发布求助
文献互助 智能选刊 最新文献

2017 International Conference on Software Security and Assurance (ICSSA)最新文献

筛选
英文 中文
Software-Based Platform for Education and Training of DDoS Attacks Using Virtual Networks 基于软件的虚拟网络DDoS攻击教育培训平台
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-24 DOI: 10.1109/ICSSA.2017.19
Walter Fuertes, Anabel Tunala, Ronnie Moncayo, Fausto Meneses, T. Toulkeridis
{"title":"Software-Based Platform for Education and Training of DDoS Attacks Using Virtual Networks","authors":"Walter Fuertes, Anabel Tunala, Ronnie Moncayo, Fausto Meneses, T. Toulkeridis","doi":"10.1109/ICSSA.2017.19","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.19","url":null,"abstract":"The education and training of security networks is an essential challenge for the academy, due to the vertiginous increase of threats and vulnerabilities. This study aims to implement a software-based experimental platform over virtual network environments, in order to stimulate teaching in Distributed Denial of Service (DDoS) attacks. We have used the theories of learning oriented to the experience, reflexive observation, and active experimentation of the students. This allowed to evaluate the learning objectives based on Bloom's Digital Taxonomy. From the software point of view, the experimental paradigm of Software Engineering has been applied, using Scrum as an agile methodology. During the development of the application, we implemented different roles including attackers, learners as well as victims in order to reconstruct and understand real attacks on IP networks. Hereby, for the role of attackers, we have used an interface to select the type of attack, while for the role of learners, we designed an intuitive interface that presents through natural language, to select possible firewall rules. This helped to learn, detect and mitigate potential attacks. Finally, for the role of victims, we included an analytical approach, which allowed to recognize online the impact of attacks on the performance of the computer system. The results demonstrate the functionality of the platform confirming that the introduced software meets the Usability criteria. Finally, our results present a network security learning, determined in terms of Bloom's Digital Taxonomy.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115156291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Automated Synthesis of Access Control Lists 自动合成访问控制列表
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-24 DOI: 10.1109/ICSSA.2017.26
Xiao Liu, Brett A Holden, Dinghao Wu
{"title":"Automated Synthesis of Access Control Lists","authors":"Xiao Liu, Brett A Holden, Dinghao Wu","doi":"10.1109/ICSSA.2017.26","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.26","url":null,"abstract":"Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114769618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
IoE Security Threats and You 物联网安全威胁与你
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-24 DOI: 10.1109/ICSSA.2017.28
J. Ryoo, Soyoung Kim, Junsung Cho, Hyoungshick Kim, S. Tjoa, Christopher Derobertis
{"title":"IoE Security Threats and You","authors":"J. Ryoo, Soyoung Kim, Junsung Cho, Hyoungshick Kim, S. Tjoa, Christopher Derobertis","doi":"10.1109/ICSSA.2017.28","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.28","url":null,"abstract":"Internet of Everything (IoE) is a newly emerging trend especially in homes. Marketing forces towards smart homes are also accelerating the spread of IoE devices in households. An obvious danger of rapid adoption of these gadgets is that many of them lack controls for protecting the privacy and security of end users from attacks designed to disrupt lives and incur financial losses. Our research goal for this paper is to develop an IoE threat model geared specifically for home users who are often unaware of the privacy and security threats which the IoE appliances pose. Our ultimate goal is to propose an effective solution to alerting users of imminent IoE security threats and offering actionable steps to mitigate them through an intuitive and friendly user interface design. There have been ample security research on individual elements of IoE. In particular, there are many publications on Internet of Things (IoT) security. What differentiates our research from the existing IoT works is that we are treating IoT as a component of an IoE ecosystem and developing our threat model in the more comprehensive context of how other pieces of the equation, such as people and data as well as processes fit together to result in formidable security threats.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129920135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Multi-Layer Defense Model for Securing Online Financial Transactions 在线金融交易安全的多层防御模型
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-24 DOI: 10.1109/ICSSA.2017.25
Joseph Gualdoni, Andrew Kurtz, Ilva Myzyri, Megan Wheeler, Syed S. Rizvi
