发布求助
文献互助 智能选刊 最新文献

2013 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Cuteforce Analyzer: A Distributed Bruteforce Attack on PDF Encryption with GPUs and FPGAs 蛮力分析器:基于gpu和fpga的PDF加密分布式蛮力攻击
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.94
Bianca Danczul, Jürgen Fuß, Stefan Gradinger, Bernhard Greslehner-Nimmervoll, Wolfgang Kastl, Florian Wex
{"title":"Cuteforce Analyzer: A Distributed Bruteforce Attack on PDF Encryption with GPUs and FPGAs","authors":"Bianca Danczul, Jürgen Fuß, Stefan Gradinger, Bernhard Greslehner-Nimmervoll, Wolfgang Kastl, Florian Wex","doi":"10.1109/ARES.2013.94","DOIUrl":"https://doi.org/10.1109/ARES.2013.94","url":null,"abstract":"Working on cryptanalytic tasks using a heterogeneous cluster with different types of processors (CPU, GPU, FPGA) can be an advantage over classical homogeneous clusters. In this paper we demonstrate that distributing crypt analytics tasks to different types of processors can lead to better performance than can be achieved using a single type of processor. To this end we have built a framework for the management of a heterogeneous cluster and implented a password brute forcer for password protected PDF documents. Our results show that such a framework can be implemented with little overhead in terms of performance.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126754218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Shared Crowds: A Token-Ring Approach to Hide the Receiver 共享人群:一种隐藏接收者的令牌环方法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.51
R. Wigoutschnigg, P. Schartner, S. Rass
{"title":"Shared Crowds: A Token-Ring Approach to Hide the Receiver","authors":"R. Wigoutschnigg, P. Schartner, S. Rass","doi":"10.1109/ARES.2013.51","DOIUrl":"https://doi.org/10.1109/ARES.2013.51","url":null,"abstract":"Because of the intensive usage of the internet and services provided over the world wide web, the privacy of the users is threatened by various attacks. This paper shows how to build a protocol for anonymous data transmission, with the primary focus on hiding the identity of the receiver (receiver anonymity), using multi path transmission and secret sharing. This protocol extends the crowds system by Reiter and Rubin, which only weakly hides the identity of the receiver. Due to the use of a circular channel topology the receiver is hidden even if timing attacks are mounted. Additionally this protocol gives the participating nodes the possibility to detect active attacks during the channel setup phase. Another positive aspect is the ability to handle some kind of node failures by repairing the virtual channel.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126938248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Bootstrapping Approach for Developing a Cyber-security Ontology Using Textbook Index Terms 利用教科书索引术语开发网络安全本体的自举方法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.75
Arwa M. Wali, Soon Ae Chun, J. Geller
{"title":"A Bootstrapping Approach for Developing a Cyber-security Ontology Using Textbook Index Terms","authors":"Arwa M. Wali, Soon Ae Chun, J. Geller","doi":"10.1109/ARES.2013.75","DOIUrl":"https://doi.org/10.1109/ARES.2013.75","url":null,"abstract":"Developing a domain ontology with concepts and relationships between them is a challenge, since knowledge engineering is a labor intensive process that can be a bottleneck and is often not scalable. Developing a cyber-security ontology is no exception. A security ontology can improve search for security learning resources that are scattered in different locations in different formats, since it can provide a common controlled vocabulary to annotate the resources with consistent semantics. In this paper, we present a bootstrapping method for developing a cyber-security ontology using both a security textbook index that provides a list of terms in the security domain and an existing security ontology as a scaffold. The bootstrapping approach automatically extracts the textbook index terms (concepts), derives a relationship to a concept in the security ontology for each and classifies them into the existing security ontology. The bootstrapping approach relies on the exact and approximate similarity matching of concepts as well as the category information obtained from external sources such as Wikipedia. The results show feasibility of our method to develop a more comprehensive and scalable cyber-security ontology with rich concepts from a textbook index. We provide criteria used to select a scaffold ontology among existing ontologies. The current approach can be improved by considering synonyms, deep searching in Wikipedia categories, and domain expert validation.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129490444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Towards Harmonising the Legislative, Regulatory, and Standards-Based Framework for ATM Security: Developing a Software Support Tool 迈向协调ATM安全的立法、监管和标准框架:开发软件支持工具
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.105
R. Koelle, W. Strijland, Stefan Roels
