Huy Quoc Le , Phi Thuong Le , Sy Tuan Trinh , Willy Susilo , Viet Cuong Trinh
{"title":"Levelled attribute-based encryption for hierarchical access control","authors":"Huy Quoc Le , Phi Thuong Le , Sy Tuan Trinh , Willy Susilo , Viet Cuong Trinh","doi":"10.1016/j.csi.2024.103957","DOIUrl":"10.1016/j.csi.2024.103957","url":null,"abstract":"<div><div>Attribute-based encryption (ABE) is an important primitive to address the problem of flexible one-to-many encryption. Attribute-based encryption has found many practical applications such as cloud storage systems, file sharing systems, e-Health, pay-TV systems, social networks, etc. However, in almost existing ABE schemes, the efficiency depends heavily on the number of attributes involved in the secret key and the ciphertext. This makes hierarchical access control in ABE, where attributes need to be hierarchically organized, could be inefficient.</div><div>This paper introduces a novel concept of <em>Levelled</em> Attribute-based Encryption (Levelled ABE) as a solution to address the inefficiencies of standard ABE for hierarchical access control systems, where scalability and key management are critical. Levelled ABE presents a hierarchical attribute framework where attributes are organized into classes, and each attribute is assigned a level number within its class. By introducing this hierarchical structure, Levelled ABE enables finer-grained access control, scalability and more efficient key management. As a proof of concept, this paper also proposes two concrete constructions of Levelled ABE, one for key-policy and the other for ciphertext-policy. These constructions are comparable to existing ABE schemes. The security of the proposed constructions is proved in the generic group model.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103957"},"PeriodicalIF":4.1,"publicationDate":"2024-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bin Tang, Yi-Hua Zhou, Yu-Guang Yang, Bei Gong, Zhenhu Ning
{"title":"A lattice-based multi-authority updatable searchable encryption scheme for serverless architecture with scalable on-demand result processing","authors":"Bin Tang, Yi-Hua Zhou, Yu-Guang Yang, Bei Gong, Zhenhu Ning","doi":"10.1016/j.csi.2024.103956","DOIUrl":"10.1016/j.csi.2024.103956","url":null,"abstract":"<div><div>Searchable encryption (SE) enables the searchability of encrypted data in cloud environments, thereby safeguarding privacy. Despite this, the actual execution of ciphertext searches within a multi-user data-sharing context necessitates flexible access services for various authorized users. Although the existing solution has achieved ciphertext retrieval with multi-user authorization, it still exhibits shortcomings in areas such as dynamic and manageable permissions and the more granular access control on results. Our scheme, grounded in lattice cryptography, is designed to withstand quantum attacks. It leverages serverless cloud computing and incorporates ciphertext-policy attribute-based encryption (CP-ABE) along with proxy re-encryption (PRE) to construct a multi-user authorization searchable encryption system. This system facilitates keyword searches on encrypted data, supports dynamic multi-user authorization, and ensures scalable, results-on-demand capabilities. Security analysis confirms that our scheme is impervious to collusion attacks, chosen keyword attacks (CKA), and chosen plaintext attacks (CPA). Finally, the performance analysis demonstrates that our scheme is both secure and efficient, outperforming other multi-user searchable encryption schemes in terms of security and efficiency.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103956"},"PeriodicalIF":4.1,"publicationDate":"2024-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Francisco Ruiz-Lopez , Jean-Pierre Micaelli , Eric Bonjour , Javier Ortiz-Hernandez
{"title":"A preliminary conceptual structure for Computer-based Process Maturity Models, using a Cone-Based Conceptual Network and NIAM diagrams","authors":"Francisco Ruiz-Lopez , Jean-Pierre Micaelli , Eric Bonjour , Javier Ortiz-Hernandez","doi":"10.1016/j.csi.2024.103950","DOIUrl":"10.1016/j.csi.2024.103950","url":null,"abstract":"<div><div>Process maturity models support audit and assessment missions (AAMs) focusing on organizational routines. Under Traditional Process Maturity Models (TP2Ms), auditors use document-based surveys whereas organizations produce data in their daily activities employing Information Technologies (IT). Therefore, how to bridge the gap between IT capabilities and AAMs? One answer could be to design a Trace-Based System (TBS) capturing raw data of the daily activity and transmuting it into transformed traces from which it can be possible to automatically reconstruct processes and evaluate their maturity. Despite its obvious practical value, this processing is not so easy. A first phase must be realized, which consists of modeling the conceptual structure of current TP2Ms and of future possible Computer-based Process Maturity Models (CP2Ms) based on TBSs. To achieve this goal, this paper proposes a Cone-Based Conceptual Network (CBCN) to give the big picture of TP2Ms' and CP2Ms' scopes, then it proposes to model this CBCN with the use of Nijssen Information Analysis Method (NIAM) and to verify the semantic consistency of this preliminary conceptual structure. The result is a first step (at an early stage) of the development of computer-based (or trace-based) process maturity assessment tools. It allows auditors and IT specialists to have a big picture of the domain of interest and to map the different knowledge areas they need to acquire and combine to perform AAMs.