发布求助
文献互助 智能选刊 最新文献

Proceedings of the 17th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments 最优网络安全防御策略和投资的博弈论方法
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544431
Ioannis Kalderemidis, Aristeidis Farao, Panagiotis Bountakas, S. Panda, C. Xenakis
{"title":"GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments","authors":"Ioannis Kalderemidis, Aristeidis Farao, Panagiotis Bountakas, S. Panda, C. Xenakis","doi":"10.1145/3538969.3544431","DOIUrl":"https://doi.org/10.1145/3538969.3544431","url":null,"abstract":"Investments on cybersecurity are essential for organizations to protect operational activities, develop trust relationships with clients, and maintain financial stability. A cybersecurity breach can lead to financial losses as well as to damage the reputation of an organization. Protecting an organization from cyber attacks demands considerable investments; however, it is known that organisations unequally divide their budget between cybersecurity and other technological needs. Organizations must consider cybersecurity measures, including but not limited to security controls, in their cybersecurity investment plans. Nevertheless, designing an effective cybersecurity investment plan to optimally distribute the cybersecurity budget is a primary concern. This paper presents GTM, a methodology depicted as a tool dedicated to providing optimal cybersecurity defense strategies and investment plans. GTM utilizes attack graphs to predict all possible cyber attacks, game theory to simulate the cyber attacks and 0-1 Knapsack to optimally allocate the budget. The output of GTM is an optimal cybersecurity strategy that includes security controls to protect the organisation against potential cyber attacks and enhance its cyber defenses. Furthermore, GTM’s effectiveness is evaluated against three use cases and compared against different attacker types under various scenarios.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124422552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Analyzing Coverages of Cyber Insurance Policies Using Ontology 利用本体分析网络保险保单的覆盖范围
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544453
Markos Charalambous, Aristeidis Farao, George Kalatzantonakis, Panagiotis Kanakakis, Nikos Salamanos, Evangelos E. Kotsifakos, Evangellos Froudakis
{"title":"Analyzing Coverages of Cyber Insurance Policies Using Ontology","authors":"Markos Charalambous, Aristeidis Farao, George Kalatzantonakis, Panagiotis Kanakakis, Nikos Salamanos, Evangelos E. Kotsifakos, Evangellos Froudakis","doi":"10.1145/3538969.3544453","DOIUrl":"https://doi.org/10.1145/3538969.3544453","url":null,"abstract":"In an era where all the transactions, businesses and services are becoming digital and online, the data assets and the services protection are of utmost importance. Cyber-insurance companies are offering a wide range of coverages, but they also have exclusions. Customers of these companies need to be able to understand the terms and conditions of the related contracts and furthermore they need to be able to compare various offerings in order to determine the most appropriate solutions for their needs. The research in the area is very limited while at the same time the related market is growing, giving every potential solution a high value. In this paper, we propose a methodology and a prototype system that will help customers to compare contracts based on a pre-defined ontology that is describing cyber-insurance terms. After a first preliminary analysis and validation, our approach accuracy is averaging at almost 50%, giving a promising initial evaluation. Fine tuning, larger data set assessment and ontology refinement will be our next steps to improve the accuracy of our tool. Real user evaluation will follow, in order to evaluate the tool in real world cases.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116937606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing Themis:无服务器计算中微服务交互的安全去中心化框架
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3538983
Angeliki Aktypi, Dimitris Karnikis, N. Vasilakis, Kasper Bonne Rasmussen
{"title":"Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing","authors":"Angeliki Aktypi, Dimitris Karnikis, N. Vasilakis, Kasper Bonne Rasmussen","doi":"10.1145/3538969.3538983","DOIUrl":"https://doi.org/10.1145/3538969.3538983","url":null,"abstract":"In serverless computing, applications are composed of stand-alone microservices that are invoked and scale up independently. Peer-to-peer protocols can be used to enable decentralized communication among the services that compose each application. This paper presents Themis, a framework for secure service-to-service interaction targeting these environments and the underlying service mesh architectures. Themis builds on a notion of decentralized identity management to allow confidential and authenticated service-to-service interaction without the need for a centralized certificate authority. Themis adopts a layered architecture. Its lower layer forms a core communication protocol pair that offers strong security guarantees without depending on a centralized point of authority. Building on this pair, an upper layer provides a series of actions related to communication and identifier management—e.g., store, find, and join. This paper analyzes the security properties of Themis’s protocol suite and shows how it provides a decentralized and flexible communication platform. The evaluation of our Themis prototype targeting serverless applications written in JavaScript shows that these security benefits come with small runtime latency and throughput overheads, and modest startup overheads.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126105722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Automatic online quantification and prioritization of data protection risks 数据保护风险自动在线量化和优先级排序
