Proceedings of the 8th International Conference on Security of Information and Networks最新文献

{"title":"Machine learning approach for filtering spam emails","authors":"Princy George, P. Vinod","doi":"10.1145/2799979.2800043","DOIUrl":"https://doi.org/10.1145/2799979.2800043","url":null,"abstract":"An efficient email spam filtering system by selecting relevant features to reduce the dimensions has become a pivotal aspect in the field of machine learning based spam filtering. To deal with noisy features, TF-IDF-CF is chosen as the feature selection method in this study. The selected relevant feature sets are submitted to LibSVM and MNB classifiers to construct ham and spam models. An accuracy of 98.2612 with F-measure 0.9841 is obtained which depicts the effectiveness of proposed scheme.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122319526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Comparison between safety and efficient security of the ARP protocol","authors":"E. León, B. S. R. Daza, O. S. Parra","doi":"10.1145/2799979.2800035","DOIUrl":"https://doi.org/10.1145/2799979.2800035","url":null,"abstract":"Due to the Stateless Property of the ARP protocol (It means that a response can be processed despite the request was never received), which introduces some security flaws that makes it vulnerable to various types of attacks resulting in leaks and/or damage of information, They have presented various feasible solutions, amongst these we find S-ARP (secure ARP) and ES-ARP (Secure and efficient ARP), these two, seek to resolve the failure of ARP security, changing and improving its original protocols and performing other configurations that are believed feasible to improve their security. In this article, we will execute an ARP poisoning in order to show the insecurity that the Protocol has, and to compare it against other alternatives, to show the safety of each of these. In conclusion ES-ARP and S-ARP are good choices to improve the safety of the ARP protocol, although is not 100% secure, since if they send the answer and then the poisoned ARP reply is sent before the actual one is received, and set on the cache memory, the victim stores the wrong response in the cache and discards the actual one. When the first ARP request is sent, the victim and the attacker receive the message. Who comes first will get the ARP cache of the victim.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129843397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The general model of secure computation system","authors":"L. Babenko, Philipp Burtyka, O. Makarevich, A. Trepacheva","doi":"10.1145/2799979.2800006","DOIUrl":"https://doi.org/10.1145/2799979.2800006","url":null,"abstract":"The paper considers the problem of organization the computations over encrypted data. This problem has become increasingly important due to the expansion of the cloud computing and the need for suitable measures to protect it. Different primitives were proposed to solve the problem in a limited context, such as garbled circuits, fully homomorphic encryption, functional encryption, secure multiparty computations and so on. However, the development of real secure computing system requires some general theory for organization of secure computing, using a systemic approach. We propose to divide all the functionality that the secure computing system must support into the several layers; the interaction between them would be done through the interfaces. Presented six-layer analytical model under the title \"Secure computing interface stack\" (\"SCIS\") is intended to standardize and facilitate the work of researchers and developers in the field of cryptographically secure computing, i.e. such systems in which the untrusted parties process the sensitive data in encrypted form without decrypting at the any stage of processing. For each layer we outline the problems researchers deal with, reveal a range of issues that must be addressed, and provide a brief overview of the relative works. We survey and compare known secure computation systems analyzing them within our model and derive some new ideas for improvements of existing CSCS.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132507089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DynaDroid: dynamic binary instrumentation based app behavior monitoring framework","authors":"Bharat Buddhdev, R. Bhan, M. Gaur, V. Laxmi","doi":"10.1145/2799979.2800036","DOIUrl":"https://doi.org/10.1145/2799979.2800036","url":null,"abstract":"Android OS market share has made it a feverish target of malicious attacks. Dynamic Binary Instrumentation (DBI) based tools are gaining prominence for behavioral program inspection, feature identification and virtual machine binary code translation. DBI has an advantage of being transparent, i.e. the application under inspection is never modified. In this paper we describe DynaDroid, DBI framework developed to build behavior based binary instrumentation methodology to effectively monitor Android Package (APK) behavior. Unlike the existing behavior monitoring approaches, the proposed DynaDroid reconstructs the Dalvik level and Java level semantics at a time. The proposed dynamic behavior approach can provide base for analyzing the native calls, Dalvik instructions and also generate profile for Java based API activity. We plan to build effective instrumentation framework to detect real malware with lightweight overhead.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134045674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lightweight cryptography: modern development paradigms","authors":"A. Zhukov","doi":"10.1145/2799979.2799981","DOIUrl":"https://doi.org/10.1145/2799979.2799981","url":null,"abstract":"The escalating number of the most various intelligent devices having Internet connection will be the defining direction of development of the Internet for the next years. Already now 98.8% of all manufactured microprocessors are used in the embedded applications and only 1.2% -- in traditional computers. Along with traditional Internet devices, such as personal computers, laptops, smartphones, the Internet access have the devices of household appliances, transport, various sensors (including connected with processing of biometric data, personal information of medical character, etc.), and also the tags of radio-frequency identification (RFID). However there is a basic possibility of using of this technology for unauthorized obtaining of confidential information of personal character. So the former CIA director David Petraeus declared that data from the Internet-connected devices can be used for drawing up the most detailed file on any person. Thus, development information and the Internet of technologies will demand effective implementation of the information security algorithms providing confidentiality and integrity of data. It is obvious that cryptographic methods of information security form a basis of such safety. Feature is that they have to be applied to the most various intelligent devices which because of their activity conditions as well as cost constrains peculiar to mass production, are characterized by rigid restrictions on the used memory resources, computing power, power supplies, etc. that in turn conducts to restrictions on the used technologies and technological decisions. So, for example, strict restrictions are imposed on energy consumption of passive intelligent devices such as radio-frequency tags or contactless smart cards. Other restriction imposed on the hardware is a limit on number of the logical elements used in an algorithm chip. The report examines various approaches to the design of information security algorithms, effective for realization in the conditions of significantly limited resources such as radio-frequency tags, contactless smart cards, sensors, coprocessors for 8-bit processors etc.