发布求助
文献互助 智能选刊 最新文献

2013 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
The Use and Usefulness of Threats in Goal-Oriented Modelling 面向目标建模中威胁的使用和有用性
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.57
P. H. Meland, Erlend Andreas Gjære, S. Paul
{"title":"The Use and Usefulness of Threats in Goal-Oriented Modelling","authors":"P. H. Meland, Erlend Andreas Gjære, S. Paul","doi":"10.1109/ARES.2013.57","DOIUrl":"https://doi.org/10.1109/ARES.2013.57","url":null,"abstract":"Both goal and threat modelling are well-known activities related to high-level requirements engineering. While goals express why a system is needed, threats tell us why security for our system is needed. Still, you will often find that goals and threats are treated in separate modelling processes, perhaps not being influenced by each other at all. The research question we try to address in here is to what extent should we include threats in goal-oriented modelling? There is for instance a trade-off between expressiveness, usability and usefulness that must be considered. To improve this situation we believe that a well-defined methodology with good tool support will make the modelling process easier, and give a more useful result. In this paper we first give an overview of previous work on the use of threats within goal-modelling. We explain the use of threats within a goal-oriented socio-technical security modelling language and how tool support enables reuse of threats and automatic analysis of threat propagation in the models. This is exemplified with a case study from Air Traffic Management (ATM) from which we extract some of the the practical challenges that we have. We are able to conclude that threats provide a useful foundation and justification for the security requirements we derive from goal modelling, but this should not be considered to be a replacement for risk assessment methods. Having goals and threats before thinking of the technical solutions of a system allows us to raise awareness on situations that are not just exceptions from regular execution flow.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127188957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Experiences and Challenges in Enhancing Security Information and Event Management Capability Using Unsupervised Anomaly Detection 利用无监督异常检测增强安全信息和事件管理能力的经验与挑战
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.86
Stefan Asanger, A. Hutchison
{"title":"Experiences and Challenges in Enhancing Security Information and Event Management Capability Using Unsupervised Anomaly Detection","authors":"Stefan Asanger, A. Hutchison","doi":"10.1109/ARES.2013.86","DOIUrl":"https://doi.org/10.1109/ARES.2013.86","url":null,"abstract":"Security Information and Event Management (SIEM) systems are important components of security and threat management in enterprises. To compensate for the shortcomings of rule-based correlation in this field, there has been an increasing demand for advanced anomaly detection techniques. Such implementations, where prior training data is not required, have been described previously. In this paper, we focus on the requirements for such a system and provide insight into how diverse security events need to be parsed, unified and preprocessed to meet the requirements of unsupervised anomaly detection algorithms. Specific focus is given to the detection of suspicious authentication attempts, password guessing attacks and unusual user account activities in a large-scale Microsoft Windows domain network. In the course of this paper we analyze a comprehensive dataset of 15 million Windows security events from various perspectives using the k-nearest neighbor algorithm. Key considerations on how to effectively apply anomaly detection are proposed in order to produce accurate and convincing results. The effectiveness of our approach is discussed using sample anomalies that were detected in the analyzed data.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127414304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
SHPF: Enhancing HTTP(S) Session Security with Browser Fingerprinting SHPF:使用浏览器指纹增强HTTP(S)会话安全性
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.33
Thomas Unger, M. Mulazzani, Dominik Fruhwirt, Markus Huber, S. Schrittwieser, E. Weippl
{"title":"SHPF: Enhancing HTTP(S) Session Security with Browser Fingerprinting","authors":"Thomas Unger, M. Mulazzani, Dominik Fruhwirt, Markus Huber, S. Schrittwieser, E. Weippl","doi":"10.1109/ARES.2013.33","DOIUrl":"https://doi.org/10.1109/ARES.2013.33","url":null,"abstract":"Session hijacking has become a major problem in today's Web services, especially with the availability of free off-the-shelf tools. As major websites like Facebook, You tube and Yahoo still do not use HTTPS for all users by default, new methods are needed to protect the users' sessions if session tokens are transmitted in the clear. In this paper we propose the use of browser fingerprinting for enhancing current state-of-the-art HTTP(S) session management. Monitoring a wide set of features of the user's current browser makes session hijacking detectable at the server and raises the bar for attackers considerably. This paper furthermore identifies HTML5 and CSS features that can be used for browser fingerprinting and to identify or verify a browser without the need to rely on the User Agent string. We implemented our approach in a framework that is highly configurable and can be added to existing Web applications and server-side session management with ease.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128517139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
A Statistical Approach for Fingerprinting Probing Activities 指纹探测活动的统计方法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.9
E. Bou-Harb, M. Debbabi, C. Assi
