Biblio

Data security is a vast term that doesn’t have any limits, but there are a certain amount of tools and techniques that could help in gaining security. Honeypot is among one of the tools that are designated and designed to protect the security of a network but in a very dissimilar manner. It is a system that is designed and developed to be compromised and exploited. Honeypots are meant to lure the invaders, but due to advancements in computing systems parallelly, the intruding technologies are also attaining their gigantic influence. In this research work, an approach involving apache-spark (a Big Data Technique) would be introduced in order to use it with the Honeypot System. This work includes an extensive study based on several research papers, through which elaborated experiment-based result has been expressed on the best known open-source honeypot systems. The preeminent possible method of using The Honeypot with apache spark in the sequential channel would also be proposed with the help of a framework diagram.

Malicious software (malware) poses a significant threat to the security of our networks and users. In the ever-evolving malware landscape, Excel 4.0 Office macros (XL4) have recently become an important attack vector. These macros are often hidden within apparently legitimate documents and under several layers of obfuscation. As such, they are difficult to analyze using static analysis techniques. Moreover, the analysis in a dynamic analysis environment (a sandbox) is challenging because the macros execute correctly only under specific environmental conditions that are not always easy to create. This paper presents SYMBEXCEL, a novel solution that leverages symbolic execution to deobfuscate and analyze Excel 4.0 macros automatically. Our approach proceeds in three stages: (1) The malicious document is parsed and loaded in memory; (2) Our symbolic execution engine executes the XL4 formulas; and (3) Our Engine concretizes any symbolic values encountered during the symbolic exploration, therefore evaluating the execution of each macro under a broad range of (meaningful) environment configurations. SYMBEXCEL significantly outperforms existing deobfuscation tools, allowing us to reliably extract Indicators of Compromise (IoCs) and other critical forensics information. Our experiments demonstrate the effectiveness of our approach, especially in deobfuscating novel malicious documents that make heavy use of environment variables and are often not identified by commercial anti-virus software.

Firewalls are security devices that perform network traffic filtering. They are ubiquitous in the industry and are a common method used to enforce organizational security policy. Security policy is specified on a high level of abstraction, with statements such as "web browsing is allowed only on workstations inside the office network", and needs to be translated into low-level firewall rules to be enforceable. There has been a lot of work regarding optimization, analysis and platform independence of firewall rules, but an area that has seen much less success is automatic translation of high-level security policies into firewall rules. In addition to improving rules’ readability, such translation would make it easier to detect errors.This paper surveys of over twenty papers that aim to generate firewall rules according to a security policy specified on a higher level of abstraction. It also presents an overview of similar features in modern firewall systems. Most approaches define specialized domain languages that get compiled into firewall rule sets, with some of them relying on formal specification, ontology, or graphical models. The approaches’ have improved over time, but there are still many drawbacks that need to be solved before wider application.

Derivatives are key to numerous science, engineering, and machine learning applications. While existing tools generate derivatives of programs in a single language, modern parallel applications combine a set of frameworks and languages to leverage available performance and function in an evolving hardware landscape. We propose a scheme for differentiating arbitrary DAG-based parallelism that preserves scalability and efficiency, implemented into the LLVM-based Enzyme automatic differentiation framework. By integrating with a full-fledged compiler backend, Enzyme can differentiate numerous parallel frameworks and directly control code generation. Combined with its ability to differentiate any LLVM-based language, this flexibility permits Enzyme to leverage the compiler tool chain for parallel and differentiation-specitic optimizations. We differentiate nine distinct versions of the LULESH and miniBUDE applications, written in different programming languages (C++, Julia) and parallel frameworks (OpenMP, MPI, RAJA, Julia tasks, MPI.jl), demonstrating similar scalability to the original program. On benchmarks with 64 threads or nodes, we find a differentiation overhead of 3.4–6.8× on C++ and 5.4–12.5× on Julia.

Traffic in a backbone network has high forwarding rate requirements, and as the network gets larger, traffic increases and forwarding rates decrease. In a Software Defined Network (SDN), the controller can manage a global view of the network and control the forwarding of network traffic. A deterministic network has different forwarding requirements for the traffic of different priority levels. Static traffic load balancing is not flexible enough to meet the needs of users and may lead to the overloading of individual links and even network collapse. In this paper, we propose a new backbone network load balancing architecture - EDQN (Edge Deep Q-learning Network), which implements queue-based gate-shaping algorithms at the edge devices and load balancing of traffic on the backbone links. With the advantages of SDN, the link utilization of the backbone network can be improved, the delay in traffic transmission can be reduced and the throughput of traffic during transmission can be increased.

