Biblio
In order to design an end-to-end data security preservation mechanism, this paper first proposes a grid terminal data security management model based on master-slave Blockchain, including grid terminal, slave Blockchain, and main Blockchain. Among them, the grid terminal mainly completes data generation and data release, the receiving of data and the distributed signature of data are mainly completed from the slave Blockchain, and the main Blockchain mainly completes the intelligent storage of data. Secondly, the data security management mechanism of grid terminal based on master-slave Blockchain is designed, including data distribution process design, data receiving process design, data distributed signature design and data intelligent storage process design. Finally, taking the identity registration and data storage process of the grid terminal as an example, the workflow of the data security management mechanism of the grid terminal based on the master-slave Blockchain is described in detail.
An air-gapped computer is physically isolated from unsecured networks to guarantee effective protection against data exfiltration. Due to air gaps, unauthorized data transfer seems impossible over legitimate communication channels, but in reality many so-called physical covert channels can be constructed to allow data exfiltration across the air gaps. Most of such covert channels are very slow and often require certain strict conditions to work (e.g., no physical obstacles between the sender and the receiver). In this paper, we introduce a new physical covert channel named BitJabber that is extremely fast and strong enough to even penetrate concrete walls. We show that this covert channel can be easily created by an unprivileged sender running on a victim’s computer. Specifically, the sender constructs the channel by using only memory accesses to modulate the electromagnetic (EM) signals generated by the DRAM clock. While possessing a very high bandwidth (up to 300,000 bps), this new covert channel is also very reliable (less than 1% error rate). More importantly, this covert channel can enable data exfiltration from an air-gapped computer enclosed in a room with thick concrete walls up to 15 cm.
Recent years, more and more testing criteria for deep learning systems has been proposed to ensure system robustness and reliability. These criteria were defined based on different perspectives of diversity. However, there lacks comprehensive investigation on what are the most essential diversities that should be considered by a testing criteria for deep learning systems. Therefore, in this paper, we conduct an empirical study to investigate the relation between test diversities and erroneous behaviors of deep learning models. We define five metrics to reflect diversities in neuron activities, and leverage metamorphic testing to detect erroneous behaviors. We investigate the correlation between metrics and erroneous behaviors. We also go further step to measure the quality of test suites under the guidance of defined metrics. Our results provided comprehensive insights on the essential diversities for testing criteria to exhibit good fault detection ability.
Industrial control systems are the fundamental infrastructures of a country. Since the intrusion attack methods for industrial control systems have become complex and concealed, the traditional protection methods, such as vulnerability database, virus database and rule matching cannot cope with the attacks hidden inside the terminals of industrial control systems. In this work, we propose a control flow anomaly detection algorithm based on the control flow of the business programs. First, a basic group partition method based on key paths is proposed to reduce the performance burden caused by tabbed-assert control flow analysis method through expanding basic research units. Second, the algorithm phases of standard path set acquisition and path matching are introduced. By judging whether the current control flow path is deviating from the standard set or not, the abnormal operating conditions of industrial control can be detected. Finally, the effectiveness of a control flow anomaly detection (checking) algorithm based on Path Matching (CFCPM) is demonstrated by anomaly detection ability analysis and experiments.
ARM devices (mobile phone, IoT devices) are getting more popular in our daily life due to the low power consumption and cost. These devices carry a huge number of user's private information, which attracts attackers' attention and increase the security risk. The operating systems (e.g., Android, Linux) works out many memory data protection strategies on user's private information. However, the monolithic OS may contain security vulnerabilities that are exploited by the attacker to get root or even kernel privilege. Once the kernel privilege is obtained by the attacker, all data protection strategies will be gone and user's private information can be taken away. In this paper, we propose a hardened memory data protection framework called H-Securebox to defeat kernel-level memory data stolen attacks. H-Securebox leverages ARM hardware virtualization technique to protect the data on the memory with hypervisor privilege. We designed three types H-Securebox for programing developers to use. Although the attacker may have kernel privilege, she can not touch private data inside H-Securebox, since hypervisor privilege is higher than kernel privilege. With the implementation of H-Securebox system assisting by a tiny hypervisor on Raspberry Pi2 development board, we measure the performance overhead of our system and do the security evaluations. The results positively show that the overhead is negligible and the malicious application with root or kernel privilege can not access the private data protected by our system.
