Biblio

The purpose of the work was to study the fault- tolerant pattern of secure access of computer system nodes to external network resources - the pattern of secure access `Connecting node'. The pattern of secure access `Connecting node' includes a group/cluster (or several groups) of routers, a computing node that includes hardware and software for information protection and communication channels that connect it to the end nodes of the computing system and the external network (network resources that are not controlled by the information protection system). The efficiency assessment and comparative analysis of options for designing a pattern of secure access `Connecting node' according to various efficiency criteria were carried out. In this work, an assessment of the individual and comprehensive efficiency index was carried out. It was assumed that the system is recoverable. The effectiveness of using some options of designing a pattern of secure access in terms of the operational availability factor, as well as a group of parameters - the operational availability factor, service delays of information protection system and the grade of information protection.

The computation speed of computer systems is getting faster and the memory has been enhanced in performance and density through process scaling. However, due to the process scaling, DRAMs are recently suffering from numerous inherent faults. DRAM vendors suggest In-DRAM Error Correcting Code (IECC) to cope with the unreliable operation. However, the conventional IECC schemes have concerns about miscorrection and performance degradation. This paper proposes a pin-aligned In-DRAM ECC architecture using the expandability of a Reed-Solomon code (PAIR), that aligns ECC codewords with DQ pin lines (data passage of DRAM). PAIR is specialized in managing widely distributed inherent faults without the performance degradation, and its correction capability is sufficient to correct burst errors as well. The experimental results analyzed with the latest DRAM model show that the proposed architecture achieves up to 106 times higher reliability than XED with 14% performance improvement, and 10 times higher reliability than DUO with a similar performance, on average.

Security and privacy in computer systems has always been an important aspect of computer engineering and will continue to grow in importance as computer systems become entrusted to handle an ever increasing amount of sensitive information. Classical exploitation techniques such as memory corruption or shell command injection have been well researched and thus there exists known design patterns to avoid and penetration testing tools for testing the robustness of programs against these types of attacks. When it comes to the notion of program security requirements being violated through indirect means referred to as side-channels, testing frameworks of quality comparable to popular memory safety or command injection tools are not available. Recent computer security research has shown that private information may be indirectly leaked through side-channels such as patterns of encrypted network traffic, CPU and motherboard noise, and monitor ambient light. This paper presents the design and evaluation of a side-channel detection and exploitation framework that follows a machine learning based plugin oriented architecture thus allowing side-channel research to be conducted on a wide-variety of side-channel sources.

Malware is any software that causes harm to the user information, computer systems or network. Modern computing and internet systems are facing increase in malware threats from the internet. It is observed that different malware follows the same patterns in their structure with minimal alterations. The type of threats has evolved, from file-based malware to fileless malware, such kind of threats are also known as Advance Volatile Threat (AVT). Fileless malware is complex and evasive, exploiting pre-installed trusted programs to infiltrate information with its malicious intent. Fileless malware is designed to run in system memory with a very small footprint, leaving no artifacts on physical hard drives. Traditional antivirus signatures and heuristic analysis are unable to detect this kind of malware due to its sophisticated and evasive nature. This paper provides information relating to detection, mitigation and analysis for such kind of threat.

The problems of synthesis of a digital data encryption system based on dynamic chaos in a research project carried out at the Department of Marine Electronics (SMTU) are considered. A description is made of the problems of generating a chaotic (random) signal in computer systems with calculations with finite accuracy.

The increasing of malwares has presented a serious threat to the security of computer systems in recent years. Traditional signature-based anti-virus systems are not able to detect metamorphic and previously unseen malwares and it inspires people to use machine learning methods such as Naive Bayes and Decision Tree to identity malicious executables. Among these methods, detecting malwares by using Support Vector Machine (SVM) is one of the most effective approaches. However, the parameters of SVM have serious impacts on its classification performance. In order to find the optimal parameter combination and avoid the problem of falling into local optimal solution, many methods based on evolutionary algorithms are proposed, including Particle Swarm Optimization (PSO), Genetic Algorithm (GA), Differential Evolution (DE) and others. But these algorithms still face the problem of being trapped into local solution spaces in different degree. In this paper, an improved fireworks algorithm is presented and applied to search parameters of SVM: penalty factor c and kernel function parameter g. To research the performance of the proposed algorithm, numeric experiments are made and compared with some typical algorithms, the experimental results demonstrate it outperforms other algorithms.

