Visible to the public Biblio

Filters: Keyword is Portals  [Clear All Filters]
2022-07-12
Oikonomou, Nikos, Mengidis, Notis, Spanopoulos-Karalexidis, Minas, Voulgaridis, Antonis, Merialdo, Matteo, Raisr, Ivo, Hanson, Kaarel, de La Vallee, Paloma, Tsikrika, Theodora, Vrochidis, Stefanos et al..  2021.  ECHO Federated Cyber Range: Towards Next-Generation Scalable Cyber Ranges. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :403—408.
Cyber ranges are valuable assets but have limitations in simulating complex realities and multi-sector dependencies; to address this, federated cyber ranges are emerging. This work presents the ECHO Federated Cyber Range, a marketplace for cyber range services, that establishes a mechanism by which independent cyber range capabilities can be interconnected and accessed via a convenient portal. This allows for more complex and complete emulations, spanning potentially multiple sectors and complex exercises. Moreover, it supports a semi-automated approach for processing and deploying service requests to assist customers and providers interfacing with the marketplace. Its features and architecture are described in detail, along with the design, validation and deployment of a training scenario.
2021-12-20
Baby, Ann, Shilpa, Philomine.  2021.  An Integrated Web-Based Approach for Security Enhancement by Identification and Prevention of Scam Websites. 2021 2nd International Conference on Advances in Computing, Communication, Embedded and Secure Systems (ACCESS). :38–43.
Scam websites or illegitimate internet portals are widely used to mislead users into fraud or malicious attacks, which may involve compromise of vital information. Scammers misuse the secrecy and anonymity of the internet of facade their true identity and purposes behind numerous disguises. These can include false security alerts, information betrayal, and other misleading presentations to give the impression of legality and lawfulness. The proposed research is a web-based application - Scam Website Analyser- which enables checking whether a website is a scammed one.. The main aim of the research is to improve security and prevent scams of public websites. It ensures maintaining the details of scam websites in a database and also requests the websites of other databases using external APIs. The basic idea behind the research is the concept of user -orienteers where the user is able to get information about scam websites and prevent themselves from using those sites in future.
2021-08-02
Gafurov, Davrondzhon, Hurum, Arne Erik.  2020.  Efficiency Metrics and Test Case Design for Test Automation. 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :15—23.
In this paper, we present our test automation work applied on national e-health portal for residents in Norway which has over million monthly visits. The focus of the work is threefold: delegating automation tasks and increasing reusability of test artifacts; metrics for estimating efficiency when creating test artifacts and designing robust automated test cases. Delegating (part of) test automation tasks from technical specialist (e.g. programmer - expensive resource) to non-technical specialist (e.g. domain expert, functional tester) is carried out by transforming low level test artifacts into high level test artifacts. Such transformations not only reduce dependency on specialists with coding skills but also enables involving more stakeholders with domain knowledge into test automation. Furthermore, we propose simple metrics which are useful for estimating efficiency during such transformations. Examples of the new metrics are implementation creation efficiency and test creation efficiency. We describe how we design automated test cases in order to reduce the number of false positives and minimize code duplication in the presence of test data challenge (i.e. using same test data both for manual and automated testing). We have been using our test automation solution for over three years. We successfully applied test automation on 2 out of 6 Scrum teams in Helsenorge. In total there are over 120 automated test cases with over 600 iterations (as of today).
2021-04-27
Saganowski, S..  2020.  A Three-Stage Machine Learning Network Security Solution for Public Entities. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1097–1104.
In the era of universal digitization, ensuring network and data security is extremely important. As a part of the Regional Center for Cybersecurity initiative, a three-stage machine learning network security solution is being developed and will be deployed in March 2021. The solution consists of prevention, monitoring, and curation stages. As prevention, we utilize Natural Language Processing to extract the security-related information from social media, news portals, and darknet. A deep learning architecture is used to monitor the network in real-time and detect any abnormal traffic. A combination of regular expressions, pattern recognition, and heuristics are applied to the abuse reports to automatically identify intrusions that passed other security solutions. The lessons learned from the ongoing development of the system, alongside the results, extensive analysis, and discussion is provided. Additionally, a cybersecurity-related corpus is described and published within this work.
2021-01-28
Kumar, B. S., Daniya, T., Sathya, N., Cristin, R..  2020.  Investigation on Privacy Preserving using K-Anonymity Techniques. 2020 International Conference on Computer Communication and Informatics (ICCCI). :1—7.