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103950"},"PeriodicalIF":4.1,"publicationDate":"2024-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142759661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The use of large language models for program repair","authors":"Fida Zubair, Maryam Al-Hitmi, Cagatay Catal","doi":"10.1016/j.csi.2024.103951","DOIUrl":"10.1016/j.csi.2024.103951","url":null,"abstract":"<div><div>Large Language Models (LLMs) have emerged as a promising approach for automated program repair, offering code comprehension and generation capabilities that can address software bugs. Several program repair models based on LLMs have been developed recently. However, findings and insights from these efforts are scattered across various studies, lacking a systematic overview of LLMs' utilization in program repair. Therefore, this Systematic Literature Review (SLR) was conducted to investigate the current landscape of LLM utilization in program repair. This study defined seven research questions and thoroughly selected 41 relevant studies from scientific databases to explore these questions. The results showed the diverse capabilities of LLMs for program repair. The findings revealed that Encoder-Decoder architectures emerged as the most common LLM design for program repair tasks and that mostly open-access datasets were used. Several evaluation metrics were applied, primarily consisting of accuracy, exact match, and BLEU scores. Additionally, the review investigated several LLM fine-tuning methods, including fine-tuning on specialized datasets, curriculum learning, iterative approaches, and knowledge-intensified techniques. These findings pave the way for further research on utilizing the full potential of LLMs to revolutionize automated program repair.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103951"},"PeriodicalIF":4.1,"publicationDate":"2024-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142747598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mustafa Asci , Zuleyha Akusta Dagdeviren , Vahid Khalilpour Akram , Huseyin Ugur Yildiz , Orhan Dagdeviren , Bulent Tavli
{"title":"Enhancing drone network resilience: Investigating strategies for k-connectivity restoration","authors":"Mustafa Asci , Zuleyha Akusta Dagdeviren , Vahid Khalilpour Akram , Huseyin Ugur Yildiz , Orhan Dagdeviren , Bulent Tavli","doi":"10.1016/j.csi.2024.103941","DOIUrl":"10.1016/j.csi.2024.103941","url":null,"abstract":"<div><div>Drones have recently become more popular due to technological improvements that have made them useful in many other industries, including agriculture, emergency services, and military operations. Coordination of communication amongst drones is often required for the efficient performance of missions. With an emphasis on building robust <span><math><mi>k</mi></math></span>-connected networks and restoration procedures, this paper investigates the relevance of connection in drone swarms. Specifically, we tackle the <span><math><mi>k</mi></math></span>-connectivity restoration problem, which aims to create <span><math><mi>k</mi></math></span>-connected networks by moving the drones as little as possible. We propose four novel approaches, including an integer programming model, an integer programming-based heuristic approach, a node converging heuristic, and a cluster moving heuristic. Through extensive measurements taken from various drone networking setups, we provide a comparative analysis of the proposed approaches. Our evaluations reveal that the drone movements produced by the integer programming-based heuristics are nearly the same as the original mathematical formulation, whereas the other heuristics are favorable in terms of execution time.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103941"},"PeriodicalIF":4.1,"publicationDate":"2024-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142700964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ning Tao , Anthony Ventresque , Vivek Nallur , Takfarinas Saber
