Biblio

Recommenders are central in many applications today. The most effective recommendation schemes, such as those based on collaborative filtering (CF), exploit similarities between user profiles to make recommendations, but potentially expose private data. Federated learning and decentralized learning systems address this by letting the data stay on user's machines to preserve privacy: each user performs the training on local data and only the model parameters are shared. However, sharing the model parameters across the network may still yield privacy breaches. In this paper, we present Rex, the first enclave-based decentralized CF recommender. Rex exploits Trusted execution environments (TEE), such as Intel software guard extensions (SGX), that provide shielded environments within the processor to improve convergence while preserving privacy. Firstly, Rex enables raw data sharing, which ultimately speeds up convergence and reduces the network load. Secondly, Rex fully preserves privacy. We analyze the impact of raw data sharing in both deep neural network (DNN) and matrix factorization (MF) recommenders and showcase the benefits of trusted environments in a full-fledged implementation of Rex. Our experimental results demonstrate that through raw data sharing, Rex significantly decreases the training time by 18.3 x and the network load by 2 orders of magnitude over standard decentralized approaches that share only parameters, while fully protecting privacy by leveraging trustworthy hardware enclaves with very little overhead.

Resiliency of cyber-physical systems (CPSs) against malicious attacks has been a topic of active research in the past decade due to widely recognized importance. Resilient CPS is capable of tolerating some attacks, operating at a reduced capacity with core functions maintained, and failing gracefully to avoid any catastrophic consequences. Existing work includes an architecture for hierarchical control systems, which is a subset of CPS with wide applicability, that is tailored for resiliency. Namely, the architecture consists of local, network and supervision layers and features such as simplex structure, resource isolation by hypervisors, redundant sensors/actuators, and software defined network capabilities. Existing work also includes methods of ensuring a level of resiliency at each one of the layers, respectively. However, for a holistic system level resiliency, individual methods at each layers must be coordinated in their deployment because all three layers interact for the operation of CPS. For this purpose, a resiliency coordinator for CPS is proposed in this work. The resiliency coordinator is the interconnection of central resiliency coordinator in the supervision layer, network resiliency coordinator in the network layer, and finally, local resiliency coordinators in multiple physical systems that compose the physical layer. We show, by examples, the operation of the resiliency coordinator and illustrate that RC accomplishes a level of attack resiliency greater than the sum of resiliency at each one of the layers separately.

User authentication based on muscle tension manifested during password typing seems to be an interesting additional layer of security. It represents another way of verifying a person’s identity, for example in the context of continuous verification. In order to explore the possibilities of such authentication method, it was necessary to create a capturing software that records and stores data from EMG (electromyography) sensors, enabling a subsequent analysis of the recorded data to verify the relevance of the method. The work presented here is devoted to the design, implementation and evaluation of such a solution. The solution consists of a protocol and a software application for collecting multimodal data when typing on a keyboard. Myo armbands on both forearms are used to capture EMG and inertial data while additional modalities are collected from a keyboard and a camera. The user experience evaluation of the solution is presented, too.

Operating systems are essential software components for any computer. The goal of computer system manu-facturers is to provide a safe operating system that can resist a range of assaults. APTs (Advanced Persistent Threats) are merely one kind of attack used by hackers to penetrate organisations (APT). Here, we will apply the MITRE ATT&CK approach to analyze the security of Windows and Linux. Using the results of a series of vulnerability tests conducted on Windows 7, 8, 10, and Windows Server 2012, as well as Linux 16.04, 18.04, and its most current version, we can establish which operating system offers the most protection against future assaults. In addition, we have shown adversarial reflection in response to threats. We used ATT &CK framework tools to launch attacks on both platforms.

