发布求助
文献互助 智能选刊 最新文献

2016 11th International Conference on Availability, Reliability and Security (ARES)最新文献

筛选
英文 中文
Involving End Users into Collaborative Software Development: The Showcase of CloudTeams 让终端用户参与到协同软件开发中:CloudTeams的展示
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.33
Sebastian Franken, Sabine Kolvenbach, Wolfgang Gräther
{"title":"Involving End Users into Collaborative Software Development: The Showcase of CloudTeams","authors":"Sebastian Franken, Sabine Kolvenbach, Wolfgang Gräther","doi":"10.1109/ARES.2016.33","DOIUrl":"https://doi.org/10.1109/ARES.2016.33","url":null,"abstract":"Producing meaningful and usable software that meets the end users' needs is the goal of every software development process. To achieve this, there is a need for involving end users into the software development process in a collaborative way. Both parties profit from this approach: Developers receive early feedback and detect conceptual and design flaws, while customers gain insights into the software development process and ensure to get relevant software. This avoids increasing costs in the software development process. The EU-funded project CloudTeams supports early user involvement in the software development process and addresses the challenge of bridging this gap between users and developers. In this paper, we describe a concrete showcase of user involvement in the software development process with CloudTeams.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127769721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Revisiting a Watermark-Based Detection Scheme to Handle Cyber-Physical Attacks 重述基于水印的网络物理攻击检测方案
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.2
José Rubio-Hernán, L. D. Cicco, Joaquín García
{"title":"Revisiting a Watermark-Based Detection Scheme to Handle Cyber-Physical Attacks","authors":"José Rubio-Hernán, L. D. Cicco, Joaquín García","doi":"10.1109/ARES.2016.2","DOIUrl":"https://doi.org/10.1109/ARES.2016.2","url":null,"abstract":"We address detection of attacks against cyber-physical systems. Cyber-physical systems are industrial control systems upgraded with novel computing, communication and interconnection capabilities. In this paper we reexamine the security of a detection scheme proposed by Mo and Sinopoli (2009) and Mo et al. (2015). The approach complements the use of Kalman filters and linear quadratic regulators, by adding an authentication watermark signal for the detection of integrity attacks. We show that the approach only detects cyber adversaries, i.e., attackers with the ability to eavesdrop information from the system, but that do not attempt to acquire any knowledge about the system model itself. The detector fails at covering cyber-physical adversaries, i.e., attackers that, in addition to the capabilities of the cyber adversary, are also able to infer the system model to evade the detection. We discuss an enhanced scheme, based on a multi-watermark authentication signal, that properly detects the two adversary models.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128537311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Automated Issuance of Digital Certificates through the Use of Federations 透过使用联盟自动发出数码证书
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.21
Thaís Bardini Idalino, Marina Coelho, J. E. Martina
{"title":"Automated Issuance of Digital Certificates through the Use of Federations","authors":"Thaís Bardini Idalino, Marina Coelho, J. E. Martina","doi":"10.1109/ARES.2016.21","DOIUrl":"https://doi.org/10.1109/ARES.2016.21","url":null,"abstract":"In recent years, there has been a trend for developing single sign-on systems. One alternative to deploy such systems is the use of Federated Identity Management systems. We argue that it is possible to use identity federations to automate the digital certificate issuance and use these certificates to authenticate back into federations. We use the data provided by the user's identity provider to build his certificate, reducing the costs of maintaining several registration authorities and simplifying the certificate issuance process. Making the process simpler to the users, we also encourage them to request and use their certificates. In special, the use of digital certificates for authentication can improve the usability and security of the authentication process. Furthermore, we present a prototype proving the feasibility of our proposal, as well as a discussion of the security and potential applications.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115456994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Authentication in the Context of E-Participation: Current Practice, Challenges and Recommendations 电子参与背景下的认证:当前实践、挑战和建议
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.82
Maria Leitner, Arndt Bonitz