{"title":"Grammar-obeying program synthesis: A novel approach using large language models and many-objective genetic programming","authors":"Ning Tao , Anthony Ventresque , Vivek Nallur , Takfarinas Saber","doi":"10.1016/j.csi.2024.103938","DOIUrl":"10.1016/j.csi.2024.103938","url":null,"abstract":"<div><div>Program synthesis is an important challenge that has attracted significant research interest, especially in recent years with advancements in Large Language Models (LLMs). Although LLMs have demonstrated success in program synthesis, there remains a lack of trust in the generated code due to documented risks (e.g., code with known and risky vulnerabilities). Therefore, it is important to restrict the search space and avoid bad programs. In this work, pre-defined restricted Backus–Naur Form (BNF) grammars are utilised, which are considered ‘safe’, and the focus is on identifying the most effective technique for <em>grammar-obeying program synthesis</em>, where the generated code must be correct and conform to the predefined grammar. It is shown that while LLMs perform well in generating correct programs, they often fail to produce code that adheres to the grammar. To address this, a novel Similarity-Based Many-Objective Grammar Guided Genetic Programming (SBMaOG3P) approach is proposed, leveraging the programs generated by LLMs in two ways: (i) as seeds following a grammar mapping process and (ii) as targets for similarity measure objectives. Experiments on a well-known and widely used program synthesis dataset indicate that the proposed approach successfully improves the rate of grammar-obeying program synthesis compared to various LLMs and the state-of-the-art Grammar-Guided Genetic Programming. Additionally, the proposed approach significantly improved the solution in terms of the best fitness value of each run for 21 out of 28 problems compared to G3P.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103938"},"PeriodicalIF":4.1,"publicationDate":"2024-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142663154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yihao Li , Pan Liu , Haiyang Wang , Jie Chu , W. Eric Wong
{"title":"Evaluating large language models for software testing","authors":"Yihao Li , Pan Liu , Haiyang Wang , Jie Chu , W. Eric Wong","doi":"10.1016/j.csi.2024.103942","DOIUrl":"10.1016/j.csi.2024.103942","url":null,"abstract":"<div><div>Large language models (LLMs) have demonstrated significant prowess in code analysis and natural language processing, making them highly valuable for software testing. This paper conducts a comprehensive evaluation of LLMs applied to software testing, with a particular emphasis on test case generation, error tracing, and bug localization across twelve open-source projects. The advantages and limitations, as well as recommendations associated with utilizing LLMs for these tasks, are delineated. Furthermore, we delve into the phenomenon of hallucination in LLMs, examining its impact on software testing processes and presenting solutions to mitigate its effects. The findings of this work contribute to a deeper understanding of integrating LLMs into software testing, providing insights that pave the way for enhanced effectiveness in the field.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103942"},"PeriodicalIF":4.1,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142723153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Marc Alier , Juanan Pereira , Francisco José García-Peñalvo , Maria Jose Casañ , Jose Cabré
{"title":"LAMB: An open-source software framework to create artificial intelligence assistants deployed and integrated into learning management systems","authors":"Marc Alier , Juanan Pereira , Francisco José García-Peñalvo , Maria Jose Casañ , Jose Cabré","doi":"10.1016/j.csi.2024.103940","DOIUrl":"10.1016/j.csi.2024.103940","url":null,"abstract":"<div><div>This paper presents LAMB (Learning Assistant Manager and Builder), an innovative open-source software framework designed to create AI-powered Learning Assistants tailored for integration into learning management systems. LAMB addresses critical gaps in existing educational AI solutions by providing a framework specifically designed for the unique requirements of the education sector. It introduces novel features, including a modular architecture for seamless integration of AI assistants into existing LMS platforms and an intuitive interface for educators to create custom AI assistants without coding skills. Unlike existing AI tools in education, LAMB provides a comprehensive framework that addresses privacy concerns, ensures alignment with institutional policies, and promotes using authoritative sources. LAMB leverages the capabilities of large language models and associated generative artificial intelligence technologies to create generative intelligent learning assistants that enhance educational experiences by providing personalized learning support based on clear directions and authoritative fonts of information. Key features of LAMB include its modular architecture, which supports prompt engineering, retrieval-augmented generation, and the creation of extensive knowledge bases from diverse educational content, including video sources. The development and deployment of LAMB were iteratively refined using