发布求助
文献互助 智能选刊 最新文献

Proceedings of the 11th Annual Cyber and Information Security Research Conference最新文献

筛选
英文 中文
Classification of Insider Threat Detection Techniques 内部威胁检测技术分类
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897799
Ameya Sanzgiri, D. Dasgupta
{"title":"Classification of Insider Threat Detection Techniques","authors":"Ameya Sanzgiri, D. Dasgupta","doi":"10.1145/2897795.2897799","DOIUrl":"https://doi.org/10.1145/2897795.2897799","url":null,"abstract":"Most insider attacks done by people who have the knowledge and technical know-how of launching such attacks. This topic has long been studied and many detection techniques were proposed to deal with insider threats. This short paper summarized and classified insider threat detection techniques based on strategies used for detection.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130147728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
Bringing Federated Identity to Grid Computing 将联邦身份引入网格计算
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897807
J. Teheran, D. Dykstra, Mine Altunay
{"title":"Bringing Federated Identity to Grid Computing","authors":"J. Teheran, D. Dykstra, Mine Altunay","doi":"10.1145/2897795.2897807","DOIUrl":"https://doi.org/10.1145/2897795.2897807","url":null,"abstract":"The Fermi National Accelerator Laboratory (FNAL) is facing the challenge of providing scientific data access and grid submission to scientific collaborations that span the globe but are hosted at FNAL. Researchers in these collaborations are currently required to register as FNAL users and obtain FNAL credentials to access grid resources to perform their scientific computations. These requirements burden researchers with managing additional authentication credentials, and put additional load on FNAL for managing user identities. Our design integrates the existing InCommon federated identity infrastructure, CILogon Basic CA, and MyProxy with the FNAL grid submission system to provide secure access for users from diverse experiments and collaborations without requiring each user to have authentication credentials from FNAL. The design automates the handling of certificates, so users do not need to manage them manually. Although the initial implementation is for FNAL's grid submission system, the design and the core of the implementation are general and could be applied to other distributed computing systems.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117032073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Addressing Critical Industrial Control System Cyber Security Concerns via High Fidelity Simulation 通过高保真仿真解决关键工业控制系统网络安全问题
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897819
R. Vaughn, T. Morris
{"title":"Addressing Critical Industrial Control System Cyber Security Concerns via High Fidelity Simulation","authors":"R. Vaughn, T. Morris","doi":"10.1145/2897795.2897819","DOIUrl":"https://doi.org/10.1145/2897795.2897819","url":null,"abstract":"This paper outlines a set of 10 cyber security concerns associated with Industrial Control Systems (ICS). The concerns address software and hardware development, implementation, and maintenance practices, supply chain assurance, the need for cyber forensics in ICS, a lack of awareness and training, and finally, a need for test beds which can be used to address the first 9 cited concerns. The concerns documented in this paper were developed based on the authors' combined experience conducting research in this field for the US Department of Homeland Security, the National Science Foundation, and the Department of Defense. The second half of this paper documents a virtual test bed platform which is offered as a tool to address the concerns listed in the first half of the paper. The paper discusses various types of test beds proposed in literature for ICS research, provides an overview of the virtual test bed platform developed by the authors, and lists future works required to extend the existing test beds to serve as a development platform.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128174573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Double Helix and RAVEN: A System for Cyber Fault Tolerance and Recovery 双螺旋和RAVEN:一个网络容错和恢复系统
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897805
M. Co, J. Davidson, Jason Hiser, J. Knight, A. Nguyen-Tuong, Westley Weimer, Jonathan Burket, Gregory L. Frazier, T. Frazier, B. Dutertre, Ian A. Mason, N. Shankar, S. Forrest
{"title":"Double Helix and RAVEN: A System for Cyber Fault Tolerance and Recovery","authors":"M. Co, J. Davidson, Jason Hiser, J. Knight, A. Nguyen-Tuong, Westley Weimer, Jonathan Burket, Gregory L. Frazier, T. Frazier, B. Dutertre, Ian A. Mason, N. Shankar, S. Forrest","doi":"10.1145/2897795.2897805","DOIUrl":"https://doi.org/10.1145/2897795.2897805","url":null,"abstract":"Cyber security research has produced numerous artificial diversity techniques such as address space layout randomization, heap randomization, instruction-set randomization, and instruction location randomization. To be most effective, these techniques must be high entropy and secure from information leakage which, in practice, is often difficult to achieve. Indeed, it has been demonstrated that well-funded, determined adversaries can often circumvent these defenses. To allow use of low-entropy