Biblio

Compared with other virtualization technologies, container technology is widely used in edge computing because of its low cost, high reliability, high flexibility and fast portability. However, the use of container technology can alleviate the pressure of massive data, but also bring complex and diverse security problems. Reliable information security risk assessment method is the key to ensure the smooth application of container technology. According to the risk assessment theory, a security risk assessment method for edge computing containers based on dynamic game theory is proposed. Aiming at the complex container security attack and defense process, the container system's security model is constructed based on dynamic game theory. By combining the attack and defense matrix, the Nash equilibrium solution of the model is calculated, and the dynamic process of the mutual game between security defense and malicious attackers is analyzed. By solving the feedback Nash equilibrium solution of the model, the optimal strategies of the attackers are calculated. Finally, the simulation tool is used to solve the feedback Nash equilibrium solution of the two players in the proposed model, and the experimental environment verifies the usability of the risk assessment method.

SELinux policies used in practice are generally large and complex. As a result, it is difficult for the policy writers to completely understand the policy and ensure that the policy meets the intended security goals. To remedy this, we have developed a tool called SEFlowViz that helps in visualizing the information flows of a policy and thereby helps in creating flow-secure policies. The tool uses the graph database Neo4j to visualize the policy. Along with visualization, the tool also supports extracting various information regarding the policy and its components through queries. Furthermore, the tool also supports the addition and deletion of rules which is useful in converting inconsistent policies into consistent policies.

This paper presents an IoT enabled real time occupancy semantic search system leveraging ETSI defined context information and interface meta model standard- ``Next Generation Service Interface for Linked Data'' (NGSI-LD). It facilitates interoperability, integration and federation of information exchange related to spatial infrastructure among geo-distributed deployed IoT entities, different stakeholders, and process domains. This system, in the presented use case, solves the problem of adhoc booking of meetings in real time through semantic discovery of spatial data and metadata related to room occupancy and thus enables optimum utilization of spatial infrastructure in university campuses. Therefore, the proposed system has the capability to save on effort, cost and productivity in institutional spatial management contexts in the longer run and as well provide a new enriched user experience in smart public buildings. Additionally, the system empowers different stakeholders to plan, forecast and fulfill their spatial infrastructure requirements through semantic data search analysis and real time data driven planning. The initial performance results of the system have shown quick response enabled semantic discovery of data and metadata (textless2 seconds mostly). The proposed system would be a steppingstone towards smart management of spatial infrastructure which offers scalability, federation, vendor agnostic ecosystem, seamless interoperability and integration and security by design. The proposed system provides the fundamental work for its extension and potential in relevant spatial domains of the future.

Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called' zero-day attacks' can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker's behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.

Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called’ zero-day attacks’ can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker’s behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.

This work demonstrates an ultra-compact low power oscillating micromechanical active pixel array based on a 0.35 μm back-end of line (BEOL)-embedded CMOS-MEMS technology. Each pixel consists of a 3-MHz clamped-clamped beam (CCB) MEMS resonator and a power scalable transimpedance amplifier (TIA) that occupies a small area of 70 × 60 μm2 and draws only 85 μW/pixel. The MEMS resonator is placed next to the TIA with less than 10 μm spacing thanks to the well-defined etch stops in the titanium nitride composite (TiN-C) CMOS-MEMS platform. A multiplexing phase-locked loop (PLL)-driven oscillator is employed to demonstrate the chip functionality. In particular, a nonlinear operation of the resonator tank is used to optimize the phase noise (PN) performance and Allan deviation (ADEV) behavior. The ADEV of 420 ppb averaged over best 3-pixels is exhibited based on such a nonlinear vibration operation.

