发布求助
文献互助 智能选刊 最新文献

2015 IEEE Trustcom/BigDataSE/ISPA最新文献

筛选
英文 中文
Preventing Library Spoofing on Android 防止Android上的库欺骗
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.494
Dennis Titze, J. Schütte
{"title":"Preventing Library Spoofing on Android","authors":"Dennis Titze, J. Schütte","doi":"10.1109/Trustcom.2015.494","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.494","url":null,"abstract":"Dynamic loading of libraries is a widely used technique in Android applications. But including and executing external library code does not only have benefits, it can have severe detrimental security implications for the application and the user. In this paper we explain the mechanisms of loading external library code into an Android application and discuss resulting security implications. Since an attacker can easily impersonate libraries if the application does not perform the necessary verification, loading such code can introduce severe security problems. As a remedy, we present how external code can be verified and since currently available application often do not perform such verification, we introduce a novel way to enforce this verification. A prototype of this system has been published as open-source which can be easily integrated into existing apps and libraries.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121383955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Enhancing the Trajectory Privacy with Laplace Mechanism 利用拉普拉斯机制增强轨迹隐私
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.508
Daiyong Quan, Lihua Yin, Yunchuan Guo
{"title":"Enhancing the Trajectory Privacy with Laplace Mechanism","authors":"Daiyong Quan, Lihua Yin, Yunchuan Guo","doi":"10.1109/Trustcom.2015.508","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.508","url":null,"abstract":"Mobile-aware service systems are dramatically increasing the amount of personal data released to service providers as well as to third parties. Data may reveal individuals' physical conditions, habits, and sensitive information. It raises serious privacy concerns. Current approaches to mitigate the privacy concerns rely on the randomization. However, it is difficult to guarantee privacy levels with random noise. In this paper, we propose a data obfuscation mechanism based on the generalized version of the notion of differential privacy. We extend the standard definition to the settings where the inputs belong to an arbitrary domain of secrets. Then we enhance the mobility signature privacy with our mechanism. By adopting the expected distance as an indicator to measure the service quality loss, we compare our mechanism with the (k,d)- anonymity random method. On the real dataset, the results reveal that our mechanism adds less noise under the same privacy guarantee.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128792842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
k-anonymity: Risks and the Reality 匿名:风险与现实
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.473
A. Basu, Toru Nakamura, Seira Hidano, S. Kiyomoto
{"title":"k-anonymity: Risks and the Reality","authors":"A. Basu, Toru Nakamura, Seira Hidano, S. Kiyomoto","doi":"10.1109/Trustcom.2015.473","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.473","url":null,"abstract":"Many a time, datasets containing private and sensitive information are useful for third-party data mining. To prevent identification of personal information, data owners release such data using privacy-preserving data publishing techniques. One well-known technique - k-anonymity - proposes that the records be grouped based on quasi-identifiers such that quasi-identifiers in a group have exactly the same values as any other in the same group. This process reduces the worst-case probability of re-identification of the records based on the quasi identifiers to 1/k. The problem of optimal k-anonymisation is NP-hard. Depending on the k-anonymisation method used and the number of quasi identifiers known to the attacker, the probability of re-identification could be lower than the worst-case guarantee. We quantify risk as the probability of re-identification and propose a mechanism to compute the empirical risk with respect to the cost of acquiring the knowledge about quasi-identifiers, using an real-world dataset released with some k-anonymity guarantee. In addition, we show that k-anonymity can be harmful because the knowledge of additional attributes other than quasi-identifiers can raise the probability of re-identification.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128568621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Performance Evaluation of Enterprise Big Data Platforms with HiBench 基于HiBench的企业大数据平台性能评估
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.570
Todor Ivanov, Raik Niemann, Sead Izberovic, M. Rosselli, Karsten Tolle, R. Zicari
