Biblio

An emerging widely used technology cloud computing which a paddle of computing resources is available for the users. Through the internet-based the resources could be supplied to cloud consumers at their request but it is not directly active management by the user. This application-based software infrastructure can store data on remote serves, which can be accessed through the internet and a user who wants to access data stored in the cloud have to use an internet browser or cloud computing software. Data protection has become one of the significant issues in cloud computing when users must rely on their cloud providers for security purposes. In this article, a system that can embarrass the disclosure of the key for distributing a file that will assure security dispensing asymmetric key and sharing it among the cloud environment and user perform the integrity check themselves rather than using third-party services by using compression or hash function where the hash is created using a hash function and it was not mentioned in the previous paper. After the user receives the data every hash is compared with other hash values to check the differences of the data. The time-consumption of encryption and decryption of the data is calculated and compared with the previous paper and the experiment shows that our calculation took around 80% less time.

The risk of cyber-attack is omnipresent, there are lots of threat actors in the cyber field and the number of attacks increases every day. The paper defines currently the most discussed supply chain attacks, briefly summarizes significant events of successful supply chain attacks and outlines complex strategy leading to the prevention of such attacks; the strategy which can be used not only by civil organizations but governmental ones, too. Risks of supply chain attacks against the Czech army are taken into consideration and possible mitigations are suggested.

Electromagnetic (EM) radiation is an inherent phenomenon in the operation of electronic information equipment. The side-channel attack, malicious hardware and software implantation attack by using the EM radiation are implemented to steal information. This form of attacks can be used in air-gap information equipment, which bring great danger for information security. The malicious implantation hidden in circuits are difficult to detect. How to detect the implantation is a challenging problem. In this paper, a malicious hardware implantation is analyzed. A method that leverages EM signals for Trojan-embedded computer video cable detection is proposed. The method neither needs activating the Trojan nor requires near-field probe approaching at close. It utilizes recognizable patterns in the spectrum of EM to predict potential risks. This paper focuses on the extraction of feature vectors via the empirical mode decomposition (EMD) algorithm. Intrinsic mode functions (IMFs) are analyzed and selected to be eigenvectors. Using a common classification technique, we can achieve both effective and reliable detection results.

In this paper, we present FireBugs for Finding and Repairing Bugs based on security patterns. For the common misuse patterns of cryptography APIs (crypto APIs), we encode common cryptography rules into the pattern representations for bug detection and program repair regarding cryptography rule violations. In the evaluation, we conducted a case study to assess the bug detection capability by applying FireBugs to datasets mined from both open source and commercial projects. Also, we conducted a user study with professional software engineers at Mutual of Omaha Insurance Company to estimate the program repair capability. This evaluation showed that FireBugs can help professional engineers develop various cryptographic requirements in a resilient application.

The large amount of third-party packages available in fast-moving software ecosystems, such as Node.js/npm, enables attackers to compromise applications by pushing malicious updates to their package dependencies. Studying the npm repository, we observed that many packages in the npm repository that are used in Node.js applications perform only simple computations and do not need access to filesystem or network APIs. This offers the opportunity to enforce least-privilege design per package, protecting applications and package dependencies from malicious updates. We propose a lightweight permission system that protects Node.js applications by enforcing package permissions at runtime. We discuss the design space of solutions and show that our system makes a large number of packages much harder to be exploited, almost for free.

With tons of efforts spent on its mitigation, Cross-site scripting (XSS) remains one of the most prevalent security threats on the internet. Decades of exploitation and remediation demonstrated that code inspection and testing alone does not eliminate XSS vulnerabilities in complex web applications with a high degree of confidence. This paper introduces Google's secure-by-design engineering paradigm that effectively prevents DOM-based XSS vulnerabilities in large-scale web development. Our approach, named API hardening, enforces a series of company-wide secure coding practices. We provide a set of secure APIs to replace native DOM APIs that are prone to XSS vulnerabilities. Through a combination of type contracts and appropriate validation and escaping, the secure APIs ensure that applications based thereon are free of XSS vulnerabilities. We deploy a simple yet capable compile-time checker to guarantee that developers exclusively use our hardened APIs to interact with the DOM. We make various of efforts to scale this approach to tens of thousands of engineers without significant productivity impact. By offering rigorous tooling and consultant support, we help developers adopt the secure coding practices as seamlessly as possible. We present empirical results showing how API hardening has helped reduce the occurrences of XSS vulnerabilities in Google's enormous code base over the course of two-year deployment.

