发布求助
文献互助 智能选刊 最新文献

2016 11th International Conference on Availability, Reliability and Security (ARES)最新文献

筛选
英文 中文
Ransomware Inside Out 彻底的勒索软件
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.35
F. Mercaldo, Vittoria Nardone, A. Santone
{"title":"Ransomware Inside Out","authors":"F. Mercaldo, Vittoria Nardone, A. Santone","doi":"10.1109/ARES.2016.35","DOIUrl":"https://doi.org/10.1109/ARES.2016.35","url":null,"abstract":"Android is currently the most widely used mobile environment. This trend encourages malware writers to develop specific attacks targeting this platform with threats designed to covertly collect data or financially extort victims, the so-called ransomware. In this paper we use formal methods, in particular model checking, to automatically dissect ransomware samples. Starting from manual inspection of few samples, we define a set of rule in order to check whether the behaviours we find are representative of ransomware functionalities.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"157 7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128808220","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 57
A Type System for Quantified Information-Flow Security in Java-Like Languages 类java语言中量化信息流安全的类型系统
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.30
Gohar Shakoori, Mehran S. Fallah, Zeinab Iranmanesh
{"title":"A Type System for Quantified Information-Flow Security in Java-Like Languages","authors":"Gohar Shakoori, Mehran S. Fallah, Zeinab Iranmanesh","doi":"10.1109/ARES.2016.30","DOIUrl":"https://doi.org/10.1109/ARES.2016.30","url":null,"abstract":"Quantified information-flow policies put an upper bound on the allowable amount of information flow from high inputs to low outputs of a program. Earlier research in this area has mainly focused on simple imperative languages. In this paper, we present a type system that derives the amount of information flow in the programs of a Java-like language. For this purpose, we adopt the Middlewieght Java (MJ) which is small enough for formal proofs, although it is a proper subset of Java with a fairly rich set of features. Promotable expressions, which also behave as statements, as well as method invocations and the loops they may create are of particular attention in the study of quantified information flow in such a language. We prove that our typing rules are sound and derive correct bounds of information flow for a given program. The proofs are based on a denotational semantics for MJ that we propose as part of this research.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125414126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards a Systemic Approach for Information Security Risk Management 迈向资讯保安风险管理的系统方法
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.76
Y. Naudet, Nicolas Mayer, C. Feltus
{"title":"Towards a Systemic Approach for Information Security Risk Management","authors":"Y. Naudet, Nicolas Mayer, C. Feltus","doi":"10.1109/ARES.2016.76","DOIUrl":"https://doi.org/10.1109/ARES.2016.76","url":null,"abstract":"Risk management in the field of information security is most often handled individually by enterprises, taking only a limited view on the influential factors coming from their providers, clients or more globally from their environment. This approach becomes less appropriate in the case of networked enterprises, which tend to form ecosystems with complex influence links. A more holistic approach is needed to take these into account, leading to systemic risk management, i.e. risk management on the entire system formed by the networked enterprises, to avoid perturbations of the ecosystem due to local, individual, decision-making. In this paper, we propose a new meta-model for Information System Security Risk Management (ISSRM), comprising systemic elements as defined in the General Systems Theory. We discuss the design of this new model, highlighting in particular how risk management can be related to a problem-solving approach and the important concepts that are instantiated when taking a systemic approach to ISSRM.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125284206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Protecting Sensitive Information in the Volatile Memory from Disclosure Attacks 保护易失性存储器中的敏感信息免受泄露攻击
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.75
Stefanos Malliaros, Christoforos Ntantogian, C. Xenakis
{"title":"Protecting Sensitive Information in the Volatile Memory from Disclosure Attacks","authors":"Stefanos Malliaros, Christoforos Ntantogian, C. Xenakis","doi":"10.1109/ARES.2016.75","DOIUrl":"https://doi.org/10.1109/ARES.2016.75","url":null,"abstract":"The protection of the volatile memory data is an issue of crucial importance, since authentication credentials and cryptographic keys remain in the volatile memory. For this reason, the volatile memory has become a prime target for memory scrapers, which specifically target the volatile memory, in order to steal sensitive information, such as credit card numbers. This paper investigates security measures, to protect sensitive information in the volatile memory from disclosure attacks. Experimental analysis is performed to investigate whether the operating systems (Windows or Linux) perform data zeroization in the volatile memory. Results show that Windows kernel zeroize data after a process termination, while the Linux kernel does not. Next, we examine functions and software techniques in C/C++ programming language that can be used by developers to modify at process runtime the contents of the allocated blocks in the volatile memory. We have identified that only the Windows operating system provide a specific function named SecureZeroMemory that can reliably zeroize data. Finally, driven by the fact that malware scrapers primarily target web browsers, we examine whether it is feasible to extract authentication credentials from the volatile memory allocated by web browsers. The presented results show that in most cases we can successfully recover user authentication credentials from all the web browsers except when the user has closed the tab that used to access the website.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132294090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
