Biblio

The user's access history can be used as an important reference factor in determining whether to allow the current access request or not. And it is often ignored by the existing access control models. To make up for this defect, a Dynamic Trust - game theoretic Access Control model is proposed based on the previous work. This paper proposes a method to quantify the user's trust in the cloud environment, which uses identity trust, behavior trust, and reputation trust as metrics. By modeling the access process as a game and introducing the user's trust value into the pay-off matrix, the mixed strategy Nash equilibrium of cloud user and service provider is calculated respectively. Further, a calculation method for the threshold predefined by the service provider is proposed. Authorization of the access request depends on the comparison of the calculated probability of the user's adopting a malicious access policy with the threshold. Finally, we summarize this paper and make a prospect for future work.

The main technology of traditional information security is firewall, intrusion detection and anti-virus software, which is used in the first anti-outer defence, the first anti-service terminal defence terminal passive defence ideas, the complexity and complexity of these security technologies not only increase the complexity of the autonomous system, reduce the efficiency of the system, but also cannot solve the security problem of the information system, and cannot satisfy the security demand of the information system. After a significant stretch of innovative work, individuals utilize the secret word innovation, network security innovation, set forward the idea “confided in figuring” in view of the equipment security module support, Trusted processing from changing the customary protection thoughts, center around the safety efforts taken from the terminal to forestall framework assaults, from the foundation of the stage, the acknowledgment of the security of data frameworks. Believed figuring is chiefly worried about the security of the framework terminal, utilizing a progression of safety efforts to ensure the protection of clients to work on the security of independent frameworks. Its principle plan thought is implanted in a typical machine to oppose altering the equipment gadget - confided in stage module as the base of the trust, the utilization of equipment and programming innovation to join the trust of the base of trust through the trust bind level to the entire independent framework, joined with the security of information stockpiling insurance, client validation and stage respectability of the three significant safety efforts guarantee that the terminal framework security and unwavering quality, to guarantee that the terminal framework is consistently in a condition of conduct anticipated.

Integrity verification of cloud data is of great importance for secure and effective cloud storage since attackers can change the data even though it is encrypted. Traditional integrity verification schemes only let the client know the integrity status of the remote data. When the data is corrupted, the system cannot hold the server accountable. Besides, almost all existing schemes assume that the users are credible. Instead, especially in a dynamic operation environment, users can deny their behaviors, and let the server bear the penalty of data loss. To address the issues above, we propose an accountable dynamic storage integrity verification (ADS-IV) scheme which provides means to detect or eliminate misbehavior of all participants. In the meanwhile, we modify the Invertible Bloom Filter (IBF) to recover the corrupted data and use the Mahalanobis distance to calculate the degree of damage. We prove that our scheme is secure under Computational Diffie-Hellman (CDH) assumption and Discrete Logarithm (DL) assumption and that the audit process is privacy-preserving. The experimental results demonstrate that the computational complexity of the audit is constant; the storage overhead is \$O(\textbackslashtextbackslashsqrt n )\$, which is only 1/400 of the size of the original data; and the whole communication overhead is O(1).As a result, the proposed scheme is not only suitable for large-scale cloud data storage systems, but also for systems with sensitive data, such as banking systems, medical systems, and so on.

Significant advancements in Intrusion Detection Systems has led to improved alerts. However, Intrusion Response Systems which aim to automatically respond to these alerts, is a research area which is not yet advanced enough to benefit from full automation. In Security Operations Centres, analysts can implement countermeasures using knowledge and past experience to adapt to new attacks. Attempts at automated Intrusion Response Systems fall short when a new attack occurs to which the system has no specific knowledge or effective countermeasure to apply, even leading to overkill countermeasures such as restarting services and blocking ports or IPs. In this paper, a countermeasure standard is proposed which enables countermeasure intelligence sharing, automated countermeasure adoption and execution by an Intrusion Response System. An attack scenario is created on an emulated network using the Common Open Research Emulator, where an insider attack attempts to exploit a buffer overflow on an Exim mail server. Experiments demonstrate that an Intrusion Response System with dynamic countermeasure knowledge can stop attacks that would otherwise succeed with a static predefined countermeasure approach.

We present a fast dynamic graph data structure for the GPU. Our dynamic graph structure uses one hash table per vertex to store adjacency lists and achieves 3.4-14.8x faster insertion rates over the state of the art across a diverse set of large datasets, as well as deletion speedups up to 7.8x. The data structure supports queries and dynamic updates through both edge and vertex insertion and deletion. In addition, we define a comprehensive evaluation strategy based on operations, workloads, and applications that we believe better characterize and evaluate dynamic graph data structures.

