Proceedings of the 16th International Conference on Availability, Reliability and Security最新文献_第2页

Cybersecurity Curricula Designer 网络安全课程设计师

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3469183

J. Hajny, Sara Ricci, Edmundas Piesarskas, Marek Sikora

{"title":"Cybersecurity Curricula Designer","authors":"J. Hajny, Sara Ricci, Edmundas Piesarskas, Marek Sikora","doi":"10.1145/3465481.3469183","DOIUrl":"https://doi.org/10.1145/3465481.3469183","url":null,"abstract":"The paper aims at minimizing the skills gaps and skills shortages on the cybersecurity job market by empowering education and training institutions during the process of creation of new cybersecurity study programs. We provide a complex cybersecurity skills framework based on standardized definitions that helps with the identification of skills and knowledge necessary for cybersecurity work positions. Furthermore, we practically implement the framework in the form of an interactive web application for cybersecurity curricula design. The app, called Curricula Designer, is built upon the framework and allows intuitive design of higher-education curricula and their analysis with respect to requirements of work roles already defined in widely-accepted standards. Using the analytical functions, it is easy to identify missing content in the courses and precisely structure the study program so that the graduates are well-prepared to enter the job market. The Curricula Designer is described in details in this paper, including user interface and technical background, and a link for public free access is provided to serve all education and training institutions.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"277 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133044665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 4

Formal Validation of Credibility and Accuracy Assessment of Safety Messages in VANETs VANETs安全信息可信度和准确性评估的正式验证

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3470103

Ons Chikhaoui, Aida Ben Chehida Douss, Ryma Abassi, S. Fatmi

{"title":"Formal Validation of Credibility and Accuracy Assessment of Safety Messages in VANETs","authors":"Ons Chikhaoui, Aida Ben Chehida Douss, Ryma Abassi, S. Fatmi","doi":"10.1145/3465481.3470103","DOIUrl":"https://doi.org/10.1145/3465481.3470103","url":null,"abstract":"In Vehicular Ad hoc NETworks (VANETs), vehicles exchange safety messages containing valuable information about traffic environment to increase roads’ safety. The critical nature of these messages entails securing them before considering them. In this context, the credibility and the accuracy assessment of these included safety information arises as a necessity since the consumption of false or imprecise ones by vehicles may cause hazardous consequences. To treat this requirement, we proposed the scheme [1] enabling vehicles to evaluate the credibility and the accuracy of the contents of the safety messages exchanged in VANETs. That scheme is based on three modules: a reputation module, a time and location closeness estimation module, and a majority module. A vehicle can use these modules in a separated or joint way according to the circumstances. Since that scheme is error prone, we conducted in [2], a formal validation, using inference system, to prove the soundness and the completeness of these three modules and their combination. In this paper, we complete that formal validation of [1] by handling the junctions of the three basic modules two by two. To do this, we first completed the inference system in [2] so that the junctions of the three modules two by two become incorporated. A formal verification using this holistic inference system was proposed in a second step to prove the soundness and the completeness of these junctions. This verification's obtained results confirmed the validity of the said junctions for being sound and complete.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127619697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Secret Sharing-based Authenticated Key Agreement Protocol 基于秘密共享的认证密钥协议

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3470057

Petr Dzurenda, Sara Ricci, Raúl Casanova Marqués, J. Hajny, P. Cika

{"title":"Secret Sharing-based Authenticated Key Agreement Protocol","authors":"Petr Dzurenda, Sara Ricci, Raúl Casanova Marqués, J. Hajny, P. Cika","doi":"10.1145/3465481.3470057","DOIUrl":"https://doi.org/10.1145/3465481.3470057","url":null,"abstract":"In this article, we present two novel authenticated key agreement (AKA) schemes that are easily implementable and efficient even on constrained devices. Both schemes are constructed over elliptic curves and extend Schonorr’s signature of knowledge protocol. To the best of our knowledge, we introduce a first AKA protocol based on the proof of knowledge concept. This concept allows a client to prove its identity to a server via secret information while the server can learn nothing about the secret. Furthermore, we extend our protocol via secret sharing to support client multi-device authentication and multi-factor authentication features. In particular, the secret of the client can be distributed among the client’s devices. The experimental analysis shows that our secret sharing AKA (SSAKA) can establish a secure communication channel in less than 600 ms for one secondary device and 128-bit security strength. The protocol is fast even on very constrained secondary devices, where in most of cases takes less than 500 ms. Note that the time consumption depends on the computational capabilities of the hardware.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115367695","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3

DeCanSec: A Decentralized Architecture for Secure Statistical Computations on Distributed Health Registry Data DeCanSec:分布式健康注册表数据安全统计计算的分散架构