{"title":"Multi-Layer Defense Model for Securing Online Financial Transactions","authors":"Joseph Gualdoni, Andrew Kurtz, Ilva Myzyri, Megan Wheeler, Syed S. Rizvi","doi":"10.1109/ICSSA.2017.25","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.25","url":null,"abstract":"Purchasing items on the Internet with credit cards is risky-due to the ease of gaining the information without having the physical card. The ease of phishing, spoofing, or other ways perpetrators can obtain a consumer's credit card information. The threat of identity theft is growing as we rely more and more on the Internet to make purchases. To mitigate risk, we present a new Multi-Layer Defense (MLD) model. Our proposed MLD model combines the strong two-factor authentication capabilities with a unique random code that is only valid for an active session. Essentially, two-factor authentication is an extra layer of security used in addition to username and password to better confirm the user's identity. This code serves as a private key to authenticate such online transactions. The code can be utilized to identify users and establish secure ways of purchasing items. The proposed MLD model uses devices to log into card accounts via an application to view a generated code. The generated code is inputted on an online retailer's website to authorize the use of the credit card. This minimizes the possibility of an illegitimate user gaining access to another individual's credit card. Without a valid code, impostors cannot use the stolen card information to make purchases that could harm the account holder. To show the practicality of our scheme, we provide one case study between a Consumer A and Consumer B that explains the difference in outcome by using the proposed MLD model.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130052144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
An In-Depth Analysis of the Mirai Botnet Mirai僵尸网络的深度分析
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-24 DOI: 10.1109/ICSSA.2017.12
Joel Margolis, T. Oh, Suyash Jadhav, Young Ho Kim, J. Kim
{"title":"An In-Depth Analysis of the Mirai Botnet","authors":"Joel Margolis, T. Oh, Suyash Jadhav, Young Ho Kim, J. Kim","doi":"10.1109/ICSSA.2017.12","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.12","url":null,"abstract":"Multiple news stories, articles, incidents, and attacks have consistently brought to light that IoT devices have a major lack of security. Developing a solution to protect and secure these devices is difficult because of the multitude of devices available on the market, each with their own requirements. This paper will focus on a particularly widespread piece of IoT malware known as the Mirai botnet by examining what its capabilities are, how it spreads to new devices, the impact that it has already had, and propose mitigation solutions to help prevent future attacks.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123267917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
An Automatic Software Vulnerability Classification Framework 软件漏洞自动分类框架
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-24 DOI: 10.1109/ICSSA.2017.27
Maryam Davari, Mohammad Zulkernine, Fehmi Jaafar
{"title":"An Automatic Software Vulnerability Classification Framework","authors":"Maryam Davari, Mohammad Zulkernine, Fehmi Jaafar","doi":"10.1109/ICSSA.2017.27","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.27","url":null,"abstract":"Security defects are common in large software systems because of their size and complexity. Although efficient development processes, testing, and maintenance policies are applied to software systems, there are still a large number of vulnerabilities that can remain, despite these measures. Developers need to know more about characteristics and types of residual vulnerabilities in systems to adopt suitable countermeasures in current and next versions. We propose an automatic vulnerability classification framework based on conditions that activate vulnerabilities with the goal of helping developers to design appropriate corrective actions (the most costly part of the development and maintenance phases). Different machine learning techniques (Random Forest, C4.5 Decision Tree, Logistic Regression, and Naive Bayes) are employed to construct a classifier with the highest F-measure in labelling an unseen vulnerability by the framework. We evaluate the effectiveness of the classification by analysing 580 software security defects of the Firefox project. The achieved results show that C4.5 Decision Tree is able to identify the category of unseen vulnerabilities with 69% F-measure.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127865420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Creation and Integration of Remote High Interaction Honeypots 远程高交互蜜罐的创建与集成
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-24 DOI: 10.1109/ICSSA.2017.21
Martin Valicek, Gregor Schramm, Martin Pirker, S. Schrittwieser
{"title":"Creation and Integration of Remote High Interaction Honeypots","authors":"Martin Valicek, Gregor Schramm, Martin Pirker, S. Schrittwieser","doi":"10.1109/ICSSA.2017.21","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.21","url":null,"abstract":"The internet connects an uncountable number of users and their devices, no one has a global overview anymore. This state of constant chaos poses the problem of detecting novel, previously unknown attacks and attackers, and therefore requires creative strategies to detect and study them as early as possible. One approach is the use of honeypots to bait attacks into separate, dedicated systems and study them there. This paper explores the construction of high-interaction honeypots based on Docker containers, both for Windows and Linux operating systems. A core challenge is the transparent integration of honeypots into an existing company's network, although they are located off-site and not directly on a company's premises. We report practical prototyping experiences with Linux and Windows as container hosts for a diverse set of services and the limits we encountered in current software versions as they impede our effort.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132893670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
