2016 11th International Conference on Availability, Reliability and Security (ARES)最新文献

{"title":"Malware in Pirated Software: Case Study of Malware Encounters in Personal Computers","authors":"S. Kumar, L. Madhavan, M. Nagappan, B. Sikdar","doi":"10.1109/ARES.2016.101","DOIUrl":"https://doi.org/10.1109/ARES.2016.101","url":null,"abstract":"Software piracy is a common occurrence, and a significant fraction of the personal computers have some pirated software installed. Cyber-criminals often use pirated software as a vector to spread malware by bundling malicious software with the pirated software. This paper presents the results of a case study that aims to quantify the incidence of malware in pirated software that come bundled with new personal computer purchases. The paper also evaluates the types of malware that are present in the samples in our case study, and the locations in the file system where these malware are detected. The results show that 63% of the samples procured for the case study showed presence of malware and the incidence of malware varies with the geographical location where the sample was procured. Our results also indicate that Trojans and Hacktools are the most prevalent families of malware in our samples.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127621994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Introducing Proxy Voting to Helios","authors":"O. Kulyk, Karola Marky, Stephan Neumann, M. Volkamer","doi":"10.1109/ARES.2016.38","DOIUrl":"https://doi.org/10.1109/ARES.2016.38","url":null,"abstract":"Proxy voting is a form of voting, where the voters can either vote on an issue directly, or delegate their voting right to a proxy. This proxy might for instance be a trusted expert on the particular issue. In this work, we extend the widely studied end-to-end verifiable Helios Internet voting system towards the proxy voting approach. Therefore, we introduce a new type of credentials, so-called delegation credentials. The main purpose of these credentials is to ensure that the proxy has been authorised by an eligible voter to cast a delegated vote. If voters, after delegating, change their mind and want to vote directly, cancelling a delegation is possible throughout the entire voting phase. We show that the proposed extension preserves the security requirements of the original Helios system for the votes that are cast directly, as well as security requirements tailored toward proxy voting.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117270183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards Digital Investigation in Virtual Networks: A Study of Challenges and Open Problems","authors":"Daniel Spiekermann, Tobias Eggendorfer","doi":"10.1109/ARES.2016.34","DOIUrl":"https://doi.org/10.1109/ARES.2016.34","url":null,"abstract":"The evolution of virtualization techniques is still changing operating principles in today's datacenters (DC). The virtualization of ordinary servers was just the first step, which increased the dynamic and flexibility of the DC. Providers are now able to offer different virtual machines (VM) faster and with less overhead to their customers. But this provision raises new problems for the providers. Aspects like isolation, security or multi-tenancy are increasingly relevant and demand new setups in the DC. Current network infrastructures are not able to handle these aspects with an acceptable effort, but the development of virtual networks offers new possibilities, with benefits for the provider and the user. Based on a physical underlay network, different virtual networks can be defined, either by a provider or the customer. Protocols like VXLAN or GENEVE appear to eliminate restrictions of current networks. New paradigms like Software-defined-Networks (SDN) or Network Function Virtualization (NFV) offer new capabilities to redesign the whole network infrastructure in the DC. But the need for digital investigation is still necessary regardless of all new paradigms and evolution. As a branch of digital investigation, network forensic investigation (NFI) is used to examine network traffic by capturing the data of a suspicious target system and analyzing this data. The modern virtual data centers and the implemented virtual networks impede the NFI, proved techniques and methods fail because of the increased complexity of the new logical networks. Not only the analysis of the new network protocols impede the NFI, even the the capture process of relevant data needs to be refined. In this paper, we analyze in detail new arising problems of digital investigation in virtual networks and explore the new challenges for NFI. Based on the discussion of network forensics and current utilized methodologies and the new techniques of network virtualization the arising problems are defined and classified in three categories. This classification helps to develop new methods and possible solutions, which might simplify further necessary investigations in cloud-computing environments.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123200815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements","authors":"Chad Heitzenrater, A. Simpson","doi":"10.1109/ARES.2016.90","DOIUrl":"https://doi.org/10.1109/ARES.2016.90","url":null,"abstract":"Negative use cases - in the form of 'misuse' or 'abuse' cases - have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling tool, they have become a standard part of many Secure Software Engineering (SSE) processes. Despite this widespread adoption, aspects of the original misuse case concept have yet to receive a formal treatment in the literature. This paper considers the application of economic utility functions within the negative use case development process, as a means of addressing existing challenges. We provide a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123308457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FEBA: An Action-Based Feature Extraction Framework for Behavioural Identification and Authentication","authors":"Luigi Stammati, Claudio Pisa, T. Dargahi, A. Caponi, G. Bianchi","doi":"10.1109/ARES.2016.31","DOIUrl":"https://doi.org/10.1109/ARES.2016.31","url":null,"abstract":"While the usage of behavioural features for authentication purposes is gaining more and more consensus in the community, there is less consensus on which specific behavioural traits may be useful in eventually different settings. This calls for flexible tools which the application developer can leverage to automate the extraction and management of behavioural features for identification and authentication. This paper specifically describes a framework called FEBA (Feature Extraction Based on Action), which to the best of our knowledge is the first open-source framework that provides the developer with simple and flexible means to: i) define application-specific actions, ii) recognize actions based on the received raw data, and iii) finally extract the action-specific features. We have built a complete implementation of FEBA, and made it available online to facilitate future research in such context. To prove the performance of FEBA, we provide an experimental evaluation of a use case scenario, i.e., mouse movements feature extraction and pattern recognition. We believe that FEBA will help researchers and developers to design and implement novel behavioural authentication mechanisms.