{"title":"A Statistical Approach for Fingerprinting Probing Activities","authors":"E. Bou-Harb, M. Debbabi, C. Assi","doi":"10.1109/ARES.2013.9","DOIUrl":"https://doi.org/10.1109/ARES.2013.9","url":null,"abstract":"Probing is often the primary stage of an intrusion attempt that enables an attacker to remotely locate, target, and subsequently exploit vulnerable systems. This paper attempts to investigate whether the perceived traffic refers to probing activities and which exact scanning technique is being employed to perform the probing. Further, this work strives to examine probing traffic dimensions to infer the `machinery' of the scan, whether the probing activity is generated from a software tool or from a worm/bot net and whether the probing is random or follows a certain predefined pattern. Motivated by recent cyber attacks that were facilitated through probing, limited cyber security intelligence related to the mentioned inferences and the lack of accuracy that is provided by scanning detection systems, this paper presents a new approach to fingerprint probing activity. The approach leverages a number of statistical techniques, probabilistic distribution methods and observations in an attempt to understand and analyze probing activities. To prevent evasion, the approach formulates this matter as a change point detection problem that yielded motivating results. Evaluations performed using 55 GB of real dark net traffic shows that the extracted inferences exhibit promising accuracy and can generate significant insights that could be used for mitigation purposes.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"141 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121765953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Dynamic Certification of Cloud Services 云服务动态认证
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.55
Iryna Windhorst, A. Sunyaev
{"title":"Dynamic Certification of Cloud Services","authors":"Iryna Windhorst, A. Sunyaev","doi":"10.1109/ARES.2013.55","DOIUrl":"https://doi.org/10.1109/ARES.2013.55","url":null,"abstract":"Cloud computing introduces several characteristics that challenge the effectiveness of current certification approaches. Particularly, the on-demand, automated, location-independent, elastic, and multi-tenant nature of cloud computing systems is in contradiction with the static, manual, and human process-oriented evaluation and certification process designed for traditional IT systems. Cloud-specific certification processes can improve trust in the cloud computing paradigm, and can lead to the wide adoption of cloud services in enterprises by mastery of uncertainty, lack of transparency, and trust. Through third party evaluation cloud customers could receive more unbiased information about cloud-based services and security measures implemented as well as they could compare different cloud service providers much easier. Common certificates are a backward look at the fulfillment of technical and organizational measures at the time of issue and therefore represent a snapshot. This creates a gap between the common certification of one to three years and the high dynamics of the market for cloud services and providers. The proposed dynamic certification approach adopts the common certification process to the increased flexibility and dynamics of cloud computing environments through using of automation potential of security controls and continuous proof of the certification status. Dynamic certification is based on a new semi-automated certification process and the continuous monitoring of critical parameters of cloud services.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121802882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation 业务流程模型和符号中安全方面的分析与评价
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.34
Maria Leitner, Michelle Miller, S. Rinderle-Ma
{"title":"An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation","authors":"Maria Leitner, Michelle Miller, S. Rinderle-Ma","doi":"10.1109/ARES.2013.34","DOIUrl":"https://doi.org/10.1109/ARES.2013.34","url":null,"abstract":"Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models is of utmost importance for many purposes such as communication, training, and later automation within a process-aware information system. If users do not understand the security concepts, this might lead to restricted acceptance or even misinterpretation and possible security problems in the sequel. In this paper, we evaluate existing security extensions of Business Process Model and Notation (BPMN) as BPMN constitutes the de facto standard in business modeling languages nowadays. The evaluation is conducted along two lines, i.e., a literature study and a survey. The findings of both evaluations identify shortcomings and open questions of existing approaches. This will yield the basis to convey security-related information within business process models in a comprehensible way and consequently, unleash the full effects of security modeling in business processes.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114141747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Towards a Risk Based Assessment of QoS Degradation for Critical Infrastructure 基于风险的关键基础设施QoS退化评估
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.71
Moussa Ouedraogo, M. Khodja, D. Khadraoui
{"title":"Towards a Risk Based Assessment of QoS Degradation for Critical Infrastructure","authors":"Moussa Ouedraogo, M. Khodja, D. Khadraoui","doi":"10.1109/ARES.2013.71","DOIUrl":"https://doi.org/10.1109/ARES.2013.71","url":null,"abstract":"In this paper, we first present an attack-graph based estimation of security risk and its aggregation from lower level components to an entire service. We then presents an initiative towards appreciating how the quality of service (QoS) parameters of a service may be affected as a result of fluctuations in the cyber security risk level. Because the service provided by critical infrastructure is often vital, providing an approach that enables the operator to foresee any QoS degradation as a result of a security event is paramount. We provide an illustration of the risk estimation approach along with a description of an initial prototype developed using a multi-agent platform.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132429035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Hiding Privacy Leaks in Android Applications Using Low-Attention Raising Covert Channels 在Android应用程序中使用低注意力隐蔽通道隐藏隐私泄漏
