{"title":"A new era of advanced privacy solutions with a novel IoT framework on IFTTT","authors":"Wasim Ahmad , Aitizaz Ali","doi":"10.1016/j.cose.2025.104675","DOIUrl":"10.1016/j.cose.2025.104675","url":null,"abstract":"<div><div>The Internet of Things (IoTs) is revolutionizing industries and daily life, connecting a wide range of devices, and enabling new forms of innovation. However, the surge in the number of IoT devices has bridged major new privacy and security risks, which require additional and smarter solutions. A next-generation privacy solution for IoT ecosystems: IF This Then That (IFTTT) integration? It provides a secure connection between the devices powered by IFTTT’s automation platform, so IoT devices can link through customized triggers and actions, and the data flow and access can be controlled. Not only does this approach simplify security protocols, but it also allows users to set up and automate custom privacy rules so that potential threats can be avoided, allowing for more seamless communication with devices. The paper explores how IFTTT can serve as a dynamic middleware layer that allows real-time threat detection, automated responses, and enhanced privacy enforcement in IoT networks. The case studies and implementation strategies included in this work will highlight how IFTTT can lead the charge to secure IoT environments and the next evolution of privacy solutions.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104675"},"PeriodicalIF":5.4,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shudan Yue , Qingbao Li , Guimin Zhang , Xiaonan Li , Bocheng Xu , Song Tian
{"title":"NPFTaint: Detecting highly exploitable vulnerabilities in Linux-based IoT firmware with network parsing functions","authors":"Shudan Yue , Qingbao Li , Guimin Zhang , Xiaonan Li , Bocheng Xu , Song Tian","doi":"10.1016/j.cose.2025.104679","DOIUrl":"10.1016/j.cose.2025.104679","url":null,"abstract":"<div><div>The security issues of IoT firmware have become increasingly prominent, particularly taint-style vulnerabilities arising from untrusted external inputs. Although existing solutions work to detect firmware vulnerabilities automatically, they still encounter limitations regarding the accuracy of taint source identification and the efficiency of vulnerability detection. Research has shown that the network parsing function call chain, a critical path for IoT firmware to process external input data, is a high-risk area for firmware vulnerabilities. Inferring the network parsing function accurately plays a crucial role in firmware vulnerability analysis. In this paper, we propose a static analysis method called NPFTaint, which extracts the structural, behavioral, and semantic features of network parsing functions and combines supervised machine learning methods to achieve the identification of network parsing functions. Additionally, unlike traditional forward/backward analysis methods that start from classical sources or sensitive sinks, NPFTaint takes network parsing functions as the entry points, first identifying sensitive sinks on their call chains, and then using value analysis and data dependency analysis of sink-to-source to achieve the detection of highly exploitable vulnerabilities. Experimental evaluations demonstrate that NPFTaint outperforms FITS in accuracy and efficiency when identifying network parsing functions. Regarding vulnerability detection, compared to Mango, NPFTaint not only identifies taint-style vulnerabilities effectively but also improves analysis efficiency, reducing sink analysis by 40.42% and decreasing alerts by 32.77%. This solution provides a more efficient and precise vulnerability detection method for IoT firmware security, contributing to the overall security of the IoT ecosystem.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104679"},"PeriodicalIF":5.4,"publicationDate":"2025-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Amr Adel , Noor H.S. Alani , Tony Jan , Mukesh Prasad
{"title":"A review of major ICT failures and recovery strategies: Strengthening digital resilience","authors":"Amr Adel , Noor H.S. Alani , Tony Jan , Mukesh Prasad","doi":"10.1016/j.cose.2025.104678","DOIUrl":"10.1016/j.cose.2025.104678","url":null,"abstract":"<div><div>This paper presents a comprehensive, cross-sector analysis of large-scale ICT failures to address the persistent gap in understanding how systemic digital breakdowns occur and propagate across platforms and industries. Through a comparative study of seven major global outages (2019–2024) — selected based on scale, technical transparency, and platform diversity — we identify recurring vulnerabilities in automation governance, configuration management, centralized infrastructure, and incident response. Using a custom analytical framework grounded in socio-technical and resilience engineering theory, the paper maps failure propagation patterns and derives a taxonomy of technical and organizational failure modes.</div><div>We empirically validate a suite of resilience strategies — including rollback automation, configuration-as-code, SOAR-enabled response orchestration, and chaos engineering — and demonstrate how they address failure propagation pathways observed in real-world incidents. A conceptual model for decentralized system upgrade planning is introduced, incorporating microservice segmentation, dependency mapping, and AI-assisted fault containment. The paper culminates in a forward-looking digital resilience roadmap that integrates predictive analytics, secure software supply chains, and adaptive human–machine collaboration. Core contributions include: (1) a cross-case classification of failure archetypes, (2) evidence-based design patterns for resilience, and (3) actionable frameworks for infrastructure operators and researchers working towards next-generation ICT robustness.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104678"},"PeriodicalIF":5.4,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145118837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fang Li , Gang Wang , Guangjun Liu , Xiao Xue , Deyu Zhou