In the current world, day by day the data growth and the investigation about that information increased due to the pervasiveness of computing devices, but people are reluctant to share their information on online portals or surveys fearing safety because sensitive information such as credit card information, medical conditions and other personal information in the wrong hands can mean danger to the society. These days privacy preserving has become a setback for storing data in data repository so for that reason data in the repository should be made undistinguishable, data is encrypted while storing and later decrypted when needed for analysis purpose in data mining. While storing the raw data of the individuals it is important to remove person-identifiable information such as name, employee id. However, the other attributes pertaining to the person should be encrypted so the methodologies used to implement. These methodologies can make data in the repository secure and PPDM task can made easier.

2020-11-20
Wang, X., Herwono, I., Cerbo, F. D., Kearney, P., Shackleton, M..  2018.  Enabling Cyber Security Data Sharing for Large-scale Enterprises Using Managed Security Services. 2018 IEEE Conference on Communications and Network Security (CNS). :1—7.
Large enterprises and organizations from both private and public sectors typically outsource a platform solution, as part of the Managed Security Services (MSSs), from 3rd party providers (MSSPs) to monitor and analyze their data containing cyber security information. Sharing such data among these large entities is believed to improve their effectiveness and efficiency at tackling cybercrimes, via improved analytics and insights. However, MSS platform customers currently are not able or not willing to share data among themselves because of multiple reasons, including privacy and confidentiality concerns, even when they are using the same MSS platform. Therefore any proposed mechanism or technique to address such a challenge need to ensure that sharing is achieved in a secure and controlled way. In this paper, we propose a new architecture and use case driven designs to enable confidential, flexible and collaborative data sharing among such organizations using the same MSS platform. MSS platform is a complex environment where different stakeholders, including authorized MSSP personnel and customers' own users, have access to the same platform but with different types of rights and tasks. Hence we make every effort to improve the usability of the platform supporting sharing while keeping the existing rights and tasks intact. As an innovative and pioneering attempt to address the challenge of data sharing in the MSS platform, we hope to encourage further work to follow so that confidential and collaborative sharing eventually happens among MSS platform customers.
2020-07-13
Fan, Wenjun, Ziembicka, Joanna, de Lemos, Rogério, Chadwick, David, Di Cerbo, Francesco, Sajjad, Ali, Wang, Xiao-Si, Herwono, Ian.  2019.  Enabling Privacy-Preserving Sharing of Cyber Threat Information in the Cloud. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :74–80.
Network threats often come from multiple sources and affect a variety of domains. Collaborative sharing and analysis of Cyber Threat Information (CTI) can greatly improve the prediction and prevention of cyber-attacks. However, CTI data containing sensitive and confidential information can cause privacy exposure and disclose security risks, which will deter organisations from sharing their CTI data. To address these concerns, the consortium of the EU H2020 project entitled Collaborative and Confidential Information Sharing and Analysis for Cyber Protection (C3ISP) has designed and implemented a framework (i.e. C3ISP Framework) as a service for cyber threat management. This paper focuses on the design and development of an API Gateway, which provides a bridge between end-users and their data sources, and the C3ISP Framework. It facilitates end-users to retrieve their CTI data, regulate data sharing agreements in order to sanitise the data, share the data with privacy-preserving means, and invoke collaborative analysis for attack prediction and prevention. In this paper, we report on the implementation of the API Gateway and experiments performed. The results of these experiments show the efficiency of our gateway design, and the benefits for the end-users who use it to access the C3ISP Framework.
2020-06-08
De Guzman, Froilan E., Gerardo, Bobby D., Medina, Ruji P..  2019.  Implementation of Enhanced Secure Hash Algorithm Towards a Secured Web Portal. 2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS). :189–192.
In this paper, the application of the enhanced secure hash algorithm-512 is implemented on web applications specifically in password hashing. In addition to the enhancement of hash function, hill cipher is included for the salt generation to increase the complexity of generating hash tables that may be used as an attack on the algorithm. The testing of same passwords saved on the database is used to create hash collisions that will result to salt generation to produce a new hash message. The matrix encryption key provides five matrices to be selected upon based on the length of concatenated username, password, and concatenated characters from the username. In this process, same password will result to a different hash message that will to make it more secured from future attacks.
2020-05-22
Wu, Boyang, Li, Hewu, Wu, Qian.  2019.  Extending Authentication Mechanism to Cooperate with Accountable Address Assignment. 2019 IEEE Wireless Communications and Networking Conference (WCNC). :1—7.