"Security first" is the most concerned issue of Linux administrators. Security refers to the integrity of data. The authentication security and integrity of data are higher than the privacy security of data. Firewall is used to realize the function of access control under Linux. It is divided into hardware or software firewall. No matter in which network, the firewall must work at the edge of the network. Our task is to define how the firewall works. This is the firewall's policies and rules, so that it can detect the IP and data in and out of the network. At present, there are three or four layers of firewalls on the market, which are called network layer firewalls, and seven layers of firewalls, which are actually the gateway of the agent layer. But for the seven layer firewall, no matter what your source port or target port, source address or target address is, it will check all your things. Therefore, the seven layer firewall is more secure, but it brings lower efficiency. Therefore, the usual firewall schemes on the market are a combination of the two. And because we all need to access from the port controlled by the firewall, the work efficiency of the firewall has become the most important control of how much data users can access. This paper introduces two types of firewalls iptables and TCP\_Wrappers. What are the differences between the use policies, rules and structures of the two firewalls? This is the problem to be discussed in this paper.

The use of software daily has become inevitable nowadays. Almost all everyday tools and the most different areas (e.g., medicine or telecommunications) are dependent on software. The C programming language is one of the most used languages for software development, such as operating systems, drivers, embedded systems, and industrial products. Even with the appearance of new languages, it remains one of the most used [1] . At the same time, C lacks verification mechanisms, like array boundaries, leaving the entire responsibility to the developer for the correct management of memory and resources. These weaknesses are at the root of buffer overflows (BO) vulnerabilities, which range the first place in the CWE’s top 25 of the most dangerous weaknesses [2] . The exploitation of BO when existing in critical safety systems, such as railways and autonomous cars, can have catastrophic effects for manufacturers or endanger human lives.

State of the art Artificial Intelligence Assurance (AIA) methods validate AI systems based on predefined goals and standards, are applied within a given domain, and are designed for a specific AI algorithm. Existing works do not provide information on assuring subjective AI goals such as fairness and trustworthiness. Other assurance goals are frequently required in an intelligent deployment, including explainability, safety, and security. Accordingly, issues such as value loading, generalization, context, and scalability arise; however, achieving multiple assurance goals without major trade-offs is generally deemed an unattainable task. In this manuscript, we present two AIA pipelines that are model-agnostic, independent of the domain (such as: healthcare, energy, banking), and provide scores for AIA goals including explainability, safety, and security. The two pipelines: Adversarial Logging Scoring Pipeline (ALSP) and Requirements Feedback Scoring Pipeline (RFSP) are scalable and tested with multiple use cases, such as a water distribution network and a telecommunications network, to illustrate their benefits. ALSP optimizes models using a game theory approach and it also logs and scores the actions of an AI model to detect adversarial inputs, and assures the datasets used for training. RFSP identifies the best hyper-parameters using a Bayesian approach and provides assurance scores for subjective goals such as ethical AI using user inputs and statistical assurance measures. Each pipeline has three algorithms that enforce the final assurance scores and other outcomes. Unlike ALSP (which is a parallel process), RFSP is user-driven and its actions are sequential. Data are collected for experimentation; the results of both pipelines are presented and contrasted.

For modern Automatic Test Equipment (ATE), one of the most daunting tasks conducting Information Assurance (IA). In addition, there is a desire to Network ATE to allow for information sharing and deployment of software. This is complicated by the fact that typically ATE are “unmanaged” systems in that most are configured, deployed, and then mostly left alone. This results in systems that are not patched with the latest Operating System updates and in fact may be running on legacy Operating Systems which are no longer supported (like Windows XP or Windows 7 for instance). A lot of this has to do with the cost of keeping a system updated on a continuous basis and regression testing the Test Program Sets (TPS) that run on them. Given that an Automated Test System can have thousands of Test Programs running on it, the cost and time involved in doing complete regression testing on all the Test Programs can be extremely expensive. In addition to the Test Programs themselves some Test Programs rely on third party Software and / or custom developed software that is required for the Test Programs to run. Add to this the requirement to perform software steering through all the Test Program paths, the length of time required to validate a Test Program could be measured in months in some cases. If system updates are performed once a month like some Operating System updates this could consume all the available time of the Test Station or require a fleet of Test Stations to be dedicated just to do the required regression testing. On the other side of the coin, a Test System running an old unpatched Operating System is a prime target for any manner of virus or other IA issues. This paper will discuss some of the pro's and con's of a managed Test System and how it might be accomplished.

