发布求助
文献互助 智能选刊 最新文献

Proceedings of the 17th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Applying a cryptographic metric to post-quantum lattice-based signature algorithms 将密码度量应用于后量子格签名算法
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544438
Markus Rautell, Outi-Marja Latvala, V. Vallivaara, Kimmo Halunen
{"title":"Applying a cryptographic metric to post-quantum lattice-based signature algorithms","authors":"Markus Rautell, Outi-Marja Latvala, V. Vallivaara, Kimmo Halunen","doi":"10.1145/3538969.3544438","DOIUrl":"https://doi.org/10.1145/3538969.3544438","url":null,"abstract":"Measuring the security of cryptographic systems is not a simple task. Nevertheless, there is an increasing need for a cryptographic metric which could assist in decision making when choosing between various candidates. The National Institute of Standards and Technology (NIST) has launched a process to standardize quantum-resistance public key encryption, key encapsulation and digital signature algorithms. This is NIST’s response to the threat posed by quantum computers against classical public key cryptography. In this paper, we apply a metric taxonomy, produced by earlier studies, to two NIST third round finalist digital signature algorithms Dilithium and Falcon in order to asses the effectiveness and extensiveness of the metric. Although, our results show that clear differences can be found with used metrics, we propose some improvements to them to allow more comprehensive analysis.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122530567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Performance Evaluation of DTLS Implementations on RIOT OS for Internet of Things Applications 面向物联网应用的RIOT操作系统DTLS实现性能评估
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544470
Karol Rzepka, Przemysław Szary, Krzysztof Cabaj, W. Mazurczyk
{"title":"Performance Evaluation of DTLS Implementations on RIOT OS for Internet of Things Applications","authors":"Karol Rzepka, Przemysław Szary, Krzysztof Cabaj, W. Mazurczyk","doi":"10.1145/3538969.3544470","DOIUrl":"https://doi.org/10.1145/3538969.3544470","url":null,"abstract":"The popularity, variety, and number of Internet of Things (IoT) devices and solutions have been increasing significantly with each passing year. This diversity of devices, and limited computational, memory, and battery resources make it difficult to apply effective security solutions. That is why dedicated mechanisms for the protection of IoT-based transmissions are developed. One of the most popular solutions is Datagram Transport Layer Security (DTLS), which allows securing datagram-based applications. In this paper, we investigate how efficient the three currently available DTLS implementations provided by the RIOT Operating System are. Based on the results obtained, interested parties can choose the DTLS module that has the best performance for the chosen IoT application.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122645576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Adding European Cybersecurity Skills Framework into Curricula Designer 在课程设计中加入欧洲网络安全技能框架
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3543799
J. Hajny, Marek Sikora, A. Grammatopoulos, Fabio Di Franco
{"title":"Adding European Cybersecurity Skills Framework into Curricula Designer","authors":"J. Hajny, Marek Sikora, A. Grammatopoulos, Fabio Di Franco","doi":"10.1145/3538969.3543799","DOIUrl":"https://doi.org/10.1145/3538969.3543799","url":null,"abstract":"We present the updated version of the Curricula Designer, a tool that is devoted to helping study program administrators and education providers to create cybersecurity curricula that are modern and reflect the needs of the job market. Our main contribution is the inclusion of the European Cybersecurity Skills Framework (ECSF) developed by ENISA to the Curricula Designer. The ECSF makes it possible to directly link knowledge and skills with professional profiles, which in turn reflect actual work roles on the job market. By adding ECSF to the Curricula Designer, we get a simple yet powerful tool that helps to identify the right content of cybersecurity curricula using rigorous, deterministic methods, applicable at any higher education provider. At the time of the paper submission, the Curricula Designer is the first practical application that is based on ECSF. However, due to its focus on practicality, usability and simplicity, we expect ECSF to become the dominant framework for cybersecurity knowledge and skills identification in Europe.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124974603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
DevSecOps In Embedded Systems: An Empirical Study Of Past Literature 嵌入式系统中的DevSecOps:对过去文献的实证研究
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544451
Hasan Yasar, Sam E Teplov