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.92
Jean-François Lalande, S. Wendzel
{"title":"Hiding Privacy Leaks in Android Applications Using Low-Attention Raising Covert Channels","authors":"Jean-François Lalande, S. Wendzel","doi":"10.1109/ARES.2013.92","DOIUrl":"https://doi.org/10.1109/ARES.2013.92","url":null,"abstract":"Covert channels enable a policy-breaking communication not foreseen by a system's design. Recently, covert channels in Android were presented and it was shown that these channels can be used by malware to leak confidential information (e.g., contacts) between applications and to the Internet. Performance aspects as well as means to counter these covert channels were evaluated. In this paper, we present novel covert channel techniques linked to a minimized footprint to achieve a high covertness. Therefore, we developed a malware that slowly leaks collected private information and sends it synchronously based on four covert channel techniques. We show that some of our covert channels do not require any extra permission and escape well know detection techniques like TaintDroid. Experimental results confirm that the obtained throughput is correlated to the user interaction and show that these new covert channels have a low energy consumption - both aspects contribute to the stealthiness of the channels. Finally, we discuss concepts for novel means capable to counter our covert channels and we also discuss the adaption of network covert channel features to Android-based covert channels.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132735354","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Minimizing the Costs of Side-Channel Analysis Resistance Evaluations in Early Design Steps 在早期设计步骤中最小化侧通道分析阻力评估的成本
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.24
Thomas Korak, Thomas Plos, A. Zankl
{"title":"Minimizing the Costs of Side-Channel Analysis Resistance Evaluations in Early Design Steps","authors":"Thomas Korak, Thomas Plos, A. Zankl","doi":"10.1109/ARES.2013.24","DOIUrl":"https://doi.org/10.1109/ARES.2013.24","url":null,"abstract":"Evaluating the side-channel analysis (SCA) resistance of an implementation is often a challenging task for a chip designer. Reducing the time required for evaluation allows faster redesign cycles and lowers consequently also product costs. In this work we present several ways to speed up the evaluation of implementations of symmetric cryptographic primitives according to their resistance against SCA attacks. We cover the recording of the traces, the preprocessing steps as well as mitigation techniques for implemented countermeasures. The focus in this work is put on constrained devices, e.g., for radio-frequency identification applications, so only a subset of common countermeasures is covered. In a practical example we show how to speed up the SCA resistance evaluation of an application-specific integrated circuit (ASIC) chip for near-field communication (NFC) applications. The chip has the Advanced Encryption Standard (AES) with two countermeasures implemented: the random insertion of dummy rounds and shuffling. During our evaluation we found ways to mitigate the impact of both countermeasures. Our mitigation techniques show the importance of practically performing SCA attacks on prototypes in order to identify small leakages which might be used to enhance an attack. Altogether we are able to decrease the number of required traces for revealing the secret AES key from more than 3.1*10^6 to less than 20000 which corresponds to a reduction of the evaluation time from 16 days to less than 3 hours.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133626809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Genetic Algorithm and Data Mining Techniques for Design Selection in Databases 数据库设计选择的遗传算法和数据挖掘技术
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.98
C. Koukouvinos, C. Parpoula, D. Simos
{"title":"Genetic Algorithm and Data Mining Techniques for Design Selection in Databases","authors":"C. Koukouvinos, C. Parpoula, D. Simos","doi":"10.1109/ARES.2013.98","DOIUrl":"https://doi.org/10.1109/ARES.2013.98","url":null,"abstract":"Nowadays, variable selection is fundamental to large dimensional statistical modelling problems, since large databases exist in diverse fields of science. In this paper, we benefit from the use of data mining tools and experimental designs in databases in order to select the most relevant variables for classification in regression problems in cases where observations and labels of a real-world dataset are available. Specifically, this study is of particular interest to use health data to identify the most significant variables containing all the necessary important information for classification and prediction of new data with respect to a certain effect (survival or death). The main goal is to determine the most important variables using methods that arise from the field of design of experiments combined with algorithmic concepts derived from data mining and metaheuristics. Our approach seems promising, since we are able to retrieve an optimal plan using only 6 runs of the available 8862 runs.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127886132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信