Lack of effective accountability mechanisms brings a series of security problems for Internet today. In Next Generation Internet based on IPv6, the system of identity authentication and IP verification is the key to accounting ability. Source Address Validation Improvement (SAVI) can protect IP source addresses from being faked. But without identity authentication mechanism and certain relationship between IP and accountable identity, the accountability is still unreliable. To solve this problem, most research focus on embedding accountable identity into IP address which need either changing DHCP client or twice DHCP request process due to the separate process of user authentication and address assignment. Different from previous research, this paper first analyzes the problems and requirements of combining Web Portal or 802.1X, two main identity authentication mechanism (AAA), with the accountable address assignment in SAVI frame-work. Then a novel Cooperative mechanism for Accountable IP address assignment (CAIP) is proposed based on 802.1X and SAVI, which takes into account the validation of IP address, the authenticity and accountability of identity at the same time. Finally, we build up prototype system for both Fat AP and Thin AP wireless scenarios and simulate the performance of CAIP through large-scale campus networks' data logs. The experiment result shows that the IP addresses and identities in CAIP are protective and accountable. Compared with other previous research, CAIP is not only transparent to the terminals and networks, but also low impact on network equipment, which makes CAIP easy deployment with high compatibility and low cost.

2020-02-10
Prout, Andrew, Arcand, William, Bestor, David, Bergeron, Bill, Byun, Chansup, Gadepally, Vijay, Houle, Michael, Hubbell, Matthew, Jones, Michael, Klein, Anna et al..  2019.  Securing HPC using Federated Authentication. 2019 IEEE High Performance Extreme Computing Conference (HPEC). :1–7.
Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user's more frequently used account at their primary organization both provides a better experience to the end user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process. This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and In Common Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have received only positive feedback from our users.
2019-09-04
Xiong, M., Li, A., Xie, Z., Jia, Y..  2018.  A Practical Approach to Answer Extraction for Constructing QA Solution. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). :398–404.
Question Answering system(QA) plays an increasingly important role in the Internet age. The proportion of using the QA is getting higher and higher for the Internet users to obtain knowledge and solve problems, especially in the modern agricultural filed. However, the answer quality in QA varies widely due to the agricultural expert's level. Answer quality assessment is important. Due to the lexical gap between questions and answers, the existing approaches are not quite satisfactory. A practical approach RCAS is proposed to rank the candidate answers, which utilizes the support sets to reduce the impact of lexical gap between questions and answers. Firstly, Similar questions are retrieved and support sets are produced with their high-quality answers. Based on the assumption that high quality answers would also have intrinsic similarity, the quality of candidate answers are then evaluated through their distance from the support sets. Secondly, Different from the existing approaches, previous knowledge from similar question-answer pairs are used to bridge the straight lexical and semantic gaps between questions and answers. Experiments are implemented on approximately 0.15 million question-answer pairs about agriculture, dietetics and food from Yahoo! Answers. The results show that our approach can rank the candidate answers more precisely.
2018-05-30
Su, W., Antoniou, A., Eagle, C..  2017.  Cyber Security of Industrial Communication Protocols. 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). :1–4.