As time progresses, new and complex malware types are being generated which causes a serious threat to computer systems. Due to this drastic increase in the number of malware samples, the signature-based malware detection techniques cannot provide accurate results. Different studies have demonstrated the proficiency of machine learning for the detection and classification of malware files. Further, the accuracy of these machine learning models can be improved by using feature selection algorithms to select the most essential features and reducing the size of the dataset which leads to lesser computations. In this paper, we have developed a machine learning based malware analysis framework for efficient and accurate malware detection and classification. We used Cuckoo sandbox for dynamic analysis which executes malware in an isolated environment and generates an analysis report based on the system activities during execution. Further, we propose a feature extraction and selection module which extracts features from the report and selects the most important features for ensuring high accuracy at minimum computation cost. Then, we employ different machine learning algorithms for accurate detection and fine-grained classification. Experimental results show that we got high detection and classification accuracy in comparison to the state-of-the-art approaches.

Cyber adversaries employ a variety of malware and exploits to attack computer systems, usually via sequential or “chained” attacks, that take advantage of vulnerability dependencies. In this paper, we introduce a formalism to model such attacks. We show that the determination of the set of capabilities gained by an attacker, which also translates to extent to which the system is compromised, corresponds with the convergence of a simple fixed-point operator. We then address the problem of determining the optimal/most-dangerous strategy for a cyber-adversary with respect to this model and find it to be an NP-Complete problem. To address this complexity we utilize an A*-based approach with an admissible heuristic, that incorporates the result of the fixed-point operator and uses memoization for greater efficiency. We provide an implementation and show through a suite of experiments, using both simulated and actual vulnerability data, that this method performs well in practice for identifying adversarial courses of action in this domain. On average, we found that our techniques decrease runtime by 82%.

The problems of random numbers application to the information security of data, communication lines, computer units and automated driving systems are considered. The possibilities for making up quantum generators of random numbers and existing solutions for acquiring of sufficiently random sequences are analyzed. The authors found out the method for the creation of quantum generators on the basis of semiconductor electronic components. The electron-quantum generator based on electrons tunneling is experimentally demonstrated. It is shown that it is able to create random sequences of high security level and satisfying known NIST statistical tests (P-Value\textbackslashtextgreater0.9). The generator created can be used for formation of both closed and open cryptographic keys in computer systems and other platforms and has great potential for realization of random walks and probabilistic computing on the basis of neural nets and other IT problems.

Computer security has gained more and more attention in a public over the last years, since computer systems are suffering from significant and increasing security threats that cause security breaches by exploiting software vulnerabilities. The most efficient way to ensure the system security is to patch the vulnerable system before a malicious attack occurs. Besides the commonly-used push-type patch management, the pull-type patch management is also adopted. The main issues in the pull-type patch management are two-fold; when to check the vulnerability information and when to apply a patch? This paper considers the security patch management for a virtual machine (VM) based intrusion tolerant system (ITS), where the system undergoes the patch management with a periodic vulnerability checking strategy, and evaluates the system security from the availability aspect. A composite stochastic reward net (SRN) model is applied to capture the attack behavior of adversary and the defense behaviors of system. Two availability measures; interval availability and point-wise availability are formulated to quantify the system security via phase expansion. The proposed approach and metrics not only enable us to quantitatively assess the system security, but also provide insights on the patch management. In numerical experiments, we evaluate effects of the intrusion rate and the number of vulnerability checking on the system security.

Methods for implementing integer arithmetic operations of addition, subtraction, and multiplication in the system of residual classes are considered. It is shown that their practical use in computer systems can significantly improve the performance of the implementation of arithmetic operations. A new method has been developed for raising numbers represented in the system of residual classes to an arbitrary power of a natural number, both in positive and in negative number ranges. An example of the implementation of the proposed method for the construction of numbers represented in the system of residual classes for the value of degree k = 2 is given.