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3539005
Sascha Sven Zmiewski, Jan Laufer, Z. Mann
{"title":"Automatic online quantification and prioritization of data protection risks","authors":"Sascha Sven Zmiewski, Jan Laufer, Z. Mann","doi":"10.1145/3538969.3539005","DOIUrl":"https://doi.org/10.1145/3538969.3539005","url":null,"abstract":"Data processing systems operate in increasingly dynamic environments, such as in cloud or edge computing. In such environments, changes at run time can result in the dynamic appearance of data protection vulnerabilities, i.e., configurations in which an attacker could gain unauthorized access to confidential data. An autonomous system can mitigate such vulnerabilities by means of automated self-adaptations. If there are several data protection vulnerabilities at the same time, the system has to decide which ones to address first. In other areas of cybersecurity, risk-based approaches have proven useful for prioritizing where to focus efforts for increasing security. Traditionally, risk assessment is a manual and time-consuming process. On the other hand, addressing run-time risks requires timely decision-making, which in turn necessitates automated risk assessment. In this paper, we propose a mathematical model for quantifying data protection risks at run time. This model accounts for the specific properties of data protection risks, such as the time it takes to exploit a data protection vulnerability and the damage caused by such exploitation. Using this risk quantification, our approach can make, in an automated process, sound decisions on prioritizing data protection vulnerabilities dynamically. Experimental results show that our risk prioritization method leads to a reduction of up to 15.8% in the damage caused by data protection vulnerabilities.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123316060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Job Adverts Analyzer for Cybersecurity Skills Needs Evaluation 网络安全技能需求评估的招聘广告分析器
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3543821
Sara Ricci, Marek Sikora, Simon Parker, I. Lendák, Yianna Danidou, Argyro Chatzopoulou, Rémi Badonnel, Donatas Alksnys
{"title":"Job Adverts Analyzer for Cybersecurity Skills Needs Evaluation","authors":"Sara Ricci, Marek Sikora, Simon Parker, I. Lendák, Yianna Danidou, Argyro Chatzopoulou, Rémi Badonnel, Donatas Alksnys","doi":"10.1145/3538969.3543821","DOIUrl":"https://doi.org/10.1145/3538969.3543821","url":null,"abstract":"This article presents a new free web-based application, the Cybersecurity Job Ads Analyzer, which has been created to collect and analyse job adverts using a machine learning algorithm. This algorithm enables the detection of the skills required in advertised cybersecurity work positions. The application is both interactive and dynamic allowing for automated analyses and for the underlying database of job adverts to be easily updated. Through the Cybersecurity Job Ads Analyzer, it is possible to explore the skills required over time, and thereby enable academia and other training providers to better understand and address the needs of the industry. We will describe in detail the user interface and technical background of the application, as well as highlight the preliminary statistical results we have obtained from analysing the current database of job adverts.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126950620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Revisiting a Privacy-Preserving Location-based Service Protocol using Edge Computing 基于边缘计算的隐私保护位置服务协议研究
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544432
S. Upadhyaya, S. Vivek
{"title":"Revisiting a Privacy-Preserving Location-based Service Protocol using Edge Computing","authors":"S. Upadhyaya, S. Vivek","doi":"10.1145/3538969.3544432","DOIUrl":"https://doi.org/10.1145/3538969.3544432","url":null,"abstract":"Location-based services are getting more popular day by day. Finding nearby stores, proximity-based marketing, on-road service assistance, etc., are some of the services that use location-based services. In location-based services, user information like user identity, user query, and location must be protected. Ma et al. (INFOCOM-BigSecurity 2019) proposed a privacy-preserving location-based service using Somewhat Homomorphic Encryption (SHE). Their protocol uses edge nodes that compute on SHE encrypted location data and determines the k-nearest points of interest contained in the Location-based Server (LBS) without revealing the original user coordinates to LBS, hence, ensuring privacy of users locations. In this work, we show that the above protocol by Ma et al. has a critical flaw. In particular, we show that their secure comparison protocol has a correctness issue in that it will not lead to correct comparison. A major consequence of this flaw is that straightforward approaches to fix this issue will make their protocol insecure. Namely, the LBS will be able to recover the actual locations of the users in each and every query.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115588897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SoK: How private is Bitcoin? Classification and Evaluation of Bitcoin Privacy Techniques SoK:比特币有多私密?比特币隐私技术的分类与评价