Smart grid (SG) network is one of the recently improved networks of tangled entities, objects, and smart metering infrastructure (SMI). It plays a vital part in sensing, acquiring, observing, aggregating, controlling, and dealing with various kinds of fields in SG. The SMI or advanced metering infrastructure (AMI) is proposed to make available a real-time transmissions connection among users and services are Time of use (TOU), Real time pricing (RTP), Critical Peak Pricing (CPP). In adding to, additional benefit of SMs is which are capable to report back to the service control center in near real time nontechnical losses (for instance, tampering with meters, bypassing meters, and illicit tapping into distribution systems). SMI supports two-way transmission meters reading electrical utilization at superior frequency. This data is treated in real time and signals send to manage demand. This paper expresses a transitory impression of cyberattack instances in customary energy networks and SMI. This paper presents cyber security attacks and countermeasures in Smart Grid Metering Network (SGMN). Based on the existing survey threat models, a number of proposed ways have been planned to deal with all threats in the formulation of the secrecy and privacy necessities of SG measurement network.

As malware detection algorithms and methods become more sophisticated, malware authors adopt equally sophisticated evasion mechanisms to defeat them. Anecdotal evidence claims Living-Off-The-Land (LotL) techniques are one of the major evasion techniques used in many malware attacks. These techniques leverage binaries already present in the system to conduct malicious actions. We present the first large-scale systematic investigation of the use of these techniques by malware on Windows systems.In this paper, we analyse how common the use of these native system binaries is across several malware datasets, containing a total of 31,805,549 samples. We identify an average 9.41% prevalence. Our results show that the use of LotL techniques is prolific, particularly in Advanced Persistent Threat (APT) malware samples where the prevalence is 26.26%, over twice that of commodity malware.To illustrate the evasive potential of LotL techniques, we test the usage of LotL techniques against several fully patched Windows systems in a local sandboxed environment and show that there is a generalised detection gap in 10 of the most popular anti-virus products.

Industrial Control Systems (ICSs) are used in several domains such as Transportation, Manufacturing, Defense and Power Generation and Distribution. ICSs deal with complex physical systems in order to achieve an industrial purpose with operational safety. Security has not been taken into account by design in these systems that makes them vulnerable to cyberattacks.In this paper, we rely on existing public ICS datasets as well as on the existing literature of Machine Learning (ML) applications for anomaly detection in ICSs in order to improve detection scores. To perform this purpose, we propose a systematic framework, relying on established ML algorithms and suitable data preprocessing methods, which allows us to quickly get efficient, and surprisingly, better results than the literature. Finally, some recommendations for future public ICS dataset generations end this paper, which would be fruitful for improving future attack detection models and then protect new ICSs designed in the next future.

When the electrical grid in a region suffers a major outage, e.g., after a catastrophic cyber attack, a “black start” may be required, where the grid is slowly restarted, carefully and incrementally adding generating capacity and demand. To ensure safe and effective black start, the grid control center has to be able to communicate with field personnel and with supervisory control and data acquisition (SCADA) systems. Voice and text communication are particularly critical. As part of the Defense Advanced Research Projects Agency (DARPA) Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program, we designed, tested and evaluated a self-configuring mesh network prototype called the Phoenix Secure Emergency Network (PhoenixSEN). PhoenixSEN provides a secure drop-in replacement for grid's primary communication networks during black start recovery. The network combines existing and new technologies, can work with a variety of link-layer protocols, emphasizes manageability and auto-configuration, and provides services and applications for coordination of people and devices including voice, text, and SCADA communication. We discuss the architecture of PhoenixSEN and evaluate a prototype on realistic grid infrastructure through a series of DARPA-led exercises.

Object-oriented program (OOP) is very popular in these years for its advantages, but the testing method for OOP is still not mature enough. To deal with the problem that it is impossible to generate the probability density function by simply numeralizing a point in the test case caused by the complex structure of the object-oriented test case, we propose the Adaptive Random Testing through Test Profile for Object-Oriented software (ARTTP-OO). It generates a test case at the edge of the input field and calculates the distance between object-oriented test cases using Object and Method Invocation Sequence Similarity (OMISS) metric formula. And the probability density function is generated by the distance to select the test cases, thereby realizing the application of ARTTP algorithm in OOP. The experimental results indicate the proposed ARTTP-OO consumes less time cost without reducing the detection effectiveness.