diversity, prevent information leakage, and provide provable security against attacks, previous research proposed using low-entropy but carefully structured artificial diversity to create variants of an application and then run these constructed variants within a fault-tolerant environment that runs each variant in parallel and cross check results to detect and mitigate faults. If the variants are carefully constructed, it is possible to prove that certain classes of attack are not possible. This paper presents an overview and status of a cyber fault tolerant system that uses a low overhead multi-variant execution environment and precise static binary analysis and efficient rewriting technology to produce structured variants which allow automated verification techniques to prove security properties of the system. Preliminary results are presented which demonstrate that the system is capable of detecting unknown faults and mitigating attacks.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125213170","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Dynamic Canary Randomization for Improved Software Security 动态金丝雀随机化提高软件安全性
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897803
William H. Hawkins, Jason Hiser, J. Davidson
{"title":"Dynamic Canary Randomization for Improved Software Security","authors":"William H. Hawkins, Jason Hiser, J. Davidson","doi":"10.1145/2897795.2897803","DOIUrl":"https://doi.org/10.1145/2897795.2897803","url":null,"abstract":"Stack canaries are a well-known and effective technique for detecting and defeating stack overflow attacks. However, they are not perfect. For programs compiled using gcc, the reference canary value is randomly generated at program invocation and fixed throughout execution. Moreover, for software running on the Linux operating system, canary values are inherited from the parent process and only changed if/when the child process exec()s a different program. Researchers and others have exploited these behaviors to craft real-world attacks that bypass the protections of stack canaries. This paper describes a moving-target stack canary technique that prevents such attacks. The Dynamic Canary Randomization technique (DCR) rerandomizes stack canaries at runtime. DCR is applied directly to the binary using a static binary rewriter (i.e., it does not require access to the program's source code). DCR operates with minimal overhead and gives the user the flexibility to specify the conditions under which to rerandomize the canary. DCR is an improvement over existing canary rerandomizers because it allows rerandomization to be applied at any point during execution and at any frequency. We show that DCR improves software security by demonstrating its ability to prevent real-world attacks on well-known software (e.g., nginx) \"protected\" by traditional stack canaries.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"376 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115360433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Network Modeling for Security Analytics 安全分析的网络建模
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897817
B. Smith, Whitney Caruthers, Dalton Stewart, P. Hawrylak, John Hale
{"title":"Network Modeling for Security Analytics","authors":"B. Smith, Whitney Caruthers, Dalton Stewart, P. Hawrylak, John Hale","doi":"10.1145/2897795.2897817","DOIUrl":"https://doi.org/10.1145/2897795.2897817","url":null,"abstract":"Comprehensive network modeling remains a challenge for the security analyst. Complete coverage and depth of detail in network models is difficult to achieve for large and complex networks, especially when significant effort in manual elaboration is required. This paper describes an automated approach to network model acquisition using coordinated bump-in-the-wire devices. The system described here relieves a substantial burden from the modeler while offering improved visibility over competing solutions.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128734879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Trusted Information Exchange Using Trusted Network Processors 使用可信网络处理器的可信信息交换
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897809
S. Tucker
{"title":"Trusted Information Exchange Using Trusted Network Processors","authors":"S. Tucker","doi":"10.1145/2897795.2897809","DOIUrl":"https://doi.org/10.1145/2897795.2897809","url":null,"abstract":"Today's systems are increasingly complex consisting of many components designed by multiple competing vendors. Trust management relies heavily on situational awareness of the operating environment, and comprehensive knowledge of components and their relationship to others. Outsourcing and modularity are necessary to reduce cost and increase manageability, but can make it difficult to gather enough information for valid trust decisions. Invalid trust assumptions could lead to vulnerabilities in the future. Furthermore, when components are integrated with information systems these difficulties can increase greatly. This paper presents how trust is applied to information systems, a trust framework based on Trusted Network Processors and an implementation of a trusted information system which allows disjointed component systems to communicate while preserving trust assumptions in a dynamically changing environment.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114182914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards Selecting and Recommending Online Software Services by Evaluating External Attributes 通过评价外部属性来选择和推荐在线软件服务
