发布求助
文献互助 智能选刊 最新文献

2016 11th International Conference on Availability, Reliability and Security (ARES)最新文献

筛选
英文 中文
V-DIFT: Vector-Based Dynamic Information Flow Tracking with Application to Locating Cryptographic Keys for Reverse Engineering V-DIFT:基于矢量的动态信息流跟踪及其在逆向工程密钥定位中的应用
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.97
Antonio M. Espinoza, Jeffrey Knockel, Pedro Comesaña Alfaro, Jedidiah R. Crandall
{"title":"V-DIFT: Vector-Based Dynamic Information Flow Tracking with Application to Locating Cryptographic Keys for Reverse Engineering","authors":"Antonio M. Espinoza, Jeffrey Knockel, Pedro Comesaña Alfaro, Jedidiah R. Crandall","doi":"10.1109/ARES.2016.97","DOIUrl":"https://doi.org/10.1109/ARES.2016.97","url":null,"abstract":"Dynamic Information Flow Tracking (DIFT) is a technique for tracking information as it flows through a program's execution. DIFT systems track information by tainting data and propagating the taint marks throughout execution. These systems are designed to have minimal overhead and thus often miss indirect flows. If indirect flows were propagated naively overtainting would result, whereas propagating them effectively causes overhead. We describe the design and evaluation of a system intended for offline analysis, such as reverse engineering, that can track information through indirect flows. Our system, V-DIFT, uses a vector of floating point values for each taint mark. The use of vectors enables us to track a taint's provenance and handle indirect flows, trading off some performance for these abilities. These indirect flows via control and address dependencies are thought to be critical to tracking information flow of cryptographic programs. Therefore we tested V-DIFT's effectiveness by automatically locating keys in simple programs that use a variety of symmetric cryptographic algorithms found in three common libraries. This application does not require that the program run in real time, just that it be much faster than a manual approach. Our V-DIFT implementation tests average 3.6 seconds, and with the right parameters can identify memory locations that contain keys for 24 out of 27 algorithms tested. Our results show that many cryptographic algorithm implementations' address and/or control dependencies must be tracked for DIFT to be effective.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128883761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Your Cloud in My Company: Modern Rights Management Services Revisited 你的云在我的公司:重新审视现代版权管理服务
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.69
M. Grothe, Christian Mainka, Paul Rösler, Johanna Jupke, Jan Kaiser, Jörg Schwenk
{"title":"Your Cloud in My Company: Modern Rights Management Services Revisited","authors":"M. Grothe, Christian Mainka, Paul Rösler, Johanna Jupke, Jan Kaiser, Jörg Schwenk","doi":"10.1109/ARES.2016.69","DOIUrl":"https://doi.org/10.1109/ARES.2016.69","url":null,"abstract":"We provide a security analysis of modern Enterprise Rights Management (ERM) solutions and reveal security threats. We first take a look on Microsoft Azure, and discuss severe attack surfaces that companies enabling Azure in their own trusted infrastructure have to take care of. In addition, we analyze Tresorit, one of the most frequently used End-to-End encrypted cloud storage systems. Tresorit can use Azure and its Rights Management Services (RMS) module as an additional security layer: a user should be able to either trust Tresorit or Azure. Our systematic evaluation reveals a serious breach to their security architecture: we show that the whole security of Tresorit RMS relies on Tresorit being trusted, independent of trusting Azure.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130603404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Computational, Communicative, and Legal Conditions for Using Social Media in Disaster Management in Germany 德国在灾害管理中使用社交媒体的计算、交流和法律条件
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.68
S. Gründer-Fahrer, C. Berger, A. Schlaf, Gerhard Heyer
{"title":"Computational, Communicative, and Legal Conditions for Using Social Media in Disaster Management in Germany","authors":"S. Gründer-Fahrer, C. Berger, A. Schlaf, Gerhard Heyer","doi":"10.1109/ARES.2016.68","DOIUrl":"https://doi.org/10.1109/ARES.2016.68","url":null,"abstract":"During the flood in 2013 in Germany and Austria, the engagement of volunteers was the highest ever known. Notably, these volunteers organized themselves mainly via social media and without being motivated or guided by professional management. The present paper wants to provide input and positive impulse for current discussions among the public authorities how to become more present in social networks and take benefit of their strength. By means of a corpus-based case study of German Facebook and Twitter messages during the flood in 2013, we show and analyze the real potential of social media for disaster management and reveal some of their communicative characteristics. At the same time, we discuss two of the main challenges, namely information overload and legal issues. Regarding the problem of information overload the paper shows by case of an example from state-of-the-art automatic language processing (topic model analysis), that today it is possible to establish the technical basis required to get efficient and flexible computer-based access to information in social media. With respect to the legal conditions of social media use in disaster management, paper is to give a concise overview of the current legal situation using Saxony as an example, to identify open problems and to present proposals for their potential solution.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"314 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132155727","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
