Andong Chen , Zhaoxuan Jin , Zhenyuan Li , Yan Chen , Yu Ning , Ying Wang
{"title":"AutoSeg: Automatic micro-segmentation policy generation via configuration analysis","authors":"Andong Chen , Zhaoxuan Jin , Zhenyuan Li , Yan Chen , Yu Ning , Ying Wang","doi":"10.1016/j.cose.2025.104591","DOIUrl":"10.1016/j.cose.2025.104591","url":null,"abstract":"<div><div>Micro-segmentation isolates network segments within different parts of an application, reducing potential attack surfaces. This technique has become increasingly common for enhancing security in cloud application infrastructures. Despite its benefits, the complexity of managing numerous service interactions can make defining and maintaining micro-segmentation policies challenging and prone to errors. Previous solutions have attempted to simplify policy creation, but gaps remain in their applicability, auditability, and response times.</div><div>In this paper, we proposed the first configuration-based approach, AugoSeg, which automates the generation of micro-segmentation policies for cloud-native applications. By analyzing network configurations in service containers, AugoSeg identifies service dependencies and automatically creates corresponding policies. This system specifically targets commonly used, behavior-focused configurations, addressing the shortcomings of earlier systems through its design.</div><div>We systematically evaluated AugoSeg, using the 184 services from 61 popular projects, covering 14 programming languages. The results illustrated that AugoSeg can completely model service dependencies for over 96.7% of projects and formulate restrictive policies in an average time of 7.13 s. It effectively restricts attackers’ lateral movements within networks. This evaluation not only underscores the efficiency of AugoSeg but also demonstrates its practical applicability in cloud environments, setting a new approach for micro-segmentation in cloud-native security.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104591"},"PeriodicalIF":5.4,"publicationDate":"2025-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144830063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Privacy-preserving distributed clustering: A fully homomorphic encrypted approach for time series","authors":"Iván Abellán Álvarez, Joaquín Delgado Fernández, Sergio Potenciano Menci","doi":"10.1016/j.cose.2025.104579","DOIUrl":"10.1016/j.cose.2025.104579","url":null,"abstract":"<div><div>In time series analysis, particularly in domains like smart metering, the drive for accurate predictions often depends on access to fine-grained, sensitive data. This need raises significant privacy concerns, especially in distributed data environments. To address these challenges, we apply the LINDDUN privacy threat modeling framework to identify and formalize privacy risks, and establish privacy requirements specific to distributed clustering of time series data. We extend the framework by integrating system design assumptions early on, and derive new attack trees that align with current threat patterns. We propose a distributed clustering protocol based on fully homomorphic encryption, and further enhance privacy guarantees by integrating differential privacy mechanisms and a software-based local caching strategy to bound computational costs. In the context of smart metering, assuming a semi-honest model where agents adhere to the protocol without collusion, our simulation results indicate a favorable trade-off between privacy and performance at <span><math><mrow><mi>ϵ</mi><mo>≃</mo><mn>3</mn><mo>.</mo><mn>0</mn></mrow></math></span>. Our approach offers a blueprint for designing privacy-first systems that enable accurate predictions while safeguarding individual privacy.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104579"},"PeriodicalIF":5.4,"publicationDate":"2025-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144750559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A cloud-assisted anonymous and privacy-preserving authentication scheme for internet of medical things","authors":"Ping Guo , Shuilong Xu , Wenfeng Liang","doi":"10.1016/j.cose.2025.104614","DOIUrl":"10.1016/j.cose.2025.104614","url":null,"abstract":"<div><div>With the rapid advancement of the Internet of Medical Things (IoMT) and the increasing adoption of cloud computing, the storage and processing of medical data have become significantly more efficient. However, in cloud-assisted IoMT environments, data is exposed to risks due to open networks and semi-trusted cloud service providers, potentially compromising sensitive information. Ensuring data security is paramount; yet, existing authentication protocols often exhibit limitations, such as high computational overhead and security vulnerabilities. In this paper, we propose a cloud-assisted authentication scheme designed to ensure secure privacy protection for physiological data within the open network environment of IoMT, while accommodating the resource-constrained nature of sensor nodes. Our innovative remote anonymous authentication scheme leverages Elliptic Curve Cryptography to facilitate secure mutual authentication over insecure channels. During the authentication phase, the cloud server cannot ascertain the user's true identity, allowing patients to access services anonymously. To enhance security, we employ proxy re-encryption techniques, enabling users to decrypt the cloud server's encrypted shared intermediate ciphertexts securely. Comprehensive security and privacy analyses, along with performance evaluations, demonstrate that the proposed scheme offers superior cost-effectiveness, enhanced privacy protection, and improved execution efficiency compared to existing solutions.