An essential ingredient of the smart grid is software-based services. Increasingly, software is used to support control strategies and services that are critical to the grid's operation. Therefore, its correct operation is essential. For various reasons, software and its configuration needs to be updated. This update process represents a significant overhead for smart grid operators and failures can result in financial losses and grid instabilities. In this paper, we present a framework for determining the root causes of software rollout failures in the smart grid. It uses distributed sensors that indicate potential issues, such as anomalous grid states and cyber-attacks, and a causal inference engine based on a formalism called evidential networks. The aim of the framework is to support an adaptive approach to software rollouts, ensuring that a campaign completes in a timely and secure manner. The framework is evaluated for a software rollout use-case in a low voltage distribution grid. Experimental results indicate it can successfully discriminate between different root causes of failure, supporting an adaptive rollout strategy.

Smart grid is the key infrastructure of the country, and its network security is an important link to ensure the national important infrastructure security. SOC as a secure operation mechanism for adaptive and continuous improvement of information security, it is practically significant to address the challenge to the network security of the smart grid. Based on the analysis of the technical characteristics and security of smart grid, and taking a grid enterprise smart grid as an example, we propose the design scheme and implementation plan of smart grid SOC platform. Experimental results show that the platform we designed can meet the performance requirements, it also meets the requirements of real-time storage of behavioral data and provides support for interactive analysis and batch analysis.

Development of large-scale and complex software systems requires multiple teams, including software development teams, domain experts, user representatives, and other project stakeholders, to work collaboratively to achieve software development goals. These teams rely on the use of agreed software development processes, knowledge management tools, and communication channels collaboratively in the software development project. Software testing is an important and complicated process due to reasons such as difficulties in achieving testing goals with the given time constraint, absence of efficient data sharing policies, vague testing acceptance criteria at various levels of testing, and lack of trusted coordination among the teams involved in software testing. The efficiency of the software testing relies on efficient, reliable, and trusted information sharing among these teams. Existing approaches to software testing for collaborative software development use centralized or decentralize tools for software testing, knowledge management, and communication channels. Existing approaches have the limitations of centralized authority, a single point of failure/compromise, lack of automatic requirement compliance checking and transparency in information sharing, and lack of unified data sharing policy, and reliable knowledge management repositories for sharing and storing past software testing artifacts and data. In this paper, a software testing approach for collaborative software development using private blockchain is presented, and the desirable properties of private blockchain, such as distributed data management, tamper-resistance, auditability and automatic requirement compliance checking, are incorporated to greatly improve the quality of software testing for collaborative software development.

It is important to be able to establish formal performance bounds for autonomous systems. However, formal verification techniques require a model of the environment in which the system operates; a challenge for autonomous systems, especially those expected to operate over longer timescales. This paper describes work in progress to automate the monitor and repair of ROS-based autonomous robot software written for an apriori partially known and possibly incorrect environment model. A taint analysis method is used to automatically extract the dataflow sequence from input topic to publish topic, and instrument that code. A unique reinforcement learning approximation of MDP utility is calculated, an empirical and non-invasive characterization of the inherent objectives of the software designers. By comparing design (a-priori) utility with deploy (deployed system) utility, we show, using a small but real ROS example, that it's possible to monitor a performance criterion and relate violations of the criterion to parts of the software. The software is then patched using automated software repair techniques and evaluated against the original off-line utility.

Acoustic tomography experiments for ocean observation require low-frequency, broadband, high power, small size underwater acoustic transducer, but there are contradictions between the performance of the transducer, therefore a longitudinal-bending fluid-cavity coupled broadband underwater acoustic transducer is presented. The difference between the transducer and the traditional JH transducer is that the opening position of the Helmholtz resonant cavity is arranged between the radiation cover plate and the cylindrical cavity. Based on the optimization results of the finite element software ANSYS produced a transducer test prototype. The test results show that the simulation results and experimental results are basically consistent, and the transmitting voltage response can reach 136dB, the transmitting voltage response fluctuation shall no more than 6dB through the range of 700-1200Hz in the horizontal direction, verified the longitudinal-bending mode and the fluid-cavity mode of the transducer are well coupled, and the transducer is an ideal low-frequency, broadband, high power, small size underwater acoustic transducer.

