Biblio

Context: Managing technical debt (TD) associated with potential security breaches found during design can lead to catching vulnerabilities (i.e., exploitable weaknesses) earlier in the software lifecycle; thus, anticipating TD principal and interest that can have decidedly negative impacts on businesses. Goal: To establish an approach to help assess TD associated with security weaknesses by leveraging the Common Weakness Enumeration (CWE) and its scoring mechanism, the Common Weakness Scoring System (CWSS). Method: We present a position study with a five-step approach employing the Quamoco quality model to operationalize the scoring of architectural CWEs. Results: We use static analysis to detect design level CWEs, calculate their CWSS scores, and provide a relative ranking of weaknesses that help practitioners identify the highest risks in an organization with a potential to impact TD. Conclusion: CWSS is a community agreed upon method that should be leveraged to help inform the ranking of security related TD items.

We investigate how to protect features corresponding to personal information using homomorphic encryption when matching people in several camera views. Homomorphic encryption can compute a distance between features without decryption. Thus, our method is able to use a computing server on a public network while protecting personal information. To apply homomorphic encryption, our method uses linear quantization to represent each element of the feature as integers. Experimental results show that there is no significant difference in the accuracy of person re-identification with or without homomorphic encryption and linear quantization.

The discovery of the interstitial rare earth nitride Sm2Fe17N3 came about seven years after the discovery of the rare earth iron boride Nd2Fe [1],[2], and the nitride initially seemed to offer intrinsic magnetic properties that were superior (Curie temperature TC, magnetocrystalline anisotropy K1 or comparable (spontaneous magnetization Ms to those of its illustrious predecessor. However, the promise of the new material to seriously challenge Nd2Fe14B was not realized. The 2:17 nitride powder, prepared by a low-temperature gas-phase interstitial modification process proved difficult to orient and worse still, it lost its nitrogen at the temperatures needed to process dense sintered magnets [3]. Attempts at explosive compaction [4] or spark sintering [5] failed to yield material with good enough coercivity. Nevertheless, work continued in Japan and China to develop a coercive powder that could be used for bonded magnets. An early realization was zinc-bonded Sm2Fe17N3 [6] with an energy product of 84 kJm3 but a rather low coercivity of 480 kAm-1, less than 5 % of the anisotropy field (Ha = 2K1/Ms ≈ 11 MAm-1). The anisotropy field of Nd2Fe14B is significantly less (6 MAm-1) yet several decades of intensive development have led to higher values and continuous improvements of the coercivity, even in unsubstituted material. Historical experience with permanent magnets shows that a long period of materials development is needed to arrive at the best composition and processing conditions for a microstructure that allows the hard magnetism to be optimized. Coercivities of about 25% of the anisotropy field are ultimately achieved. Here we compare the magnetic properties of melt-spun material. Our Nitroquench powder, produced by Daido Steel, was in the form of flakes 10 μm thick and up to 100 μm in diameter. A crystal-lite size of approximately 15 nm deduced from Scherrer broadening of the X-ray reflections. Composition was checked by EDX microprobe analysis. Hysteresis loops have been measured in applied fields of up to 14 T, at room temperature and at 4 K.The material exhibits a room-temperature coercivity of 690 kAm-1 after saturation in 14 T, with a remanence of 700 kAm-1 in zero applied field and an extrapolated saturation magnetization of 1230 kAm-1. The remanence ratio Mr/Ms of 63% when the remanence is corrected to zero internal field, is reflected in a preferred orientation seen in the X-ray powder diffraction patterns and in 57Fe Mössbauer spectra of magnetized powder. Spectra obtained after saturation of an immobilized powder absorber either in-plane or perpendicular to the sample plane exhibit distinctly different relative intensities of the ΔM=0 absorption lines. The maximum energy product for the powder, assuming full density, is 162 kJm-3. The remanence enhancement is attributed to fact that the nanocrystallite size is not much greater than the exchange length. Melt-spun Sm-Fe-N powder has superior corrosion resistance and thermal stability compared to melt-spun Nd-Fe-B. The Nitroquench powder may be used to produce polymer-bonded magnets with an energy product in excess of 100 kJm-3.

Database outsourcing introduces a new paradigm, called Database as a Service (DBaaS). Database Service Providers (DSPs) have the ability to host outsourced databases and provide efficient facilities for their users. However, the data and the execution of database queries are under the control of the DSP, which is not always a trusted authority. Therefore, our problem is to ensure the outsourced database security. To address this problem, we propose a Secure scheme to provide Confidentiality and Integrity of Query results for Cloud Databases (SCIQ-CD). The performance analysis shows that our proposed scheme is secure and efficient for practical deployment.