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897797
Lahiru S. Gallege, R. Raje
{"title":"Towards Selecting and Recommending Online Software Services by Evaluating External Attributes","authors":"Lahiru S. Gallege, R. Raje","doi":"10.1145/2897795.2897797","DOIUrl":"https://doi.org/10.1145/2897795.2897797","url":null,"abstract":"Selecting an online software service for a given set of requirements can be based on the quality of results (i.e., relative ranking of the services) and associated recommendations (i.e., applicability of the suggested services). Prevalent approaches for product-based selection (e.g., the ones used by Amazon) and recommendations, such as Content-based Filtering (CBF) and Collaborative Filtering (CLF) do not typically consider information about products beyond primitive attribute-value pairs. Compared to a tangible physical product, a reusable and updatable software service cannot be effectively described using only a set of strict attribute-value pairs or using a sparse matrix of user-product relationship. This is because a software service has various programmatic, functional, and non-functional properties which potentially could also be dynamic in nature. Due to these challenges, it is not sufficient to apply product-based ranking and recommendation techniques to software services available from a marketplace. This research proposes an approach for better selection and recommendation of software services that enhances both CBF and CLF algorithms, using external reviews.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127347587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
The Application of Moving Target Defense to Field Programmable Gate Arrays 运动目标防御在现场可编程门阵列中的应用
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897820
John Dombrowski, T. Andel, J. McDonald
{"title":"The Application of Moving Target Defense to Field Programmable Gate Arrays","authors":"John Dombrowski, T. Andel, J. McDonald","doi":"10.1145/2897795.2897820","DOIUrl":"https://doi.org/10.1145/2897795.2897820","url":null,"abstract":"Field Programmable Gate Arrays (FPGAs) are powerful and flexible pieces of hardware used in a variety of applications. These chips are used in monitoring network traffic, guidance systems, cryptographic calculations, medical devices, embedded systems, as well as many other varied uses. They can be used in a large number of ways as well as in a large number of areas, which allows for nearly limitless applications. Outside of being used as a cryptographic processor and network monitoring, these chips are not being used to directly provide software/hardware security. FPGAs are extremely widespread in addition to becoming more integrated into the systems that they are a part of. This leads to vulnerabilities in almost every system that uses these chips. One way to combat these FPGA based vulnerabilities in every system using them, is to implement a Moving Target Defense (MTD) on the chip itself. FPGA based MTD would allow each FPGA to enhance, rather than weaken, the security of a system. This paper incorporates previous applications of Field Programmable Gate Arrays, and explores potential software/hardware security implementations for these chips through the application of Moving Target Defenses.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127464087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Xen Network Flow Analysis for Intrusion Detection 用于入侵检测的Xen网络流分析
Proceedings of the 11th Annual Cyber and Information Security Research Conference Pub Date : 2016-04-05 DOI: 10.1145/2897795.2897802
R. Johnston, Sun-il Kim, D. Coe, L. Etzkorn, J. Kulick, A. Milenković
{"title":"Xen Network Flow Analysis for Intrusion Detection","authors":"R. Johnston, Sun-il Kim, D. Coe, L. Etzkorn, J. Kulick, A. Milenković","doi":"10.1145/2897795.2897802","DOIUrl":"https://doi.org/10.1145/2897795.2897802","url":null,"abstract":"Virtualization technology has become ubiquitous in the computing world. With it, a number of security concerns have been amplified as users run adjacently on a single host. In order to prevent attacks from both internal and external sources, the networking of such systems must be secured. Network intrusion detection systems (NIDSs) are an important tool for aiding this effort. These systems work by analyzing flow or packet information to determine malicious intent. However, it is difficult to implement a NIDS on a virtualized system due to their complexity. This is especially true for the Xen hypervisor: Xen has incredible heterogeneity when it comes to implementation, making a generic solution difficult. In this paper, we analyze the network data flow of a typical Xen implementation along with identifying features common to any implementation. We then explore the benefits of placing security checks along the data flow and promote a solution within the hypervisor itself.","PeriodicalId":427043,"journal":{"name":"Proceedings of the 11th Annual Cyber and Information Security Research Conference","volume":"158 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131607724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信