a minimum viable product approach, exemplified by the learning assistant: “Macroeconomics Study Coach,” which effectively integrated lecture transcriptions and other course materials to support student inquiries. Initial validations in various educational settings demonstrate the potential that learning assistants created with LAMB have to enhance teaching methodologies, increase student engagement, and provide personalized learning experiences. The system's usability, scalability, security, and interoperability with existing LMS platforms make it a robust solution for integrating artificial intelligence into educational environments. LAMB's open-source nature encourages collaboration and innovation among educators, researchers, and developers, fostering a community dedicated to advancing the role of artificial intelligence in education. This paper outlines the system architecture, implementation details, use cases, and the significant benefits and challenges encountered, offering valuable insights for future developments in artificial intelligence assistants for any sector.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103940"},"PeriodicalIF":4.1,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142663153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A lightweight finger multimodal recognition model based on detail optimization and perceptual compensation embedding","authors":"Zishuo Guo, Hui Ma, Ao Li","doi":"10.1016/j.csi.2024.103937","DOIUrl":"10.1016/j.csi.2024.103937","url":null,"abstract":"<div><div>Multimodal biometric recognition technology has attracted the attention of many scholars due to its higher security and stability than single-modal recognition, but its additional parameter quantity and computational cost have brought challenges to the lightweight deployment of the model. In order to meet the needs of a wider range of application scenarios, this paper proposes a lightweight model DPNet using fingerprint and finger vein images for multimodal recognition, which adopts a double-branch lightweight feature extraction structure combining detail optimization and perception compensation. Among them, the detail extraction optimization branch uses multi-scale dimensionality reduction filtering to obtain low-redundant detail information, and combines the depth extension operation to enhance the generalization ability of detail features. The perception compensation branch expands and compensates the model's perceptual field of view through lightweight spatial location query and global information attention. In addition, this paper designs a perceptual feature embedding method to embed perceptual compensation information in the way of importance adjustment to improve the consistency of embedded features. The ABFM fusion module is proposed to carry out multi-level lightweight and deep interactive fusion of the extracted finger modal features from the global to the spatial region, so as to improve the degree and utilization rate of feature fusion. In this paper, the model recognition performance and lightweight advantages are verified on three multimodal datasets. Experimental results show that the proposed model achieves the most advanced lightweight effect and recognition performance in the experimental comparison of all datasets.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103937"},"PeriodicalIF":4.1,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142573008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Developing a behavioural cybersecurity strategy: A five-step approach for organisations","authors":"Tommy van Steen","doi":"10.1016/j.csi.2024.103939","DOIUrl":"10.1016/j.csi.2024.103939","url":null,"abstract":"<div><div>With cybercriminals’ increased attention for human error as attack vector, organisations need to develop strategies to address behavioural risks if they want to keep their organisation secure. The traditional focus on awareness campaigns does not seem suitable for this goal and other avenues of applying the behavioural sciences to this field need to be explored. This paper outlines a five-step approach to developing a behavioural cybersecurity strategy to address this issue. The five steps consist of first deciding whether a solely technical solution is feasible before turning to nudging and affordances, cybersecurity training, and behavioural change campaigns for specific behaviours. The final step is to develop and implement a feedback loop that is used to assess the effectiveness of the strategy and inform organisations about next steps that can be taken. Beyond outlining the five-step approach, a research agenda is discussed aimed at strengthening each of the five steps and helping organisations in becoming more cybersecure by implementing a behavioural cybersecurity strategy.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103939"},"PeriodicalIF":4.1,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142593392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}