Computers & Security最新文献

{"title":"An experimental evaluation of TEE technology: Benchmarking transparent approaches based on SGX, SEV, and TDX","authors":"Luigi Coppolino,&nbsp;Salvatore D’Antonio,&nbsp;Giovanni Mazzeo,&nbsp;Luigi Romano","doi":"10.1016/j.cose.2025.104457","DOIUrl":"10.1016/j.cose.2025.104457","url":null,"abstract":"<div><div>Protection of data-in-use is a key priority, for which Trusted Execution Environment (TEE) technology has unarguably emerged as a — possibly the most — promising solution. Multiple server-side TEE offerings have been released over the years, exhibiting substantial differences with respect to several aspects. The first comer was Intel SGX, which featured <em>Process-based TEE</em> protection, an efficient yet difficult to use approach. Some SGX limitations were (partially) overcome by runtimes, notably: <em>Gramine</em>, <em>Scone</em>, and <em>Occlum</em>. A major paradigm shift was later brought by AMD SEV, with <em>VM-based TEE</em> protection, which enabled ”lift-and-shift” deployment of legacy applications. This new paradigm has been implemented by Intel only recently, in TDX. While the threat model of the aforementioned TEE solutions has been widely discussed, a thorough performance comparison is still lacking in the literature. This paper provides a comparative evaluation of <em>TDX</em>, <em>SEV</em>, <em>Gramine-SGX</em>, and <em>Occlum-SGX</em>. We study computational overhead and resource usage, under different operational scenarios and using a diverse suite of legacy applications. By doing so, we provide a reliable performance assessment under realistic conditions. We explicitly emphasize that — at the time of writing — TDX was recently released to the public. Thus, the evaluation of TDX is a unique feature of this study.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104457"},"PeriodicalIF":4.8,"publicationDate":"2025-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143769126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Malicious SMS detection using ensemble learning and SMOTE to improve mobile cybersecurity","authors":"Hongsheng Xu ,&nbsp;Akeel Qadir ,&nbsp;Saima Sadiq","doi":"10.1016/j.cose.2025.104443","DOIUrl":"10.1016/j.cose.2025.104443","url":null,"abstract":"<div><div>The widespread use of cell phones, along with their constant internet connection, makes them vulnerable to malicious SMS attacks, including smishing and spam. Smishing involves attempts to steal personal information, while spam focuses on unwanted advertisements. Both pose cybersecurity threats, often requiring effective filtering techniques. Researchers have devised multiple methods for detecting malicious SMS, yet a notable gap remains in creating algorithms to reduce false positives, where normal messages are wrongly classified as malicious. The method employs ensemble learning to automatically identify malicious or legitimate messages. It combines Support Vector Machine and Random Forest models, compared with individual machine learning approaches for smishing detection. Feature extraction methods like Term Frequency (TF) and Term Frequency–Inverse Document Frequency (TF–IDF) are employed to derive features from the data. The imbalanced issue of the dataset is addressed by applying the Synthetic Minority Oversampling Technique (SMOTE). The results showed that the ensemble model outperformed the individual models, with an accuracy score of 99.58% when trained using TF–IDF on the balanced dataset. The proposed approach offers proactive defense against malicious SMS attacks, enhancing cybersecurity in the mobile communications sector.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104443"},"PeriodicalIF":4.8,"publicationDate":"2025-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143768511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security risk assessment in IoT environments: A taxonomy and survey","authors":"Mofareh Waqdan ,&nbsp;Habib Louafi ,&nbsp;Malek Mouhoub","doi":"10.1016/j.cose.2025.104456","DOIUrl":"10.1016/j.cose.2025.104456","url":null,"abstract":"<div><div>Internet of Things (IoT) applications have become an integral part of our daily lives. However, due to the rising number of cybercrimes, ensuring cyberspace security has become essential. The security and privacy of IoT applications are fundamental as they are used in critical sectors, like healthcare, transportation systems, and energy production. As a result, many studies are focusing on the security and privacy of the IoT revolution. The need for assessing IoT security risks is increasing.</div><div>This paper presents a survey and taxonomy of risk management, analysis, and evaluation methods applied to systems involving IoT devices. In particular, the paper reviews and categorizes existing IoT risk management and assessment frameworks, and the different assessments techniques, risk perspectives, and methodologies. The paper concludes with a deep analysis of these frameworks, solutions, and guidelines, and discusses future research directions.