COAT: Code Obfuscation Tool to Evaluate the Performance of Code Plagiarism Detection Tools 代码混淆工具,用于评估代码抄袭检测工具的性能
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-01 DOI: 10.1109/ICSSA.2017.29
Sangjun Ko, Jusop Choi, Hyoungshick Kim
{"title":"COAT: Code Obfuscation Tool to Evaluate the Performance of Code Plagiarism Detection Tools","authors":"Sangjun Ko, Jusop Choi, Hyoungshick Kim","doi":"10.1109/ICSSA.2017.29","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.29","url":null,"abstract":"There exist many plagiarism detection tools to uncover plagiarized codes by analyzing the similarity of source codes. To measure how reliable those plagiarism detection tools are, we developed a tool named Code ObfuscAtion Tool (COAT) that takes a program source code as input and produces another source code that is exactly equivalent to the input source code in their functional behaviors but with a different structure. In COAT, we particularly considered the eight representative obfuscation techniques (e.g., modifying control flow or inserting dummy codes) to test the performance of source code plagiarism detection tools. To show the practicality of COAT, we gathered 69 source codes and then tested those source codes with the four popularly used source code plagiarism detection tools (Moss, JPlag, SIM and Sherlock). In these experiments, we found that the similarity scores between the original source codes and their obfuscated plagiarized codes are very low; the mean similarity scores only ranged from 4.00 to 16.20 where the maximum possible score is 100. These results demonstrate that all the tested tools have clear limitations in detecting the plagiarized codes generated with combined code obfuscation techniques.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125834175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
An Architectural-Enhanced Secure Embedded System with a Novel Hybrid Search Scheme 基于新型混合搜索方案的体系结构增强安全嵌入式系统
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-01 DOI: 10.1109/ICSSA.2017.14
Weike Wang, Muyang Liu, Pei Du, Zongmin Zhao, Yuntong Tian, Qiang Hao, Xiang Wang
{"title":"An Architectural-Enhanced Secure Embedded System with a Novel Hybrid Search Scheme","authors":"Weike Wang, Muyang Liu, Pei Du, Zongmin Zhao, Yuntong Tian, Qiang Hao, Xiang Wang","doi":"10.1109/ICSSA.2017.14","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.14","url":null,"abstract":"Embedded systems are vulnerable to various kinds of attacks when they are in execution. Advanced attacks, such as buffer overflow, are able to inject malicious code at runtime. Besides, physical attacks are also becoming more common. This paper presents a new hardware-assisted architecture to validate the execution of the program which is reliable, effective and of low overhead. A specified tool is developed to collect software properties of each basic block from binary code automatically. At runtime, the proposed scheme checks whether the executing code conforms to the permissible behavior and triggers appropriate response mechanisms when illegal actions are detected. This architecture won't change the program and has no restriction on the developer. The performance overhead of the architecture is mostly less than 1% according to the selected benchmarks and the hybrid search scheme can reduce the indexing overhead to approximately 30% of that of binary search.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132874250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Cloud Reliability and Independence Standard: A Three Tiered System for Optimal Cloud Storage 云可靠性和独立性标准:最优云存储的三层体系
2017 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2017-07-01 DOI: 10.1109/ICSSA.2017.15
E. M. English, Daniel Paul Stacey, Syed Rizvi, Donte Perino
{"title":"Cloud Reliability and Independence Standard: A Three Tiered System for Optimal Cloud Storage","authors":"E. M. English, Daniel Paul Stacey, Syed Rizvi, Donte Perino","doi":"10.1109/ICSSA.2017.15","DOIUrl":"https://doi.org/10.1109/ICSSA.2017.15","url":null,"abstract":"In today's era of technology and the institutions which take advantage of it, there are many solutions to everyday problems yet many more problems arise. One such example is the onset of cloud computing, which grants the ability to transfer and store large amounts of data without any of the hassles of a physical server. When a large institution such as a hospital utilizes the cloud they take on the inherent risk of that cloud connection being interrupted. If or when this connection is disrupted it can oftentimes lead to an institution to come to a halt. Often times, these institutions either don't have any way to backup their data or have an inadequate solution. The solution being proposed in this paper, Cloud Reliability and Independence Standard (CRIS), is to implement a standard for information storage and backups to be used by all institutions. This leads to the adaptation of a three tiered system that rates how much and how expansive the organization's backup should be. Our solution works to mitigate the issue of connection loss by keeping companies profitable and functional.","PeriodicalId":307280,"journal":{"name":"2017 International Conference on Software Security and Assurance (ICSSA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126986135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信