Software is playing a pivotal role in most enterprises, whether they realize it or not, and with the proliferation of Industrial Internet of Things (IoT) and other CyberPhysical systems across our society and critical infrastructure and our collective love affair with automation, optimization, and ``smart'' devices, the role of these types of systems is only going to increase. This talk addresses the myriad of issues that underlie unsafe, insecure, and unreliable software and provides the insights of the Industrial Internet Consortium and other government and industry efforts on how to conquer them and pave the way to a marketplace of trustworthy software-enabled connected things. As the experience of several sectors has shown, the dependence on connected software needs to be met with a strong understanding of the risks to the overall trustworthiness of our software-based capabilities that we, our enterprises, and our world utilize. In many of these new connected systems issues of safety, reliability, and resilience rival or dominate concerns for security and privacy, the long-time focus of many in the IT world. Without a scalable and efficient method for managing these risks so our enterprises can continue to benefit from these advancements that powers our military, commercial industries, cities, and homes to new levels of efficiency, versatility, and cost effectiveness we face the potential for harm, death, and destructiveness. In such a marketplace, creating, exchanging, and integrating components that are trustworthy as well as entering into value-chain relationships with trustworthy partners and service suppliers will be common if we can provide a method for explicitly defining what is meant by the word trustworthy. The approach being pursued by these groups for applying Software Assurance to these systems and their Supply Chains by leveraging Structured Assurance Cases (the focus of this paper), Software Bill of Materials, and secure development practices applied to the evolving Agile and DevSecOps methodologies, is to explicitly identify the detailed requirements ``about what we need to know about something for it to be worthy of our trust'' and to do that in a way that we can convey that basis of trust to others that: can scale; is consistent within different workflows; is flexible to differing sets of hazards and environments; and is applicable to all sectors, domains, and industries.

Software is playing a pivotal role in most enterprises, whether they realize it or not, and with the proliferation of Industrial Internet of Things (IoT) and other cyber/physical systems across our society and critical infrastructure and our collective love affair with automation, optimization, and ``smart'' devices, the role of these types of systems is only going to increase. This talk addresses the myriad of issues that underlie unsafe, insecure, and unreliable software and provides the insights of the Industrial Internet Consortium and other government and industry efforts on how to conquer them and pave the way to a marketplace of trustworthy software-enabled connected things.As the experience of several sectors has shown, the dependence on connected software needs to be met with a strong understanding of the risks to the overall trustworthiness of our software-based capabilities that we, our enterprises, and our world utilize. In many of these new connected systems issues of safety, reliability, and resilience rival or dominate concerns for security and privacy, the long-time focus of many in the IT world. Without a scalable and efficient method for managing these risks so our enterprises can continue to benefit from these advancements that powers our military, commercial industries, cities, and homes to new levels of efficiency, versatility, and cost effectiveness we face the potential for harm, death, and destructiveness.In such a marketplace, creating, exchanging, and integrating components that are trustworthy as well as entering into value-chain relationships with trustworthy partners and service suppliers will be common if we can provide a method for explicitly defining what is meant by the word trustworthy. The approach being pursued by these groups for applying Software Assurance to these systems and their Supply Chains by leveraging Structured Assurance Cases, Software Bill of Materials (the focus of this paper), and secure development practices applied to the evolving Agile and DevSecOps methodologies, is to explicitly identify the detailed requirements ``about what we need to know about something for it to be worthy of our trust'' and to do that in a way that we can convey that basis of trust to others that: can scale; is consistent within different workflows; is flexible to differing sets of hazards and environments; and is applicable to all sectors, domains, and industries.

As Internet of Things (IoT) devices are increasingly used in industry and become further integrated into our daily lives the security of such devices is of paramount concern. Ensuring that the large amount of information that these devices collect is protected and only accessible to authenticated users is a critical requirement of the industry. One potentially inexpensive way to improve device security utilises a Physically Unclonable Function (PUF) to generate a unique random response per device. This random response can be generated in such a way that it can be regenerated reliably and repeatably allowing the response to be considered a signature for each device. This signature could then be used for authentication or key generation purposes, improving trust in IoT devices. The advantage of a PUF based system is that the response does not need to be stored in nonvolatile memory as it is regenerated on demand, hardening the system against physical attacks. With SoC FPGAs being inexpensive and widely available there is potential for their use in both industrial and consumer applications as an additional layer of hardware security. In this paper we investigate and implement a Trusted Execution Environment (TEE) based around a PUF solely implemented in the FPGA fabric on a Xilinx Zynq-7000 SoC FPGA. The PUF response is used to seed a generic entropy maximisation function or Pseudorandom Number Generator (PRNG) with a system controller capable of encrypting data to be useful only to the device. This system interacts with a software platform running in the ARM TrustZone on the ARM Cortex core in the SoC, which handles requests between user programs and the FPGA. The proposed PUF-based security module can generate unique random keys able to pass all NIST tests and protects against physical attacks on buses and nonvolatile memories. These improvements are achieved at a cost of fewer than half the resources on the Zynq-7000 SoC FPGA.