The aim of the study is to present an advanced overview and potential application of the innovative tools/software's/methods used for data visualization, text mining, scientific mapping, and bibliometric analysis. Text mining and data visualization has been a topic of research for several years for academic researchers and practitioners. With the advancement in technology and innovation in the data analysis techniques, there are many online and offline software tools available for text mining and visualisation. The purpose of this study is to present an advanced overview of latest, sophisticated, and innovative tools available for this purpose. The unique characteristic about this study is that it provides an overview with examples of the five most adopted software tools such as VOSviewer, Biblioshiny, Gephi, HistCite and CiteSpace in social science research. This study will contribute to the academic literature and will help the researchers and practitioners to apply these tools in future research to present their findings in a more scientific manner.

Traditional passive defense methods cannot resist the constantly updated and evolving cyber attacks. The concept of resilience is introducing to measure the ability of the system to maintain its function under attack. It matters in evaluating the security of modern industrial systems. This paper presents a 3D Resilience State Space method to assess Communication-based train control (CBTC) system resilience under malware attack. We model the spread of malware as two functions: the communicability function \$f\$(x) and the susceptibility function 9 (x). We describe the characteristics of these two function in the CBTC complex network by using the percolation theory. Then we use a perturbation formalism to analyze the impact of malware attack on information flow and use it as an indicator of the cyber layer state. The CBTC cyber-physical system resilience metric formalizes as the system state transitions in three-dimensional state space. The three dimensions respectively represent the cyber layer state, the physical layer state, and the transmission layer state. The simulation results reveal that the proposed framework can effectively assess the resilience of the CBTC system. And the anti-malware programs can prevent the spread of malware and improve CBTC system resilience.

There will be a fatal risk when the submitted file is stolen or altered by someone else during the file submission process. To maintain the security of sending files from sender to recipient, it is necessary to secure files. The science of maintaining the security of messages is called cryptography. The authors were interested in examining the Three Pass Protocol scheme in this study because it eliminated the necessity for sender and receiver to exchange keys during the operation of the Hill Cipher 3x3 algorithm. The Hill Cipher algorithm was chosen because the key has an inverse and matrix-shaped value. Then the key used must be checked whether it has a GCD (Greatest Common Divisor) grade 1 or not and will be shaped like matrix. System implementation using the Java programming language using Android Studio software. System testing is done by encrypting and decrypting files. System testing results illustrate that the process encryption and decryption by the sender is faster than the recipient, so the encryption and decryption time needed directly proportional; the larger the pixel size of the image on the image file used, the longer it takes.

Recent work on intrusion-tolerance has shown that resilience to sophisticated network attacks requires system replicas to be deployed across at least three geographically distributed sites. While commodity data centers offer an attractive solution for hosting these sites due to low cost and management overhead, their use raises significant confidentiality concerns: system operators may not want private data or proprietary algorithms exposed to servers outside their direct control. We present a new model for Byzantine Fault Tolerant replicated systems that moves toward “intrusion tolerance as a service”. Under this model, application logic and data are only exposed to servers hosted on the system operator's premises. Additional offsite servers hosted in data centers can support the needed resilience without executing application logic or accessing unencrypted state. We have implemented this approach in the open-source Spire system, and our evaluation shows that the performance overhead of providing confidentiality can be less than 4% in terms of latency.

To develop the next generation of Internet of Things, Edge devices and systems which leverage progress in enabling technologies such as 5G, distributed computing and artificial intelligence (AI), several requirements need to be developed and put in place to make the devices smarter. A major requirement for all the above applications is the long-term security and trust computing infrastructure. Trusted Computing requires the introduction inside of the platform of a Trusted Platform Module (TPM). Traditionally, a TPM was a discrete and dedicated module plugged into the platform to give TPM capabilities. Recently, processors manufacturers started integrating trusted computing features into their processors. A significant drawback of this approach is the need for a permanent modification of the processor microarchitecture. In this context, we suggest an analysis and a design of a software-only TPM for RISC-V processors based on seL4 microkernel and OP-TEE.