{"title":"Towards Harmonising the Legislative, Regulatory, and Standards-Based Framework for ATM Security: Developing a Software Support Tool","authors":"R. Koelle, W. Strijland, Stefan Roels","doi":"10.1109/ARES.2013.105","DOIUrl":"https://doi.org/10.1109/ARES.2013.105","url":null,"abstract":"This research-in-progress paper addresses the elementary capabilities and underlying challenges pertaining to the development of a software tool to support the identification and harmonisation of legislation, regulation, standards, and best practices for ATM Security. The consistent application of ATM Security requirements throughout the SESAR Joint Undertaking Work Programme is a challenge. There is a need to provide a tool for security experts, concept developers and technical experts to ensure compliance with the underlying framework for ATM Security. The software tool described in this paper addresses this issue. In particular, it supports functions that allow for the extraction, categorisation, association, and harmonisation of the rules imposed by the framework. The approach and challenges to the design of the envisaged tool capabilities are outlined. Initial lessons learnt are presented based on the findings at the current prototyping stage. It is reasoned that the feasibility stage is completed and that further development can adhere to the identified capabilities and design outline. User interaction specification and development will be facilitated with an iterative user-based agile software development process.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126059637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Estimating Software Vulnerabilities: A Case Study Based on the Misclassification of Bugs in MySQL Server 软件漏洞评估:基于MySQL服务器错误分类的案例研究
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.14
Jason L. Wright, Jason W. Larsen, M. McQueen
{"title":"Estimating Software Vulnerabilities: A Case Study Based on the Misclassification of Bugs in MySQL Server","authors":"Jason L. Wright, Jason W. Larsen, M. McQueen","doi":"10.1109/ARES.2013.14","DOIUrl":"https://doi.org/10.1109/ARES.2013.14","url":null,"abstract":"Software vulnerabilities are an important part of the modern software economy. Being able to accurately classify software defects as a vulnerability, or not, allows developers and end users to expend appropriately more effort on fixing those defects which have security implications. However, we demonstrate in this paper that the expected number of misclassified bugs (those not marked as also being vulnerabilities) may be quite high and thus human efforts to classify bug reports as vulnerabilities appears to be quite ineffective. We conducted an experiment using the MySQL bug report database to estimate the number of misclassified bugs yet to be identified as vulnerabilities. The MySQL database server versions we evaluated currently have 76 publicly reported vulnerabilities. Yet our experimental results show, with 95% confidence, that the MySQL bug database has between 499 and 587 misclassified bugs for the same software. This is an estimated increase of vulnerabilities between657% and 772% over the number currently identified and publicly reported in the National Vulnerability Database and the Open Source Vulnerability Database.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121826074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Privacy Panel: Usable and Quantifiable Mobile Privacy 隐私小组:可用和可量化的移动隐私
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-01 DOI: 10.1109/ARES.2013.29
Debmalya Biswas, I. Aad, G. P. Perrucci
{"title":"Privacy Panel: Usable and Quantifiable Mobile Privacy","authors":"Debmalya Biswas, I. Aad, G. P. Perrucci","doi":"10.1109/ARES.2013.29","DOIUrl":"https://doi.org/10.1109/ARES.2013.29","url":null,"abstract":"The ever increasing popularity of apps stems from their ability to provide highly customized services to the user. The flip side is that in order to provide such services, apps need access to very sensitive private information about the user. This leads to malicious apps that collect personal user information in the background and exploit it in various ways. Studies have shown that current app vetting processes which are mainly restricted to install time verification mechanisms are incapable of detecting and preventing such attacks. We argue that the missing fundamental aspect here is a comprehensive and usable mobile privacy solution, one that not only protects the user's location information, but also other equally sensitive user data such as the user's contacts and documents. A solution that is usable by the average user who does not understand or care about the low level technical details. To bridge this gap, we propose privacy metrics that quantify low-level app accesses in terms of privacy impact and transforms them to high-level user understandable ratings. We also provide the design and architecture of our Privacy Panel app that represents the computed ratings in a graphical user-friendly format and allows the user to define policies based on them. Finally, experimental results are given to validate the scalability of the proposed solution.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"202 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130238257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
The Ontology of Metrics for Security Evaluation and Decision Support in SIEM Systems SIEM系统中安全评估与决策支持的度量本体
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-01 DOI: 10.1109/ARES.2013.84
Igor Kotenko, Olga Polubelova, I. Saenko, E. Doynikova