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3538971
Simin Ghesmati, W. Fdhila, E. Weippl
{"title":"SoK: How private is Bitcoin? Classification and Evaluation of Bitcoin Privacy Techniques","authors":"Simin Ghesmati, W. Fdhila, E. Weippl","doi":"10.1145/3538969.3538971","DOIUrl":"https://doi.org/10.1145/3538969.3538971","url":null,"abstract":"Blockchain is a disruptive technology that promises a multitude of benefits, such as transparency, traceability, and immutability. However, this unique bundle of key characteristics has proved to be a double-edged sword that can put users’ privacy at risk. Unlike in traditional systems, Bitcoin transactions are publicly and permanently recorded, and anyone can access the full history of the records. Despite using pseudonymous identities, an adversary can undermine users’ financial privacy and reveal their actual identities by using advanced heuristics and techniques to identify possible links between transactions, senders, receivers, and consumed services (e.g., online purchases). Hence, a multitude of approaches has been proposed to reduce financial transparency and enhance users’ anonymity. These techniques range from mixing services to off-chain transactions that address different privacy issues. In this paper, we particularly focus on comparing and evaluating privacy techniques in the Bitcoin blockchain (which can be applied in (Unspent Transaction Output (UTXO) based blockchains), present their limitations, and highlight new challenges.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122028419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Security of Smart Grid Networks in the Cyber Ranges 网络范围内智能电网的安全
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3543801
Tomáš Lieskovan, J. Hajny
{"title":"Security of Smart Grid Networks in the Cyber Ranges","authors":"Tomáš Lieskovan, J. Hajny","doi":"10.1145/3538969.3543801","DOIUrl":"https://doi.org/10.1145/3538969.3543801","url":null,"abstract":"Smart meters are increasingly a part of everyday households. These smart meters allow remote reading of the energy but also remote disconnection of the point of consumption from the energy supply. As these devices are part of the critical infrastructure of the country, the security of these devices needs to be tested and the relevant personnel trained. We would like to contribute to the scientific community by bringing practical experience from smart meter testing into the Cyber Range virtual environment. In this environment, professionals working with smart meters can be trained and smart meter safety tests can be performed. This paper presents common smart meter vulnerabilities and their demonstration in the Cyber Range environment. The article includes a sample description of scenario for testing so anyone can try it.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122222964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Classifying the factors affecting the adoption of the SDN-microSENSE innovations 对影响采用SDN-microSENSE创新的因素进行分类
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544481
Theodoros Rokkas, I. Neokosmidis
{"title":"Classifying the factors affecting the adoption of the SDN-microSENSE innovations","authors":"Theodoros Rokkas, I. Neokosmidis","doi":"10.1145/3538969.3544481","DOIUrl":"https://doi.org/10.1145/3538969.3544481","url":null,"abstract":"This paper presents the results of a survey conducted in order to identify the most critical factors that can affect the market adoption of the innovations developed in the H2020 R&I project SDN-microSENSE. A hierarchy of the main criteria and sub-criteria was created using the Fuzzy Analytical Hierarchy Process method and experts in the area expressed their preferences through a web-based survey. The results of this process provide an insight on the expert's vision regarding the importance of the factors that are crucial for the adoption of cyber-security solution in the Electrical Power and Energy Systems domain.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128211988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Combining Variational Autoencoders and Transformer Language Models for Improved Password Generation 结合变分自编码器和转换语言模型改进密码生成
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3539000
D. Biesner, K. Cvejoski, R. Sifa
{"title":"Combining Variational Autoencoders and Transformer Language Models for Improved Password Generation","authors":"D. Biesner, K. Cvejoski, R. Sifa","doi":"10.1145/3538969.3539000","DOIUrl":"https://doi.org/10.1145/3538969.3539000","url":null,"abstract":"Password generation techniques have recently been explored by leveraging deep-learning natural language processing (NLP) algorithms. Previous work has raised the state of the art for password guessing algorithms significantly, by approaching the problem using either variational autoencoders with CNN-based encoder and decoder architectures or transformer-based architectures (namely GPT2) for text generation. In this work we aim to combine both paradigms, introducing a novel architecture that leverages the expressive power of transformers with the natural sampling approach to text generation of variational autoencoders. We show how our architecture generates state-of-the-art results in password matching performance across multiple benchmark datasets.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128981575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信