发布求助
文献互助 智能选刊 最新文献

2020 IEEE Security and Privacy Workshops (SPW)最新文献

筛选
英文 中文
Electromagnetic Sensor and Actuator Attacks on Power Converters for Electric Vehicles 电动汽车电源转换器的电磁传感器和执行器攻击
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00032
Gokcen Y. Dayanikli, Rees Hatch, Ryan M. Gerdes, Hongjie Wang, R. Zane
{"title":"Electromagnetic Sensor and Actuator Attacks on Power Converters for Electric Vehicles","authors":"Gokcen Y. Dayanikli, Rees Hatch, Ryan M. Gerdes, Hongjie Wang, R. Zane","doi":"10.1109/SPW50608.2020.00032","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00032","url":null,"abstract":"Alleviating range anxiety for electric vehicles (i.e., whether such vehicles can be relied upon to travel long distances in a timely manner) is critical for sustainable transportation. Extremely fast charging (XFC), whereby electric vehicles (EV) can be quickly recharged in the time frame it takes to refuel an internal combustion engine, has been proposed to alleviate this concern. A critical component of these chargers is the efficient and proper operation of power converters that convert AC to DC power and otherwise regulate power delivery to vehicles. These converters rely on the integrity of sensor and actuation signals. In this work the operation of state-of-the art XFC converters is assessed in adversarial conditions, specifically against Intentional Electromagnetic Interference Attacks (IEMI). The targeted system is analyzed with the goal of determining possible weak points for IEMI, viz. voltage and current sensor outputs and gate control signals. This work demonstrates that, with relatively low power levels, an adversary is able to manipulate the voltage and current sensor outputs necessary to ensure the proper operation of the converters. Furthermore, in the first attack of its kind, it is shown that the gate signal that controls the converter switches can be manipulated, to catastrophic effect; i.e., it is possible for an attacker to control the switching state of individual transistors to cause irreparable damage to the converter and associated systems. Finally, a discussion of countermeasures for hardware designers to mitigate IEMI-based attacks is provided.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125551140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Language-agnostic Injection Detection 语言无关的注入检测
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00060
Lars Hermerschmidt, A. Straub, Goran Piskachev
{"title":"Language-agnostic Injection Detection","authors":"Lars Hermerschmidt, A. Straub, Goran Piskachev","doi":"10.1109/SPW50608.2020.00060","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00060","url":null,"abstract":"Formal languages are ubiquitous wherever software systems need to exchange or store data. Unparsing into and parsing from such languages is an error-prone process that has spawned an entire class of security vulnerabilities. There has been ample research into finding vulnerabilities on the parser side, but outside of language specific approaches, few techniques targeting unparser vulnerabilities exist. This work presents a language-agnostic approach for spotting injection vulnerabilities in unparsers. It achieves this by mining unparse trees using dynamic taint analysis to extract language keywords, which are leveraged for guided fuzzing. Vulnerabilities can thus be found without requiring prior knowledge about the formal language, and in fact, the approach is even applicable where no specification thereof exists at all. This empowers security researchers and developers alike to gain deeper understanding of unparser implementations through examination of the unparse trees generated by the approach, as well as enabling them to find new vulnerabilities in poorly-understood software. This work presents a language-agnostic approach for spotting injection vulnerabilities in unparsers. It achieves this by mining unparse trees using dynamic taint analysis to extract language keywords, which are leveraged for guided fuzzing. Vulnerabilities can thus be found without requiring prior knowledge about the formal language, and in fact, the approach is even applicable where no specification thereof exists at all. This empowers security researchers and developers alike to gain deeper understanding of unparser implementations through examination of the unparse trees generated by the approach, as well as enabling them to find new vulnerabilities in poorly-understood software.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121166064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Toward a Trustable, Self-Hosting Computer System 迈向可信赖的、自托管的计算机系统
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00039
