发布求助
文献互助 智能选刊 最新文献

2015 1st International Conference on Software Security and Assurance (ICSSA)最新文献

筛选
英文 中文
On the Development of Advanced Parental Control Tools 先进的家长控制工具的发展
2015 1st International Conference on Software Security and Assurance (ICSSA) Pub Date : 2015-07-27 DOI: 10.1109/ICSSA.2015.011
Walter Fuertes, Karina Quimbiulco, Fernando Galarraga, J. García-Dorado
{"title":"On the Development of Advanced Parental Control Tools","authors":"Walter Fuertes, Karina Quimbiulco, Fernando Galarraga, J. García-Dorado","doi":"10.1109/ICSSA.2015.011","DOIUrl":"https://doi.org/10.1109/ICSSA.2015.011","url":null,"abstract":"Given the lack of completeness of the current implementations of parental control software along with the novel characteristics parents demand on these pieces of software, this paper presents the design decisions and implementation of parental control mechanisms that both register and avoid inappropriate content accesses by children and teenagers through the Internet. We first evaluated the state-of-the-art tools assessing their functionality, efficiency, usability, security, and accuracy. Then, we conducted an exploratory study spanning surveys of a representative sample of children, parents and network administrators to determine the baseline and the main requirements this sort of software must fulfil. With such foundations, we have implemented an application and front-end interface following criteria as relevance and internal consistency. As development method, we have applied Object Oriented Hypermedia Design combined with Natural Language Processing that uses the Boolean Retrieval Model by means of string searching algorithms as Boyer-Moore and fuzzy string search. The results show that not only inappropriate content accesses through the Internet have been blocked, but also that the proposal provides parents with mechanisms to control and measure their children’s Internet use as a fundamental mean in the process of prevention and awareness among the young population.","PeriodicalId":322682,"journal":{"name":"2015 1st International Conference on Software Security and Assurance (ICSSA)","volume":"1 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115716592","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Addressing Security Challenges in Cloud Computing — A Pattern-Based Approach 解决云计算中的安全挑战——基于模式的方法
2015 1st International Conference on Software Security and Assurance (ICSSA) Pub Date : 2015-07-27 DOI: 10.1109/ICSSA.2015.013
Priya Anand, J. Ryoo, Hyoungshick Kim
{"title":"Addressing Security Challenges in Cloud Computing — A Pattern-Based Approach","authors":"Priya Anand, J. Ryoo, Hyoungshick Kim","doi":"10.1109/ICSSA.2015.013","DOIUrl":"https://doi.org/10.1109/ICSSA.2015.013","url":null,"abstract":"Cloud computing has emerged as a fast-growing paradigm for storing/sharing data and delivering services over the Internet. It provides its users with a way to deal with information or data without investing in any new technology or resources of their own. Although cloud computing environment is viewed as a promising Internet-based computing platform, the security challenges it poses are also equally striking. Despite the rapid advancement of cloud computing technologies, security issues in cloud environments have to be addressed to a greater extent. Cloud security is one of the major issues that hinder the adoption of cloud computing and slow down its acceptance in many sectors. In this paper, we provide an overview of cloud computing, in-depth literature review on cloud security and privacy issues, and its research challenges. We also propose security patterns as a viable solution to cloud security and explain them with a simple template. The research goal of this paper is to provide a better understanding of cloud security and highlight the security concerns that should be addressed to realize the maximum benefits of cloud computing. Security patterns allow cloud developers to use security measures without being security experts. Also, a cloud environment can be reengineered by using security patterns to add missing security features. In this paper, we provide a pattern-based cloud security framework as a good practical approach to ensure security features in cloud environments.","PeriodicalId":322682,"journal":{"name":"2015 1st International Conference on Software Security and Assurance (ICSSA)","volume":"230 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133201627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Touch to Authenticate — Continuous Biometric Authentication on Mobile Devices 触摸认证-移动设备上的连续生物识别认证
2015 1st International Conference on Software Security and Assurance (ICSSA) Pub Date : 2015-07-27 DOI: 10.1109/ICSSA.2015.016
Marlies Temper, S. Tjoa, Manfred Kaiser
{"title":"Touch to Authenticate — Continuous Biometric Authentication on Mobile Devices","authors":"Marlies Temper, S. Tjoa, Manfred Kaiser","doi":"10.1109/ICSSA.2015.016","DOIUrl":"https://doi.org/10.1109/ICSSA.2015.016","url":null,"abstract":"Like no other device, smart phones influence our way of communication. The benefits of combining a variety of functionality (e.g. taking photos, navigating, surfing the web and exchanging information) into a single device led to a rich repository of private and commercial information. Although the information on smart phones in many cases is highly sensitive for either privacy or business reasons most users use simple and ineffective passcodes or patterns as authentication method. The security situation becomes even more complicated if companies encourage their employees by Bring-Your-Own-Device policies to shift workload to smart phones without a holistic security concept. As strong authentication methods will only be successful if they comply with the usability requirements of today’s users, biometric approaches pose an opportunity to close the gap between security and usability.In this paper we contribute to this research field by introduc- ing an approach for continuous biometric authentication using touchscreen gestures and related posture information as unique features. In first experiments, this new authentication layer for Android-based phones, which is using a fuzzy classifier in combination with a scoring model, demonstrated its feasibility by achieving an Equal Error Rate (EER) of 11,5%.","PeriodicalId":322682,"journal":{"name":"2015 1st International Conference on Software Security and Assurance (ICSSA)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124087590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