This paper analyzes the formalizations of information-theoretic security for the fundamental primitives in cryptography: symmetric-key encryption and key agreement. Revisiting the previous results, we can formalize information-theoretic security using different methods, by extending Shannon's perfect secrecy, by information-theoretic analogues of indistinguishability and semantic security, and by the frameworks for composability of protocols. We show the relationships among the security formalizations and obtain the following results. First, in the case of encryption, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy or a variant of information-theoretic indistinguishability is the strongest notion. Second, in the case of key agreement, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy is the strongest notion. In particular, in both encryption and key agreement, the formalization of composable security is not stronger than any other formalizations. Furthermore, as an application of the relationships in encryption and key agreement, we simultaneously derive a family of lower bounds on the size of secret keys and security quantities required under the above formalizations, which also implies the importance and usefulness of the relationships.

The issues of trust in the area of supply chain management are an immense concern among the stakeholders cooperating in the supply chain. For a sustainable process of transportation, efficient information sharing is considered crucial. The models that serve as a base for the current operations have several drawbacks in terms of data security and trust among stakeholders, who share information as part of their cooperation. Information is shared in a paper-based or semi-digitalized way due to the lack of trust or risk of competitive disadvantages in the current systems. This paper aims to analyze the trust issues in supply chain management and propose new ways of improving trust by considering these issues at the design level.

Due to the abundance of security breaches we continue to see, the software development community is recently paying attention to a more proactive approach towards security. This includes predicting vulnerability before exploitation employing static code analysis and machine learning techniques. Such mechanisms, however, are designed to detect post-implementation vulnerabilities. As the root of a vulnerability can often be traced back to the requirement specification, and vulnerability discovered later in the development life cycle is more expensive to fix, we need additional preventive mechanisms capable of predicting vulnerability at a much earlier stage. In this paper, we propose a novel framework providing an automated support to predict vulnerabilities for a requirement as early as during requirement engineering. We further present a preliminary demonstration of our framework and the promising results we observe clearly indicate the value of this new research idea.

With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits control flow to well-known locations, severely restricting arbitrary code execution. Assessing the remaining attack surface of an application under advanced control-flow hijack defenses such as CFI and shadow stacks remains an open problem. We introduce BOPC, a mechanism to automatically assess whether an attacker can execute arbitrary code on a binary hardened with CFI/shadow stack defenses. BOPC computes exploits for a target program from payload specifications written in a Turing-complete, high-level language called SPL that abstracts away architecture and program-specific details. SPL payloads are compiled into a program trace that executes the desired behavior on top of the target binary. The input for BOPC is an SPL payload, a starting point (e.g., from a fuzzer crash) and an arbitrary memory write primitive that allows application state corruption. To map SPL payloads to a program trace, BOPC introduces Block Oriented Programming (BOP), a new code reuse technique that utilizes entire basic blocks as gadgets along valid execution paths in the program, i.e., without violating CFI or shadow stack policies. We find that the problem of mapping payloads to program traces is NP-hard, so BOPC first reduces the search space by pruning infeasible paths and then uses heuristics to guide the search to probable paths. BOPC encodes the BOP payload as a set of memory writes. We execute 13 SPL payloads applied to 10 popular applications. BOPC successfully finds payloads and complex execution traces – which would likely not have been found through manual analysis – while following the target's Control-Flow Graph under an ideal CFI policy in 81% of the cases.

The growing number of devices we interact with require a convenient yet secure solution for user identification, authorization and authentication. Current approaches are cumbersome, susceptible to eavesdropping and relay attacks, or energy inefficient. In this paper, we propose a body-guided communication mechanism to secure every touch when users interact with a variety of devices and objects. The method is implemented in a hardware token worn on user's body, for example in the form of a wristband, which interacts with a receiver embedded inside the touched device through a body-guided channel established when the user touches the device. Experiments show low-power (uJ/bit) operation while achieving superior resilience to attacks, with the received signal at the intended receiver through the body channel being at least 20dB higher than that of an adversary in cm range.