The use of software to support the information infrastructure that governments, critical infrastructure providers and businesses worldwide rely on for their daily operations and business processes is gradually becoming unavoidable. Commercial off-the shelf software is widely and increasingly used by these organizations to automate processes with information technology. That notwithstanding, cyber-attacks are becoming stealthier and more sophisticated, which has led to a complex and dynamic risk environment for IT-based operations which users are working to better understand and manage. This has made users become increasingly concerned about the integrity, security and reliability of commercial software. To meet up with these concerns and meet customer requirements, vendors have undertaken significant efforts to reduce vulnerabilities, improve resistance to attack and protect the integrity of the products they sell. These efforts are often referred to as “software assurance.” Software assurance is becoming very important for organizations critical to public safety and economic and national security. These users require a high level of confidence that commercial software is as secure as possible, something only achieved when software is created using best practices for secure software development. Therefore, in this paper, we explore the need for information assurance and its importance for both organizations and end users, methodologies and best practices for software security and information assurance, and we also conducted a survey to understand end users’ opinions on the methodologies researched in this paper and their impact.

The increase of autonomy in autonomous surface vehicles development brings along modified and new risks and potential hazards, this in turn, introduces the need for processes and methods for ensuring that systems are acceptable for their intended use with respect to dependability and safety concerns. One approach for evaluating software requirements for claims of safety is to employ an assurance case. Much like a legal case, the assurance case lays out an argument and supporting evidence to provide assurance on the software requirements. This paper analyses safety and security requirements relating to autonomous vessels, and regulations in the automotive industry and the marine industry before proposing a generic cybersecurity and safety assurance case that takes a general graphical approach of Goal Structuring Notation (GSN).

Nowadays, lives are very much easier with the help of IoT. Due to lack of protection and a greater number of connections, the management of IoT becomes more difficult To manage the network flow, a Software Defined Networking (SDN) has been introduced. The SDN has a great capability in automatic and dynamic distribution. For harmful attacks on the controller a centralized SDN architecture unlocks the scope. Therefore, to reduce these attacks in real-time, a securing SDN enabled IoT scenario infrastructure of Fog networks is preferred. The virtual switches have network enforcement authorized decisions and these are executed through the SDN network. Apart from this, SDN switches are generally powerful machines and simultaneously these are used as fog nodes. Therefore, SDN looks like a good selection for Fog networks of IoT. Moreover, dynamically distributing the necessary crypto keys are allowed by the centralized and software channel protection management solution, in order to establish the Datagram Transport Layer Security (DTIS) tunnels between the IoT devices, when demanded by the cyber security framework. Through the extensive deployment of this combination, the usage of CPU is observed to be 30% between devices and the latencies are in milliseconds range, and thus it presents the system feasibility with less delay. Therefore, by comparing with the traditional SDN, it is observed that the energy consumption is reduced by more than 90%.

Supervisory Control and Data Acquisition (SCADA) systems are utilized extensively in critical power grid infrastructures. Modern SCADA systems have been proven to be susceptible to cyber-security attacks and require improved security primitives in order to prevent unwanted influence from an adversarial party. One section of weakness in the SCADA system is the integrity of field level sensors providing essential data for control decisions at a master station. In this paper we propose a lightweight hardware scheme providing inferred authentication for SCADA sensors by combining an analog to digital converter and a permutation generator as a single integrated circuit. Through this method we encode critical sensor data at the time of sensing, so that unencoded data is never stored in memory, increasing the difficulty of software attacks. We show through experimentation how our design stops both software and hardware false data injection attacks occurring at the field level of SCADA systems.

Using multi-UAV systems to accomplish both civil and military missions is becoming a popular trend. With the development of software and hardware technologies, Unmanned aerial vehicles (UAVs) are now able to operate autonomously at edge. However, the remote control of manned systems, e.g., ground control station (GCS), remains essential to mission success, and the system's control and non-payload communication (CNPC) are facing severe cyber threats caused by smart attacks. To avoid hijacking, in this paper, we propose a secure mechanism that reduces such security risks for multi-UAV systems. We introduce friendly jamming from UAVs to block eavesdropping on the remote control channel. The trade-off between security and energy consumption is optimized by three approaches designed for UAV and GCS under algorithms of different complexities. Numerical results show the approach efficiency under different mission conditions and security demands, and demonstrate the features of the proposed mechanism for various scenarios.