{"title":"Authentication in the Context of E-Participation: Current Practice, Challenges and Recommendations","authors":"Maria Leitner, Arndt Bonitz","doi":"10.1109/ARES.2016.82","DOIUrl":"https://doi.org/10.1109/ARES.2016.82","url":null,"abstract":"Authentication as well as identification are key functions when it comes to online and democratic participatory processes that can be found in the context of e-participation. Until now, research has centered on the development of authentication and identification techniques. Why and how these techniques are currently used and what their benefits are in the context of e-participation is missing so far. In this paper, we aim to address these challenges by reviewing state of the art literature and practice in order to determine how current authentication techniques are used in e-participation. Furthermore, we conduct an expert survey in order to establish a baseline how current techniques are used and perceived. The results show that current practice focuses strongly on the use of the de facto standard user/password in e-participation. However, experts believe that multiple other authentication techniques such as biometrics or electronic signatures will become more important in future applications. Moreover, experts acknowledge the use of various authentication methods suitable for the level of participation, as opposed to current practice that often provides only one way of authentication. These findings will help to further develop and improve future technologies and applications to support participatory processes for citizens' involvement.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124845587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
ARTIST: The Android Runtime Instrumentation Toolkit ARTIST: Android Runtime Instrumentation Toolkit
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.80
Lukas Dresel, Mykola Protsenko, Tilo Müller
{"title":"ARTIST: The Android Runtime Instrumentation Toolkit","authors":"Lukas Dresel, Mykola Protsenko, Tilo Müller","doi":"10.1109/ARES.2016.80","DOIUrl":"https://doi.org/10.1109/ARES.2016.80","url":null,"abstract":"Smartphones are becoming more and more ubiquitous in the modern world, entrusted with such sensitive information as the user's location and banking data. Since Android is the most widespread smartphone platform, reliable and versatile means for Android application analysis are of great importance. Most of the existing code instrumentation approaches for Android suffer from two important shortcomings: the need for root access and limited support for the new Android Runtime(ART). WeaimtofillthisgapbyproposingARTIST, the Android Runtime Instrumentation Toolkit1. ARTIST is a framework that allows analysts to easily monitor the execution of Java and native code using native instrumentation techniques. ARTIST, to the best of our knowledge, is the first tool allowing monitoring of both native and Java code with the same instrumentation technique. ARTIST provides two methods to locate instrumentation targets. First, it can parse OAT executable files in memory to find classes and methods of interest. This allows monitoring a specific set of Java methods. Second, ARTIST can locate internal structures of the Android Runtime in memory. Monitoring function pointers found in these allows the user to track specific interactions of Java code with the Android Runtime. We evaluate the applicability of native instrumentation for Java code using a set of the most popular Android apps. The results show that over 80% of the tested Java methods are targetable using this approach. The performance impact, estimated with the CaffeineMark benchmark suite, does not exceed 20% and therefore can be considered generally acceptable.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124967107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
HyperCrypt: Hypervisor-Based Encryption of Kernel and User Space HyperCrypt:基于hypervisor的内核和用户空间加密
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.13
J. Götzfried, Nico Dorr, Ralph Palutke, Tilo Müller
{"title":"HyperCrypt: Hypervisor-Based Encryption of Kernel and User Space","authors":"J. Götzfried, Nico Dorr, Ralph Palutke, Tilo Müller","doi":"10.1109/ARES.2016.13","DOIUrl":"https://doi.org/10.1109/ARES.2016.13","url":null,"abstract":"We present HyperCrypt, a hypervisor-based solution that encrypts the entire kernel and user space to protect against physical attacks on main memory, such as cold boot attacks. HyperCrypt is fully transparent for the guest operating system and all applications running on top of it. At any time, only a small working set of memory pages remains in clear while the vast majority of pages are constantly kept encrypted. By utilizing CPU-bound encryption, the symmetric encryption key is never exposed to RAM. We evaluated our prototype running a standard Linux system with an nginx web sever. With the default configuration of 1024 cleartext pages, successful cold boot attacks are rendered highly unlikely due to large caches of at least 4 MB in modern CPUs. The performance overhead of nginx is raised by factor 1.37 compared to a non-virtualized system.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123199089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Using Crowdsourced and Anonymized Personas in the Requirements Elicitation and Software Development Phases of Software Engineering 在软件工程的需求激发和软件开发阶段使用众包和匿名角色
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.71
Iosif Alvertis, Dimitris Papaspyros, S. Koussouris, Spyros Mouzakitis, D. Askounis