An Empirical Study on GSN Usage Intention: Factors Influencing the Adoption of Geo-Social Networks GSN使用意向的实证研究:地理社交网络采用的影响因素
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.102
Esma Aïmeur, S. Gambs, Cheu Yien Yep
{"title":"An Empirical Study on GSN Usage Intention: Factors Influencing the Adoption of Geo-Social Networks","authors":"Esma Aïmeur, S. Gambs, Cheu Yien Yep","doi":"10.1109/ARES.2016.102","DOIUrl":"https://doi.org/10.1109/ARES.2016.102","url":null,"abstract":"Nowadays, geosocial networks (GSNs) have become a significant component of people's daily lives as they are one of the most popular applications that are being widely accessed through smart devices such as smartphones and tablets. Their rapid widespread use and their invasion of our private life warrant a better understanding. In particular, the impact of trust in GSN, the privacy concerns of users, their perception of risk and the social influence on the use of such mobile applications is not yet fully understood. In this paper, we study the factors influencing the usage intention of GSN users. To realize this, we propose a model based on the user's perspective. Our model focuses on four overall factors that influence the users' concerns and in turn their intention and aim of using GSNs: privacy concerns, trust, social influence and risk perception. We tested empirically the proposed research model by running a web-based survey. The participants consisted of 396 persons with at least a past experience with GSNs. The results revealed that among all the possible factors the privacy concerns, social influence and trust have a significant impact on the intention and usage of GSNs. In contrast, personality traits have almost no effects on trust or social influence. One notable exception is computer self-efficacy that was found to induce a strong influence on the four principal factors.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131394904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Addressing Security in the ATM Environment: From Identification to Validation of Security Countermeasures with Introduction of New Security Capabilities in the ATM System Context ATM环境中的安全寻址:从安全对策的识别到验证,引入ATM系统中的新安全功能
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.67
Patrizia Montefusco, R. Casar, R. Koelle, T. Stelkens-Kobsch
{"title":"Addressing Security in the ATM Environment: From Identification to Validation of Security Countermeasures with Introduction of New Security Capabilities in the ATM System Context","authors":"Patrizia Montefusco, R. Casar, R. Koelle, T. Stelkens-Kobsch","doi":"10.1109/ARES.2016.67","DOIUrl":"https://doi.org/10.1109/ARES.2016.67","url":null,"abstract":"This paper addresses the full lifecycle of security countermeasures identified in the Security Risk Analysis of the future Air Traffic Management System (ATM). The process establishes new security functions identified in the GAMMA project [1] and their implementations in order to ensure acceptable levels of security for ATM. In this project, ATM Security is addressed by focusing on two dimensions defined by Single European Sky ATM Research [2]: establishing a collaborative support capability by defining a framework embracing three-levels for Security Management (i.e. European, National, and Local) and developing security measures for the self-protection/resilience of the ATM Systems by exploiting automated security-related functions to handle potential threats. This paper concentrates on the second dimension and how the countermeasures are identified, implemented and developed in prototypes. The prototypes will then be validated in an operational scenario, through the new concept introduced by the project. The reader will be accompanied through a practical example of the whole process on how ATM Security needs have been identified. The objective is to protect the core ATM Security functionalities (Primary Assets) and corresponding Supporting Assets. We identified 44 of the most feared threat scenarios in terms of impact on the SESAR Key Performance Areas (KPA). The threat scenario described in this paper is \"False ATCO\", affecting the Supporting Asset \"Voice system\". The developed prototype is \"SACom\" (Secure ATC Communication) that considers the security countermeasures identified in the risk treatment analysis to reduce the risks. The paper concludes with the description of the activities planned for validating the SACom prototype as part of the proposed global solution.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125298820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Legal Implications of Using Social Media Data in Emergency Response 在应急响应中使用社会媒体数据的法律影响