{"title":"Integrity verification scheme for distributed dynamic data in service ecosystems","authors":"Fang Li , Gang Wang , Guangjun Liu , Xiao Xue , Deyu Zhou","doi":"10.1016/j.cose.2025.104671","DOIUrl":"10.1016/j.cose.2025.104671","url":null,"abstract":"<div><div>Big data distributed storage provides solid data support for various service ecosystem services. The cloud computing platform is the key infrastructure to realize the management of big data distributed storage. To cope with increasingly complex network threats and data protection requirements, distributed storage systems often require a higher level of information-theoretic security assurance. Among them, how to realize data security audit and ensure data integrity and reliability is the core key technology that must be addressed in the field of cloud computing distributed storage. Existing cloud computing outsourced dynamic data audit schemes mainly rely on the security technology of computational complexity and still have such problems as insufficient security and poor availability, so it is difficult to directly apply or effectively extend them to distributed storage systems with requirements for information-theoretic security. In order to address this challenge, this paper proposes a lightweight algebraic remote data audit methodology, which explores an orthogonal authentication technique for the linear subspace generated from cloud-stored data vectors. This approach offers a novel application for algebraic coding in the context of distributed dynamic cloud storage auditing. Different from the existing dynamic audit mechanism, the proposed scheme does not rely on any authentication data structure, which ensures the real-time update and integrity audit of outsourced dynamic storage data. Experimental analysis demonstrates that the proposed scheme is capable of resisting forgery or replay attacks and achieving the objective of distributed information-theoretic security auditing. Compared with existing similar schemes, the proposed scheme involves lower storage overhead and less computation in the process of dynamic data updating.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104671"},"PeriodicalIF":5.4,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Security-aware data provenance for multi-domain software-defined networks","authors":"Visal Dam, Fariha Tasmin Jaigirdar, Kallol Krishna Karmakar, Adnan Anwar","doi":"10.1016/j.cose.2025.104677","DOIUrl":"10.1016/j.cose.2025.104677","url":null,"abstract":"<div><div>As interconnectivity increases, Software-defined Networking (SDN) offers a centralized, dynamic, and programmable approach to network management. However, a significant concern lies in the transparency of network devices and data propagation, which contribute to security awareness gaps in SDN domains. Documenting and aggregating network metadata is therefore crucial to detect anomalies and linked events, which is related to the concept of data provenance. However, existing provenance solutions merely collect data without validating it, focus mainly on single-domain SDNs, and overlook supposedly-benign aspects such as switch authentication states, flow rules, and network paths. This paper explores how integrating security metadata into provenance graphs with predefined security policies increases security awareness. With this goal, we propose PRISM-Prov, a security-aware provenance framework for distributed SDNs. To the best of our knowledge, this work is the first of its kind. We identify and discuss the metadata required to enable security awareness, implementing a proof-of-concept for the popular ONOS controller. Our method is tested against six attack scenarios, confirming real-time detection capabilities, and adding only 0.021 ms to 0.102 ms to average packet processing times <span><math><mo>−</mo></math></span> an overhead of 4.89% to 13.4% for small and large topologies, respectively <span><math><mo>−</mo></math></span> demonstrating low performance costs. Finally, this study promotes security awareness in SDNs to enhance data transparency, as well as risk and trust-based decision-making systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104677"},"PeriodicalIF":5.4,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145158874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"TRIDENT: Tri-modal Real-time Intrusion Detection Engine for New Targets","authors":"Ildi Alla, Selma Yahia, Valeria Loscri","doi":"10.1016/j.cose.2025.104676","DOIUrl":"10.1016/j.cose.2025.104676","url":null,"abstract":"<div><div>The