The paper presents a new technique for the botnets' detection in the corporate area networks. It is based on the usage of the algorithms of the artificial immune systems. Proposed approach is able to distinguish benign network traffic from malicious one using the clonal selection algorithm taking into account the features of the botnet's presence in the network. An approach present the main improvements of the BotGRABBER system. It is able to detect the IRC, HTTP, DNS and P2P botnets.

Digital forensic investigators today are faced with numerous problems when recovering footprints of criminal activity that involve the use of computer systems. Investigators need the ability to recover evidence in a forensically sound manner, even when criminals actively work to alter the integrity, veracity, and provenance of data, applications and software that are used to support illicit activities. In many ways, operating systems (OS) can be strengthened from a technological viewpoint to support verifiable, accurate, and consistent recovery of system data when needed for forensic collection efforts. In this paper, we extend the ideas for forensic-friendly OS design by proposing the use of a practical form of computing on encrypted data (CED) and computing with encrypted functions (CEF) which builds upon prior work on component encryption (in circuits) and white-box cryptography (in software). We conduct experiments on sample programs to provide analysis of the approach based on security and efficiency, illustrating how component encryption can strengthen key OS functions and improve tamper-resistance to anti-forensic activities. We analyze the tradeoff space for use of the algorithm in a holistic approach that provides additional security and comparable properties to fully homomorphic encryption (FHE).

Time and cost are the most critical performance metrics for computer systems including embedded system, especially for the battery-based embedded systems, such as PC, mainframe computer, and smart phone. Most of the previous work focuses on saving energy in a deterministic way by taking the average or worst scenario into account. However, such deterministic approaches usually are inappropriate in modeling energy consumption because of uncertainties in conditional instructions on processors and time-varying external environments. Through studying the relationship between energy consumption, execution time and completion probability of tasks on heterogeneous multi-core architectures this paper proposes an optimal energy efficiency and system performance model and the OTHAP (Optimizing Task Heterogeneous Assignment with Probability) algorithm to address the Processor and Voltage Assignment with Probability (PVAP) problem of data-dependent aperiodic tasks in real-time embedded systems, ensuring that all the tasks can be done under the time constraint with areal-time embedded systems guaranteed probability. We adopt a task DAG (Directed Acyclic Graph) to model the PVAP problem. We first use a processor scheduling algorithm to map the task DAG onto a set of voltage-variable processors, and then use our dynamic programming algorithm to assign a proper voltage to each task and The experimental results demonstrate our approach outperforms state-of-the-art algorithms in this field (maximum improvement of 24.6%).

The term “Advanced Persistent Threat” refers to a well-organized, malicious group of people who launch stealthy attacks against computer systems of specific targets, such as governments, companies or military. The attacks themselves are long-lasting, difficult to expose and often use very advanced hacking techniques. Since they are advanced in nature, prolonged and persistent, the organizations behind them have to possess a high level of knowledge, advanced tools and competent personnel to execute them. The attacks are usually preformed in several phases - reconnaissance, preparation, execution, gaining access, information gathering and connection maintenance. In each of the phases attacks can be detected with different probabilities. There are several ways to increase the level of security of an organization in order to counter these incidents. First and foremost, it is necessary to educate users and system administrators on different attack vectors and provide them with knowledge and protection so that the attacks are unsuccessful. Second, implement strict security policies. That includes access control and restrictions (to information or network), protecting information by encrypting it and installing latest security upgrades. Finally, it is possible to use software IDS tools to detect such anomalies (e.g. Snort, OSSEC, Sguil).

This article addresses trust in computer systems as a social phenomenon, which depends on the type of relationship that is established through the computer, or with other individuals. It starts by theoretically contextualizing trust, and then situates trust in the field of computer science. Then, describes the proposed model, which builds on what one perceives to be trustworthy and is influenced by a number of factors such as the history of participation and user's perceptions. It ends by situating the proposed model as a key contribution for leveraging trustful interactions and ends by proposing it used to serve as a complement to foster user's trust needs in what concerns Human-computer Iteration or Computermediated Interactions.