The interdisciplinary field of immersive learning research is scattered. Combining efforts for better exploration of this field from the different disciplines requires researchers to communicate and coordinate effectively. We call upon the community of immersive learning researchers for planting the Knowledge Tree of Immersive Learning Research, a proposal for a systematization effort for this field, combining both scholarly and practical knowledge, cultivating a robust and ever-growing knowledge base and methodological toolbox for immersive learning. This endeavor aims at promoting evidence-informed practice and guiding future research in the field. This paper contributes with the rationale for three objectives: 1) Developing common scientific terminology amidst the community of researchers; 2) Cultivating a common understanding of methodology, and 3) Advancing common use of theoretical approaches, frameworks, and models.

SUMMARY & CONCLUSIONSA Multi-access Edge Computing (MEC) micro data center (MEDC) consists of multiple MEC hosts close to endpoint devices. MEC service is delivered by instantiating a virtualization system (e.g., Virtual Machines or Containers) on a MEC host. MEDC faces more new security risks due to various device connections in an open environment. When more and more IoT/CPS systems are connected to MEDC, it is necessary for MEC service providers to quantitatively analyze any security loss and then make defense-related decision. This paper develops a CTMC model for quantitatively analyzing the security and dependability of a vulnerable MEDC system under lateral movement attacks, from the adversary’s initial successful access until the MEDC becomes resistant to the attack. The proposed model captures the behavior of the system in a scenario where (i) the rate of vulnerable MEC servers being infected increases with the increasing number of infected MEC servers, (ii) each infected MEC server can perform its compromising activity independently and randomly, and (iii) any infected MEC may fail and then cannot provide service. We also introduce the formulas for computing metrics. The proposed model and formula are verified to be approximately accurate by comparing numerical results and simulation results.

Kotlin is a relatively new programming language from JetBrains: its development started in 2010 with release 1.0 done in early 2016. The Kotlin compiler, while slowly and steadily becoming more and more mature, still crashes from time to time on the more tricky input programs, not least because of the complexity of its features and their interactions. This makes it a great target for fuzzing, even the basic forms of which can find a significant number of Kotlin compiler crashes. There is a problem with fuzzing, however, closely related to the cause of the crashes: generating a random, non-trivial and semantically valid Kotlin program is hard. In this paper, we talk about type-centriccompilerfuzzing in the form of type-centricenumeration, an approach inspired by skeletal program enumeration [1] and based on a combination of generative and mutation-based fuzzing, which solves this problem by focusing on program types. After creating the skeleton program, we fill the typed holes with fragments of suitable type, created via generation and enhanced by semantic-aware mutation. We implemented this approach in our Kotlin compiler fuzzing framework called Backend Bug Finder (BBF) and did an extensive evaluation, not only testing the real-world feasibility of our approach, but also comparing it to other compiler fuzzing techniques. The results show our approach to be significantly better compared to other fuzzing approaches at generating semantically valid Kotlin programs, while creating more interesting crash-inducing inputs at the same time. We managed to find more than 50 previously unknown compiler crashes, of which 18 were considered important after their triage by the compiler team.

Integrated Gradients as an attribution method for deep neural network models offers simple implementability. However, it suffers from noisiness of explanations which affects the ease of interpretability. The SmoothGrad technique is proposed to solve the noisiness issue and smoothen the attribution maps of any gradient-based attribution method. In this paper, we present SmoothTaylor as a novel theoretical concept bridging Integrated Gradients and SmoothGrad, from the Taylor's theorem perspective. We apply the methods to the image classification problem, using the ILSVRC2012 ImageNet object recognition dataset, and a couple of pretrained image models to generate attribution maps. These attribution maps are empirically evaluated using quantitative measures for sensitivity and noise level. We further propose adaptive noising to optimize for the noise scale hyperparameter value. From our experiments, we find that the SmoothTaylor approach together with adaptive noising is able to generate better quality saliency maps with lesser noise and higher sensitivity to the relevant points in the input space as compared to Integrated Gradients.