The Slandail Monitor: Real-Time Processing and Visualisation of Social Media Data for Emergency Management 丑闻监视器:用于应急管理的社交媒体数据的实时处理和可视化
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.81
Xiubo Zhang, Stephen Kelly, K. Ahmad
{"title":"The Slandail Monitor: Real-Time Processing and Visualisation of Social Media Data for Emergency Management","authors":"Xiubo Zhang, Stephen Kelly, K. Ahmad","doi":"10.1109/ARES.2016.81","DOIUrl":"https://doi.org/10.1109/ARES.2016.81","url":null,"abstract":"The use of social media platforms has grown dramatically in recent times. Combined with the rise of mobile computing, users are now more connected and spend more of their time online. Social media has been used during emergency events where the public and authorities have used it as a form of communication and to receive information. Due to this, emergency managers and first responders can use this information to increase their awareness about an on-going crisis and aid decision making. The challenge here lies in processing this deluge of information and filtering it for insights that are useful for this purpose. This paper presents the Slandail Monitor, a system for harvesting and filtering a social media stream for emergency related social media data. Spatial and temporal data attached to each message are used with the analysed content of each message to summarise on-going emergency events as reported on social media. This information is combined with a visualisation component to allow a user to quickly assess an event by location, time, and by topic. Issues about ethical data harvesting and privacy are also addressed by the system in a computational way by logging potentially sensitive information in the intrusion index.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121454567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Social Analytics in an Enterprise Context: From Manufacturing to Software Development 企业环境中的社会分析:从制造业到软件开发
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.99
Evangelos Arvanitakis, Michael Petychakis, Evmorfia Biliri, Ariadni Michalitsi-Psarrou, Panagiotis Kokkinakos, Fenareti Lampathaki, D. Askounis
{"title":"Social Analytics in an Enterprise Context: From Manufacturing to Software Development","authors":"Evangelos Arvanitakis, Michael Petychakis, Evmorfia Biliri, Ariadni Michalitsi-Psarrou, Panagiotis Kokkinakos, Fenareti Lampathaki, D. Askounis","doi":"10.1109/ARES.2016.99","DOIUrl":"https://doi.org/10.1109/ARES.2016.99","url":null,"abstract":"Although customers become more and more vocal in expressing their experiences, demands and needs in various social networks, companies of any size typically fail to effectively gain insights from such social data and to eventually catch the market realm. This paper introduces the Anlzer analytics engine that aims at leveraging the \"social\" data deluge to help companies in their quest for deeper understanding of their products' perceptions as well as of the emerging trends in order to early embed them into their product design phase. The proposed approach brings together polarity detection and trend analysis techniques as presented in the architecture and demonstrated through a simple walkthrough in the Anlzer solution. The Anlzer implementation is by design domain-independent and is being tested in the furniture domain at the moment, yet it brings significant added value to software design and development, as well, through its experimentation playground that may provide indirect feedback on future software features while monitoring the reactions to existing releases.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116549988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
POTR: Practical On-the-Fly Rejection of Injected and Replayed 802.15.4 Frames 波特:实际的实时拒绝注入和重放802.15.4帧
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.7
Konrad-Felix Krentz, C. Meinel, Maxim Schnjakin
{"title":"POTR: Practical On-the-Fly Rejection of Injected and Replayed 802.15.4 Frames","authors":"Konrad-Felix Krentz, C. Meinel, Maxim Schnjakin","doi":"10.1109/ARES.2016.7","DOIUrl":"https://doi.org/10.1109/ARES.2016.7","url":null,"abstract":"The practice of rejecting injected and replayed 802.15.4 frames only after they were received leaves 802.15.4 nodes vulnerable to broadcast and droplet attacks. Basically, in broadcast and droplet attacks, an attacker injects or replays plenty of 802.15.4 frames. As a result, victim 802.15.4 nodes stay in receive mode for extended periods of time and expend their limited energy. He et al. considered embedding one-time passwords in the synchronization headers of 802.15.4 frames so as to avoid that 802.15.4 nodes detect injected and replayed 802.15.4 frames in the first place. However, He et al.'s, as well as similar proposals lack support for broadcast frames and depend on special hardware. In this paper, we propose Practical On-the-fly Rejection (POTR) to reject injected and replayed 802.15.4 frames early during receipt. Unlike previous proposals, POTR supports broadcast frames and can be implemented with many off-the-shelf 802.15.4 transceivers. In fact, we implemented POTR with CC2538 transceivers, as well as integrated POTR into the Contiki operating system. Furthermore, we demonstrate that, compared to using no defense, POTR reduces the time that 802.15.4 nodes stay in receive mode upon receiving an injected or replayed 802.15.4 frame by a factor of up to 16. Beyond that, POTR has a small processing and memory overhead, and incurs no communication overhead.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114242023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Energy Efficient Mutual Authentication and Key Agreement Scheme with Strong Anonymity Support for Secure Ubiquitious Roaming Services 面向安全泛在漫游服务的强匿名节能互鉴与密钥协议方案
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.52