Transmitting data through the internet may have severe security risks due to illegal access done by attackers. Some methods have been introduced to overcome this issue, such as cryptography and steganography. Nevertheless, some problems still arise, such as the quality of the stego data. Specifically, it happens if the stego is shared with some users. In this research, a shared-secret mechanism is combined with steganography. For this purpose, the fuzzy logic edge detection and Prediction Error (PE) methods are utilized to hide private data. The secret sharing process is carried out after data embedding in the cover image. This sharing mechanism is performed on image pixels that have been converted to PE values. Various Peak Signal to Noise Ratio (PSNR) values are obtained from the experiment. It is found that the number of participants and the threshold do not significantly affect the image quality of the shares.

Impactful data breaches that exposed the online accounts and financial information of billions of individuals have increased recently because of the digitization of numerous industries. As a result, the need for comprehensive cybersecurity measures has risen, particularly with regard to the safekeeping of user passwords. Strong password storage security ensures that even if an attacker has access to compromised data, they are unable to utilize the passwords in attack vectors like credential-stuffing assaults. Additionally, it will reduce the risk of threats like fraudulent account charges or account takeovers for users. This study compares the performance of several hashing algorithms, including Bcrypt, SHA-256 and MD5 and how bcrypt algorithm outperforms the other algorithms. Reversal of each of the results will be attempted using Rainbow Tables for better understanding of hash reversals and the comparisons are tabulated. The paper provides a detail implementation of bcrypt algorithm and sheds light on the methodology of BCRYPT hashing algorithm results in robust password security. While SHA-256 hashing algorithms are, easily susceptible to simple attacks such as brute force as it a fast algorithm and making bcrypt more favorable.

This paper presents secure MatDot codes, a family of evaluation codes that support secure distributed matrix multiplication via a careful selection of evaluation points that exploit the properties of the dual code. We show that the secure MatDot codes provide security against the user by using locally recoverable codes. These new codes complement the recently studied discrete Fourier transform codes for distributed matrix multiplication schemes that also provide security against the user. There are scenarios where the associated costs are the same for both families and instances where the secure MatDot codes offer a lower cost. In addition, the secure MatDot code provides an alternative way to handle the matrix multiplication by identifying the fastest servers in advance. In this way, it can determine a product using fewer servers, specified in advance, than the MatDot codes which achieve the optimal recovery threshold for distributed matrix multiplication schemes.

Considering the evolution of technology, the need to secure data is growing fast. When we turn our attention to the healthcare field, securing data and assuring privacy are critical conditions that must be accomplished. The information is sensitive and confidential, and the exchange rate is very fast. Over the years, the healthcare domain has gradually seen a growth of interest regarding the interconnectivity of different processes to optimize and improve the services that are provided. Therefore, we need intelligent complex systems that can collect and transport sensitive data in a secure way. These systems are called cyber-physical systems. In healthcare domain, these complex systems are named medical cyber physical systems. The paper presents a brief description of the above-mentioned intelligent systems. Then, we focus on wireless sensor networks and the issues and challenges that occur in securing sensitive data and what improvements we propose on this subject. In this paper we tried to provide a detailed overview about cyber-physical systems, medical cyber-physical systems, wireless sensor networks and the security issues that can appear.

Public key cryptography plays an important role in secure communications over insecure channels. Elliptic curve cryptography, as a variant of public key cryptography, has been extensively used in the last decades for such purposes. In this paper, we present a software tool for parallel generation of cryptographic keys based on elliptic curves. Binary method for point multiplication and C++ threads were used in parallel implementation, while secp256k1 elliptic curve was used for testing. Obtained results show speedup of 30% over the sequential solution for 8 threads. The results are briefly discussed in the paper.

