发布求助
文献互助 智能选刊 最新文献

2016 11th International Conference on Availability, Reliability and Security (ARES)最新文献

筛选
英文 中文
Cyber Security Incident Management in the Aviation Domain 航空领域的网络安全事件管理
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.41
M. Jaatun, R. Koelle
{"title":"Cyber Security Incident Management in the Aviation Domain","authors":"M. Jaatun, R. Koelle","doi":"10.1109/ARES.2016.41","DOIUrl":"https://doi.org/10.1109/ARES.2016.41","url":null,"abstract":"Cyber Security Incident Management is an emerging paradigm and capability within the aviation domain. To date, limited research has addressed the requirements and developed tangible solutions for the deployment of such a capability. This paper leverages good practice and experiences from other critical infrastructure settings in order to sketch a recommendation for cyber incident response management for the aviation domain.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129347987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Detecting Packed Executable File: Supervised or Anomaly Detection Method? 检测打包的可执行文件:监督检测还是异常检测?
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.18
N. Hubballi, Himanshu Dogra
{"title":"Detecting Packed Executable File: Supervised or Anomaly Detection Method?","authors":"N. Hubballi, Himanshu Dogra","doi":"10.1109/ARES.2016.18","DOIUrl":"https://doi.org/10.1109/ARES.2016.18","url":null,"abstract":"Executable packing is an evasion technique used to propagate malware in the wild. Packing uses compression and/or encryption to thwart static analysis. There are universal unpackers available which can extract original binary from any type of packer, however they are computationally expensive as they are based on dynamic analysis which requires malware execution. A possible approach is to use machine learning techniques for classifying whether an executable is packed or not packed. Although supervised machine learning methods are good at learning packer specific features, these require collecting data from each packer and extracting features specific to it which may not be feasible practically. In this paper we propose a semi-supervised technique and an anomaly based detection method to identify packed executable files. We measure the distance between representative generated from a packed and non-packed binary training data and estimate the class based on its nearest distance in semi-supervised method. In anomaly detection we generate a representative cluster from known non-packed samples and find the radius of cluster and compare the distance of a test executable with that of radius to decide either it as normal or packed one. We experiment with few distance measures and report detection performance of these methods on two datasets.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126982835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Security Testing with Controller-Pilot Data Link Communications 控制器导频数据链路通信的安全性测试
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.104
Doris di Marco, Alessandro Manzo, M. Ivaldi, J. Hird
{"title":"Security Testing with Controller-Pilot Data Link Communications","authors":"Doris di Marco, Alessandro Manzo, M. Ivaldi, J. Hird","doi":"10.1109/ARES.2016.104","DOIUrl":"https://doi.org/10.1109/ARES.2016.104","url":null,"abstract":"A security testing method and a supporting toolset were developed to evaluate the robustness of communication protocols, application end-points and other system components. Using a packet injection and manipulation test case it was demonstrated that, due to weaknesses in authentication mechanisms, the CPDLC protocol is subject to threats affecting data integrity. In order to mitigate the risks, recommendations are made for a holistic approach to implementing security controls at the Network, System, Application, Procedural, and Physical levels.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123825435","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
The Case for RAID 4: Cloud-RAID Integration with Local Storage RAID 4的案例:云RAID与本地存储的集成
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.100
Christopher Hansen, J. Archibald
{"title":"The Case for RAID 4: Cloud-RAID Integration with Local Storage","authors":"Christopher Hansen, J. Archibald","doi":"10.1109/ARES.2016.100","DOIUrl":"https://doi.org/10.1109/ARES.2016.100","url":null,"abstract":"The proliferation of the Internet of Things (IoT) requires innovative solutions for all aspects of computing, including storage. The small footprint of IoT devices limits their capacity for local reliable storage. A solution is presented which combines local and cloud storage in a RAID-like (Redundant Array of Independent Disks) configuration, increasing the amount of storage, access speed, and/or data reliability and availability for systems which implement the discussed configurations. Previously, cloud-RAID, where data is distributed across multiple cloud storage providers, has been proposed and implemented. However, the current architectures place an emphasis on RAID 0, and other levels of RAID with their application to cloud storage have not been thoroughly explored. A novel architecture for local+cloud-RAID storage is presented, and benefits provided by the architecture in the areas of availability, reliability, and security are discussed. An effort to quantify the reliability of various configurations of RAID, cloud-RAID, and hybrid local+cloud-RAID levels will be made. While RAID 4 has been widely regarded as obsolete and supplanted by RAID 5, we argue that RAID 4 can be useful in a local+cloud-RAID configuration. A new RAID level based on RAID 4, with the addition of a second dedicated parity drive, is proposed, and is deemed RAID 4.5. We conclude that cloud storage, from the perspectives of availability, reliability, security, and performance, is beneficial to include in various RAID configurations which include local drives.