Remote attestation is the process of measuring the integrity of a device over the network, by detecting modification of software or hardware from the original configuration. Several remote software-based attestation mechanisms have been introduced, that rely on strict time constraints and other impractical constraints that make them inconvenient for IoT systems. Although some research is done to address these issues, they integrated trusted hardware devices to the attested devices to accomplish their aim, which is costly and not convenient for many use cases. In this paper, we propose “Dual Attestation” that includes two stages: static and dynamic. The static attestation phase checks the memory of the attested device. The dynamic attestation technique checks the execution correctness of the application code and can detect the runtime attacks. The objectives are to minimize the overhead and detect these attacks, by developing an optimized dynamic technique that checks the application program flow. The optimization will be done in the prover and the verifier sides.

SQL injection attack (SQLIA) pose a serious security threat to the database driven web applications. This kind of attack gives attackers easily access to the application's underlying database and to the potentially sensitive information these databases contain. A hacker through specifically designed input, can access content of the database that cannot otherwise be able to do so. This is usually done by altering SQL statements that are used within web applications. Due to importance of security of web applications, researchers have studied SQLIA detection and prevention extensively and have developed various methods. In this research, after reviewing the existing research in this field, we present a new hybrid method to reduce the vulnerability of the web applications. Our method is specifically designed to detect and prevent SQLIA. Our proposed method is consists of three phases namely, the database design, implementation, and at the common gateway interface (CGI). Details of our approach along with its pros and cons are discussed in detail.

Cloud computing is becoming more and more popular day by day due to its maintenance, multitenancy and performance. Data owners are motivated to outsource their data to the cloud servers for resource pooling and productivity where multiple users can work on the same data concurrently. These servers offer great convenience and reduced cost for the computation, storage and management of data. But concerns can persist for loss of control over certain sensitive information. The complexity of security is largely intensified when data is distributed over a greater number of devices and data is shared among unrelated users. So these sensitive data should be encrypted for solving these security issues that many consumers cannot afford to tackle. In this paper, we present a dynamic searchable encryption scheme whose update operation can be completed by cloud server while reserving the ability to support multi-keyword ranked search. We have designed a scheme where dynamic operations on data like insert, update and delete are performed by cloud server without decrypting the data. Thus this scheme not only ensures dynamic operations on data but also provides a secure technique by performing those tasks without decryption. The state-of-the-art methods let the data users retrieve the data, re-encrypt it under the new policy and then send it again to the cloud. But our proposed method saves this high computational overhead by reducing the burden of performing dynamic operation by the data owners. The secure and widely used TF × IDF model is used along with kNN algorithm for construction of the index and generation of the query. We have used a tree-based index structure, so our proposed scheme can achieve a sub-linear search time. We have conducted experiments on Amazon EC2 cloud server with three datasets by updating a file, appending a file and deleting a file from the document collection and compared our result with the state-of-the-art method. Results show th- t our scheme has an average running time of 42ms which is 75% less than the existing method.

Small sized unmanned aerial vehicles (UAV) play major roles in variety of applications for aerial explorations and surveillance, transport, videography/photography and other areas. However, some other real life applications of UAV have also been studied. One of them is as a 'Disaster Response' component. In a post disaster situation, the UAVs can be used for search and rescue, damage assessment, rapid response and other emergency operations. However, in a disaster response situation it is very challenging to predict whether the climatic conditions are suitable to fly the UAV. Also it is necessary for an efficient dynamic path planning technique for effective damage assessment. In this paper, such dynamic path planning algorithms have been proposed for micro-jet, a small sized fixed wing UAV for data collection and dissemination in a post disaster situation. The proposed algorithms have been implemented on paparazziUAV simulator considering different environment simulators (wind speed, wind direction etc.) and calibration parameters of UAV like battery level, flight duration etc. The results have been obtained and compared with baseline algorithm used in paparazziUAV simulator for navigation. It has been observed that, the proposed navigation techniques work well in terms of different calibration parameters (flight duration, battery level) and can be effective not only for shelter point detection but also to reserve battery level, flight time for micro-jet in a post disaster scenario. The proposed techniques take approximately 20% less time and consume approximately 19% less battery power than baseline navigation technique. From analysis of produced results, it has been observed that the proposed work can be helpful for estimating the feasibility of flying UAV in a disaster response situation. Finally, the proposed path planning techniques have been carried out during field test using a micro-jet. It has been observed that, our proposed dynamic path planning algorithms give proximate results compare to simulation in terms of flight duration and battery level consumption.