In this paper, we discuss challenges when we try to automatically classify privacy policies using machine learning with words as the features. Since it is difficult for general public to understand privacy policies, it is necessary to support them to do that. To this end, the authors believe that machine learning is one of the promising ways because users can grasp the meaning of policies through outputs by a machine learning algorithm. Our final goal is to develop a system which automatically translates privacy policies into privacy labels [1]. Toward this goal, we classify sentences in privacy policies with category labels, using popular machine learning algorithms, such as a naive Bayes classifier.We choose these algorithms because we could use trained classifiers to evaluate keywords appropriate for privacy labels. Therefore, we adopt words as the features of those algorithms. Experimental results show about 85% accuracy. We think that much higher accuracy is necessary to achieve our final goal. By changing learning settings, we identified one reason of low accuracies such that privacy policies include many sentences which are not direct description of information about categories. It seems that such sentences are redundant but maybe they are essential in case of legal documents in order to prevent misinterpreting. Thus, it is important for machine learning algorithms to handle these redundant sentences appropriately.

The method of choice the control parameters of a complex system based on estimates of the risks is proposed. The procedure of calculating the estimates of risks intended for a choice of rational managing directors of influences by an allocation of the group of the operating factors for the set criteria factor is considered. The purpose of choice of control parameters of the complex system is the minimization of an estimate of the risk of the functioning of the system by mean of a solution of a problem of search of an extremum of the function of many variables. The example of a choice of the operating factors in the sphere of intangible assets is given.

Oblivious linear-function evaluation (OLE) is a secure two-party protocol allowing a receiver to learn any linear combination of a pair of field elements held by a sender. OLE serves as a common building block for secure computation of arithmetic circuits, analogously to the role of oblivious transfer (OT) for boolean circuits. A useful extension of OLE is vector OLE (VOLE), allowing the receiver to learn any linear combination of two vectors held by the sender. In several applications of OLE, one can replace a large number of instances of OLE by a smaller number of instances of VOLE. This motivates the goal of amortizing the cost of generating long instances of VOLE. We suggest a new approach for fast generation of pseudo-random instances of VOLE via a deterministic local expansion of a pair of short correlated seeds and no interaction. This provides the first example of compressing a non-trivial and cryptographically useful correlation with good concrete efficiency. Our VOLE generators can be used to enhance the efficiency of a host of cryptographic applications. These include secure arithmetic computation and non-interactive zero-knowledge proofs with reusable preprocessing. Our VOLE generators are based on a novel combination of function secret sharing (FSS) for multi-point functions and linear codes in which decoding is intractable. Their security can be based on variants of the learning parity with noise (LPN) assumption over large fields that resist known attacks. We provide several constructions that offer tradeoffs between different efficiency measures and the underlying intractability assumptions.

Program analysis on binary code is considered as difficult because one has to resolve destinations of indirect jumps. However, there is another difficulty of context-dependency that matters when one processes binary programs that are not compiler generated. In this paper, we propose a novel approach for tackling these difficulties and describe a way to reconstruct a control flow from a binary program with no extra assumptions than the operational meaning of machine instructions.

The article considers the approach to identifying potentially unsafe data in program code of embedded systems which can lead to errors and fails in the functioning of equipment. The sources of invalid data are revealed and the process of changing the status of this data in process of static code analysis is shown. The mechanism for annotating functions that operate on unsafe data is described, which allows to control the entire process of using them and thus it will improve the quality of the output code.

Most forensic investigators are trained to recognize abusive network behavior in conventional information systems, but they may not know how to detect anomalous traffic patterns in industrial control systems (ICS) that manage critical infrastructure services. We have developed and laboratory-tested hands-on teaching material to introduce students to forensics investigation of intrusions on an industrial network. Rather than using prototypes of ICS components, our approach utilizes commercial industrial products to provide students a more realistic simulation of an ICS network. The lessons cover four different types of attacks and the corresponding post-incident network data analysis.

eAssessment uses technology to support online evaluation of students' knowledge and skills. However, challenging problems must be addressed such as trustworthiness among students and teachers in blended and online settings. The TeSLA system proposes an innovative solution to guarantee correct authentication of students and to prove the authorship of their assessment tasks. Technologically, the system is based on the integration of five instruments: face recognition, voice recognition, keystroke dynamics, forensic analysis, and plagiarism. The paper aims to analyze and compare the results achieved after the second pilot performed in an online and a blended university revealing the realization of trust-driven solutions for eAssessment.