Gabriel L. Somlo
{"title":"Toward a Trustable, Self-Hosting Computer System","authors":"Gabriel L. Somlo","doi":"10.1109/SPW50608.2020.00039","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00039","url":null,"abstract":"Due to the extremely rapid growth of the computing and IT technology market, commercial hardware made for the civilian, consumer sector is increasingly (and inevitably) deployed in security-sensitive environments. With the growing threat of hardware Trojans and backdoors, an adversary could perpetrate a full system compromise, or privilege escalation attack, even if the software is presumed to be perfectly secure. We propose a method of field stripping a computer system by empirically proving an equivalence between the trustability of the fielded system on one hand, and its comprehensive set of sources (including those of all toolchains used in its construction) on the other. In the long run, we hope to facilitate comprehensive verification and validation of fielded computer systems from fully self-contained hard-ware+software sources, as a way of mitigating against the lack of control over (and visibility into) the hardware supply chain.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129747893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mission Assurance for Autonomous Undersea Vehicles 自主水下航行器的任务保证
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00056
K. Siil, A. Rubin, Matthew C. Elder, A. Dahbura, M. Green, Lanier A Watkins
{"title":"Mission Assurance for Autonomous Undersea Vehicles","authors":"K. Siil, A. Rubin, Matthew C. Elder, A. Dahbura, M. Green, Lanier A Watkins","doi":"10.1109/SPW50608.2020.00056","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00056","url":null,"abstract":"Autonomous vehicles are all but inevitable, and assurance that they will behave safely with respect to passengers, as well as bystanders incidentally exposed to them, is moving forward, albeit slowly. The state of the art often involves stopping the vehicle, perhaps after diverting it to a nearby safe place. While this is good news, it does not fully realize the benefits of autonomy. Autonomous vehicles are built for a purpose; call it a mission. Being able to perform the mission, or part of it, while experiencing faults (or cyber-attack) should be a factor in determining the vehicle's suitability for the mission. This paper explores the state of the art in achieving autonomous mission assurance in the context of autonomous undersea vehicles (AUVs). It identifies gaps in the literature and proposes a novel plan to address certain gaps.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130563410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Cyber Resilient Supply Chain Technologies Workshop (CReSCT 2020) 网络弹性供应链技术研讨会(CReSCT 2020)
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/spw50608.2020.00012
{"title":"Cyber Resilient Supply Chain Technologies Workshop (CReSCT 2020)","authors":"","doi":"10.1109/spw50608.2020.00012","DOIUrl":"https://doi.org/10.1109/spw50608.2020.00012","url":null,"abstract":"","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128312614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices 永无止境的故事:共享物联网设备中的身份验证和访问控制设计缺陷
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00033
Blake Janes, Heather Crawford, T. OConnor
{"title":"Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices","authors":"Blake Janes, Heather Crawford, T. OConnor","doi":"10.1109/SPW50608.2020.00033","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00033","url":null,"abstract":"Internet-of-Things (IoT) devices implement weak authentication and access control schemes. The on-demand nature of IoT devices requires a responsive communications channel, which is often at odds with thorough authentication and access control. This paper seeks to better understand IoT device security by examining the design of authentication and access control schemes. In this work, we explore the challenge of propagating credential revocation and access control list modifications in a shared IoT ecosystem. We evaluate the vulnerability of 19 popular security cameras and doorbells against a straightforward user-interface bound adversary attack. Our results demonstrate that 16 of 19 surveyed devices suffer from flaws that enable unauthorized access after credential modification or revocation. We conclude by discussing these findings and propose a means for balancing authentication and access control schemes while still offering responsive communications channels.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134335107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
WAAS 2020 Organization WAAS 2020组织