increasing availability of drones and their potential for malicious activities pose significant privacy and security risks, necessitating fast and reliable detection in real-world environments. However, existing drone detection systems often struggle in real-world settings due to environmental noise and sensor limitations. This paper introduces <span>TRIDENT</span>, a tri-modal drone detection framework that integrates synchronized audio, visual, and RF data to enhance robustness and reduce dependence on individual sensors. <span>TRIDENT</span> introduces two fusion strategies—Late Fusion and GMU Fusion—to improve multi-modal integration while maintaining efficiency. The framework incorporates domain-specific feature extraction techniques alongside a specialized data augmentation pipeline that simulates real-world sensor degradation to improve generalization capabilities. A diverse multi-sensor dataset is collected in urban and non-urban environments under varying lighting conditions, ensuring comprehensive evaluation. Experimental results show that <span>TRIDENT</span> achieves 96.89% accuracy in real-world recordings and 83.26% in a more complex setting (augmented data), outperforming unimodal and dual-modal baselines. Moreover, <span>TRIDENT</span> operates in real-time, detecting drones in just 6.09 ms while consuming only 75.27 mJ per detection, making it highly efficient for resource-constrained devices. The dataset and code have been released to ensure reproducibility (<span><span>GitHub Repository</span><svg><path></path></svg></span>).</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104676"},"PeriodicalIF":5.4,"publicationDate":"2025-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145118838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PRIVIUM: A differentiated privacy-privilege model for user security and safety in the metaverse","authors":"Saurabh Sharma , Jaiteg Singh , Ankur Gupta , Farman Ali , Sukhjit Singh Sehra","doi":"10.1016/j.cose.2025.104658","DOIUrl":"10.1016/j.cose.2025.104658","url":null,"abstract":"<div><div>The vision of the Metaverse enables exciting new application domains through immersive experiences. However, the immersive nature of the metaverse, enjoyed through anonymous avatars, also poses significant risks to the safety and security of individual users. Already, the early iterations of the metaverse have reported incidents around user safety and the subsequent inability of the platform to fix accountability. Metaverse adoption, without addressing genuine concerns around user safety, therefore seems far-fetched. This paper presents PRIVIUM (Privacy and Privilege Integrated User Model), a novel Differentiated Privacy-Privilege based framework, designed to address the privacy-privilege-accountability paradox within the Metaverse. The model establishes a tiered privilege structure, allowing users to actively select their desired level of anonymity in exchange for corresponding privileges, through a dynamic two-stage AI model pipeline. The proposed model is dynamic, amenable to diverse use-case scenarios for the average user within the metaverse, while delicately balancing the trade-off between the user’s need for complete privacy and the platform’s responsibility to ensure safety and enforce accountability. This approach empowers users with granular control over their privacy to meet their navigation and application-specific consumption needs within the metaverse while allowing the platform to ensure safe experiences within the metaverse. Simulation results are presented, demonstrating feasibility, potential challenges in implementing PRIVIUM in the real-world discussed, and future evolution imagined.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104658"},"PeriodicalIF":5.4,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145099651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cracks in the chain: A technical analysis of real-life supply chain security incidents","authors":"Vyron Kampourakis , Georgios Kavallieratios , Vasileios Gkioulos , Sokratis Katsikas","doi":"10.1016/j.cose.2025.104673","DOIUrl":"10.1016/j.cose.2025.104673","url":null,"abstract":"<div><div>As Industry 5.0 drives greater digitalization and interconnectivity, supply chains have become vital to global commerce, ensuring the seamless flow of goods, services, and data. However, this reliance has also swelled the attack surface, rendering supply chains a prime target for evildoers. Meanwhile, the inherent complexity of supply chain ecosystems prevents defenders from fully applying contemporary security controls promptly and effectively. Clearly, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This study is the first to our knowledge that undertakes a comprehensive technical analysis of reported supply chain security incidents. Our analysis is done both from offensive and defensive prisms, leveraging well-established cybersecurity frameworks and guidelines, namely, the ATT&CK MITRE knowledge base matrix and the NIST SP 800-161, respectively. Furthermore, to consolidate our findings and facilitate future research initiatives, we compiled a fundamental dataset that can be used as the basis for automated analysis and potential integration with cybersecurity workflows. The key observations of a 33-incident analysis through the lens of an ATT&CK MITRE- and NIST SP 800-161-based taxonomies we propose can be wrapped up into two key points. First, the attack surface continues to expand, following an upward spiral due to the mushrooming of tactics and techniques that can facilitate the early or late stages of attacks, highlighting their complexity, sophistication, and widespread impact. Second, our findings underscore the necessity of a multifaceted approach to strengthening supply chain resilience. This includes implementing robust cybersecurity controls, comprehensive risk assessment methodologies, and transparent collaboration among suppliers, customers, and vendors to ensure adherence to state-of-the-art cybersecurity best practices.