With the wide use of smart device made huge amount of information arise. This information needed new methods to deal with it from that perspective big data concept arise. Most of the concerns on big data are given to handle data without concentrating on its security. Encryption is the best use to keep data safe from malicious users. However, ordinary encryption methods are not suitable for big data. Selective encryption is an encryption method that encrypts only the important part of the message. However, we deal with uncertainty to evaluate the important part of the message. The problem arises when the important part is not encrypted. This is the motivation of the paper. In this paper we propose security framework to secure important and unimportant portion of the message to overcome the uncertainty. However, each will take a different encryption technique for better performance without losing security. The framework selects the important parts of the message to be encrypted with a strong algorithm and the weak part with a medium algorithm. The important of the word is defined according to how its origin frequently appears. This framework is applied on amazon EC2 (elastic compute cloud). A comparison between the proposed framework, the full encryption method and Toss-A-Coin method are performed according to encryption time and throughput. The results showed that the proposed method gives better performance according to encryption time, throughput than full encryption.

Empathic vehicles are a promising concept to increase the safety and acceptance of automated vehicles. However, on the way towards empathic vehicles a lot of research in the area of automated emotion recognition is necessary. Successful methods to detect emotions need to be trained on realistic data that contain the target emotion and come from a setting close to the final application. At the moment, data sets fulfilling these requirements are lacking. Therefore, the goal of this work is to present an experimental paradigm that induces four different emotional states (neutral, positive, frustration and mild anxiety) in a real-world driving setting using a combination of secondary tasks and conversation-based emotional recall. An evaluation of the paradigm using self-report data, annotation of speech data and peripheral physiology indicates that the methods to induce the target emotions were successful. Based on the insights of the experiment, finally a list of recommendations for the induction of emotions in real world driving settings is given.

In this paper, we explore the use of the Stellar Consensus Protocol (SCP) and its Federated Byzantine Agreement (FBA) algorithm for ensuring trust and reputation between federated, cloud-based platform instances (nodes) and their participants. Our approach is grounded on federated consensus mechanisms, which promise data quality managed through computational trust and data replication, without a centralized authority. We perform our experimentation on the ground of the NIMBLE cloud manufacturing platform, which is designed to support growth of B2B digital manufacturing communities and their businesses through federated platform services, managed by peer-to-peer networks. We discuss the message exchange flow between the NIMBLE application logic and Stellar consensus logic.

Algebraic natural proofs were recently introduced by Forbes, Shpilka and Volk (Proc. of the 49th Annual ACM SIGACT Symposium on Theory of Computing (STOC), pages 653–664, 2017) and independently by Grochow, Kumar, Saks and Saraf (CoRR, abs/1701.01717, 2017) as an attempt to transfer Razborov and Rudich's famous barrier result (J. Comput. Syst. Sci., 55(1): 24–35, 1997) for Boolean circuit complexity to algebraic complexity theory. Razborov and Rudich's barrier result relies on a widely believed assumption, namely, the existence of pseudo-random generators. Unfortunately, there is no known analogous theory of pseudo-randomness in the algebraic setting. Therefore, Forbes et al. use a concept called succinct hitting sets instead. This assumption is related to polynomial identity testing, but it is currently not clear how plausible this assumption is. Forbes et al. are only able to construct succinct hitting sets against rather weak models of arithmetic circuits. Generalized matrix completion is the following problem: Given a matrix with affine linear forms as entries, find an assignment to the variables in the linear forms such that the rank of the resulting matrix is minimal. We call this rank the completion rank. Computing the completion rank is an NP-hard problem. As our first main result, we prove that it is also NP-hard to determine whether a given matrix can be approximated by matrices of completion rank $łeq$ b. The minimum quantity b for which this is possible is called border completion rank (similar to the border rank of tensors). Naturally, algebraic natural proofs can only prove lower bounds for such border complexity measures. Furthermore, these border complexity measures play an important role in the geometric complexity program. Using our hardness result above, we can prove the following barrier: We construct a small family of matrices with affine linear forms as entries and a bound b, such that at least one of these matrices does not have an algebraic natural proof of polynomial size against all matrices of border completion rank b, unless coNP $\subseteq$ $\exists$ BPP. This is an algebraic barrier result that is based on a well-established and widely believed conjecture. The complexity class $\exists$ BPP is known to be a subset of the more well known complexity class in the literature. Thus $\exists$ BPP can be replaced by MA in the statements of all our results. With similar techniques, we can also prove that tensor rank is hard to approximate. Furthermore, we prove a similar result for the variety of matrices with permanent zero. There are no algebraic polynomial size natural proofs for the variety of matrices with permanent zero, unless P\#P $\subseteq$ $\exists$ BPP. On the other hand, we are able to prove that the geometric complexity theory approach initiated by Mulmuley and Sohoni (SIAM J. Comput. 31(2): 496–526, 2001) yields proofs of polynomial size for this variety, therefore overcoming the natural proofs barrier in this case.