{"title":"DevSecOps In Embedded Systems: An Empirical Study Of Past Literature","authors":"Hasan Yasar, Sam E Teplov","doi":"10.1145/3538969.3544451","DOIUrl":"https://doi.org/10.1145/3538969.3544451","url":null,"abstract":"Over the last decade, DevSecOps principles have gained widespread acceptance, replacing many traditional approaches to software development. DevSecOps has helped developers shorten the overall software development life cycle, and as a result, decreased the time to market. Following the broad success of DevSecOps, the next logical progression is to apply DevSecOps principles to other fields to achieve similar results, such as embedded systems. While embedded systems practices may stand to benefit greatly from the inclusion of DevSecOps principles, the field offers many new and unique challenges that have not been faced with traditional software systems. Existing DevSecOps frameworks cannot simply be applied to embedded systems. It is necessary to adapt current DevSecOps frameworks specifically to embedded systems. This piece will first lay out current DevSecOps principles and their application to software systems. Then, an empirical examination of existing work on DevSecOps in embedded systems will be presented. The required components of a DevSecOps framework that have been excluded from previous research will be highlighted, and from this, future areas of research in DevSecOps for embedded systems will be presented. The goal of this work is to summarize and analyze the current state of knowledge on DevSecOps in embedded systems and outline a path for future research. • Computer systems organization → Embedded systems; Redundancy; Robotics; • Networks → Network reliability.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"7 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120914175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
VALKYRIES: Harmonization and Pre-Standardization of Technology, Training and Tactical Coordinated Operations for First Responders on EU MCI VALKYRIES:欧盟MCI上第一响应者的技术、训练和战术协调行动的协调和预标准化
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544482
Y. Yanakiev, Marta Irene García Cid, J. M. Vidal, N. Stoianov, Marco Antonio Sotelo Monge
{"title":"VALKYRIES: Harmonization and Pre-Standardization of Technology, Training and Tactical Coordinated Operations for First Responders on EU MCI","authors":"Y. Yanakiev, Marta Irene García Cid, J. M. Vidal, N. Stoianov, Marco Antonio Sotelo Monge","doi":"10.1145/3538969.3544482","DOIUrl":"https://doi.org/10.1145/3538969.3544482","url":null,"abstract":"A methodology for tracking and analysing the needs for standardization and certification harmonization thorough the project life cycle will be defined and enforced, which will allow the early identification of issues related to the conceptualization, design, implementation, integration and deployment of tools for support the EU disaster resiliency; which will be facilitated by a complete consultation strategy to the different stakeholders that are expected to act at each capability development phase, ranging from providers to end users. On these grounds H2020-VALKYRIES will develop, integrate and demonstrate capabilities for enabling immediate and coordinated emergency response including search and rescue, security and health, in scenarios of natural/provoked catastrophes with multiple victims, with special application in cases in which several regions or countries are affected and hence greater interoperability being required. H2020-VALKYRIES will propose both design and development of a modular, interoperable, scalable and secure-oriented reference integration, called SIGRUN, which will allow the integration between legacy solutions and new technologies in a framework of harmonized solutions. SIGRUN will be able to deploy services and dynamically adapt its behaviour, as the emergency requires it. A series of demonstration scenarios will be developed placing an emphasis on cross-border and cross-sectorial BLOS (Beyond Line of Sight) scenarios, where the usual communications infrastructure could have been damaged, and emergency response teams are deployed without an accurate view of the operation environment.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128216129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Reviewing review platforms: a privacy perspective 审查评论平台:隐私视角
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3538974
Kevin De Boeck, Jenno Verdonck, M. Willocx, Jorn Lapon, Vincent Naessens
{"title":"Reviewing review platforms: a privacy perspective","authors":"Kevin De Boeck, Jenno Verdonck, M. Willocx, Jorn Lapon, Vincent Naessens","doi":"10.1145/3538969.3538974","DOIUrl":"https://doi.org/10.1145/3538969.3538974","url":null,"abstract":"Many tourists heavily rely on online review platforms for decisions with respect to food, visits and hotel bookings today. Review communities rigorously log all experiences on popular online platforms such as Google Maps, Tripadvisor and Yelp. However, many contributors are unaware that, along with experiences, a lot of sensitive information is often indirectly exposed to platform visitors. Examples are reviewer’s locations in the privacy sphere, age, medical information and financial status. Malicious entities could potentially employ this information in various ways, for example during extortion or targeted phishing attempts. This work outlines the potential risks for contributors on review platforms. The Google Maps review platform is applied as a prototypical example, with a special focus on predicting the reviewer’s home location. The accuracy of our predictions is assessed by relying on ground truth datasets. This paper further presents and evaluates strategies to tackle common problems.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132941641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Secure Mobile Agents on Embedded Boards: a TPM based solution 嵌入式板上的安全移动代理:基于TPM的解决方案
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544419
A. Muñoz