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124046257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"'CTRL_S' - A Security Tool for SESAR's Design-In Security Approach","authors":"K. Gotz, M. Hawley, C. Machin, J. Hird","doi":"10.1109/ARES.2016.106","DOIUrl":"https://doi.org/10.1109/ARES.2016.106","url":null,"abstract":"To support the approach of 'design-in security' taken by the SESAR Programme, the authors have iteratively developed a support tool, known as 'CTRL_S' that guides users through the security risk assessment process. Whilst these risks are mostly generic, based on prototype system architectures or extrapolations from current systems, the approach supports the development of security controls through to operations. Key aspects of the CTRL_S tool have been to support 'cross-sectional' analyses of risk assessments and to create a collaborative knowledge-based approach, whereby users may take advantage of prior risk assessments in building new ones. Future development of the tool is proposed, including alignment with SESAR's Enterprise Architecture modelling.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115594362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Air Traffic Management Security Research in SESAR","authors":"J. Hird, M. Hawley, C. Machin","doi":"10.1109/ARES.2016.105","DOIUrl":"https://doi.org/10.1109/ARES.2016.105","url":null,"abstract":"The future ATM system must evolve to meet demanding performance targets. This transition will potentially introduce new vulnerabilities into the system. To address this issue, the SESAR programme has developed a comprehensive set of methods, tools and guidance material to support the concept of \"designing-in\" security from the beginning of the development life-cycle. This paper summarises the deliverables produced and recommendations made in the area of SESAR ATM Security.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132032798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hand Dynamics for Behavioral User Authentication","authors":"Fuensanta Torres Garcia, Katharina Krombholz, Rudolf Mayer, E. Weippl","doi":"10.1109/ARES.2016.107","DOIUrl":"https://doi.org/10.1109/ARES.2016.107","url":null,"abstract":"We propose and evaluate a method to authenticate individuals by their unique hand dynamics, based on measurements from wearable sensors. Our approach utilises individual characteristics of hand movement when opening a door. We implement a sensor-fusion machine learning algorithm to classify individuals based on their hand movement and conduct a lab study with 20 participants to test the feasibility of the concept in the context of accessing physical doors as found in office buildings. Our results show that our approach yields an accuracy of 92% in classifying an individual and thus highlights the potential for behavioral hand dynamics for authentication.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130726936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy Preserving Computations for Viral Marketing: The Case of Rational Players","authors":"Rica Gonen, Tamir Tassa","doi":"10.1109/ARES.2016.5","DOIUrl":"https://doi.org/10.1109/ARES.2016.5","url":null,"abstract":"Viral marketing is a methodology which is based on exploiting a pre-existing social network in order to increase brand awareness or product sales through selfreplicating viral processes. An essential computational task towards setting up an effective viral marketing campaign is to estimate social influence. Such estimates are usually done by analyzing user activity data. The data analysis and sharing that is needed to estimate social influence raises important privacy issues that may jeopardize the legal, ethical and societal acceptability of such practice, and in turn, the concrete applicability of viral marketing in the real world. Tassa and Bonchi (EDBT 2014) devised secure multi-party protocols that allow a group of service providers and a social networking platform to jointly compute social influence in a privacy preserving manner. They assumed that the players are semi-honest, i.e., that they follow the protocol correctly, but at the same time they examine their view of the protocol in order to extract information on inputs provided by their peers. In this paper we discuss the case of selfish rational players, such players participate in the protocol and follow it correctly only if it is in their best interest and maximizes their utility. We enhance the protocol of Tassa and Bonchi by incorporating into it mechanisms that incentivize the players to participate in the protocol truthfully.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128438603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Caller-Centrality: Identifying Telemarketers in a VoIP Network","authors":"M. A. Azad, Syed Khurram Jah Rizvi","doi":"10.1109/ARES.2016.91","DOIUrl":"https://doi.org/10.1109/ARES.2016.91","url":null,"abstract":"In recent years, VoIP (Voice over Internet Protocol) has emerged as cheap telephony medium for a long distance international and domestic calls. The number of unwanted calls from telemarketers and scammers has also risen recently, because of VoIP telephony that makes easier to initiate large number of calls without being tracing back by authorities. It is utmost important for the VoIP operators to gain trust of their customers by blocking telemarketers and scammers at the edge of the network. To address this challenge, in this paper, we present a system called Caller-Centrality that effectively identifies and blocks telemarketers/spammers without being intrusive to the caller and the callee. Caller-Centrality first models the user relationships as a caller graph and then computes reputation of the caller using weighted centrality measure. The edge weights between caller and the callee are assigned from call rate and call duration between caller and the callee. We evaluated our approach anonymized real-data set collected from a small VoIP operator. The evaluation results reveal that Caller-Centrality successfully identifies suspected telemarketers.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123337895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}