P. Gope, Ruei-Hau Hsu, Jemin Lee, Tony Q. S. Quek
{"title":"Energy Efficient Mutual Authentication and Key Agreement Scheme with Strong Anonymity Support for Secure Ubiquitious Roaming Services","authors":"P. Gope, Ruei-Hau Hsu, Jemin Lee, Tony Q. S. Quek","doi":"10.1109/ARES.2016.52","DOIUrl":"https://doi.org/10.1109/ARES.2016.52","url":null,"abstract":"This article proposes a secure and energy efficient user authentication protocol, which can preserve the user anonymity for roaming service in the mobile network. Compared to other state of the art solutions, the proposed scheme has several considerable advantages. Firstly, no encryption/ decryption, modular and exponential operations have been introduced in our design. Instead, it uses the low cost function such as HMAC and exclusive-OR operations to accomplish the goals of authentication and key agreement. This makes the protocol more suitable for battery-powered mobile devices. Secondly, the proposed scheme can resolve several existing security issues like forgery attack, known session key attack, etc., with the limited computation and communication overheads which are indeed essential for offering a secure and expeditious roaming services in mobile communication environment.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114273087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Towards a Complex Systems Approach to Legal and Economic Impact Analysis of Critical Infrastructures 对关键基础设施的法律和经济影响分析的复杂系统方法
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.65
Thomas Schaberreiter, G. Quirchmayr, Anna-Maija Juuso, Moussa Ouedraogo, J. Röning
{"title":"Towards a Complex Systems Approach to Legal and Economic Impact Analysis of Critical Infrastructures","authors":"Thomas Schaberreiter, G. Quirchmayr, Anna-Maija Juuso, Moussa Ouedraogo, J. Röning","doi":"10.1109/ARES.2016.65","DOIUrl":"https://doi.org/10.1109/ARES.2016.65","url":null,"abstract":"Information security has become interdependent, global and critical - it has become cybersecurity. In this complex environment, legal consideration and economic incentives are as integral to ensuring the security of information systems as the technological realization. In this paper, we argue that comprehensive cybersecurity requires that these three disciplines are considered together. To this end, we propose a legal analysis framework, which can can be used to study legal and economic requirements for cybersecurity in relation to technological realities. The framework yields concrete recommendations, which complex system and critical infrastructure stakeholders can utilize to improve security within their networks. The analysis framework aims to offer key stakeholders a better understanding of the legal and economic requirements for cybersecurity and provide them with recommendations that are in line with modern cybersecurity strategies, including the enhancement of cooperation and collaboration capabilities and the implementation of other state-of-the-art security mechanisms.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115076368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Towards a Metamodel for SABSA Conceptual Architecture Descriptions 面向SABSA概念架构描述的元模型
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.87
P. Pleinevaux
{"title":"Towards a Metamodel for SABSA Conceptual Architecture Descriptions","authors":"P. Pleinevaux","doi":"10.1109/ARES.2016.87","DOIUrl":"https://doi.org/10.1109/ARES.2016.87","url":null,"abstract":"The SABSA framework allows to develop an Enterprise Security Architecture from business requirements down to controls and associated security management. The purpose of this paper is to propose a metamodel that includes key constructs used in SABSA for conceptual security architecture description and relationships between these constructs. We propose five metamodel fragments that correspond to five of the six views of SABSA and illustrate with an example how the metamodel can be used to develop a conceptual architecture.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115641018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Log-Structured Block Preservation and Restoration System for Proactive Forensic Data Collection in the Cloud 面向云主动取证的日志结构块保存与恢复系统
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.8
Manabu Hirano, Hiromu Ogawa
{"title":"A Log-Structured Block Preservation and Restoration System for Proactive Forensic Data Collection in the Cloud","authors":"Manabu Hirano, Hiromu Ogawa","doi":"10.1109/ARES.2016.8","DOIUrl":"https://doi.org/10.1109/ARES.2016.8","url":null,"abstract":"Preservation and data collection in cloud environments are difficult because forensic data are volatile and they are scattered in many servers. This paper describes a novel surveillance mechanism for virtual block devices on IaaS cloud environments. We first describe some related work on backup applications, versioning file systems, and virtual machine introspection systems that can be applied to cloud forensics. The proposed log-structured block preservation and restoration system can be used for recording cloud consumers' write operations on virtual block devices and for restoring the state of a virtual block device at an arbitrary point in time. This paper presents a design and an implementation of the proposed system by using Xen hypervisor. The prototype implementation achieved better read and write performance compared to the baseline driver provided by Xen when we ran four or more virtual machines simultaneously. This paper shows two forensic applications for preserved data blocks: a file tracking application and a novel diff command that supports time travel.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"143 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115803431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信