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.85
C. Berger, P. Stefani, Taiwo A. Oriola
{"title":"Legal Implications of Using Social Media Data in Emergency Response","authors":"C. Berger, P. Stefani, Taiwo A. Oriola","doi":"10.1109/ARES.2016.85","DOIUrl":"https://doi.org/10.1109/ARES.2016.85","url":null,"abstract":"Slandail is a software prototype designed for use and exploitation of digital content on social media for emergency and disaster management. This will involve the collection, reproduction, distribution, transfer, processing and, potentially, communication to the public of harvested personal data and information by emergency responders. However, the use of a system such as Slandail would have implications for the laws protecting human rights, personal data, and copyright within and outside of the European Union. This paper provides a brief overview of these laws, and the challenges they pose to the development of the Slandail software prototype, with part one focusing on data protection, part two on human rights, and part three on copyright and licensing rights.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"30 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115320165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Threat Modelling Service Security as a Security Ceremony 作为安全仪式的威胁建模服务安全
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.59
Taciane Martimiano, J. E. Martina
{"title":"Threat Modelling Service Security as a Security Ceremony","authors":"Taciane Martimiano, J. E. Martina","doi":"10.1109/ARES.2016.59","DOIUrl":"https://doi.org/10.1109/ARES.2016.59","url":null,"abstract":"Security ceremonies are extensions for security protocols. One goal of ceremony designers is to be able to use symbolic evaluation methods to verify claims embedded in ceremonies. Unfortunately, there are some pieces missing for that, such as, a base description language and a tailored threat model for security ceremonies. Our contributions in this paper are: a proposal for message description syntax, an augmented threat model to encompass the subtleties of security ceremonies and a strategy for symbolic evaluation using First Order Logic (FOL) and an automatic theorem prover. Furthermore, we propose a new threat model named Distributed Attacker (DA), which uses the adaptive threat model proposed by Carlos et al. and the Security Ceremony Concertina Traversal layers proposed by Bella et al. As a result, we present scenarios which can be formally analysed with our proposal.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116898140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Towards Effective Security Assurance for Incremental Software Development the Case of Zen Cart Application 增量式软件开发的有效安全保障——以Zen Cart应用程序为例
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.86
L. B. Othmane, Azmat Ali
{"title":"Towards Effective Security Assurance for Incremental Software Development the Case of Zen Cart Application","authors":"L. B. Othmane, Azmat Ali","doi":"10.1109/ARES.2016.86","DOIUrl":"https://doi.org/10.1109/ARES.2016.86","url":null,"abstract":"Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the security assurance of the software. Thus, each new version of a given software requires a new full security assessment. This paper investigates the impact of incremental development of software on their security assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design security assurance cases and trace the impact of code changes on the security assurance of the given software. A security assurance case shows how a claim, such as \"The system is acceptably secure\" is supported by objective evidence.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129679296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Privacy Impact Assessment Template for Provenance 来源隐私影响评估模板
2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI: 10.1109/ARES.2016.95
Jenni Reuben, L. Martucci, S. Fischer-Hübner, Heather S. Packer, Hans Hedbom, L. Moreau
{"title":"Privacy Impact Assessment Template for Provenance","authors":"Jenni Reuben, L. Martucci, S. Fischer-Hübner, Heather S. Packer, Hans Hedbom, L. Moreau","doi":"10.1109/ARES.2016.95","DOIUrl":"https://doi.org/10.1109/ARES.2016.95","url":null,"abstract":"Provenance data can be expressed as a graph with links informing who and which activities created, used and modified entities. The semantics of these links and domain specific reasoning can support the inference of additional information about the elements in the graph. If such elements include personal identifiers and/or personal identifiable information, then inferences may reveal unexpected links between elements, thus exposing personal data beyond an individual's intentions. Provenance graphs often entangle data relating to multiple individuals. It is therefore a challenge to protect personal data from unintended disclosure in provenance graphs. In this paper, we provide a Privacy Impact Assessment (PIA) template for identifying imminent privacy threats that arise from provenance graphs in an application-agnostic setting. The PIA template identifies privacy threats, lists potential countermeasures, helps to manage personal data protection risks, and maintains compliance with privacy data protection laws and regulations.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130216969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信