{"title":"Secure Mobile Agents on Embedded Boards: a TPM based solution","authors":"A. Muñoz","doi":"10.1145/3538969.3544419","DOIUrl":"https://doi.org/10.1145/3538969.3544419","url":null,"abstract":"Security can be considered one of the essential aspects of any software system today. The current landscape is constantly evolving and new computing models are appearing at the same time as different attacks emerge. All this means that there is an increasing need for new security solutions. Among the different aspects that are opening up, this work focuses on the protection of sensitive data. In particular, an environment based on mobile agents is considered, which contains sensitive information that needs to be protected. To simulate an Internet of Things (IoT) environment, the agencies on which the agents run are deployed on Raspberry Pi devices.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114093274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On the feasibility of detecting injections in malicious npm packages 关于检测恶意npm包中注入的可行性
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3543815
Simone Scalco, Ranindya Paramitha, Duc-Ly Vu, F. Massacci
{"title":"On the feasibility of detecting injections in malicious npm packages","authors":"Simone Scalco, Ranindya Paramitha, Duc-Ly Vu, F. Massacci","doi":"10.1145/3538969.3543815","DOIUrl":"https://doi.org/10.1145/3538969.3543815","url":null,"abstract":"Open-source packages typically have their source code available on a source code repository (e.g., on GitHub), but developers prefer to use pre-built artifacts directly from the package repositories (such as npm for JavaScript). Between the source code and the distributed artifacts, there could be differences that pose security risks (e.g., attackers deploy malicious code during package installation) in the software supply chain. Existing package scanners focus on the entire artifact of a package to detect this kind of attacks. These procedures are not only time consuming, but also generate high irrelevant alerts (FPs). An approach called LastPyMile by Vu et al. (ESEC/FSE’21) has been shown to be effective in detecting discrepancies and reducing false alerts in vetting Python packages on PyPI by focusing only on the differences between the source and the package. In this work, we propose to port that approach to scan JavaScript packages in the npm ecosystem. We presented a preliminary evaluation of our implementation on a set of real malicious npm packages and the top popular packages. The results show that while being 20.7x faster than git-log approach, our approach managed to reduce the percentage of false alerts produced by package scanner by 69%.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114622827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Scenarios for Process-Aware Insider Attack Detection in Manufacturing 制造业中过程感知内部攻击检测的场景
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544449
M. Macák, Radek Vaclavek, Dasa Kusnirakova, Raimundas Matulevičius, Barbora Buhnova
{"title":"Scenarios for Process-Aware Insider Attack Detection in Manufacturing","authors":"M. Macák, Radek Vaclavek, Dasa Kusnirakova, Raimundas Matulevičius, Barbora Buhnova","doi":"10.1145/3538969.3544449","DOIUrl":"https://doi.org/10.1145/3538969.3544449","url":null,"abstract":"Manufacturing production heavily depends on the processes that need to be followed during manufacturing. As there might be many reasons behind possible deviations from these processes, the deviations can also cover ongoing insider attacks, e.g., intended to perform sabotage or espionage on these infrastructures. Insider attacks can cause tremendous damage to a manufacturing company because an insider knows how to act inconspicuously, making insider attacks very hard to detect. In this paper, we examine the potential of process-mining methods for insider-attack detection in the context of manufacturing, which is a new and promising application context for process-aware methods. To this end, we present five manufacturing-related scenarios of insider threats identified in cooperation with a manufacturing company, where the process mining could be most helpful in the detection of their respective attack events. We describe these scenarios and demonstrate the utilization of process mining in this context, creating ground for further future research.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132268850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Analysis and prediction of web proxies misbehavior web代理不当行为的分析与预测
Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI: 10.1145/3538969.3544412
Zahra Nezhadian, Enrico Branca, Natalia Stakhanova
{"title":"Analysis and prediction of web proxies misbehavior","authors":"Zahra Nezhadian, Enrico Branca, Natalia Stakhanova","doi":"10.1145/3538969.3544412","DOIUrl":"https://doi.org/10.1145/3538969.3544412","url":null,"abstract":"The need for anonymity and privacy has given a rise to open web proxies that act as gateways relaying traffic between web servers and their clients, allowing users to access otherwise not accessible content. As the open web proxy ecosystem continues to grow, research studies point out the extent of content alteration on the Internet. While the previous studies focused on detection and analysis of content manipulation by proxies, we focus on the feasibility of predicting these manipulations. In this work, we present a new approach for predicting the types of content alterations that might be silently introduced by open proxies. Our approach is designed to proactively indicate changes without a need to fetch the data through a proxy first. We explore the feasibility of the approach on a website content of 1028 domains fetched through 1293 proxies. We leverage our approach to proactively and accurately identify various content manipulations with 87% - 92% accuracy. Our study reveals an important observation that the majority of proxies manipulate website content based on technical information of the website and its web server.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134369074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信