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104614"},"PeriodicalIF":5.4,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144766610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sijjad Ali , Dhani Bux Talpur , Adeel Abro , Khulud Salem Alshudukhi , Ghadah Naif Alwakid , Mamoona Humayun , Farhan Bashir , Shuaib Ahmed Wadho , Asadullah Shah
{"title":"Security and privacy in multi-cloud and hybrid cloud environments: Challenges, strategies, and future directions","authors":"Sijjad Ali , Dhani Bux Talpur , Adeel Abro , Khulud Salem Alshudukhi , Ghadah Naif Alwakid , Mamoona Humayun , Farhan Bashir , Shuaib Ahmed Wadho , Asadullah Shah","doi":"10.1016/j.cose.2025.104599","DOIUrl":"10.1016/j.cose.2025.104599","url":null,"abstract":"<div><div>The rapid adoption of multi-cloud and hybrid cloud environments has revolutionized modern computing by enhancing scalability, flexibility, and cost-efficiency. However, these environments introduce significant security and privacy challenges due to the distributed nature of data storage, heterogeneous infrastructures, and intercloud communications. This review comprehensively examines the critical security and privacy concerns associated with multi-cloud and hybrid cloud architectures, including data confidentiality, access control, secure communication, regulatory compliance, and emerging attack vectors such as cross-cloud threats and side-channel attacks. We analyze existing security strategies, including cryptographic techniques, identity and access management (IAM) mechanisms, AI-driven threat detection, and privacy-preserving methodologies. Furthermore, we provide a comparative evaluation of these approaches, highlighting their trade-offs in terms of security effectiveness, computational overhead, and deployment feasibility. In addition, we explore emerging trends such as post-quantum cryptography, zero-trust architectures, decentralized security frameworks, and AI-powered security automation to mitigate evolving threats. Finally, we outline open research challenges and future directions, emphasizing the need for scalable, adaptive, and regulation-compliant security solutions. This review serves as a foundation for researchers and practitioners aiming to enhance security and privacy in multi-cloud and hybrid cloud infrastructures, ensuring robust and resilient cloud computing ecosystems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104599"},"PeriodicalIF":4.8,"publicationDate":"2025-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144713778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Attack structure matters: Causality-preserving metrics for Provenance-based Intrusion Detection Systems","authors":"Manuel Suarez-Roman, Juan Tapiador","doi":"10.1016/j.cose.2025.104578","DOIUrl":"10.1016/j.cose.2025.104578","url":null,"abstract":"<div><div>Provenance-based Intrusion Detection Systems (PIDS) detect attacks and reconstruct attack scenarios by analyzing provenance graphs. These graphs, constructed from events captured by system logs and security sensors, model the causal relationships between operations performed by system entities. In PIDS research, evaluations typically rely on standard metrics such as precision and recall, computed at the graph level. To assess the accuracy of reconstructed attack graphs, researchers often use proxy metrics at the node level, as computing similarity between provenance graphs remains an open problem. In this paper, we address this problem by introducing SDTED (Structure and Depth Preserving Tree Edit Distance), a variant of the recently proposed Generalized Weisfeiler–Lehman Graph Kernel, adapted to capture the distinctive properties of provenance graphs. Using a dataset of attack scenarios from the DARPA Engagements program, we show that SDTED accurately measures similarity between provenance graphs in cases where node-level metrics yield suboptimal results. Moreover, SDTED is capable of detecting changes in causal relationships between provenance graphs, an essential property for robust evaluation of PIDS proposals. We open source our implementation of SDTED to support reproducibility and encourage adoption within the research community.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104578"},"PeriodicalIF":5.4,"publicationDate":"2025-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144757107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Peng Xu , Tingting Rao , Wei Wang , Zhaojun Lu , Kaitai Liang