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121309875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Agile Team Members Perceptions on Non-functional Testing: Influencing Factors from an Empirical Study 敏捷团队成员对非功能测试的看法:来自实证研究的影响因素
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.98
C. Camacho, S. Marczak, D. Cruzes
{"title":"Agile Team Members Perceptions on Non-functional Testing: Influencing Factors from an Empirical Study","authors":"C. Camacho, S. Marczak, D. Cruzes","doi":"10.1109/ARES.2016.98","DOIUrl":"https://doi.org/10.1109/ARES.2016.98","url":null,"abstract":"Non-functional requirements define the overall qualities or attributes of a system. Although important, they are often neglected for many reasons, such as pressure of time and budget. In agile software development, there is a focus on the feature implementation and delivery of value to the customer and, as such, non-functional aspects of a system should also be of attention. Non-functional requirements testing is challenging due its cross-functional aspects and lack of clarity of their needs by business in the most part of projects. The goal of this paper is to empirically investigate how do agile team members handle non-functional testing in their projects, aiming to identify preliminary factors influencing the testing of non-functional requirements, specifically performance and security in agile development. We conducted interviews with twenty IT professionals in large multinational company. As result we could identify seven main factors influencing non-functional testing and four main practices adopted by them to overcome the challenges faced. We aim to replicate our investigation in a larger scale. Meanwhile, our work provides initial contributions to practitioners and inspires our future research.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"33 7-8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116470851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
k-Times Full Traceable Ring Signature k倍全可追踪环签名
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.37
Xavier Bultel, P. Lafourcade
{"title":"k-Times Full Traceable Ring Signature","authors":"Xavier Bultel, P. Lafourcade","doi":"10.1109/ARES.2016.37","DOIUrl":"https://doi.org/10.1109/ARES.2016.37","url":null,"abstract":"Ring and group signatures allow their members to anonymously sign documents in the name of the group. In ring signatures, members manage the group themselves in an ad-hoc manner while in group signatures, a manager is required. Moreover, k-times traceable group and ring signatures [1] allow anyone to publicly trace two signatures from a same user if he exceeds the a priori authorized number of signatures. In [2], Canard et al. give a 1-time traceable ring signature where each member can only generate one anonymous signature. Hence, it is possible to trace any two signatures from the same user. Some other works generalize it to the k-times case, but the traceability only concerns two signatures. In this paper, we define the notion of k-times full traceable ring signature (k-FTRS) such that all signatures produced by the same user are traceable if and only if he produces more than k signatures. We construct a k-FTRS called Ktrace. We extend existing formal security models of k-times linkable signatures to prove the security of Ktrace in the random oracle model. Our primitive k-FTRS can be used to construct a k-times veto scheme or a proxy e-voting scheme that prevents denial-of-service caused by cheating users.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134591238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Major Challenges in Structuring and Institutionalizing CERT-Communication 构建和制度化cert通信的主要挑战
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.57
O. Hellwig, G. Quirchmayr, Edith Huber, G. Goluch, Franz Vock, Bettina Pospisil
{"title":"Major Challenges in Structuring and Institutionalizing CERT-Communication","authors":"O. Hellwig, G. Quirchmayr, Edith Huber, G. Goluch, Franz Vock, Bettina Pospisil","doi":"10.1109/ARES.2016.57","DOIUrl":"https://doi.org/10.1109/ARES.2016.57","url":null,"abstract":"This paper describes an approach to the definition of requirements for CERT-Communication in a changing environment. CERTs play an outstanding role for the detection, analysis and mitigation of vulnerabilities, threats and cyber-attacks in a multistakeholder cyberspace on which society relies more and more. Furthermore CERTs are a very valuable backbone for national and regional (e.g. European Union) cyber strategies and their role is partly defined in national and European legislation. It can be difficult to bring these obligations in line with the current primarily informal communication channels of CERTs that rely on person to person trust. This paper is devoted to the question of which kind of communication requirements have to be fulfilled to best use and support the work of CERTs in this complex environment.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"191 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133515710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A Recommender-Based System for Assisting Non-technical Users in Managing Android Permissions 一个基于推荐的系统,帮助非技术用户管理Android权限