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104673"},"PeriodicalIF":5.4,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145118839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Real-time privacy vulnerability detection techniques in software development: A Systematic Literature Review","authors":"Nadisha Madhushanie , Sugandima Vidanagamachchi , Nalin Arachchilage","doi":"10.1016/j.cose.2025.104659","DOIUrl":"10.1016/j.cose.2025.104659","url":null,"abstract":"<div><div>Real-time privacy vulnerability detection is one of the major concerns nowadays in developing secure software systems due to the growing complexity of software development and the increased attention to data privacy. This study conducts a Systematic Literature Review (SLR) to explore existing techniques, tools, and frameworks for detecting privacy vulnerabilities in real-time during the software development. We analyze relevant studies to identify key approaches, their effectiveness, and limitations by using the Kitchenham methodology and include it into the PRISMA framework. In addition, we categorize existing approaches into IDE integrated tools, network security solutions, mobile specific techniques, and general analysis tools. Summary tables further synthesize these techniques, tools, and their comparative attributes. Our findings reveal a variety of methods, including static and dynamic analysis, machine learning based detection, and integration of privacy-by-design. We also highlight challenges such as scalability, false positives, and the need for developer friendly tools. This review provides a comprehensive overview of the state-of-the-art in real-time privacy vulnerability detection approaches and offers insights into future research directions to enhance privacy protection in software development environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104659"},"PeriodicalIF":5.4,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145099649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ahmad Fairuz Mohamed Noor, Sedigheh Moghavvemi, Farzana Parveen Tajudeen
{"title":"Identifying key factors of cybersecurity readiness in organizations: Insights from Malaysian critical infrastructure","authors":"Ahmad Fairuz Mohamed Noor, Sedigheh Moghavvemi, Farzana Parveen Tajudeen","doi":"10.1016/j.cose.2025.104674","DOIUrl":"10.1016/j.cose.2025.104674","url":null,"abstract":"<div><div>Cybersecurity readiness is critical for safeguarding National Critical Information Infrastructure (NCII) against rapidly evolving threats. This study applies Dynamic Capabilities (DC) theory to examine how Malaysian NCII agencies develop adaptive capabilities to counter such threats. Using a qualitative design, we conducted semi-structured interviews with 16 representatives from 15 organizations spanning finance, telecommunications, transportation, and government. Thematic analysis was employed to interpret readiness factors through the DC dimensions of sensing, seizing, and transforming. Findings reveal that <em>sensing capabilities</em> - such as situational awareness, policy flexibility, and technological agility - enable proactive threat detection and adaptation. <em>Seizing capabilities</em> emphasize dynamic leadership, strategic resource allocation, and proactive risk management as critical for addressing vulnerabilities and reinforcing resilience. <em>Transforming capabilities</em>, including crisis resilience planning, continuous learning, and a security-embedded organizational culture, underscore the need for ongoing adaptation and collaboration to sustain long-term cybersecurity readiness. The study reconceptualizes cybersecurity readiness as a dynamic, capability-driven process rather than a static checklist. The findings show that cybersecurity is not a one-time compliance exercise but an ongoing, evolving process requiring continuous sensing, seizing, and transforming. Leaders must prioritize adaptive governance structures that encourage strategic agility, flexible policy responses, and proactive risk management. The proposed DC-based framework offers practical guidance for high-risk organizations emphasizing leadership commitment, a security-oriented culture, and resource alignment. Although grounded in Malaysia’s NCII context, the framework has broader applicability for critical infrastructure globally.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104674"},"PeriodicalIF":5.4,"publicationDate":"2025-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145099650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}