{"title":"Power of union: Federated honey password vaults against differential attack","authors":"Peng Xu , Tingting Rao , Wei Wang , Zhaojun Lu , Kaitai Liang","doi":"10.1016/j.cose.2025.104592","DOIUrl":"10.1016/j.cose.2025.104592","url":null,"abstract":"<div><div>The honey password vault is a promising method for managing user passwords and mitigating password-guessing attacks by creating plausible-looking decoy password vaults. Recently, various methods, such as Chatterjee-PCFG (IEEE S&P’15), Golla-Markov (ACM CCS’16), and Cheng-IUV (USENIX Security’21), have been proposed to construct the cornerstone of honey password vaults, known as the distribution transforming encoder (DTE). These innovations significantly enhance the security and functionality of each kind of DTE. However, our findings indicate that when users employ multiple honey password vaults of distinct DTEs to manage their passwords, a passive attacker can easily compromise user passwords by exploiting differences among those DTEs. Consequently, we propose the <em>differential attack</em> targeting existing honey password vaults. The extensive experimental results confirm the effectiveness of this attack, distinguishing real from decoy password vaults with accuracy from 99.13% to 100.00%. In response, we design a novel, collaborative approach to train DTE, called <em>federated DTE model</em>, and construct a secure honey password vault. This strategy markedly bolsters security, reducing the differential attack’s distinguishing accuracy to approximately 52.41%, nearing the ideal threshold of 50.00%. Our findings emphasize the need for collaborative strategies to maintain password security to combat advanced cyber threats.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104592"},"PeriodicalIF":5.4,"publicationDate":"2025-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144725007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Argianto Rahartomo , Leonel Merino , Mohammad Ghafari
{"title":"Metaverse security and privacy research: A systematic review","authors":"Argianto Rahartomo , Leonel Merino , Mohammad Ghafari","doi":"10.1016/j.cose.2025.104602","DOIUrl":"10.1016/j.cose.2025.104602","url":null,"abstract":"<div><div>The rapid growth of metaverse technologies, including virtual worlds, augmented reality, and lifelogging, has accelerated their adoption across diverse domains. This rise exposes users to significant new security and privacy challenges due to sociotechnical complexity, pervasive connectivity, and extensive user data collection in immersive environments. We present a systematic review of the literature published between 2013 and 2024, offering a comprehensive analysis of how the research community has addressed metaverse-related security and privacy issues over the past decade. We organize the studies by method, examined the security and privacy properties, immersive components, and evaluation strategies. Our investigation reveals a sharp increase in research activity in the last five years, a strong focus on practical and user-centered approaches, and a predominant use of benchmarking, human experimentation, and qualitative methods. Authentication and unobservability are the most frequently studied properties. However, critical gaps remain in areas such as policy compliance, accessibility, interoperability, and back-end infrastructure security. We emphasize the intertwined technical complexity and human factors of the metaverse and call for integrated, interdisciplinary approaches to securing inclusive and trustworthy immersive environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104602"},"PeriodicalIF":4.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144702574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Location privacy protection method based on social network platform","authors":"Haohua Qing, Roliana Ibrahim, Hui Wen Nies","doi":"10.1016/j.cose.2025.104611","DOIUrl":"10.1016/j.cose.2025.104611","url":null,"abstract":"<div><div>In recent years, rapid advancements in wireless communication and positioning technologies have made location-based services (LBS) common and highly convenient in daily life, from navigation to social networking applications. However, this convenience often comes at the expense of user privacy, raising significant security concerns regarding unauthorized access and misuse of location data. This research addresses the dual nature of LBS by highlighting the critical need for robust and practical privacy mechanisms to safeguard sensitive geolocation data. Specifically, this paper proposes a novel privacy-preserving method leveraging Application Programming Interface (API) hijacking technology integrated into social network platforms. Through intercepting and perturbing location-based API calls, the method enhances privacy protection with minimal disruption to the user experience. Simulation experiments utilizing over 10,000 real-world QQ check-in records demonstrate that injecting random noise (ranging from 0.0001°–0.01°, approximately 11 m–1.1 km) significantly increases median location error from approximately 11 m to over 1 km, while introducing negligible latency overhead of only 15±3 milliseconds. This favorable trade-off confirms the method’s practical effectiveness in achieving a balance between privacy enhancement and service utility. Furthermore, this study critically reviews existing location privacy solutions, identifies their limitations, and introduces API hijacking as an innovative perspective for location privacy protection on popular social media platforms.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104611"},"PeriodicalIF":4.8,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144713777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Maxwell Dorgbefu Jnr , Yaw Marfo Missah , Najim Ussiph , Gaddafi Abdul-Salaam , Oliver Kornyo , Joseph Mawulorm Mensah