Trusted Platform Modules (TPMs) are specialized chips that store RSA keys specific to the host system for hardware authentication. The RSA keys refer to an encryption technology developed by RSA Data Security. The RSA algorithm accounts for the fact that there is no efficient way to factor extremely large numbers. Each TPM chip contains an RSA Key pair known as the Endorsement Key that cannot be accessed by software. The TPM contains an additional key, called the Attestation Identity Key that protects the device itself against unauthorized firmware and software modification by implementing hash functions on critical sections of the software and firmware before execution. As a result, the TPM can be used as a chip for handling encryption for a larger system to offer an additional layer of security. Furthermore, the TPM can also be used for managing encryption keys, as a Storage Root Key is created when a user or administrator takes ownership of the system. However, merging the TPM into a system does come with additional costs along with potential benefits. This paper focuses on integrating a TPM into a system implemented on an ARM processor that engages with power electronics, and then presents the security benefits associated with a TPM.

In order to develop safety-reliable standards for IoT (Internet of Things) networks, appropriate tools for their verification are needed. Among them there is a group of tools based on automated symbolic analysis. Such a tool is Tamarin software. Its usage for creating formal proofs of security protocols correctness has been presented in this paper using the simple example of an exchange of messages with asynchronous encryption between two agents. This model can be used in sensor networks or IoT e.g. in TLS protocol to provide a mechanism for secure cryptographic key exchange.

Online privacy policies are lengthy and hard to comprehend. To address this problem, researchers have utilized machine learning (ML) to devise tools that automatically summarize online privacy policies for web users. One such tool is our free and publicly available browser extension, PrivacyCheck. In this paper, we enhance PrivacyCheck by adding a competitor analysis component-a part of PrivacyCheck that recommends other organizations in the same market sector with better privacy policies. We also monitored the usage patterns of about a thousand actual PrivacyCheck users, the first work to track the usage and traffic of an ML-based privacy analysis tool. Results show: (1) there is a good number of privacy policy URLs checked repeatedly by the user base; (2) the users are particularly interested in privacy policies of software services; and (3) PrivacyCheck increased the number of times a user consults privacy policies by 80%. Our work demonstrates the potential of ML-based privacy analysis tools and also sheds light on how these tools are used in practice to give users actionable knowledge they can use to pro-actively protect their privacy.

Context: Security is vital to software developed for commercial or personal use. Although more organizations are realizing the importance of applying secure coding practices, in many of them, security concerns are not known or addressed until a security failure occurs. The root cause of security failures is vulnerable code. While metrics have been used to predict software vulnerabilities, we explore the relationship between code and architectural smells with security weaknesses. As smells are surface indicators of a deeper problem in software, determining the relationship between smells and software vulnerabilities can play a significant role in vulnerability prediction models. Objective: This study explores the relationship between smells and software vulnerabilities to identify the smells. Method: We extracted the class, method, file, and package level smells for three systems: Apache Tomcat, Apache CXF, and Android. We then compared their occurrences in the vulnerable classes which were reported to contain vulnerable code and in the neutral classes (non-vulnerable classes where no vulnerability had yet been reported). Results: We found that a vulnerable class is more likely to have certain smells compared to a non-vulnerable class. God Class, Complex Class, Large Class, Data Class, Feature Envy, Brain Class have a statistically significant relationship with software vulnerabilities. We found no significant relationship between architectural smells and software vulnerabilities. Conclusion: We can conclude that for all the systems examined, there is a statistically significant correlation between software vulnerabilities and some smells.

An effective way for building secure software is to embed security into software in the early stages of software development. Thus, we aim to study several evidences of code anomalies introduced during the software development phase, that may be indicators of security issues in software, such as code smells, structural complexity represented by diverse software metrics, the issues detected by static code analysers, and finally missing security best practices. To use such evidences for vulnerability prediction and removal, we first need to understand how they are correlated with security issues. Then, we need to discover how these imperfect raw data can be integrated to achieve a reliable, accurate and valuable decision about a portion of code. Finally, we need to construct a security actuator providing suggestions to the developers to remove or fix the detected issues from the code. All of these will lead to the construction of a framework, including security monitoring, security analyzer, and security actuator platforms, that are necessary for a security-aware integrated development environment (SIDE).