Internet speeds and technological advancements have made individuals increasingly concerned about their personal information being compromised by criminals. There have been a slew of new steganography and data concealment methods suggested in recent years. Steganography is the art of hiding information in plain sight (text, audio, image and video). Unauthorized users now have access to steganographic analysis software, which may be used to retrieve the carrier files valuable secret information. Unfortunately, because to their inefficiency and lack of security, certain steganography techniques are readily detectable by steganalytical detectors. We present a video steganography technique based on the linear block coding concept that is safe and secure. Data is protected using a binary graphic logo but also nine uncompressed video sequences as cover data and a secret message. It's possible to enhance the security by rearranging pixels randomly in both the cover movies and the hidden message. Once the secret message has been encoded using the Hamming algorithm (7, 4) before being embedded, the message is even more secure. The XOR function will be used to add the encoded message's result to a random set of values. Once the message has been sufficiently secured, it may be inserted into the video frames of the cover. In addition, each frame's embedding region is chosen at random so that the steganography scheme's resilience can be improved. In addition, our experiments have shown that the approach has a high embedding efficiency. The video quality of stego movies is quite close to the original, with a PSNR (Pick Signal to Noise Ratio) over 51 dB. Embedding a payload of up to 90 Kbits per frame is also permissible, as long as the quality of the stego video is not noticeably degraded.

The increasing number of vehicles registered demands for safe and secure carparks due to increase in vehicle theft. The current Automatic Number Plate Recognition (ANPR) systems is a single authentication system and hence it is not secure. Therefore, this research has developed a double authentication system by combing ANPR with a Quick Response (QR) code system to create ANPR-DAS that improves the security at a carpark. It has yielded an accuracy of up to 93% and prevents car theft at a car park.

The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safety-critical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform.This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties.

Memory-based vulnerabilities are becoming more and more common in low-power and low-cost devices in IOT. We study several low-level vulnerabilities that lead to memory corruption in C and C++ programs, and how to use stack corruption and format string attack to exploit these vulnerabilities. Automatic methods for resisting memory attacks, such as stack canary and address space layout randomization ASLR, are studied. These methods do not need to change the source program. However, a return-oriented programming (ROP) technology can bypass them. Control flow integrity (CFI) can resist the destruction of ROP technology. In fact, the security design is holistic. Finally, we summarize the rules of security coding in embedded devices, and propose two novel methods of software anomaly detection process for IOT devices in the future.

Control flow integrity (CFI) checks are used in desktop systems, in order to protect them from various forms of attacks, but they are rarely investigated for embedded systems, due to their introduced overhead. The contribution of this paper is an efficient software implementation of a CFI-check for ARM-and Xtensa processors. Moreover, we propose the combination of this CFI-check with another defense mechanism against return-oriented-programming (ROP). We show that by this combination the security is significantly improved. Moreover, it will also in-crease the safety of the system, since the combination can detect a failed ROP-attack and bring the system in a safe state, which is not possible when using each technique separately. We will also report on the introduced overhead in code size and run time.

Many organizations use internal phishing campaigns to gauge awareness and coordinate training efforts based on those findings. Ongoing content design is important for phishing training tools due to the influence recency has on phishing susceptibility. Traditional approaches for content development require significant investment and can be prohibitively costly, especially during the requirements engineering phase of software development and for applications that are constantly evolving. While prior research primarily depends upon already known phishing cues curated by experts, our project, Phish Finders, uses crowdsourcing to explore phishing cues through the unique perspectives and thought processes of everyday users in a realistic yet safe online environment, Zooniverse. This paper contributes qualitative analysis of crowdsourced comments that identifies novel cues, such as formatting and typography, which were identified by the crowd as potential phishing indicators. The paper also shows that crowdsourcing may have the potential to scale as a requirements engineering approach to meet the needs of content labeling for improved training tool development.

Lock design is an important mechanism for scheduling management and security protection in operating systems. However, there is no effective way to identify the differences and connections among lock models, and users need to spend considerable time to understand different lock architectures. In this paper, we propose a classification scheme that abstracts lock design into three types of models: basic spinlock, semaphore amount extension, lock chain structure, and verify the effectiveness of these three types of lock models in the context of current mainstream applications. We also investigate the specific details of applying this classification method, which can be used as a reference for developers to design lock models, thus shorten the software development cycle.