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/spw50608.2020.00015
Lanier A Watkins
{"title":"WAAS 2020 Organization","authors":"Lanier A Watkins","doi":"10.1109/spw50608.2020.00015","DOIUrl":"https://doi.org/10.1109/spw50608.2020.00015","url":null,"abstract":"","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131301835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting Cyber Threats in Non-English Hacker Forums: An Adversarial Cross-Lingual Knowledge Transfer Approach 检测非英语黑客论坛中的网络威胁:一种对抗性跨语言知识转移方法
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI: 10.1109/SPW50608.2020.00021
Mohammadreza Ebrahimi, S. Samtani, Yidong Chai, Hsinchun Chen
{"title":"Detecting Cyber Threats in Non-English Hacker Forums: An Adversarial Cross-Lingual Knowledge Transfer Approach","authors":"Mohammadreza Ebrahimi, S. Samtani, Yidong Chai, Hsinchun Chen","doi":"10.1109/SPW50608.2020.00021","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00021","url":null,"abstract":"The regularity of devastating cyber-attacks has made cybersecurity a grand societal challenge. Many cybersecurity professionals are closely examining the international Dark Web to proactively pinpoint potential cyber threats. Despite its potential, the Dark Web contains hundreds of thousands of non-English posts. While machine translation is the prevailing approach to process non-English text, applying MT on hacker forum text results in mistranslations. In this study, we draw upon Long-Short Term Memory (LSTM), Cross-Lingual Knowledge Transfer (CLKT), and Generative Adversarial Networks (GANs) principles to design a novel Adversarial CLKT (A-CLKT) approach. A-CLKT operates on untranslated text to retain the original semantics of the language and leverages the collective knowledge about cyber threats across languages to create a language invariant representation without any manual feature engineering or external resources. Three experiments demonstrate how A-CLKT outperforms state-of-the-art machine learning, deep learning, and CLKT algorithms in identifying cyber-threats in French and Russian forums.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"53 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126216999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Detecting Adversarial Examples in Learning-Enabled Cyber-Physical Systems using Variational Autoencoder for Regression 用变分自编码器进行回归检测学习网络物理系统中的对抗例子
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-03-21 DOI: 10.1109/SPW50608.2020.00050
Feiyang Cai, Jiani Li, X. Koutsoukos
{"title":"Detecting Adversarial Examples in Learning-Enabled Cyber-Physical Systems using Variational Autoencoder for Regression","authors":"Feiyang Cai, Jiani Li, X. Koutsoukos","doi":"10.1109/SPW50608.2020.00050","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00050","url":null,"abstract":"Learning-enabled components (LECs) are widely used in cyber-physical systems (CPS) since they can handle the uncertainty and variability of the environment and increase the level of autonomy. However, it has been shown that LECs such as deep neural networks (DNN) are not robust and adversarial examples can cause the model to make a false prediction. The paper considers the problem of efficiently detecting adversarial examples in LECs used for regression in CPS. The proposed approach is based on inductive conformal prediction and uses a regression model based on variational autoencoder. The architecture allows to take into consideration both the input and the neural network prediction for detecting adversarial, and more generally, out-of-distribution examples. We demonstrate the method using an advanced emergency braking system implemented in an open source simulator for self-driving cars where a DNN is used to estimate the distance to an obstacle. The simulation results show that the method can effectively detect adversarial examples with a short detection delay.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132864415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Modeling and Assessment of IoT Supply Chain Security Risks: The Role of Structural and Parametric Uncertainties 物联网供应链安全风险建模与评估:结构和参数不确定性的作用
2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-03-20 DOI: 10.1109/SPW50608.2020.00043
T. Kieras, Muhammad Junaid Farooq, Quanyan Zhu
{"title":"Modeling and Assessment of IoT Supply Chain Security Risks: The Role of Structural and Parametric Uncertainties","authors":"T. Kieras, Muhammad Junaid Farooq, Quanyan Zhu","doi":"10.1109/SPW50608.2020.00043","DOIUrl":"https://doi.org/10.1109/SPW50608.2020.00043","url":null,"abstract":"Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121473179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信