{"title":"The Ontology of Metrics for Security Evaluation and Decision Support in SIEM Systems","authors":"Igor Kotenko, Olga Polubelova, I. Saenko, E. Doynikova","doi":"10.1109/ARES.2013.84","DOIUrl":"https://doi.org/10.1109/ARES.2013.84","url":null,"abstract":"Analysis of computer network security is a serious challenge. Many security metrics has been proposed for this purpose, but their effective use for rapid and reliable security evaluation and generation of countermeasures in SIEM systems remains an important problem. The use of ontologies for security information representation in SIEM systems contributes largely to the success of this task. However, most of works on ontological security data representation does not take into account the ontologies of security metrics. This paper proposes a new approach on using security metrics which is based on their ontological representation and serves for comprehensive security evaluation and subsequent countermeasure generation. The novelty of the proposed approach is that ontology of security metrics is viewed as a core component of a countermeasure decision support system. The proposed solutions are tested on a specific example.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125500080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
ANANAS - A Framework for Analyzing Android Applications ANANAS -一个分析Android应用程序的框架
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-07-20 DOI: 10.1109/ARES.2013.93
Thomas Eder, Michael Rodler, Dieter Vymazal, M. Zeilinger
{"title":"ANANAS - A Framework for Analyzing Android Applications","authors":"Thomas Eder, Michael Rodler, Dieter Vymazal, M. Zeilinger","doi":"10.1109/ARES.2013.93","DOIUrl":"https://doi.org/10.1109/ARES.2013.93","url":null,"abstract":"Android is an open software platform for mobile devices with a large market share in the smart phone sector. The openness of the system as well as its wide adoption lead to an increasing amount of malware developed for this platform. ANANAS is an expandable and modular framework for analyzing Android applications. It takes care of common needs for dynamic malware analysis and provides an interface for the development of plugins. Adaptability and expandability have been main design goals during the development process. An abstraction layer for simple user interaction and phone event simulation is also part of the framework. It allows an analyst to script the required user simulation or phone events on demand or adjust the simulation to his needs. Six plugins have been developed for ANANAS. They represent well known techniques for malware analysis, such as system call hooking and network traffic analysis. The focus clearly lies on dynamic analysis, as five of the six plugins are dynamic analysis methods.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133887501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
A Grammatical Inference Approach to Language-Based Anomaly Detection in XML XML中基于语言的异常检测的语法推理方法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-06-25 DOI: 10.1109/ARES.2013.90
Harald Lampesberger
{"title":"A Grammatical Inference Approach to Language-Based Anomaly Detection in XML","authors":"Harald Lampesberger","doi":"10.1109/ARES.2013.90","DOIUrl":"https://doi.org/10.1109/ARES.2013.90","url":null,"abstract":"False-positives are a problem in anomaly-based intrusion detection systems. To counter this issue, we discuss anomaly detection for the extensible Markup Language (XML) in a language-theoretic view. We argue that many XML-based attacks target the syntactic level, i.e. the tree structure or element content, and syntax validation of XML documents reduces the attack surface. XML offers so-called schemas for validation, but in real world, schemas are often unavailable, ignored or too general. In this work-in-progress paper we describe a grammatical inference approach to learn an automaton from example XML documents for detecting documents with anomalous syntax. We discuss properties and expressiveness of XML to understand limits of learn ability. Our contributions are an XML Schema compatible lexical data type system to abstract content in XML and an algorithm to learn visibly pushdown automata (VPA) directly from a set of examples. The proposed algorithm does not require the tree representation of XML, so it can process large documents or streams. The resulting deterministic VPA then allows stream validation of documents to recognize deviations in the underlying tree structure or data types.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127788911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
The Transitivity-of-Trust Problem in Android Application Interaction Android应用交互中的传递性信任问题
2013 International Conference on Availability, Reliability and Security Pub Date : 1900-01-01 DOI: 10.1109/ARES.2013.39
Steffen Bartsch, Bernhard J. Berger, Michaela Bunke, K. Sohr
{"title":"The Transitivity-of-Trust Problem in Android Application Interaction","authors":"Steffen Bartsch, Bernhard J. Berger, Michaela Bunke, K. Sohr","doi":"10.1109/ARES.2013.39","DOIUrl":"https://doi.org/10.1109/ARES.2013.39","url":null,"abstract":"Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for end users, while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent manner. In this paper, we propose to employ static analysis, based on the software architecture and focused on data-flow analysis, to detect information flows between components. Specifically, we aim to reveal transitivity-of-trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with two Android applications.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114109865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信