A Fuzzy-Logic Approach for Evaluating a Cloud Service Provider 评估云服务提供商的模糊逻辑方法
2015 1st International Conference on Software Security and Assurance (ICSSA) Pub Date : 2015-07-01 DOI: 10.1109/ICSSA.2015.014
John Mitchell, S. Rizvi, J. Ryoo
{"title":"A Fuzzy-Logic Approach for Evaluating a Cloud Service Provider","authors":"John Mitchell, S. Rizvi, J. Ryoo","doi":"10.1109/ICSSA.2015.014","DOIUrl":"https://doi.org/10.1109/ICSSA.2015.014","url":null,"abstract":"Cloud computing represents the next evolutionary step in the realm of IT and offers a multitude of advantages over traditional computing models. However, there is a large trust deficit between cloud service users (CSUs) and cloud service providers (CSPs) that prevents the widespread adoption of the cloud among business professionals. Businesses are reluctant to migrate to the cloud due to the numerous security issues which affect data confidentiality and integrity. Therefore, a trust model is required to establish the positive reputation of the CSP. In this paper, we propose a fuzzy-logic based approach that allows the CSUs to determine the most trustworthy CSPs. Specifically, we develop the inference rules that will be applied in the fuzzy inference system (FIS) to provide the quantitative security index to the CSUs. One of the main advantages of the FIS is that it considers the uncertainties and ambiguities associated with measuring trust. Moreover, our proposed fuzzy based trust model is not limited to the CSU since it can be used by the CSPs in a self-evaluation process to promote improvement. To demonstrate the effectiveness of our proposed fuzzy based trust model, we present a case study where several popular CSPs are evaluated and ranked based on the security index.","PeriodicalId":322682,"journal":{"name":"2015 1st International Conference on Software Security and Assurance (ICSSA)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128509249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
A New Technique Using a Shuffling Method to Protect Confidential Documents from Shoulder Surfers 一种利用洗牌方法保护机密文件免受肩部冲浪者攻击的新技术
2015 1st International Conference on Software Security and Assurance (ICSSA) Pub Date : 2015-07-01 DOI: 10.1109/ICSSA.2015.012
Hyunsoo Kim, Hyoungshick Kim, J. Yoon
{"title":"A New Technique Using a Shuffling Method to Protect Confidential Documents from Shoulder Surfers","authors":"Hyunsoo Kim, Hyoungshick Kim, J. Yoon","doi":"10.1109/ICSSA.2015.012","DOIUrl":"https://doi.org/10.1109/ICSSA.2015.012","url":null,"abstract":"In some environments (e.g., for government agencies or international corporations), it is challenging to protect and secure confidential information on a computer screen against shoulder surfers who want to access the confidential information by observing the victims computer screen. In this paper, we propose a simple and practical system named STM to mitigate shoulder surfers from reading computer screens by visually shuffling contents on an end users screen. To find an optimal setting for STM, we tested several configurations at character and word levels and showed that STM with a properly chosen configuration is effectively secure against using direct observation techniques.","PeriodicalId":322682,"journal":{"name":"2015 1st International Conference on Software Security and Assurance (ICSSA)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122242641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Performing Clickjacking Attacks in the Wild: 99% are Still Vulnerable! 在野外执行点击劫持攻击:99%仍然脆弱!
2015 1st International Conference on Software Security and Assurance (ICSSA) Pub Date : 2015-07-01 DOI: 10.1109/ICSSA.2015.015
Daehyun Kim, Hyoungshick Kim
{"title":"Performing Clickjacking Attacks in the Wild: 99% are Still Vulnerable!","authors":"Daehyun Kim, Hyoungshick Kim","doi":"10.1109/ICSSA.2015.015","DOIUrl":"https://doi.org/10.1109/ICSSA.2015.015","url":null,"abstract":"Clickjacking is an attack that tricks victims into clicking on invisible elements of a web page to perform unin- tended actions that might be advantageous for the attacker. To defend against clickjacking, many techniques have been proposed, but it is still questionable whether they are effectively deployed in practice. We investigated how vulnerable Korean websites are to clickjacking attacks by performing real attacks on the top 500 most popular Korean websites as well as all of the financial websites. Our results are quite significant: almost all Korean websites (99.6%) that we looked at were vulnerable to clickjacking attacks. Extending our observation to top 500 global websites, we found that 390 of them (78%) were also vulnerable to clickjacking attacks and identified which type of website is particularly insecure against clickjacking.","PeriodicalId":322682,"journal":{"name":"2015 1st International Conference on Software Security and Assurance (ICSSA)","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133259176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信