Mobile small cells that are enabled with Network Coding (NC) are seen as a potentially useful technique for Fifth Generation (5G) networks, since they can cover an entire city and can be put up on demand anywhere, any time, and on any device. Despite numerous advantages, significant security issues arise as a result of the fact that the NC-enabled mobile small cells are vulnerable to attacks. Intrusions are a severe security threat that exploits the inherent vulnerabilities of NC. In order to make NC-enabled mobile small cells to realize their full potential, it is essential to implement intrusion detection systems. When compared to homomorphic signature or hashing systems, homomorphic message authentication codes (MACs) provide safe network coding techniques with relatively smaller overheads. A number of research studies have been conducted with the goal of developing mobile small cells that are enabled with secure network coding and coming up with integrity protocols that are appropriate for such crowded situations. However, the intermediate nodes alter packets while they are in transit and hence the integrity of the data cannot be confirmed by using MACs and checksums. This research study has analyzed numerous intrusion detection models for NC enabled small cells. This research helps the scholars to get a brief idea about various intrusion detection models.

Cybersecurity is without doubt becoming a societal challenge. It even starts to affect sectors that were not considered to be at risk in the past because of their relative isolation. One of these sectors is aviation in general, and specifically air traffic management. Nowadays, the cyber security is one of the essential issues of current Air Traffic Systems. Compliance with the basic principles of cyber security is mandated by European Union law as well as the national law. Therefore, EUROCONTROL as the provider of several tools or services (ARTAS, EAD, SDDS, etc.), is regularly conducting various activities, such as the cyber-security assessments, penetration testing, supply chain risk assessment, in order to maintain and improve persistence of the products against the cyber-attacks.

Tactical Data Link (TDL) is one of the important elements in Network Centric Warfare (NCW). TDL provides the means for rapid exchange of tactical information between air, ground, sea units and command centers. In military operations, TDL has high demands for resilience, responsiveness, reliability, availability and security. MANET has characteristics that are suitable for the combat environment, namely the ability to self-form and self-healing so that this network may be applied to the TDL system. To produce high performance in MANET adapted for TDL system, an efficient MAC Protocol method is needed. This paper provides a survey of several MAC Protocol methods on a tactical MANET. In this paper also suggests some improvements to the MANET MAC protocol to improve TDL system performance.

Using multi-UAV systems to accomplish both civil and military missions is becoming a popular trend. With the development of software and hardware technologies, Unmanned aerial vehicles (UAVs) are now able to operate autonomously at edge. However, the remote control of manned systems, e.g., ground control station (GCS), remains essential to mission success, and the system's control and non-payload communication (CNPC) are facing severe cyber threats caused by smart attacks. To avoid hijacking, in this paper, we propose a secure mechanism that reduces such security risks for multi-UAV systems. We introduce friendly jamming from UAVs to block eavesdropping on the remote control channel. The trade-off between security and energy consumption is optimized by three approaches designed for UAV and GCS under algorithms of different complexities. Numerical results show the approach efficiency under different mission conditions and security demands, and demonstrate the features of the proposed mechanism for various scenarios.

A huge number of cloud users and cloud providers are threatened of security issues by cloud computing adoption. Cloud computing is a hub of virtualization that provides virtualization-based infrastructure over physically connected systems. With the rapid advancement of cloud computing technology, data protection is becoming increasingly necessary. It's important to weigh the advantages and disadvantages of moving to cloud computing when deciding whether to do so. As a result of security and other problems in the cloud, cloud clients need more time to consider transitioning to cloud environments. Cloud computing, like any other technology, faces numerous challenges, especially in terms of cloud security. Many future customers are wary of cloud adoption because of this. Virtualization Technologies facilitates the sharing of recourses among multiple users. Cloud services are protected using various models such as type-I and type-II hypervisors, OS-level, and unikernel virtualization but also offer a variety of security issues. Unfortunately, several attacks have been built in recent years to compromise the hypervisor and take control of all virtual machines running above it. It is extremely difficult to reduce the size of a hypervisor due to the functions it offers. It is not acceptable for a safe device design to include a large hypervisor in the Trusted Computing Base (TCB). Virtualization is used by cloud computing service providers to provide services. However, using these methods entails handing over complete ownership of data to a third party. This paper covers a variety of topics related to virtualization protection, including a summary of various solutions and risk mitigation in VMM (virtual machine monitor). In this paper, we will discuss issues possible with a malicious virtual machine. We will also discuss security precautions that are required to handle malicious behaviors. We notice the issues of investigating malicious behaviors in cloud computing, give the scientific categorization and demonstrate the future headings. We've identified: i) security specifications for virtualization in Cloud computing, which can be used as a starting point for securing Cloud virtual infrastructure, ii) attacks that can be conducted against Cloud virtual infrastructure, and iii) security solutions to protect the virtualization environment from DDOS attacks.

