Biblio

Recently exposed vulnerabilities reveal the necessity to improve the security of branch predictors. Branch predictors record history about the execution of different processes, and such information from different processes are stored in the same structure and thus accessible to each other. This leaves the attackers with the opportunities for malicious training and malicious perception. Physical or logical isolation mechanisms such as using dedicated tables and flushing during context-switch can provide security but incur non-trivial costs in space and/or execution time. Randomization mechanisms incurs the performance cost in a different way: those with higher securities add latency to the critical path of the pipeline, while the simpler alternatives leave vulnerabilities to more sophisticated attacks.This paper proposes HyBP, a practical hybrid protection and effective mechanism for building secure branch predictors. The design applies the physical isolation and randomization in the right component to achieve the best of both worlds. We propose to protect the smaller tables with physically isolation based on (thread, privilege) combination; and protect the large tables with randomization. Surprisingly, the physical isolation also significantly enhances the security of the last-level tables by naturally filtering out accesses, reducing the information flow to these bigger tables. As a result, key changes can happen less frequently and be performed conveniently at context switches. Moreover, we propose a latency hiding design for a strong cipher by precomputing the "code book" with a validated, cryptographically strong cipher. Overall, our design incurs a performance penalty of 0.5% compared to 5.1% of physical isolation under the default context switching interval in Linux.

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control locations through publicly observable statements like print, sleep, delay, etc. Such observations lead to internal and external timing attacks. Inspired by previous works that use classical Hoare style proof systems for establishing correctness of distributed (real-time) programs, in this paper, we describe a method for finding information leaks in concurrent programs through the introduction of leaky assertions at observable program points. Specifying leaky assertions akin to classic assertions, we demonstrate how information leaks can be detected in a concurrent context. To our knowledge, this is the first such work that enables integration of different notions of non-interference used in functional and security context. While the approach is sound and relatively complete in the classic sense, it enables the use of algorithmic techniques that enable programmers to come up with leaky assertions that enable checking for information leaks in sensitive applications.

Adaptive authentication systems identify and enforce suitable methods to verify that someone (user) or something (device) is eligible to access a service or a resource. An authentication method is usually adapted in response to changes in the security risk or the user's behaviour. Previous work on adaptive authentication systems provides limited guidance about i) what and how contextual factors can affect the selection of an authentication method; ii) which requirements are relevant to an adaptive authentication system and iii) how authentication methods can affect the satisfaction of the relevant requirements. In this paper, we provide a holistic framework informed by previous research to characterize the adaptive authentication problem and support the development of an adaptive authentication system. Our framework explicitly considers the contextual factors that can trigger an adaptation, the requirements that are relevant during decision making and their trade-offs, as well as the authentication methods that can change as a result of an adaptation. From the gaps identified in the literature, we elicit a set of challenges that can be addressed in future research on adaptive authentication.

The Internet of Things (IoT) has been one of the biggest revelations of the last decade. These cyber-physical systems seamlessly integrate and improve the activities in our daily lives. Hence, creating a wide application for it in several domains, such as smart buildings and cities. However, the integration of IoT also comes with privacy challenges. The privacy challenges result from the ability of these devices to pervasively collect personal data about individuals through sensors in ways that could be unknown to them. A number of research efforts have evaluated privacy policy awareness and enforcement as key components for addressing these privacy challenges. This paper provides a framework for understanding contextualized privacy policy within the IoT domain. This will enable IoT privacy researchers to better understand IoT privacy policies and their modeling.

In this paper, we consider the problem of transparently authenticating a user to a local terminal (e.g., a desktop computer) as she approaches towards the terminal. Given its appealing usability, such zero-effort authentication has already been deployed in the real-world where a computer terminal or a vehicle can be unlocked by the mere proximity of an authentication token (e.g., a smartphone). However, existing systems based on a single authentication factor contains one major security weakness - unauthorized physical access to the token, e.g., during lunch-time or upon theft, allows the attacker to have unfettered access to the terminal. We introduce ZEMFA, a zero-effort multi-factor authentication system based on multiple authentication tokens and multi-modal behavioral biometrics. Specifically, ZEMFA utilizes two types of authentication tokens, a smartphone and a smartwatch (or a bracelet) and two types of gait patterns captured by these tokens, mid/lower body movements measured by the phone and wrist/arm movements captured by the watch. Since a user's walking or gait pattern is believed to be unique, only that user (no impostor) would be able to gain access to the terminal even when the impostor is given access to both of the authentication tokens. We present the design and implementation of ZEMFA. We demonstrate that ZEMFA offers a high degree of detection accuracy, based on multi-sensor and multi-device fusion. We also show that ZEMFA can resist active attacks that attempt to mimic a user's walking pattern, especially when multiple devices are used.

Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.

Healthcare Internet of Things (HIoT) is transforming healthcare industry by providing large scale connectivity for medical devices, patients, physicians, clinical and nursing staff who use them and facilitate real-time monitoring based on the information gathered from the connected things. Heterogeneity and vastness of this network provide both opportunity and challenges for information collection and sharing. Patient-centric information such as health status and medical devices used by them must be protected to respect their safety and privacy, while healthcare knowledge should be shared in confidence by experts for healthcare innovation and timely treatment of patients. In this paper an overview of HIoT is given, emphasizing its characteristics to those of Big Data, and a security and privacy architecture is proposed for it. Context-sensitive role-based access control scheme is discussed to ensure that HIoT is reliable, provides data privacy, and achieves regulatory compliance.

Smartphone has become the tool which is used daily in modern human life. Some activities in human life, according to the usage of the smartphone can be related to the information which has a high privilege and needs a privacy. It causes the owners of the smartphone needs a system which can protect their privacy. Unfortunately, the secure the system, the unease of the usage. Hence, the system which has an invulnerable environment but also gives the ease of use is very needful. The aspect which is related to the ease of use is an authentication mechanism. Sometimes, this aspect correspondence to the effectiveness and the efficiency. This study is going to analyze the application related to this aspect which is a lock screen application. This lock screen application uses the context data based on the environment condition around the user. The context data used are GPS location and Mac Address of Wi-Fi. The system is going to detect the context and is going to determine if the smartphone needs to run the authentication mechanism or to bypass it based on the analysis of the context data. Hopefully, the smartphone application which is developed still can provide mobility and usability features, and also can protect the user privacy even though it is located in the environment which its context data is unknown.

Wearable devices can be potentially captured or accessed in an unauthorized manner because of their physical nature. In such cases, they are in white-box attack contexts, where the adversary may have total visibility on the implementation of the built-in cryptosystem, with full control over its execution platform. Dealing with white-box attacks on wearable devices is undoubtedly a challenge. To serve as a countermeasure against threats in such contexts, we propose a lightweight encryption scheme to protect the confidentiality of data against white-box attacks. We constructed the scheme's encryption and decryption algorithms on a substitution-permutation network that consisted of random secret components. Moreover, the encryption algorithm uses random padding that does not need to be correctly decrypted as part of the input. This feature enables non-bijective linear transformations to be used in each encryption round to achieve strong security. The required storage for static data is relatively small and the algorithms perform well on various devices, which indicates that the proposed scheme satisfies the requirements of wearable computing in terms of limited memory and low computational power.

One of the main concerns of Cloud storage solutions is to offer the availability to the end user. Thus, addressing the mobility needs and device's variety has emerged as a major challenge. At first, data should be synchronized automatically and continuously when the user moves from one equipment to another. Secondly, the Cloud service should offer to the owner the possibility to share data with specific users. The paper's goal is to develop a secure framework that ensures file synchronization with high quality and minimal resource consumption. As a first step towards this goal, we propose the SyncDS protocol with its associated architecture. The synchronization protocol efficiency raises through the choice of the used networking protocol as well as the strategy of changes detection between two versions of file systems located in different devices. Our experiment results show that adopting the Hierarchical Hash Tree to detect the changes between two file systems and adopting the WebSocket protocol for the data exchanges improve the efficiency of the synchronization protocol.

The veil of anonymity provided by smartphones with pre-paid SIM cards, public Wi-Fi hotspots, and distributed networks like Tor has drastically complicated the task of identifying users of social media during forensic investigations. In some cases, the text of a single posted message will be the only clue to an author's identity. How can we accurately predict who that author might be when the message may never exceed 140 characters on a service like Twitter? For the past 50 years, linguists, computer scientists, and scholars of the humanities have been jointly developing automated methods to identify authors based on the style of their writing. All authors possess peculiarities of habit that influence the form and content of their written works. These characteristics can often be quantified and measured using machine learning algorithms. In this paper, we provide a comprehensive review of the methods of authorship attribution that can be applied to the problem of social media forensics. Furthermore, we examine emerging supervised learning-based methods that are effective for small sample sizes, and provide step-by-step explanations for several scalable approaches as instructional case studies for newcomers to the field. We argue that there is a significant need in forensics for new authorship attribution algorithms that can exploit context, can process multi-modal data, and are tolerant to incomplete knowledge of the space of all possible authors at training time.