This paper presents an introduction to functional safety through ISO 26262 focusing on system, software and hardware possible failures that bring security threats and discussion on DO 254. It discusses the approach to bridge the gap between different other hazard level and system ability to identify the particular fault and resolve it minimum time span possible. Results are analyzed by designing models to check and avoid all the failures, loophole prior development.

In this paper, we observed Continuous Attacks are one kind of common side channel attack scenarios, where an adversary frequently probes the same target cache lines in a short time. Continuous Attacks cause target cache lines to go through multiple load-evict processes, exhibiting Ping-Pong Patterns. Identifying and obscuring Ping-Pong Patterns effectively interferes with the attacker's probe and mitigates Continuous Attacks. Based on the observations, this paper proposes Ping-Pong Regulator to identify multiple Ping-Pong Patterns and block them with different strategies (Preload or Lock). The Preload proactively loads target lines into the cache, causing the attacker to mistakenly infer that the victim has accessed these lines; the Lock fixes the attacked lines' directory entries on the last level cache directory until they are evicted out of caches, making an attacker's observation of the locked lines is always the L2 cache miss. The experimental evaluation demonstrates that the Ping-Pong Regulator efficiently identifies and secures attacked lines, induces negligible performance impacts and storage overhead, and does not require any software support.

Software Defined Networking (SDN) is disruptive networking technology which adopts a centralised framework to facilitate fine-grained network management. However security in SDN is still in its infancy and there is need for significant work to deal with different attacks in SDN. In this paper we discuss some of the possible attacks on SDN switches and propose techniques for detecting the attacks on switches. We have developed a Switch Security Application (SSA)for SDN Controller which makes use of trusted computing technology and some additional components for detecting attacks on the switches. In particular TPM attestation is used to ensure that switches are in trusted state during boot time before configuring the flow rules on the switches. The additional components are used for storing and validating messages related to the flow rule configuration of the switches. The stored information is used for generating a trusted report on the expected flow rules in the switches and using this information for validating the flow rules that are actually enforced in the switches. If there is any variation to flow rules that are enforced in the switches compared to the expected flow rules by the SSA, then, the switch is considered to be under attack and an alert is raised to the SDN Administrator. The administrator can isolate the switch from network or make use of trusted report for restoring the flow rules in the switches. We will also present a prototype implementation of our technique.

The new network based on software-defined network SDN and network function virtualization NFV will replace the traditional network, so it is urgent to study the network security architecture based on the new network environment. This paper presents a software - defined security SDS architecture. It is open and universal. It provides an open interface for security services, security devices, and security management. It enables different network security vendors to deploy security products and security solutions. It can realize the deployment, arrangement and customization of virtual security function VSFs. It implements fine-grained data flow control and security policy management. The author analyzes the different types of attacks that different parts of the system are vulnerable to. The defender can disable the network attacks by changing the server-side security configuration scheme. The future research direction of network security is put forward.

This paper demonstrates that it is possible to execute sophisticated and powerful fault injection attacks on microcontrollers using low-cost equipment and readily available components. Earlier work had implied that powerful lasers and high grade optics frequently used to execute such attacks were being underutilized and that attacks were equally effective when using low-power settings and imprecise focus. This work has exploited these earlier findings to develop a low-cost laser workstation capable of generating multiple discrete faults with timing accuracy capable of targeting consecutive instruction cycles. We have shown that the capabilities of this new device exceed those of the expensive laboratory equipment typically used in related work. We describe a simplified fault model to categorize the effects of induced errors on running code and use it, along with the new device, to reevaluate the efficacy of different defensive coding techniques. This has enabled us to demonstrate an efficient hybrid defense that outperforms the individual defenses on our chosen target. This approach enables device programmers to select an appropriate compromise between the extremes of undefended code and unusable overdefended code, to do so specifically for their chosen device and without the need for prohibitively expensive equipment. This work has particular relevance in the burgeoning IoT world where many small companies with limited budgets are deploying low-cost microprocessors in ever more security sensitive roles.

Fault attacks consist in changing the program behavior by injecting faults at run-time, either at hardware or at software level. Their goal is to change the correct progress of the algorithm and hence, either to allow gaining some privilege access or to allow retrieving some secret information based on an analysis of the deviation of the corrupted behavior with respect to the original one. Countermeasures have been proposed to protect embedded systems by adding spatial, temporal or information redundancy at hardware or software level. First we define Countermeasures Check Point (CCP) and CCPs-based countermeasures as an important subclass of countermeasures. Then we propose a methodology to generate an optimal protection scheme for CCPs-based countermeasure. Finally we evaluate our work on a benchmark of code examples with respect to several Control Flow Integrity (CFI) oriented existing protection schemes.