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104456"},"PeriodicalIF":4.8,"publicationDate":"2025-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143739071","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"VuldiffFinder: Discovering inconsistencies in unstructured vulnerability information","authors":"Qindong Li ,&nbsp;Wenyi Tang ,&nbsp;Xingshu Chen ,&nbsp;Hao Ren","doi":"10.1016/j.cose.2025.104447","DOIUrl":"10.1016/j.cose.2025.104447","url":null,"abstract":"<div><div>The information conveyed by vulnerability reports is crucial for enhancing the security of information systems. Nonetheless, there are widespread information inconsistencies across reports, including, numerical discrepancies, misreported version ranges, semantic conflict, and so on. Identifying these inconsistencies is essential for improving information quality. Current research primarily focuses on standardized, non-free-form information’s inconsistency at the character or numerical level, while research for unstructured ones at the semantic level is limited. Given this, we introduce Vul_diffFinder to determine the inconsistency of unstructured vulnerability information at the semantic level. Firstly, it utilizes NLP tools to break down unstructured information into constituent sets, and design a determination strategy based on the constituent’s syntactic hierarchies and semantic similarity. The designed strategy can determine information pairs in arbitrary structure. Secondly, it creates a span similarity-based fine-tuning task to enhance the embedding capabilities of the SpanBERT model, ensuring accurately capturing semantic information in the vulnerability domain. Finally, a dataset containing eight categories of vulnerability information and 1,612 samples is utilized to validate the proposed method. The results demonstrate that Vul_diffFinder outperforms the state-of-the-art schemes, showing a 4.31% improvement in the F1-score. Additionally, we discover that consistency is higher in information that has simpler writing structures (up to 56.46%). Heterogeneous and Contained are often found in information with fixed or complex writing structures (up to 23.33% and 38.30%, respectively). Divergent and Repugnant mainly occur in information with a high missing rate.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104447"},"PeriodicalIF":4.8,"publicationDate":"2025-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143738752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Automated penetration testing: Formalization and realization","authors":"Charilaos Skandylas,&nbsp;Mikael Asplund","doi":"10.1016/j.cose.2025.104454","DOIUrl":"10.1016/j.cose.2025.104454","url":null,"abstract":"<div><div>Recent changes in standards and regulations, driven by the increasing importance of software systems in meeting societal needs, mandate increased security testing of software systems. Penetration testing has been shown to be a reliable method to asses software system security. However, manual penetration testing is labor-intensive and requires highly skilled practitioners. Given the shortage of cybersecurity experts and current societal needs, increasing the degree of automation involved in penetration testing can aid in fulfilling the demands for increased security testing. In this work, we formally express the penetration testing problem at the architectural level and suggest a general self-organizing architecture that can be instantiated to automate penetration testing of real systems. We further describe and implement a specialization of the architecture in ADAPT, an <em>architecture-driven automated penetration testing</em> tool, targeting systems composed of hosts and services. We evaluate and demonstrate the feasibility of ADAPT by automatically performing penetration tests with success against: Metasploitable2, Metasploitable3, and a realistic virtual network used as a lab environment for penetration tester training.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"155 ","pages":"Article 104454"},"PeriodicalIF":4.8,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143800238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A survey on security and privacy issues in wearable health monitoring devices","authors":"Bonan Zhang ,&nbsp;Chao Chen ,&nbsp;Ickjai Lee ,&nbsp;Kyungmi Lee ,&nbsp;Kok-Leong Ong","doi":"10.1016/j.cose.2025.104453","DOIUrl":"10.1016/j.cose.2025.104453","url":null,"abstract":"<div><div>Recent developments in mobile computing power and wireless communication speeds have significantly improved the efficiency of medical systems. This paper focuses on passive wearable sensor devices, which are integral to noninvasive monitoring of physiological data in healthcare observation. Beyond data collection, some wearables play an active role in patient treatment, underscoring