This paper presents our results from identifying anddocumenting false positives generated by static code analysistools. By false positives, we mean a static code analysis toolgenerates a warning message, but the warning message isnot really an error. The goal of our study is to understandthe different kinds of false positives generated so we can (1)automatically determine if an error message is truly indeed a truepositive, and (2) reduce the number of false positives developersand testers must triage. We have used two open-source tools andone commercial tool in our study. The results of our study haveled to 14 core false positive patterns, some of which we haveconfirmed with static code analysis tool developers.

Context suggestion refers to the task of recommending appropriate contexts to the users to improve the user experience. The suggested contexts could be time, location, companion, category, and so forth. In this paper, we particularly focus on the task of suggesting appropriate contexts to a user on a specific item. We evaluate the indirect context suggestion approaches over a movie data collected from user surveys, in comparison with direct context prediction approaches. Our experimental results reveal that indirect context suggestion is better and tensor factorization is generally the best way to suggest contexts to a user when given an item.

Software has emerged as a significant part of many domains, including financial service platforms, social networks and vehicle control. Standards organizations have responded to this by creating regulations to address issues such as safety and privacy. In this context, compliance of software with standards has emerged as a key issue. For software development organizations, compliance is a complex and costly goal to achieve and is often accomplished by producing so-called assurance cases, which demonstrate that the system indeed satisfies the property imposed by a standard (e.g., safety, privacy, security). As systems and standards undergo evolution for a variety of reasons, maintaining assurance cases multiplies the effort. In this work, we propose to exploit the connection between the field of model management and the problem of compliance management and propose methods that use model management techniques to address compliance scenarios such as assurance case evolution and reuse. For validation, we ground our approaches on the automotive domain and the ISO 26262 standard for functional safety of road vehicles.

5G, the fifth generation of mobile communication networks, is considered as one of the main IoT enablers. Connecting billions of things, 5G/IoT will be dealing with trillions of GBytes of data. Securing such large amounts of data is a very challenging task. Collected data varies from simple temperature measurements to more critical transaction data. Thus, applying uniform security measures is a waste of resources (processing, memory, and network bandwidth). Alternatively, a multi-level security model needs to be applied according to the varying requirements. In this paper, we present a multi-level security scheme (BLP) applied originally in the information security domain. We review its application in the network domain, and propose a modified version of BLP for the 5G/IoT case. The proposed model is proven to be secure and compliant with the model rules.

The past ten years has seen increasing calls to make security research more “scientific”. On the surface, most agree that this is desirable, given universal recognition of “science” as a positive force. However, we find that there is little clarity on what “scientific” means in the context of computer security research, or consensus on what a “Science of Security” should look like. We selectively review work in the history and philosophy of science and more recent work under the label “Science of Security”. We explore what has been done under the theme of relating science and security, put this in context with historical science, and offer observations and insights we hope may motivate further exploration and guidance. Among our findings are that practices on which the rest of science has reached consensus appear little used or recognized in security, and a pattern of methodological errors continues unaddressed.

Choosing how to write natural language scenarios is challenging, because stakeholders may over-generalize their descriptions or overlook or be unaware of alternate scenarios. In security, for example, this can result in weak security constraints that are too general, or missing constraints. Another challenge is that analysts are unclear on where to stop generating new scenarios. In this paper, we introduce the Multifactor Quality Method (MQM) to help requirements analysts to empirically collect system constraints in scenarios based on elicited expert preferences. The method combines quantitative statistical analysis to measure system quality with qualitative coding to extract new requirements. The method is bootstrapped with minimal analyst expertise in the domain affected by the quality area, and then guides an analyst toward selecting expert-recommended requirements to monotonically increase system quality. We report the results of applying the method to security. This include 550 requirements elicited from 69 security experts during a bootstrapping stage, and subsequent evaluation of these results in a verification stage with 45 security experts to measure the overall improvement of the new requirements. Security experts in our studies have an average of 10 years of experience. Our results show that using our method, we detect an increase in the security quality ratings collected in the verification stage. Finally, we discuss how our proposed method helps to improve security requirements elicitation, analysis, and measurement. 

Internet-connected embedded systems have limited capabilities to defend themselves against remote hacking attacks. The potential effects of such attacks, however, can have a significant impact in the context of the Internet of Things, industrial control systems, smart health systems, etc. Embedded systems cannot effectively utilize existing software-based protection mechanisms due to limited processing capabilities and energy resources. We propose a novel hardware-based monitoring technique that can detect if the embedded operating system or any running application deviates from the originally programmed behavior due to an attack. We present an FPGA-based prototype implementation that shows the effectiveness of such a security approach.