Vulnerabilities in hypervisors are crucial in multi-tenant clouds and attractive for attackers because a vulnerability in the hypervisor can undermine all the virtual machine (VM) security. This paper focuses on vulnerabilities in instruction emulators inside hypervisors. Vulnerabilities in instruction emulators are not rare; CVE-2017-2583, CVE-2016-9756, CVE-2015-0239, CVE-2014-3647, to name a few. For backward compatibility with legacy x86 CPUs, conventional hypervisors emulate arbitrary instructions at any time if requested. This design leads to a large attack surface, making it hard to get rid of vulnerabilities in the emulator. This paper proposes FWinst that narrows the attack surface against vulnerabilities in the emulator. The key insight behind FWinst is that the emulator should emulate only a small subset of instructions, depending on the underlying CPU micro-architecture and the hypervisor configuration. FWinst recognizes emulation contexts in which the instruction emulator is invoked, and identifies a legitimate subset of instructions that are allowed to be emulated in the current context. By filtering out illegitimate instructions, FWinst narrows the attack surface. In particular, FWinst is effective on recent x86 micro-architectures because the legitimate subset becomes very small. Our experimental results demonstrate FWinst prevents existing vulnerabilities in the emulator from being exploited on Westmere micro-architecture, and the runtime overhead is negligible.

With the explosion of Automation, Autonomy, and AI technology development today, amid encouragement to put humans at the center of AI, systems engineers and user story/requirements developers need research-based guidance on how to design for human machine teaming (HMT). Insights from more than two decades of human-automation interaction research, applied in the systems engineering process, provide building blocks for designing automation, autonomy, and AI-based systems that are effective teammates for people.

The HMT Systems Engineering Guide provides this guidance based on a 2016-17 literature search and analysis of applied research. The guide provides a framework organizing HMT research, along with methodology for engaging with users of a system to elicit user stories and/or requirements that reflect applied research findings. The framework uses organizing themes of Observability, Predictability, Directing Attention, Exploring the Solution Space, Directability, Adaptability, Common Ground, Calibrated Trust, Design Process, and Information Presentation.

The guide includes practice-oriented resources that can be used to bridge the gap between research and design, including a tailorable HMT Knowledge Audit interview methodology, step-by-step instructions for planning and conducting data collection sessions, and a set of general cognitive interface requirements that can be adapted to specific applications based upon domain-specific data collected. 

Converged Multi-Level Secure systems allow users to interact with and freely move between applications and data of varying sensitivity on a single user interface. They promise unprecedented usability and security, especially in security-critical environments like Defence. Yet these promises rely on hard assumptions about secure user behaviour. We present initial work to test the validity of these assumptions in the absence of deception by an adversary. We conducted a user study with 21 participants on the Cross Domain Desktop Compositor. Chief amongst our findings is that the vast majority of participants (19 of 21) behave securely, even when doing so requires more effort than to behave insecurely. Our findings suggest that there is large scope for further research on converged Multi-Level Secure systems, and highlight the value of user studies to complement formal security analyses of critical systems.

The Internet of Things (IoT) is one of the emerging technologies that has seized the attention of researchers, the reason behind that was the IoT expected to be applied in our daily life in the near future and human will be wholly dependent on this technology for comfort and easy life style. Internet of things is the interconnection of internet enabled things or devices to connect with each other and to humans in order to achieve some goals or the ability of everyday objects to connect to the Internet and to send and receive data. However, the Internet of Things (IoT) raises significant challenges that could stand in the way of realizing its potential benefits. This paper discusses access control area as one of the most crucial aspect of security and privacy in IoT and proposing a new way of access control that would decide who is allowed to access what and who is not to the IoT subjects and sensors.

Fog computing is a new paradigm which extends cloud computing services into the edge of the network. Indeed, it aims to pool edge resources in order to deal with cloud's shortcomings such as latency problems. However, this proposal does not ensure the honesty and the good behavior of edge devices. Thus, security places itself as an important challenge in front of this new proposal. Authentication is the entry point of any security system, which makes it an important security service. Traditional authentication schemes endure latency issues and some of them do not satisfy fog-computing requirements such as mutual authentication between end devices and fog servers. Thus, new authentication protocols need to be implemented. In this paper, we propose a new efficient authentication scheme for fog computing architecture. Our scheme ensures mutual authentication and remedies to fog servers' misbehaviors. Moreover, fog servers need to hold only a couple of information to verify the authenticity of every user in the system. Thus, it provides a low overhead in terms of storage capacity. Finally, we show through experimentation the efficiency of our scheme.