the critical importance of protecting their security and privacy. Breach in these areas can severely affect patient health. However, the distinctive characteristics of wearable technologies introduce unique security and privacy challenges, including the potential for unauthorized access to sensitive location, medical, and physiological data. This review delves into the security and privacy concerns associated with wearable devices and proposes potential remedies. Its value lies in providing insights for researchers and manufacturers, aiming to advance the development of safer and more effective wearable medical technologies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"155 ","pages":"Article 104453"},"PeriodicalIF":4.8,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143817726","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust and reusable LINDDUN privacy threat knowledge","authors":"Laurens Sion,&nbsp;Dimitri Van Landuyt,&nbsp;Kim Wuyts,&nbsp;Wouter Joosen","doi":"10.1016/j.cose.2025.104419","DOIUrl":"10.1016/j.cose.2025.104419","url":null,"abstract":"<div><div>Privacy threat modeling is an intrinsically complex analysis task that requires expertise in sophisticated privacy threats, their harms and implications, as well as potential mitigations. To support both novices and experts in attaining a desired degree of rigor and completeness in their analysis, supporting materials such as privacy threat trees and threat examples are crucial as they consolidate and harmonize the complete spectrum of threat characteristics, and as such assist with the broader uptake of privacy threat modeling practices.</div><div>However, the existing knowledge structures, taxonomies, and trees used in privacy threat analysis prove to have limited use in practice. They are either too broad and generic, or too tightly coupled to a specific modeling approach (<span>dfd</span>s) or to a specific threat elicitation method (e.g., per-element). In addition, current privacy threat knowledge structures suffer from semantic ambiguity. Finally, existing structures are too rigid to support evolution, thus hindering the incorporation of emerging privacy threats.</div><div>This article introduces three contributions to address these shortcomings: (i) it defines the metamodel to express threat knowledge in the form of threat types, elicitation criteria, examples, and additional metadata; (ii) it discusses its application to the privacy threat knowledge of the <span>linddun</span> privacy threat modeling framework; and (iii) it introduces the automated knowledge management tools comprised of extraction logic that allows more flexible adoption in different privacy analysis approaches, and that fundamentally supports continuous evolution and refinement of this privacy threat knowledge. A major outcome is the updated <span>linddun</span> privacy threat knowledge which completely subsumes earlier versions and provides more rooted support for adoption, refinement, and continuous evolution.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104419"},"PeriodicalIF":4.8,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143739073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A comprehensive review of security vulnerabilities in heavy-duty vehicles: Comparative insights and current research gaps","authors":"Narges Rahimi ,&nbsp;Beth-Anne Schuelke-Leech ,&nbsp;Mitra Mirhassani","doi":"10.1016/j.cose.2025.104452","DOIUrl":"10.1016/j.cose.2025.104452","url":null,"abstract":"<div><div>The increasing connectivity and integration of advanced technologies in vehicular systems have amplified the need for robust cybersecurity measures, particularly in heavy-duty (HD) vehicles, which are crucial to commercial transportation. Despite their importance, HD vehicles have received less attention in cybersecurity research compared to light-duty (LD) vehicles, leaving critical vulnerabilities unaddressed. This paper aims to bridge this gap by conducting a thorough analysis of the unique security challenges faced by HD vehicles. By comparing HD vehicles with LD vehicles, we identify distinct and vulnerabilities in two key areas: intra-vehicle networks and external connections. The study includes a comprehensive literature review focused on the cybersecurity of heavy- and medium-duty vehicles, through which we identify prevalent threats and potential mitigation strategies. This analysis underscores the necessity for enhanced protocol security and advocates for a detailed examination of both intra-vehicle networks and external connections.