{"title":"Performance Evaluation of Enterprise Big Data Platforms with HiBench","authors":"Todor Ivanov, Raik Niemann, Sead Izberovic, M. Rosselli, Karsten Tolle, R. Zicari","doi":"10.1109/Trustcom.2015.570","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.570","url":null,"abstract":"In this paper, we evaluate the performance of DataStax Enterprise (DSE) using the HiBench benchmark suite and compare it with the corresponding Cloudera's Distribution of Hadoop (CDH) results. Both systems, DSE and CDH were stress tested using CPU-bound (WordCount), I/O-bound (Enhanced DFSIO) and mixed (HiveBench) workloads. The experimental results showed that DSE is better than CDH in writing files, whereas CDH is better than DSE in reading files. Additionally, for DSE the read and write throughput difference is very minor, whereas for CDH the read throughput is much higher than the write throughput. The results we obtained show that the HiBench benchmark suite, developed specifically for Hadoop, can be successfully executed on top of the DataStax Enterprise (DSE).","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129258687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
A Global, Empirical Analysis of the Shellshock Vulnerability in Web Applications Web应用程序Shellshock漏洞的全局实证分析
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.493
Baden Delamore, R. Ko
{"title":"A Global, Empirical Analysis of the Shellshock Vulnerability in Web Applications","authors":"Baden Delamore, R. Ko","doi":"10.1109/Trustcom.2015.493","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.493","url":null,"abstract":"Large-scale Internet scanning has become increasingly common in the research community shedding light on the state of security at a global level. However, scans in the past have typically focused on addressing on the adoption of services and the ubiquity of protocols, with few focusing on the extent of vulnerability and exposures on the Internet. This paper explores the shellshock vulnerability in web applications by analysing the Alexa Top 1 Million, public-facing websites in the world to ascertain the pervasiveness and severity of shellshock. We achieved this by developing an algorithm that uses simple heuristics with multi-threading capabilities empowering us to perform rapid large-scale web application scanning across various hosts over the HTTP protocol. The results of our global scan were interesting, and illustrated the pervasiveness of shellshock and the potential impact it can have on an organisation -- despite this vulnerability being a known vulnerability at the time of our global scan. The results of which show that certain Web server configurations are particularly susceptible, and illustrates which popular top level domains and country's were most affected. Our findings also showed that while shellshock is easily detectable from an observational standpoint, there exists certain server configurations that allow the bug to be exploited even where cgi scripts are non-existent in the web server. We also discuss remediation guidelines and defensive security practices to protect hosts and organisations from such web-based attack vectors.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"326 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115840291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Enhancing the Detection Rate of Inclined Faces 提高斜面的检测率
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.573
Junkai Chen, I-Lin Tang, Chun-Hsuan Chang
{"title":"Enhancing the Detection Rate of Inclined Faces","authors":"Junkai Chen, I-Lin Tang, Chun-Hsuan Chang","doi":"10.1109/Trustcom.2015.573","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.573","url":null,"abstract":"Extant face detection techniques cannot detect excessively inclined or angled faces, restricting the movement of the subject's facial posture and limiting the scope of face detection applications. Unlike conventional image processing techniques that train classifiers by using rotated frontal face images as positive samples, the researchers of this study employed real-time inclined face images as positive samples and adopted the AdaBoost algorithm for the training procedure. To verify the efficiency of the proposed detection method, the researchers employed three feature extraction methods, namely Haar-like features, histogram of oriented gradients (HOGs), and local binary patterns, to train classifiers from 719 self-developed positive samples and 719 conventional positive samples. Subsequently, a cross-detection experiment was conducted on the sample collections. In addition, the researchers further tested a self-developed video database comprising face videos of 20 subjects. The findings indicate that the proposed detection method outperformed conventional detection methods and improved considerably when coupled with the HOG feature extraction method.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116248973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
On Rehoming the Electronic ID to TEEs 论电子身份证的重新定位
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.356
Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen