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125994672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of the impact of ethical issues on the management of the access rights","authors":"André Rifaut, C. Feltus, S. Turki, D. Khadraoui","doi":"10.1145/2799979.2799996","DOIUrl":"https://doi.org/10.1145/2799979.2799996","url":null,"abstract":"Nowadays, the evolution of the information system (IS) is very fast and companies have to manage a very huge amount of sensitive and critical information. Therefore, the information system managers are urged to accurately design their IS and to provide the accurate access rights to this information. In that regards, although the advantage of this strict definition of the IS, we observe that this evolution also tends to reduce and to limit the employees' personal initiatives to act and to behave for the well-being of the company, especially in the case of professional ethical reasons. In this context, this paper takes up the challenge to show to the information security specialists the importance of addressing ethical issues along the management of the access rights and proposes a model-based technical approach to face this problem.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123635482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improvement of treeless signature schemes implementation by random oracle buffering","authors":"M. Anikeev","doi":"10.1145/2799979.2800045","DOIUrl":"https://doi.org/10.1145/2799979.2800045","url":null,"abstract":"This study is devoted to the optimization of implementation of a recent treeless signature scheme called TSS12. It was shown earlier that the most computational complexity of TSS12 signing algorithm is provided by numerous calls to a Gaussian random oracle in undefined number of attempts to find a suitable masking vector. It is shown in this paper that a several hundred byte buffer of pre-generated random data is capable of providing significant acceleration of TSS12 signing algorithm. This fact is believed to be important for digital signature implementation on devices with limited computational capacities, such as wireless sensors.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124681085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The use of mobile devices in authentication","authors":"R. Poet","doi":"10.1145/2799979.2799982","DOIUrl":"https://doi.org/10.1145/2799979.2799982","url":null,"abstract":"The two main problems that make authentication difficult for users have been known for some time and result in a number of coping mechanisms. The first problem is that users need to provide a large number of passwords, leading to password reuse. The second problem is that it is difficult to find passwords and PINS that are both secure and memorable, leading to writing them down. One technical solution to the first problem is to use a password manager, but this gives a large amount of personal information to the organisation providing the password manager, leading to issues of trust. One technical solution to the second problem is to use graphical passwords, but they are less usable because of the long registration process. Mobile devices provide a different environment for authentication, with both advantages and disadvantages. One immediate difference is that these devices are mobile, meaning that authentication can be location based. They usually contain a camera and microphone and some input from these peripherals can also be used in authentication. Another difference is that users typically spend a lot of time with their mobile device, making the registration time for graphical passwords less of a problem, provided it was entertaining enough. Most mobile devices have a touch screen which can also be used to create graphical passwords if necessary. Mobile devices also have drawbacks, mainly that they are easily lost, stolen or accessed by someone else. Also, it is not possible to write a password down on a sticky note and attach it to the screen! Using the memo app or 'fake' contacts is vulnerable to being downloaded. I will talk about work done with Md. Sadek Ferdous on Federated Authentication Systems. We look at ways of giving users control over the attributes that they wish to reveal to the various parties to the system. We also look at aggregating attributes from different providers, creating dynamic federations. This is quite useful for mobile devices where portable personal ID providers can be aware of their context. Whether such systems will actually be adopted depends on the views of the various stakeholders, and I will briefly discuss this issue. I will also talk about work done with Salem Jebriel, Rose English, Hani Aljahdali and Soum Chowdhury on graphical passwords. We have focussed on recognition based graphical passwords, where the user has to recognise the pass-images they provided on registration among other distracter images. They are easier to use than other approaches and so more likely to be adopted. The images can either be created by the user on registration, or selected from a collection provided by the system. Both ways have their advantages and disadvantages. It is possible to quantify how secure each type of system is under a variety of attacks. One attack is to guess which images a person would have created or chosen based on other readily available information about the user. There are interesting effects of cultur","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129778040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Production Model System for Detecting Vulnerabilities in the Software Source Code","authors":"A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov","doi":"10.1145/2799979.2800019","DOIUrl":"https://doi.org/10.1145/2799979.2800019","url":null,"abstract":"This paper is devoted to static analysis of the software code security. We suggest using heuristic static code analysis to detect a full spectrum of vulnerabilities, including backdoors. Production rules are suggested for use to formalize heuristics for detection of vulnerabilities. We developed a conceptual system of production models for detection of a full spectrum of vulnerabilities in the software code. This paper provides examples of heuristic formalization for detection of certain vulnerabilities classified subject to CWE register. It also provides a brief statistics of application of the suggested heuristic analysis in the study of the software code security.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131081873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Access control model D-TBAC subject to the requirements to tasks' performing","authors":"Sergey Lapin","doi":"10.1145/2799979.2800034","DOIUrl":"https://doi.org/10.1145/2799979.2800034","url":null,"abstract":"This article describes the access control model D-TBAC which extends TBAC. The presented model takes into account the requirements for the tasks performance. Model elements, properties, and rules of conditions' transformation are defined formally","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131155322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}