Nowadays, the rapid development of the Internet of Things facilitates human life and work, while it also brings great security risks to the society due to the frequent occurrence of various security issues. IoT device has the characteristics of large-scale deployment and single responsibility application, which makes it easy to cause a chain reaction and results in widespread privacy leakage and system security problems when the software vulnerability is identified. It is difficult to guarantee that there is no security hole in the IoT operating system which is usually designed for MCU and has no kernel mode. An alternative solution is to identify the security issues in the first time when the system is hijacked and suspend the suspicious task before it causes irreparable damage. This paper proposes KLRA (A Kernel Level Resource Auditing Tool) for IoT Operating System Security This tool collects the resource-sensitive events in the kernel and audit the the resource consumption pattern of the system at the same time. KLRA can take fine-grained events measure with low cost and report the relevant security warning in the first time when the behavior of the system is abnormal compared with daily operations for the real responsibility of this device. KLRA enables the IoT operating system for MCU to generate the security early warning and thereby provides a self-adaptive heuristic security mechanism for the entire IoT system.
Top-level domains play an important role in domain name system. Close attention should be paid to security of top level domains. In this paper, we found many configuration anomalies of top-level domains by analyzing their resource records. We got resource records of top-level domains from root name servers and authoritative servers of top-level domains. By comparing these resource records, we observed the anomalies in top-level domains. For example, there are 8 servers shared by more than one hundred top-level domains; Some TTL fields or SERIAL fields of resource records obtained on each NS servers of the same top-level domain were inconsistent; some authoritative servers of top-level domains were unreachable. Those anomalies may affect the availability of top-level domains. We hope that these anomalies can draw top-level domain administrators' attention to security of top-level domains.
In smart grid, large quantities of data is collected from various applications, such as smart metering substation state monitoring, electric energy data acquisition, and smart home. Big data acquired in smart grid applications is usually sensitive. For instance, in order to dispatch accurately and support the dynamic price, lots of smart meters are installed at user's house to collect the real-time data, but all these collected data are related to user privacy. In this paper, we propose a data aggregation scheme based on secret sharing with fault tolerance in smart grid, which ensures that control center gets the integrated data without revealing user's privacy. Meanwhile, we also consider fault tolerance during the data aggregation. At last, we analyze the security of our scheme and carry out experiments to validate the results.
Cloud computing has emerged as a compelling vision for managing data and delivering query answering capability over the internet. This new way of computing also poses a real risk of disclosing confidential information to the cloud. Searchable encryption addresses this issue by allowing the cloud to compute the answer to a query based on the cipher texts of data and queries. Thanks to its inner product preservation property, the asymmetric scalar-product-preserving encryption (ASPE) has been adopted and enhanced in a growing number of works toperform a variety of queries and tasks in the cloud computingsetting. However, the security property of ASPE and its enhancedschemes has not been studied carefully. In this paper, we show acomplete disclosure of ASPE and several previously unknownsecurity risks of its enhanced schemes. Meanwhile, efficientalgorithms are proposed to learn the plaintext of data and queriesencrypted by these schemes with little or no knowledge beyondthe ciphertexts. We demonstrate these risks on real data sets.
In a spectrally congested environment or a spectrally contested environment which often occurs in cyber security applications, multiple signals are often mixed together with significant overlap in spectrum. This makes the signal detection and parameter estimation task very challenging. In our previous work, we have demonstrated the feasibility of using a second order spectrum correlation function (SCF) cyclostationary feature to perform mixed signal detection and parameter estimation. In this paper, we present our recent work on software defined radio (SDR) based implementation and demonstration of such mixed signal detection algorithms. Specifically, we have developed a software defined radio based mixed RF signal generator to generate mixed RF signals in real time. A graphical user interface (GUI) has been developed to allow users to conveniently adjust the number of mixed RF signal components, the amplitude, initial time delay, initial phase offset, carrier frequency, symbol rate, modulation type, and pulse shaping filter of each RF signal component. This SDR based mixed RF signal generator is used to transmit desirable mixed RF signals to test the effectiveness of our developed algorithms. Next, we have developed a software defined radio based mixed RF signal detector to perform the mixed RF signal detection. Similarly, a GUI has been developed to allow users to easily adjust the center frequency and bandwidth of band of interest, perform time domain analysis, frequency domain analysis, and cyclostationary domain analysis.
The pattern recognition in the sparse representation (SR) framework has been very successful. In this model, the test sample can be represented as a sparse linear combination of training samples by solving a norm-regularized least squares problem. However, the value of regularization parameter is always indiscriminating for the whole dictionary. To enhance the group concentration of the coefficients and also to improve the sparsity, we propose a new SR model called adaptive sparse representation classifier(ASRC). In ASRC, a sparse coefficient strengthened item is added in the objective function. The model is solved by the artificial bee colony (ABC) algorithm with variable step to speed up the convergence. Also, a partition strategy for large scale dictionary is adopted to lighten bee's load and removes the irrelevant groups. Through different data sets, we empirically demonstrate the property of the new model and its recognition performance.