The digital transformation brought on by 5G is redefining current models of end-to-end (E2E) connectivity and service reliability to include security-by-design principles necessary to enable 5G to achieve its promise. 5G trustworthiness highlights the importance of embedding security capabilities from the very beginning while the 5G architecture is being defined and standardized. Security requirements need to overlay and permeate through the different layers of 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture within a risk-management framework that takes into account the evolving security-threats landscape. 5G presents a typical use-case of wireless communication and computer networking convergence, where 5G fundamental building blocks include components such as Software Defined Networks (SDN), Network Functions Virtualization (NFV) and the edge cloud. This convergence extends many of the security challenges and opportunities applicable to SDN/NFV and cloud to 5G networks. Thus, 5G security needs to consider additional security requirements (compared to previous generations) such as SDN controller security, hypervisor security, orchestrator security, cloud security, edge security, etc. At the same time, 5G networks offer security improvement opportunities that should be considered. Here, 5G architectural flexibility, programmability and complexity can be harnessed to improve resilience and reliability. The working group scope fundamentally addresses the following: •5G security considerations need to overlay and permeate through the different layers of the 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture including a risk management framework that takes into account the evolving security threats landscape. •5G exemplifies a use-case of heterogeneous access and computer networking convergence, which extends a unique set of security challenges and opportunities (e.g., related to SDN/NFV and edge cloud, etc.) to 5G networks. Similarly, 5G networks by design offer potential security benefits and opportunities through harnessing the architecture flexibility, programmability and complexity to improve its resilience and reliability. •The IEEE FNI security WG's roadmap framework follows a taxonomic structure, differentiating the 5G functional pillars and corresponding cybersecurity risks. As part of cross collaboration, the security working group will also look into the security issues associated with other roadmap working groups within the IEEE Future Network Initiative.

Mobile terminals especially smartphones are changing people's work and life style. For example, mobile payments are experiencing rapid growth as consumers use mobile terminals as part of lifestyles. However, security is a big challenge for mobile application services. In order to reduce security risks, mobile terminal security assessment should be conducted before providing application services. An approach of comprehensive security assessment is proposed in this paper by defining security metrics with the corresponding scores and determining the relative weights of security metrics based on the analytical hierarchy process (AHP). Overall security assessment of Android-based mobile terminals is implemented for mobile payment services with payment fraud detection accuracy of 89%, which shows that the proposed approach of security assessment is reasonable.

In this paper we consider cyber security requirements of the smart buildings. We identify cyber risks, threats, attack scenarios, security objectives and related security controls. The work was done as a part of a smart building design and construction work. From the controls identified w e concluded security practices for engineering-in smart buildings security. The paper provides an idea toward which system security engineers can strive in the basic design and implementation of the most critical components of the smart buildings. The intent of the concept is to help practitioners to avoid ad hoc approaches in the development of security mechanisms for smart buildings with shared space.

The Robotic Operating System (ROS) is a popular framework for robotics research and development. It's a system that provides hardware abstraction with low-level device management to handle communications and services. ROS is a distributed system, which allows various nodes in a network to communicate using a method such as message passing. When integrating systems using ROS, it is vital to consider the security and privacy of the data and information shared across ROS nodes, which is considered to be one of the most challenging aspects of ROS systems. The goal of this study is to examine the ROS architecture, primary components, and versions, as well as the types of vulnerabilities that might compromise the system. In order to achieve the CIA's three fundamental security criteria on a ROS-based platform, we categorized these vulnerabilities and looked into various security solutions proposed by researchers. We provide a comparative analysis of the ROS-related security solutions, the security threats and issues they addressed, the targeted architecture of the protection or defense system, the solution's evaluation methodology and the evaluation metric, and the limitations that might be viewed as unresolved issues for the future course of action. Finally, we look into future possibilities and open challenges to assist researchers to develop more secure and efficient ROS systems.