{"title":"On Rehoming the Electronic ID to TEEs","authors":"Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen","doi":"10.1109/Trustcom.2015.356","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.356","url":null,"abstract":"Government Electronic IDs (EIds) are digital credentials issued to the citizens. In Europe, EIds are distributed in the form of identity cards or passports that allow for identity verification towards government and private services in the digital domain. This paper provides a reference design and implementation examples for Trusted Execution Environment (TEE) based EIds. Especially, the paper highlights the role of attestation during enrolment, a requirement that is not present in legacy EIds.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"41 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114122183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Architectural Model and Security Mechanisms for Cloud Federations 云联盟的体系结构模型和安全机制
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.490
Luciano Barreto, J. Fraga, Frank Siqueira
{"title":"Architectural Model and Security Mechanisms for Cloud Federations","authors":"Luciano Barreto, J. Fraga, Frank Siqueira","doi":"10.1109/Trustcom.2015.490","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.490","url":null,"abstract":"The concept of cloud federation, which recently became the focus of ongoing studies, enables cloud providers to establish trusts relationships and share resources and services. This paper presents an architectural model composed by software entities that provide the required support for building cloud federations, and specifies the algorithms for interaction between these entities for locating and acquiring resources in federated cloud providers. In this model, resources are located and obtained through a resource panel, which allows cloud providers to inform their resource needs, contracts established by providers are managed by resource brokers, and an identity provider is responsible for authentication and authorization support. Experimental results obtained through simulation demonstrate the feasibility of the proposed architectural model for cloud federations.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"225 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114157368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Towards Increasing the Error Handling Time Window in Large-Scale Distributed Systems Using Console and Resource Usage Logs 利用控制台和资源使用日志增加大规模分布式系统错误处理时间窗口的研究
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.613
Nentawe Gurumdimma, A. Jhumka, Maria Liakata, Edward Chuah, J. Browne
{"title":"Towards Increasing the Error Handling Time Window in Large-Scale Distributed Systems Using Console and Resource Usage Logs","authors":"Nentawe Gurumdimma, A. Jhumka, Maria Liakata, Edward Chuah, J. Browne","doi":"10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.613","DOIUrl":"https://doi.org/10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.613","url":null,"abstract":"Resource-intensive applications such as scientific applications require the architecture or system on which they execute to display a very high level of dependability to reduce the impact of faults. Typically, the state of the underlying system is captured through messages that are recorded in a log file, which has been proven useful to system administrators in understanding the root-causes of system failures (and for their subsequent debugging). However, the time window between when the first error message is detected in the log file and time of the ensuing failure may not be large enough to allow the administrators to save the state of the running application, which will result in lost execution time. We thus address this fundamental question: Is it possible to extend this time window? The answer is positive: We show that, by using (i) resource usage logs to track anomalous resource usage and (ii) error logs to identify root-causes of system failures, it is possible to increase the time window, on average, by 50 minutes. These files were those obtained for the Ranger Supercomputer from TACC. We achieve this by applying anomaly detection techniques on resource usage data and conducting a root-cause analysis on error log files.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116163927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A Rejuvenation Model for Software System under Normal Attack 正常攻击下软件系统的复原模型
2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI: 10.1109/Trustcom.2015.498
Haining Meng, Xinhong Hei, Y. Li, Yanning Du, Guo Xie
{"title":"A Rejuvenation Model for Software System under Normal Attack","authors":"Haining Meng, Xinhong Hei, Y. Li, Yanning Du, Guo Xie","doi":"10.1109/Trustcom.2015.498","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.498","url":null,"abstract":"Software aging is a crucial potential factor that affects software reliability. Software rejuvenation is a main effective method to counteract software aging. Aiming at software system suffering from security attack, a software rejuvenation model based on Markov regenerative stochastic Petri Nets is set up. Then the solution for the steady availability of the new model is derived via Markov regenerative theory. The numeric results show that, the optimal software rejuvenation schedule derived from the model can improve system availability, reduce downtime cost, and resist exterior attacks.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125630928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信