发布求助
文献互助 智能选刊 最新文献

2020 International Conference on Software Security and Assurance (ICSSA)最新文献

筛选
英文 中文
An Internet of Things (IoT) Security Assessment for Households 家庭物联网(IoT)安全评估
2020 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2020-10-01 DOI: 10.1109/ICSSA51305.2020.00017
William Aiken, J. Ryoo, S. Rizvi
{"title":"An Internet of Things (IoT) Security Assessment for Households","authors":"William Aiken, J. Ryoo, S. Rizvi","doi":"10.1109/ICSSA51305.2020.00017","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00017","url":null,"abstract":"IoT is becoming a common term. More consumers are purchasing and installing household IoT devices such as thermostats, security cameras, and lighting solutions. These so-called smart home appliances supposedly make our lives easier, safer, and more sustainable. However, the benefits come with risks, especially in cybersecurity and privacy. As more IoT hosts connect to a home network, the possibility of potential security breaches also increases. The more hosts in a network, the more opportunities for attackers, which is why users should pay attention to security vulnerabilities and address them as much as possible. In this context, self-assessment of how well a household is doing with IoT security is of great use. This paper proposes an easy-to-use and intuitive assessment tool to realize this idea.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"177 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115222463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Continuous Security through Integration Testing in an Electronic Health Records System 通过电子健康记录系统集成测试实现持续安全
2020 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2020-10-01 DOI: 10.1109/ICSSA51305.2020.00012
S. Purkayastha, Shreya Goyal, Tyler Phillips, Huanmei Wu, Brandon Haakenson, X. Zou
{"title":"Continuous Security through Integration Testing in an Electronic Health Records System","authors":"S. Purkayastha, Shreya Goyal, Tyler Phillips, Huanmei Wu, Brandon Haakenson, X. Zou","doi":"10.1109/ICSSA51305.2020.00012","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00012","url":null,"abstract":"The estimated average cost of a healthcare data breach in 2019 was $6.45 million, which is the highest among all industries. Yet, security remains an afterthought in many digital health applications. Formal methods for testing for bugs are commonplace in software development through the use of unit testing, integration testing, system testing, and acceptance testing. More so, in modern software engineering, continuous integration is a well-known concept to run automated tests soon after any code change, when the system builds and notifies the development team of the test results. In this paper, we describe the use of a popular Python unit testing framework to implement a formal method of security testing. Common Vulnerability Scoring System (CVSS) is used to calculate metrics that represent the state of security of a deployed system. We developed a series of Pytest Behavioral Driven Development (BDD) scripts to test the Authentication and Availability of a widely used Electronic Health Records System called OpenMRS. The advantage of using the BDD approach is that testing scripts, called Gherkin files, can be read, and understood by the developers as well as the non-developer stakeholders. The use of Gherkin serves two purposes: firstly, it serves as the project’s documentation, and secondly, it automates the tests. The use of the CVSS score between 0 to 10 becomes an objective metric to compare every code change, thus achieving continuous security. We plan to expand BDD scripts to attacks like Denial of Service, Session Hijacking, SQL Injection, and other privilege escalation attacks.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128047266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
VM based Malware Security Protection on Android Platform Android平台基于虚拟机的恶意软件安全防护
2020 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2020-10-01 DOI: 10.1109/ICSSA51305.2020.00014
Anthony Avella, Syed Rizvi, Andrew Gibson, Marcus Ryan, Ryan P. Strimple, Ian Menovich
{"title":"VM based Malware Security Protection on Android Platform","authors":"Anthony Avella, Syed Rizvi, Andrew Gibson, Marcus Ryan, Ryan P. Strimple, Ian Menovich","doi":"10.1109/ICSSA51305.2020.00014","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00014","url":null,"abstract":"This paper looks at the different ways in which Android phones can be attacked by android malware, and the different developments in malware protection and detection. The fight against mobile malware is an important one as most people today own cell phones and store valuable personal information on their phones. There are many ways in which a phone can be attacked by malware, and therefore there are many different methods to detect and defend against these attacks. Some experts suggest a decentralized data approach, while others suggest anti-malware hardware is the solution. There are many different Anti-malware hardware devices that all work in different ways and detect malware at different levels. However, there are no full-proof malware detection schemes. It is alarming that there is no common solution to protecting against malware and no way to completely detect malware every time. In this research, we focus on Android malware, specifically malware found on apps from the Google Play Store. One of the ways one would solve this problem is by using virtual machines and compiling malware detection programs on them. To support our VM based malware detection scheme, we develop an algorithm to provide implementation-level details. The practicality of our proposed scheme is shown using multiple case studies.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134379444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Blockchain-based Service Performance Evaluation Method Using Native Cloud Environment 基于区块链的原生云环境下的服务性能评估方法
2020 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2020-10-01 DOI: 10.1109/ICSSA51305.2020.00016
TaeYoung Kim, Hyung-Jong Kim
{"title":"Blockchain-based Service Performance Evaluation Method Using Native Cloud Environment","authors":"TaeYoung Kim, Hyung-Jong Kim","doi":"10.1109/ICSSA51305.2020.00016","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00016","url":null,"abstract":"This study presents a performance evaluation system that helps Blockchain-based service planners make decisions. This system is offered as Docker and Kubernetes for portability and flexibility.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"130 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123219463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Compiling and Analyzing Open Source Malware for Research Purposes 编译和分析开源恶意软件的研究目的
2020 International Conference on Software Security and Assurance (ICSSA) Pub Date : 2020-10-01 DOI: 10.1109/ICSSA51305.2020.00013
Daniel Judt, Patrick Kochberger, Peter Kieseberg, S. Schrittwieser
{"title":"Compiling and Analyzing Open Source Malware for Research Purposes","authors":"Daniel Judt, Patrick Kochberger, Peter Kieseberg, S. Schrittwieser","doi":"10.1109/ICSSA51305.2020.00013","DOIUrl":"https://doi.org/10.1109/ICSSA51305.2020.00013","url":null,"abstract":"Malware obfuscation can make both automatic and manual analysis of its binary code and the contained functionality significantly more time consuming. For malware research it would therefore be useful to be able to study the effects of different obfuscation methods on the resulting binary code. While some obfuscations are applied through rewriting of the binary, others have to be applied at source code level or during compile time. However, the source code of in-the-wild malware is often not available. For this paper, we collected the source code of eleven open source malware samples from the past 12 years and analyzed if they still compile on current systems. Furthermore, basic static analysis was performed to evaluate the usefulness of the resulting binaries for further malware obfuscation research. Our results indicate, that it is possible to compile available samples with moderate effort and the resulting binaries are very well suited for research purposes.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126342101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信