Software vulnerabilities threaten the security of computer system, and recently more and more loopholes have been discovered and disclosed. For the detected vulnerabilities, the relevant personnel will analyze the vulnerability characteristics, and combine the vulnerability scoring system to determine their severity level, so as to determine which vulnerabilities need to be dealt with first. In recent years, some characteristic description-based methods have been used to predict the severity level of vulnerability. However, the traditional text processing methods only grasp the superficial meaning of the text and ignore the important contextual information in the text. Therefore, this paper proposes an innovative method, called BERT-CNN, which combines the specific task layer of Bert with CNN to capture important contextual information in the text. First, we use Bert to process the vulnerability description and other information, including Access Gained, Attack Origin and Authentication Required, to generate the feature vectors. Then these feature vectors of vulnerabilities and their severity levels are input into a CNN network, and the parameters of the CNN are gotten. Next, the fine-tuned Bert and the trained CNN are used to predict the severity level of a vulnerability. The results show that our method outperforms the state-of-the-art method with 91.31% on F1-score.

The use of Virtual Machine (VM) migration as support for software rejuvenation was introduced more than a decade ago. Since then, several works have validated this approach from experimental and theoretical perspectives. Recently, some works shed light on the possibility of using the same technique as Moving Target Defense (MTD). However, to date, no work evaluated the availability and security levels while applying VM migration for both rejuvenation and MTD (multipurpose VM migration). In this paper, we conduct a comprehensive evaluation using Stochastic Petri Net (SPN) models to tackle this challenge. The evaluation covers the steady-state system availability, expected MTD protection, and related metrics of a system under time-based multipurpose VM migration. Results show that the availability and security improvement due to VM migration deployment surpasses 50% in the best scenarios. However, there is a trade-off between availability and security metrics, meaning that improving one implies compromising the other.

Smart grid is a new generation of grid that inte-grates traditional grid and grid information system, and infor-mation security of smart grid is an extremely important part of the whole grid. The research of trusted computing technology provides new ideas to protect the information security of the power grid. To address the problem of large deviations in the calculation of credible dynamic thresholds due to the existence of characteristics such as self-similarity and traffic bursts in smart grid information collection, a traffic prediction model based on ARMA and Poisson process is proposed. And the Hurst coefficient is determined more accurately using R/S analysis, which finally improves the efficiency and accuracy of the trusted dynamic threshold calculation.

Software based scan diagnosis is the de facto method for debugging logic scan failures. Physical analysis success rate is high on dies diagnosed with maximum score, one symptom, one suspect and shorter net. This poses a limitation on maximum utilization of scan diagnosis data for PFA. There have been several attempts to combine dynamic fault isolation techniques with scan diagnosis results to enhance the utilization and success rate. However, it is not a feasible approach for foundry due to limited product design and test knowledge and hardware requirements such as probe card and tester. Suitable for a foundry, an enhanced diagnosis-driven analysis scheme was proposed in [1] that classifies the failures as frontend-of-line (FEOL) and backend-of-line (BEOL) improving the die selection process for PFA. In this paper, static NIR PEM and defect prediction approach are applied on dies that are already classified as FEOL and BEOL failures yet considered unsuitable for PFA due to low score, multiple symptoms, and suspects. Successful case studies are highlighted to showcase the effectiveness of using static NIR PEM as the next level screening process to further maximize the scan diagnosis data utilization.

This paper use the method of finite element analysis, and comparing and analyzing the split box and the integrated box from two aspects of modal analysis and static analysis. It is concluded that the integrated box has the characteristics of excellent vibration characteristics and high strength tolerance; At the same time, according to the S-N curve of the material and the load spectrum of the box, the fatigue life of the integrated box is 26.24 years by using the fatigue analysis software Fe-safe, which meets the service life requirements; The reliability analysis module PDS is used to calculate the reliability of the box, and the reliability of the integrated box is 96.5999%, which meets the performance requirements.