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104452"},"PeriodicalIF":4.8,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143714571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dynamic anomaly detection using In-band Network Telemetry and GCN for cloud–edge collaborative networks","authors":"Jinchuan Pei ,&nbsp;Yuxiang Hu ,&nbsp;Le Tian ,&nbsp;Xinglong Pei ,&nbsp;Zihao Wang","doi":"10.1016/j.cose.2025.104422","DOIUrl":"10.1016/j.cose.2025.104422","url":null,"abstract":"<div><div>In the intelligent era of the Internet of Everything, the cloud–edge collaborative network architecture solves the data storage and computing problems caused by the exponential growth of terminal data. However, at the same time, the network attack situation is becoming increasingly severe and the types of network anomalies are complex and diverse. The traffic characteristic information collected in traditional network security situation analysis is single and coarse in granularity, which makes it difficult to completely reflect the original traffic and network equipment status. Moreover, the collection of a large amount of fine-grained telemetry data generates substantial telemetry overhead, which hinders the efficient detection of network anomalies and malicious intrusions. To solve this problem, we propose a dynamic anomaly detection method using In-band Network Telemetry (INT) and GCN for cloud–edge collaborative networks, which flexibly and efficiently collects network state information to identify network anomalies and network intrusions. Firstly, we design an anomaly telemetry architecture for cloud–edge collaborative networks and use in-band network telemetry technology of programmable network to extract network characteristic information, and then use dynamic telemetry mechanism to extract network situation elements on demand, so as to quickly identify network anomalies by information entropy method in the edge layer. According to the identified network anomaly information, we deeply telemetry the abnormal position and design a novel Graph Convolutional Network (GCN) that aggregates anomaly information named AGCN in the cloud layer, and analyze whether there is malicious intrusion by combining spatiotemporal dimensions, so that network administrators can accurately grasp the network security situation and discover malicious intrusion in time. The experimental results show that the proposed method can quickly identify network anomalies and detect network intrusions, which can quickly converge while saving telemetry overhead, and the detection accuracy of network intrusions can reach 98.69%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104422"},"PeriodicalIF":4.8,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143714572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Threat hunting for adversary impact inhibiting system recovery","authors":"Naif Alsharabi ,&nbsp;Akashdeep Bhardwaj ,&nbsp;Abdulaziz Ayaba ,&nbsp;Amr Jadi","doi":"10.1016/j.cose.2025.104464","DOIUrl":"10.1016/j.cose.2025.104464","url":null,"abstract":"<div><div>The rise of advanced cyber threats targeting critical system recovery mechanisms necessitates proactive and scalable threat-hunting solutions. This research introduces a novel methodology leveraging a Linux-based Elasticsearch server to detect adversary techniques that inhibit system recovery (T1490). By integrating Elasticsearch for centralized log storage, Kibana for dynamic visualization, and Lucene for precise query search, the proposed platform offers a cost-effective and adaptable alternative to proprietary SIEM solutions. The methodology emphasizes real-time identification of indicators of compromise (IOCs) such as shadow copy deletions, suspicious commands, and backup configuration modifications, enabling security teams to uncover adversarial behaviors before they disrupt recovery processes. Practical implementation demonstrates the platform's flexibility across diverse IT environments, accommodating logs from endpoints with varying operating systems and infrastructures. The study further highlights the adaptability of the approach, with Kibana dashboards and Lucene queries tailored to specific organizational needs, making it a versatile tool for enterprises. Additionally, the research underscores the significance of proactive detection by moving beyond traditional reactive methods, positioning organizations to address system recovery threats effectively. This work bridges a critical gap in cybersecurity by offering a scalable, open-source threat-hunting platform that aligns with the growing need for robust defenses against evolving adversary techniques. The findings hold practical significance for enhancing incident response strategies and bolstering organizational resilience, paving the way for future integration with advanced threat intelligence feeds and automated detection mechanisms. This novel approach not only strengthens the security landscape but also provides a blueprint for cost-efficient, real-world applications in defending against adversary techniques designed to inhibit system recovery.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104464"},"PeriodicalIF":4.8,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143785007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}