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3470071

Narasimha Raghavan, J. Nygård

引用次数: 5

Continuous User Authentication for Human-Robot Collaboration 面向人机协作的持续用户认证

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3470025

Shurook S. Almohamade, John A. Clark, James Law

{"title":"Continuous User Authentication for Human-Robot Collaboration","authors":"Shurook S. Almohamade, John A. Clark, James Law","doi":"10.1145/3465481.3470025","DOIUrl":"https://doi.org/10.1145/3465481.3470025","url":null,"abstract":"Human-robot collaboration is on the increase and having a major impact on areas such as manufacturing, where the abilities of the human worker, augmented by those of the robot, bring increased flexibility and performance. However, close collaboration, including physical interaction, brings with it complex safety and security issues that were previously mitigated by human-robot segregation and isolated control networks. Exoskeletons pose a particularly interesting case whereby physical coupling of the user and robot is required throughout operation. We envisage the use of continuous authentication to exoskeletons, i.e. to ensure a user is who they claim to be, and that they have sufficient authority to operate the device for the duration of its use. In this paper we demonstrate such an approach to behavioural biometrics using data acquired through wearable sensors (hand manipulations recorded by a sensorised glove) while the user performs a selection of industrial tasks, including handling loads and inserting screws. The results show that the approach can discriminate between users with a low Equal Error Rate (EER; <3% in the worst case analysed). We believe that such an approach will also benefit other applications where wearables are used in robot control, such as in tele-operation.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116861122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

I Told You Tomorrow: Practical Time-Locked Secrets using Smart Contracts 我告诉你明天:使用智能合约的实用时间锁定秘密

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3465765

Enrico Bacis, Dario Facchinetti, M. Guarnieri, Marco Rosa, Matthew Rossi, S. Paraboschi

{"title":"I Told You Tomorrow: Practical Time-Locked Secrets using Smart Contracts","authors":"Enrico Bacis, Dario Facchinetti, M. Guarnieri, Marco Rosa, Matthew Rossi, S. Paraboschi","doi":"10.1145/3465481.3465765","DOIUrl":"https://doi.org/10.1145/3465481.3465765","url":null,"abstract":"A Time-Lock enables the release of a secret at a future point in time. Many approaches implement Time-Locks as cryptographic puzzles, binding the recovery of the secret to the solution of the puzzle. Since the time required to find the puzzle’s solution may vary due to a multitude of factors, including the computational effort spent, these solutions may not suit all scenarios. To overcome this limitation, we propose I Told You Tomorrow (ITYT), a novel way of implementing time-locked secrets based on smart contracts. ITYT relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles. We implement a prototype of ITYT on top of the Ethereum blockchain. The prototype leverages secure Multi-Party Computation to avoid any single point of trust. We also analyze resiliency to attacks with the help of economic game theory, in the context of rational adversaries. The experiments demonstrate the low cost and limited resource consumption associated with our approach.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128566885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 4

A Real-Time Deep Learning Approach for Real-World Video Anomaly Detection 一种用于真实世界视频异常检测的实时深度学习方法

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3470099

S. Petrocchi, Giacomo Giorgi, M. Cimino

{"title":"A Real-Time Deep Learning Approach for Real-World Video Anomaly Detection","authors":"S. Petrocchi, Giacomo Giorgi, M. Cimino","doi":"10.1145/3465481.3470099","DOIUrl":"https://doi.org/10.1145/3465481.3470099","url":null,"abstract":"Anomaly detection in video streams with imbalanced data and real-time constraints is a challenging task of computer vision. This paper proposes a novel real-time approach for real-world video anomaly detection exploiting a supervised learning methodology. In particular, we present a deep learning architecture based on the analysis of contextual, spatial, and motion information extracted from the video. A data balancing strategy based on hard-mining and adaptive framerate is used to avoid overfitting and increase detection accuracy. The approach defines an extended taxonomy by differentiating anomalies in ”soft” and ”hard”. A novel anomaly detection score based on a sigmoidal function has been introduced to reduce false positive rate while maintaining a high level of true positive rate. The proposed methodology has been validated with a set of experiments on a well-known video anomaly dataset: UCF-CRIME. The experiments on the testbed demonstrate the impact of the contextual information and data balancing on the classification performances, considering only ”hard” anomalies during training and that the proposed model can achieve state-of-the-art performances while minimizing resource consumption.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128590657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Accurate and Robust Malware Analysis through Similarity of External Calls Dependency Graphs (ECDG) 基于外部调用依赖图相似性的恶意软件准确鲁棒分析