Using shape context descriptors in the distance uneven grouping and its more extensive description of the shape feature, so this descriptor has the target contour point set deformation invariance. However, the twisted adhesions verification code have more outliers and more serious noise, the above-mentioned invariance of the shape context will become very bad, in order to solve the above descriptors' limitations, this article raise a new algorithm based on the relative shape context and point pattern matching to identify codes. And also experimented on the CSDN site's verification code, the result is that the recognition rate is higher than the traditional shape context and the response time is shorter.

Peer-To-Peer (P2P) networks open up great possibilities for intercommunication, collaborative and social projects like file sharing, communication protocols or social networks while offering advantages over the conventional Client-Server model of computing pattern. Such networks counter the problems of centralized servers such as that P2P networks can scale to millions without additional costs. In previous work, we presented Distributed Data Structure (DDS) which offers a middle-ware scheme for distributed applications. This scheme builds on top of DHT (Distributed Hash Table) based P2P overlays, and offers distributed data storage services as a middle-ware it still needs to address security issues. The main objective of this paper is to investigate possible ways to handle the security problem for DDS, and to develop a possibly reusable security architecture for access control for secure distributed data structures in P2P networks without depending on trusted third parties.

Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence, this paper proposes a novel authentication system for implicit, continuous authentication of the smartphone user based on behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We propose novel context-based authentication models to differentiate the legitimate smartphone owner versus other users. We systematically show how to achieve high authentication accuracy with different design alternatives in sensor and feature selection, machine learning techniques, context detection and multiple devices. Our system can achieve excellent authentication performance with 98.1% accuracy with negligible system overhead and less than 2.4% battery consumption.

In smart factories and smart homes, devices such as smart sensors are connected to the Internet. Independent of the context in which such a smart sensor is deployed, the possibility to change its configuration parameters in a secure way is essential. Existing solutions do provide only minimal security or do not allow to transfer arbitrary configuration data. In this paper, we present an NFC- and QR-code based configuration interface for smart sensors which improves the security and practicability of the configuration altering process while introducing as little overhead as possible. We present a protocol for configuration as well as a hardware extension including a dedicated security controller (SC) for smart sensors. For customers, no additional hardware other than a commercially available smartphone will be necessary which makes the proposed approach highly applicable for smart factory and smart home contexts alike.

Choosing how to write natural language scenarios is challenging, because stakeholders may over-generalize their descriptions or overlook or be unaware of alternate scenarios. In security, for example, this can result in weak security constraints that are too general, or missing constraints. Another challenge is that analysts are unclear on where to stop generating new scenarios. In this paper, we introduce the Multifactor Quality Method (MQM) to help requirements analysts to empirically collect system constraints in scenarios based on elicited expert preferences. The method combines quantitative statistical analysis to measure system quality with qualitative coding to extract new requirements. The method is bootstrapped with minimal analyst expertise in the domain affected by the quality area, and then guides an analyst toward selecting expert-recommended requirements to monotonically increase system quality. We report the results of applying the method to security. This include 550 requirements elicited from 69 security experts during a bootstrapping stage, and subsequent evaluation of these results in a verification stage with 45 security experts to measure the overall improvement of the new requirements. Security experts in our studies have an average of 10 years of experience. Our results show that using our method, we detect an increase in the security quality ratings collected in the verification stage. Finally, we discuss how our proposed method helps to improve security requirements elicitation, analysis, and measurement.

This work proposes a generic focused crawling framework for discovering resources on any given topic that reside on the Surface or the Dark Web. The proposed crawler is able to seamlessly traverse the Surface Web and several darknets present in the Dark Web (i.e. Tor, I2P and Freenet) during a single crawl by automatically adapting its crawling behavior and its classifier-guided hyperlink selection strategy based on the network type. This hybrid focused crawler is demonstrated for the discovery of Web resources containing recipes for producing homemade explosives. The evaluation experiments indicate the effectiveness of the proposed ap-proach both for the Surface and the Dark Web.

Cross Site Scripting (XSS) and clickjacking have been ranked among the top web application threats in recent times. This paper introduces XBuster - our client-side defence against XSS, implemented as an extension to the Mozilla Firefox browser. XBuster splits each HTTP request parameter into HTML and JavaScript contexts and stores them separately. It searches for both contexts in the HTTP response and handles each context type differently. It defends against all XSS attack vectors including partial script injection, attribute injection and HTML injection. Also, existing XSS filters may inadvertently disable frame busting code used in web pages as a defence against clickjacking. However, XBuster has been designed to detect and neutralize such attempts.