Python continues to be one of the most popular programming languages and has been used in many safety-critical fields such as medical treatment, autonomous driving systems, and data science. These fields put forward higher security requirements to Python ecosystems. However, existing studies on machine learning systems in Python concentrate on data security, model security and model privacy, and just assume the underlying Python virtual machines (PVMs) are secure and trustworthy. Unfortunately, whether such an assumption really holds is still unknown.This paper presents, to the best of our knowledge, the first and most comprehensive empirical study on the security of CPython, the official and most deployed Python virtual machine. To this end, we first designed and implemented a software prototype dubbed PVMSCAN, then use it to scan the source code of the latest CPython (version 3.10) and other 10 versions (3.0 to 3.9), which consists of 3,838,606 lines of source code. Empirical results give relevant findings and insights towards the security of Python virtual machines, such as: 1) CPython virtual machines are still vulnerable, for example, PVMSCAN detected 239 vulnerabilities in version 3.10, including 55 null dereferences, 86 uninitialized variables and 98 dead stores; Python/C API-related vulnerabilities are very common and have become one of the most severe threats to the security of PVMs: for example, 70 Python/C API-related vulnerabilities are identified in CPython 3.10; 3) the overall quality of the code remained stable during the evolution of Python VMs with vulnerabilities per thousand line (VPTL) to be 0.50; and 4) automatic vulnerability rectification is effective: 166 out of 239 (69.46%) vulnerabilities can be rectified by a simple yet effective syntax-directed heuristics.We have reported our empirical results to the developers of CPython, and they have acknowledged us and already confirmed and fixed 2 bugs (as of this writing) while others are still being analyzed. This study not only demonstrates the effectiveness of our approach, but also highlights the need to improve the reliability of infrastructures like Python virtual machines by leveraging state-of-the-art security techniques and tools.

In this paper, the distributed security control problem of connected vehicle systems (CVSs) is investigated under denial of service (DoS) attacks and uncertain dynamics. DoS attacks usually block communication channels, resulting in the vehicle inability to receive data from the neighbors. In severe cases, it will affect the control performance of CVSs and even cause vehicle collision and life threats. In order to keep the vehicle platoon stable when the DoS attacks happen, we introduce a random characteristic to describe the impact of the packet loss behavior caused by them. Dependent on the length of the lost packets, we propose a security platoon control protocol to deal with it. Furthermore, the security platoon control problem of CVSs is transformed into a stable problem of Markov jump systems (MJSs) with uncertain parameters. Next, the Lyapunov function method and linear matrix inequations (LMI) are used to analyze the internal stability and design controller. Finally, several simulation results are presented to illustrate the effectiveness of the proposed method.

In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.

ROS 2 is rapidly becoming a standard in the robotics industry. Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding secu-rity to robots and ROS computational graphs is increasingly becoming a concern. The present work introduces SROS2, a series of developer tools and libraries that facilitate adding security to ROS 2 graphs. Focusing on a usability-centric approach in SROS2, we present a methodology for securing graphs systematically while following the DevSecOps model. We also demonstrate the use of our security tools by presenting an application case study that considers securing a graph using the popular Navigation2 and SLAM Toolbox stacks applied in a TurtieBot3 robot. We analyse the current capabilities of SROS2 and discuss the shortcomings, which provides insights for future contributions and extensions. Ultimately, we present SROS2 as usable security tools for ROS 2 and argue that without usability, security in robotics will be greatly impaired.

Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29% of students’ solutions do not seem suitable for real-world implementation, 76.9% of the developed solutions showed a sufficient degree of creativity.

Android controls the majority of the global OS market. Android Open Source Project (AOSP) is a very complex system with many layers including the apps, the Application Framework, the middle-ware, the customized Linux kernel, and the trusted components. Although security is implemented in every layer, the Application Framework forms an important of the attack surface due to managing the user interface and permissions. Android security has evolved over the years. The security flaws that have been found in the Application Framework led to a redesign of Android permissions. Part of this evolution includes fixes to the vulnerabilities that are publicly released in the monthly Android security bulletins. In this study, we analyze the CVEs listed in the Android security bulletin within the last 6 years. We focus on the Android application framework and investigate several research questions relating to 1) the security relevant components, 2) the type and amount of testing information for the security patches, and 3) the adequacy of the tests designed to test these patches. Our findings indicate that Android security testing practices can be further improved by designing security bulletin update specific tests, and by improving code coverage of patched files.