{"title":"Using Crowdsourced and Anonymized Personas in the Requirements Elicitation and Software Development Phases of Software Engineering","authors":"Iosif Alvertis, Dimitris Papaspyros, S. Koussouris, Spyros Mouzakitis, D. Askounis","doi":"10.1109/ARES.2016.71","DOIUrl":"https://doi.org/10.1109/ARES.2016.71","url":null,"abstract":"This paper deals with the process of crowdsourcing requirements elicitation in software engineering and the alignment of the customer needs during the development phase, through the usage of anonymous personas, and the support of the persona builder application that allows the extraction of such information through anonymized data. Having identified the realization of users and customers' needs in the software engineering cycle, despite the adoption of agile methods, the paper suggests the usage of a persona that represents a set of users with similar characteristics, a pool of personas that software teams may share with each other through a collaborative application, and persona builder as a tool to generate such personas through real user profiles and data collected through third party services. At the end, a demo application is presented, realizing the concept of anonymized, crowdsourced personas.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131648304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Tackling the Cloud Adoption Dilemma - A User Centric Concept to Control Cloud Migration Processes by Using Machine Learning Technologies 解决云采用困境-以用户为中心的概念,通过使用机器学习技术来控制云迁移过程
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.39
Michael Diener, L. Blessing, Nina Rappel
{"title":"Tackling the Cloud Adoption Dilemma - A User Centric Concept to Control Cloud Migration Processes by Using Machine Learning Technologies","authors":"Michael Diener, L. Blessing, Nina Rappel","doi":"10.1109/ARES.2016.39","DOIUrl":"https://doi.org/10.1109/ARES.2016.39","url":null,"abstract":"Research studies have shown that especially enterprises in European countries are afraid of losing outsourced data or unauthorized access. Despite various existing cloud security mechanisms companies are currently hesitating to adopt cloud resources. This phenomenon is also known as cloud adoption dilemma. We think that data classification is a promising technique that should be considered in the context of cloud security, supporting cloud migration processes. By using classification techniques enterprises are able to control which documents are suited for Cloud Computing and which cloud service providers are sufficient for protecting sensitive documents. In this work we present an efficient concept that involves enterprises' employees and authorities, making it possible to apply powerful security policies in a simple way. We make use of a well-established machine learning algorithm in our developed tool, identifying security levels for different types of documents. Thus, cloud migration processes can become more transparent and enterprises obtain the ability to discuss more openly about adopting innovative cloud services.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124938091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Efficient and Privacy Preserving Third Party Auditing for a Distributed Storage System 分布式存储系统高效、保密性的第三方审计
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.88
Denise Demirel, S. Krenn, T. Lorünser, Giulia Traverso
{"title":"Efficient and Privacy Preserving Third Party Auditing for a Distributed Storage System","authors":"Denise Demirel, S. Krenn, T. Lorünser, Giulia Traverso","doi":"10.1109/ARES.2016.88","DOIUrl":"https://doi.org/10.1109/ARES.2016.88","url":null,"abstract":"When using distributed storage systems to outsource data storage into the cloud, it is often vital that this is done in a privacy preserving way, i.e., without the storage servers learning anything about the stored data. Especially when storing critical data, one often further requires efficient means to check whether the data is actually stored correctly on these servers. In the best case, such an auditing could itself be outsourced to a third party which does not need to be trusted by the data owner. That is, also the auditing mechanism should guarantee privacy, even if the auditor collaborates with a (sub) set of the storage servers. However, so far only a small number of privacy preserving third party auditing mechanisms has been presented for single server storage solutions, and no such protocols exist at all for a distributed storage setting. In this paper, we therefore define and instantiate a privacy preserving auditable distributed storage system. Our instantiation can be based on any homomorphic secret sharing scheme, and is fully keyless, efficient, and information-theoretically private. Furthermore, it supports batch audits, and is backward compatible with existing secret sharing based storage solutions.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130391020","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Ensuring Security of Data and Information Flow in Emergency Response Decision Support 确保应急决策支持中数据和信息流的安全
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.49
D. Jackson, Paul Hayes
{"title":"Ensuring Security of Data and Information Flow in Emergency Response Decision Support","authors":"D. Jackson, Paul Hayes","doi":"10.1109/ARES.2016.49","DOIUrl":"https://doi.org/10.1109/ARES.2016.49","url":null,"abstract":"Harvested social media data has the potential to enhance emergency response decision support if its reliability can be assessed. We are working on an EU-FP7 project called Slándáil (Project No. 607691). Slándáil aims to develop a prototype system which automates social media data analysis for emergency response. This paper considers some of the ethical concerns that may arise with such alternate use of data. It offers technical (hardware and software) and operational measures intended to improve the security of data and information flow to mitigate those risks.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129183725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信