{"title":"Hybrid framework of differential privacy and secure multi-party computation for privacy-preserving entity resolution","authors":"Maxwell Dorgbefu Jnr , Yaw Marfo Missah , Najim Ussiph , Gaddafi Abdul-Salaam , Oliver Kornyo , Joseph Mawulorm Mensah","doi":"10.1016/j.cose.2025.104603","DOIUrl":"10.1016/j.cose.2025.104603","url":null,"abstract":"<div><div>The exponential improvement and precision in hardware design, coupled with sophisticated software systems, are the basis of unprecedented rates of data generation and storage. However, extracting actionable knowledge, formulating impactful policies, and making insightful decisions from these massive datasets rely on data integration with entity resolution as its core task. Despite significant advances in entity resolution methods, the risk of data breaches, matching accuracy, utility and scalability remain critical challenges to the data science research community. This study introduces a novel hybrid framework of differential privacy (DP) and secure multi-party computation (SMPC) for privacy-preserving entity resolution (PPER), thereby addressing critical data utility and confidentiality challenges. We rigorously evaluated the framework using the Febrl4 and North Carolina Voter Registration (NCVR) datasets across three supervised machine learning models (Logistic Regression, SVM, Naïve Bayes), through adaptive <em>ε</em>-allocation (0.1 to 5.0), demonstrating the crucial privacy-utility trade-off. Our findings reveal that the framework maintains high linkage utility, with F1-scores consistently above 0.81 even under stringent privacy budgets (ϵ=0.1), and achieving over 0.90 at moderate ϵ values, notably with support vector machine exhibiting robust performance. This research provides empirical evidence and theoretical guarantees for developing highly practical and ethically compliant PPER solutions, offering clear guidance for balancing data utility with privacy requirements across diverse application domains.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104603"},"PeriodicalIF":4.8,"publicationDate":"2025-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144713235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yinhao Qi, Chuyi Yan, Zehui Wang, Chen Zhang, Song Liu, Zhigang Lu, Bo Jiang
{"title":"ATHITD: Attention-based temporal heterogeneous graph neural network for insider threat detection","authors":"Yinhao Qi, Chuyi Yan, Zehui Wang, Chen Zhang, Song Liu, Zhigang Lu, Bo Jiang","doi":"10.1016/j.cose.2025.104587","DOIUrl":"10.1016/j.cose.2025.104587","url":null,"abstract":"<div><div>Insider threats can lead to data leakage and system crashes within an organization, seriously compromising the security of information systems. Most existing detection methods focus on analyzing user behavior sequences or constructing user relationship networks based on behavior feature similarities between users to uncover malicious insiders. However, these methods ignore the association between users and entities (e.g., files, processes, PCs, websites, and removable devices) and the evolution of user behavior patterns over time. This paper proposes an attention-based temporal heterogeneous graph neural network for insider threat detection (<strong>ATHITD</strong>) to address these issues. Firstly, ATHITD constructs sequences of temporal heterogeneous graphs from various logs based on the specified time window to depict the evolving and complex relationships between users and entities. Secondly, it introduces temporal neighbors for target nodes within each time window to describe short-term temporal dependencies. Temporal neighbors are nodes identical to the target nodes and appeared in the previous time windows. It then employs the attention mechanism to learn the spatial heterogeneity of target nodes and the short-term feature evolution from temporal neighbors to target nodes. Additionally, it uses the self-attention mechanism in Transformer to learn the long-term feature evolution of user nodes across various time windows. Furthermore, ATHITD can focus on the time windows in which malicious activities occur, helping security personnel analyze potential malicious activities in the highlighted time windows. Extensive experiments on the public datasets CERT and LANL demonstrate that the long and short-term spatio-temporal node embeddings learned by ATHITD can be effectively used to identify malicious insiders. ATHITD achieves F1 scores of 0.96 and 0.97 on the CERT and LANL datasets, respectively, outperforming existing state-of-the-art methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104587"},"PeriodicalIF":4.8,"publicationDate":"2025-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144702573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}