Phishing URLs mainly target individuals and/or organizations through social engineering attacks by exploiting the humans' weaknesses in information security awareness. These URLs lure online users to access fake websites, and harvest their confidential information, such as debit/credit card numbers and other sensitive information. In this work, we introduce a phishing detection technique based on URL lexical analysis and machine learning classifiers. The experiments were carried out on a dataset that originally contained 1056937 labeled URLs (phishing and legitimate). This dataset was processed to generate 22 different features that were reduced further to a smaller set using different features reduction techniques. Random Forest, Gradient Boosting, Neural Network and Support Vector Machine (SVM) classifiers were all evaluated, and results show the superiority of SVMs, which achieved the highest accuracy in detecting the analyzed URLs with a rate of 99.89%. Our approach can be incorporated within add-on/middleware features in Internet browsers for alerting online users whenever they try to access a phishing website using only its URL.

Learning movement control is a fundamental process integral to infant development. However, it is still unclear how infants learn to control leg movement. This work explores the potential of using socially assistive robots to provide real-time adaptive reinforcement learning for infants. Ten 6 to 8-month old typically-developing infants participated in a study where a robot provided reinforcement when the infant’s right leg acceleration fell within the range of 9 to 20 m/s2. If infants increased the proportion of leg accelerations in this band, they were categorized as "performers". Six of the ten participating infants were categorized as performers; the performer subgroup increased the magnitude of acceleration, proportion of target acceleration for right leg, and ratio of right/left leg acceleration peaks within the target acceleration band and their right legs increased movement intensity from the baseline to the contingency session. The results showed infants specifically adjusted their right leg acceleration in response to a robot- provided reward. Further study is needed to understand how to improve human-robot interaction policies for personalized interventions for young infants.

Cyber-physical systems (CPS) data privacy protection during sharing, aggregating, and publishing is a challenging problem. Several privacy protection mechanisms have been developed in the literature to protect sensitive data from adversarial analysis and eliminate the risk of re-identifying the original properties of shared data. However, most of the existing solutions have drawbacks, such as (i) lack of a proper vulnerability characterization model to accurately identify where privacy is needed, (ii) ignoring data providers privacy preference, (iii) using uniform privacy protection which may create inadequate privacy for some provider while over-protecting others, and (iv) lack of a comprehensive privacy quantification model assuring data privacy-preservation. To address these issues, we propose a personalized privacy preference framework by characterizing and quantifying the CPS vulnerabilities as well as ensuring privacy. First, we introduce a Standard Vulnerability Profiling Library (SVPL) by arranging the nodes of an energy-CPS from maximum to minimum vulnerable based on their privacy loss. Based on this model, we present our personalized privacy framework (PDP) in which Laplace noise is added based on the individual node's selected privacy preferences. Finally, combining these two proposed methods, we demonstrate that our privacy characterization and quantification model can attain better privacy preservation by eliminating the trade-off between privacy, utility, and risk of losing information.

The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker's injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

Many people are becoming more reliant on internet social media sites like Facebook. Users can utilize these networks to reveal articles to them and engage with your peers. Several of the data transmitted from these connections is intended to be confidential. However, utilizing publicly available data and learning algorithms, it is feasible to forecast concealed informative data. The proposed research work investigates the different ways to initiate deduction attempts on freely released photo sharing data in order to envisage concealed informative data. Next, this research study offers three distinct sanitization procedures that could be used in a range of scenarios. Moreover, the effectualness of all these strategies and endeavor to utilize collective teaching and research to reveal important bits of the data set are analyzed. It shows how, by using the sanitization methods presented here, a user may lower the accuracy by including both global and interpersonal categorization techniques.