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.54
Arnaud Oglaza, R. Laborde, A. Benzekri, F. Barrère
{"title":"A Recommender-Based System for Assisting Non-technical Users in Managing Android Permissions","authors":"Arnaud Oglaza, R. Laborde, A. Benzekri, F. Barrère","doi":"10.1109/ARES.2016.54","DOIUrl":"https://doi.org/10.1109/ARES.2016.54","url":null,"abstract":"Today, permissions management solutions on mobile devices employ Identity Based Access Control (IBAC) models. If this approach was suitable when people had only a few games (like Snake or Tetris) installed on their mobile phones, the current situation is different. A survey from Google in 2013 showed that, on average, US users have installed 33 applications on their Android smartphones. As a result, these users must manage hundreds of permissions to protect their privacy. Scalability of IBAC is a well-known issue and many more advanced access control models have introduced abstractions to cope with this problem. However, such models are more complex to handle by non-technical users. Thus, we present a permission management system for Android devices that 1) learns users' privacy preferences, 2) proposes them abstract authorization rules, and 3) provides advanced features to manage these high-level rules. We prove this approach is more efficient than current permission management system by comparing it to Privacy Guard Manager.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131675384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps SecDevOps:这是一个营销流行语吗?-开发运维安全的映射研究
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.92
V. Mohan, L. B. Othmane
{"title":"SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps","authors":"V. Mohan, L. B. Othmane","doi":"10.1109/ARES.2016.92","DOIUrl":"https://doi.org/10.1109/ARES.2016.92","url":null,"abstract":"DevOps is changing the way organizations develop and deploy applications and service customers. Many organizations want to apply DevOps, but they are concerned by the security aspects of the produced software. This has triggered the creation of the terms SecDevOps and DevSecOps. These terms refer to incorporating security practices in a DevOps environment by promoting the collaboration between the development teams, the operations teams, and the security teams. This paper surveys the literature from academia and industry to identify the main aspects of this trend. The main aspects that we found are: definition, security best practices, compliance, process automation, tools for SecDevOps, software configuration, team collaboration, availability of activity data and information secrecy. Although the number of relevant publications is low, we believe that the terms are not buzzwords, they imply important challenges that the security and software communities shall address to help organizations develop secure software while applying DevOps processes.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116831487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 76
Towards Secure Collaboration in Federated Cloud Environments 迈向联邦云环境中的安全协作
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.46
Bojan Suzic, Andreas Reiter
{"title":"Towards Secure Collaboration in Federated Cloud Environments","authors":"Bojan Suzic, Andreas Reiter","doi":"10.1109/ARES.2016.46","DOIUrl":"https://doi.org/10.1109/ARES.2016.46","url":null,"abstract":"Public administrations across Europe are actively following and adopting cloud paradigms. By establishing modern data centers and consolidating their infrastructures, many organizations already benefit from cloud computing. However, there is a growing need to further support the consolidation and sharing of resources across different public entities or corporations. The ever increasing volume of processed data and diversity of organizational interactions stress this need even further, calling for the integration on infrastructure, data and services level. This is currently hindered by strict requirements in the field of data security and privacy. In this paper, we present ongoing work enabling secure private cloud federations for public administrations, performed in the scope of the SUNFISH H2020 project. We focus on architectural components and processes that establish cross-organizational enforcement of data security policies in heterogeneous environments. Our proposal introduces proactive restriction of data flows in federated environments by integrating real-time based security policy enforcement and its post-execution conformance verification. The goal of this framework is to enable secure service integration and data exchange in cross-entity contexts by inspecting data flows and assuring their conformance with security policies, both on organizational and federation level.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124962618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信