sarah Haines, A. Waller","doi":"10.1109/ARES.2016.6","DOIUrl":"https://doi.org/10.1109/ARES.2016.6","url":null,"abstract":"Integrated Modular Communication (IMC) is an on-board platform to provide secure and reliable aircraft communications for a diverse set of applications. IMC is viewed as an important part of the future Air Traffic Management (ATM) infrastructure. Integrating communication links and combining diverse applications in a single platform (IMC) do come with some risks to the ATM communications that could potentially increase vulnerabilities and make the system more prone to security attacks. There are several types of attacks on network communications such as disrupting or blocking communication, intercepting, injecting fabricated packets, accessing and modifying the information. In this study, the Security Risk Assessment Methodology (SecRAM) is applied to IMC for identifying runtime threats, assessing the risks involved, and defining measures to mitigate them. The risk assessment is performed to evaluate the impact and likelihood of occurrence of attacks relevant to the identified threats and the resulting risk levels. Consequently, specific mitigation measures as IMC's security controls are proposed to provide cyber resiliency for the IMC. The IMC security controls will be validated in an emulated testbed environment in the GAMMA project.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123529593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Model-Based Approach for Aviation Cyber Security Risk Assessment 基于模型的航空网络安全风险评估方法
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.63
T. Kiesling, Matias Krempel, J. Niederl, J. Ziegler
{"title":"A Model-Based Approach for Aviation Cyber Security Risk Assessment","authors":"T. Kiesling, Matias Krempel, J. Niederl, J. Ziegler","doi":"10.1109/ARES.2016.63","DOIUrl":"https://doi.org/10.1109/ARES.2016.63","url":null,"abstract":"The air transport infrastructure is an attractive target for cyber attacks due to its importance and prominence. The current system is already vulnerable and the advent of more automation and pervasion of standard IT in the future leads to ever more complex and interconnected systems with an increasing attack surface. To cope with this situation, we need suitable methods and tools to achieve understanding of the consequences in potential cyber threat situations. We propose a model-based approach for aviation cyber security risk assessment in support of holistic understanding of threats and risk in complex interconnected systems. We introduce our modeling approach and show how computer-based reasoning can be used for threat and risk analysis based on these models. This paper presents the promising results of initial research. Substantial effort is still needed to mature the approach. We expect major challenges to be of an organizational rather than technical nature.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124379470","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信