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3470115

Cassius Puodzius, Olivier Zendra, Annelie Heuser, Lamine Noureddine

{"title":"Accurate and Robust Malware Analysis through Similarity of External Calls Dependency Graphs (ECDG)","authors":"Cassius Puodzius, Olivier Zendra, Annelie Heuser, Lamine Noureddine","doi":"10.1145/3465481.3470115","DOIUrl":"https://doi.org/10.1145/3465481.3470115","url":null,"abstract":"Malware is a primary concern in cybersecurity, being one of the attacker’s favorite cyberweapons. Over time, malware evolves not only in complexity but also in diversity and quantity. Malware analysis automation is thus crucial. In this paper we present ECDGs, a shorter call graph representation, and a new similarity function that is accurate and robust. Toward this goal, we revisit some principles of malware analysis research to define basic primitives and an evaluation paradigm addressed for the setup of more reliable experiments. Our benchmark shows that our similarity function is very efficient in practice, achieving speedup rates of 3.30x and 354,11x wrt. radiff2 for the standard and the cache-enhanced implementations, respectively. Our evaluations generate clusters that produce almost unerring results - homogeneity score of 0.983 for the accuracy phase - and marginal information loss for a highly polluted dataset - NMI score of 0.974 between initial and final clusters of the robustness phase. Overall, ECDGs and our similarity function enable autonomous frameworks for malware search and clustering that can assist human-based analysis or improve classification models for malware analysis.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127285814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3

Performance Evaluation of Container-Level Anomaly-Based Intrusion Detection Systems for Multi-Tenant Applications Using Machine Learning Algorithms

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3470066

Marcos Cavalcanti, Pedro R. M. Inácio, M. Freire

{"title":"Performance Evaluation of Container-Level Anomaly-Based Intrusion Detection Systems for Multi-Tenant Applications Using Machine Learning Algorithms","authors":"Marcos Cavalcanti, Pedro R. M. Inácio, M. Freire","doi":"10.1145/3465481.3470066","DOIUrl":"https://doi.org/10.1145/3465481.3470066","url":null,"abstract":"The virtualization of computing resources provided by containers has gained increasing attention and has been widely used in cloud computing. This new demand for container technology has been growing and the use of Docker and Kubernetes is considerable. According to recent technology surveys, containers are now mainstream. However, currently, one of the major challenges rises from the fact that multiple containers, with different owners, may cohabit on the same host. In container-based multi-tenant environments, security issues are of major concern. In this paper we investigate the performance of container-level anomaly-based intrusion detection systems for multi-tenant applications. We investigate the use of Bag of System Calls (BoSC) technique and the sliding window with the classifier and we consider eight machine learning algorithms for classification purposes. We show that among the eight machine learning algorithms, the best classification results are obtained with Decision Tree and Random Forest which lead to an F-Measure of 99.8%, using a sliding window with a size of 30 and the BoSC algorithm in both cases. We also show that, although both Decision Tree and Random Forest algorithms leads to the best classification results, the Decision Tree algorithm has a shorter execution time and consumes less CPU and memory than the Random Forest.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131003856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 4

Determining the Robustness of Privacy Enhancing DeID Against the ReID Adversary: An Experimental Study 确定隐私增强DeID对ReID对手的鲁棒性:一项实验研究

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI: 10.1145/3465481.3469210

Ankur Chattopadhyay, R. Ruska, Levi Pfantz

{"title":"Determining the Robustness of Privacy Enhancing DeID Against the ReID Adversary: An Experimental Study","authors":"Ankur Chattopadhyay, R. Ruska, Levi Pfantz","doi":"10.1145/3465481.3469210","DOIUrl":"https://doi.org/10.1145/3465481.3469210","url":null,"abstract":"Prior research literature shows that there has been considerable work done in the last decade in the area of image de-identification (DeID) for privacy protection. With the advances made in privacy enhancing image DeID techniques, there have been research studies on different DeID performance evaluation approaches for determining the effectiveness of these methods. Existing approaches for evaluating DeID methods can be classified into three separate categories - analysis of privacy versus utility, analysis of viewer experience-based user studies, and analysis of robustness against adversarial attacks. However, none of these categorized approaches have utilized person re-identification (ReID) for evaluating DeID. Additionally, there are no previous research studies that have analyzed the threat of ReID to DeID. In this paper, we present a unique experimental case study that demonstrates how ReID can be used successfully for evaluating the efficacy of DeID techniques, and how, in the process, we can assess the threat of ReID to DeID. We describe a novel approach, in which a selected ReID algorithm is pitted against multiple DeID techniques to test the robustness of these DeID methods, and to determine if ReID can pose a threat to DeID as an adversary. Through this approach, we compare the DeID performances based upon how effectively they can deter successful ReID in the privacy enhanced versions of the ReID image dataset. Our preliminary results show how we can potentially evaluate DeID and compare DeID performances by analyzing the extents to which they are able to successfully resist re-identification i.e., by studying the impact of DeID on the ReID performances.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130220961","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 4