In this paper, an industrial testbed is proposed utilizing commercial-off-the-shelf equipment, and it is used to study the weakness of industrial Ethernet, i.e., PROFINET. The investigation is based on observation of the principles of operation of PROFINET and the functionality of industrial control systems.

2015-05-06
Kanewala, T.A., Marru, S., Basney, J., Pierce, M..  2014.  A Credential Store for Multi-tenant Science Gateways. Cluster, Cloud and Grid Computing (CCGrid), 2014 14th IEEE/ACM International Symposium on. :445-454.

Science Gateways bridge multiple computational grids and clouds, acting as overlay cyber infrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges.

2015-05-05
Mahmood, A., Akbar, A.H..  2014.  Threats in end to end commercial deployments of Wireless Sensor Networks and their cross layer solution. Information Assurance and Cyber Security (CIACS), 2014 Conference on. :15-22.

Commercial Wireless Sensor Networks (WSNs) can be accessed through sensor web portals. However, associated security implications and threats to the 1) users/subscribers 2) investors and 3) third party operators regarding sensor web portals are not seen in completeness, rather the contemporary work handles them in parts. In this paper, we discuss different kind of security attacks and vulnerabilities at different layers to the users, investors including Wireless Sensor Network Service Providers (WSNSPs) and WSN itself in relation with the two well-known documents i.e., “Department of Homeland Security” (DHS) and “Department of Defense (DOD)”, as these are standard security documents till date. Further we propose a comprehensive cross layer security solution in the light of guidelines given in the aforementioned documents that is minimalist in implementation and achieves the purported security goals.
 

2015-05-04
Memon, A.S., Jensen, J., Cernivec, A., Benedyczak, K., Riedel, M..  2014.  Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure. Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on. :726-731.

One of the challenges in a distributed data infrastructure is how users authenticate to the infrastructure, and how their authorisations are tracked. Each user community comes with its own established practices, all different, and users are put off if they need to use new, difficult tools. From the perspective of the infrastructure project, the level of assurance must be high enough, and it should not be necessary to reimplement an authentication and authorisation infrastructure (AAI). In the EUDAT project, we chose to implement a mostly loosely coupled approach based on the outcome of the Contrail and Unicore projects. We have preferred a practical approach, combining the outcome of several projects who have contributed parts of the puzzle. The present paper aims to describe the experiences with the integration of these parts. Eventually, we aim to have a full framework which will enable us to easily integrate new user communities and new services.

2015-04-30
Muller, K., Sigl, G., Triquet, B., Paulitsch, M..  2014.  On MILS I/O Sharing Targeting Avionic Systems. Dependable Computing Conference (EDCC), 2014 Tenth European. :182-193.

This paper discusses strategies for I/O sharing in Multiple Independent Levels of Security (MILS) systems mostly deployed in the special environment of avionic systems. MILS system designs are promising approaches for handling the increasing complexity of functionally integrated systems, where multiple applications run concurrently on the same hardware platform. Such integrated systems, also known as Integrated Modular Avionics (IMA) in the aviation industry, require communication to remote systems located outside of the hosting hardware platform. One possible solution is to provide each partition, the isolated runtime environment of an application, a direct interface to the communication's hardware controller. Nevertheless, this approach requires a special design of the hardware itself. This paper discusses efficient system architectures for I/O sharing in the environment of high-criticality embedded systems and the exemplary analysis of Free scale's proprietary Data Path Acceleration Architecture (DPAA) with respect to generic hardware requirements. Based on this analysis we also discuss the development of possible architectures matching with the MILS approach. Even though the analysis focuses on avionics it is equally applicable to automotive architectures such as Auto SAR.