Biblio

Machine learning, specifically deep learning is becoming a key technology component in application domains such as identity management, finance, automotive, and healthcare, to name a few. Proprietary machine learning models - Machine Learning IP - are developed and deployed at the network edge, end devices and in the cloud, to maximize user experience. With the proliferation of applications embedding Machine Learning IPs, machine learning models and hyper-parameters become attractive to attackers, and require protection. Major players in the semiconductor industry provide mechanisms on device to protect the IP at rest and during execution from being copied, altered, reverse engineered, and abused by attackers. In this work we explore system security architecture mechanisms and their applications to Machine Learning IP protection.

Increased use of secure chat and voice/ video apps has transformed the social life. While the benefits and facilitations are seemingly limitless, so are the asscoiacted vulnerabilities and threats. Besides ensuring confidentiality requirements for common users, known facts of non-readable contents over the network make these apps more attractive for criminals. Though access to contents of cryptograhically secure sessions is not possible, network forensics of secure apps can provide interesting information which can be of great help during criminal invetigations. In this paper, we presented a novel framework of profiling the secure chat and voice/ video calling apps which can be employed to extract hidden patterns about the app, information of involved parties, activities of chatting, voice/ video calls, status indications and notifications while having no information of communication protocol of the app and its security architecture. Signatures of any secure app can be developed though our framework and can become base of a large scale solution. Our methodology is considered very important for different cases of criminal investigations and bussiness intelligence solutions for service provider networks. Our results are applicable to any mobile platform of iOS, android and windows.

KP-ABE mechanism emerges as one of the most suitable security scheme for asymmetric encryption. It has been widely used to implement access control solutions. However, due to its expensive overhead, it is difficult to consider this cryptographic scheme in resource-limited networks, such as the IoT. As the cloud has become a key infrastructural support for IoT applications, it is interesting to exploit cloud resources to perform heavy operations. In this paper, a collaborative variant of KP-ABE named C-KP-ABE for cloud-based IoT applications is proposed. Our proposal is based on the use of computing power and storage capacities of cloud servers and trusted assistant nodes to run heavy operations. A performance analysis is conducted to show the effectiveness of the proposed solution.

Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.

Many organizations around the world recognize the vitality of cloud computing. However, some concerns make organizations reluctant to adopting cloud computing. These include data security, privacy, and trust issues. It is very important that these issues are addressed to meet client concerns and to encourage the wider adoption of cloud computing. This paper develops a user privacy framework based upon on emerging security model that includes access control, encryption and protection monitor schemas in the cloud environment.

This paper presents TrustSign, a novel, trusted automatic malware signature generation method based on high-level deep features transferred from a VGG-19 neural network model pre-trained on the ImageNet dataset. While traditional automatic malware signature generation techniques rely on static or dynamic analysis of the malware's executable, our method overcomes the limitations associated with these techniques by producing signatures based on the presence of the malicious process in the volatile memory. Signatures generated using TrustSign well represent the real malware behavior during runtime. By leveraging the cloud's virtualization technology, TrustSign analyzes the malicious process in a trusted manner, since the malware is unaware and cannot interfere with the inspection procedure. Additionally, by removing the dependency on the malware's executable, our method is capable of signing fileless malware. Thus, we focus our research on in-browser cryptojacking attacks, which current antivirus solutions have difficulty to detect. However, TrustSign is not limited to cryptojacking attacks, as our evaluation included various ransomware samples. TrustSign's signature generation process does not require feature engineering or any additional model training, and it is done in a completely unsupervised manner, obviating the need for a human expert. Therefore, our method has the advantage of dramatically reducing signature generation and distribution time. The results of our experimental evaluation demonstrate TrustSign's ability to generate signatures invariant to the process state over time. By using the signatures generated by TrustSign as input for various supervised classifiers, we achieved 99.5% classification accuracy.

In the era of the ever-growing number of smart devices, fraudulent practices through Phishing Websites have become an increasingly severe threat to modern computers and internet security. These websites are designed to steal the personal information from the user and spread over the internet without the knowledge of the user using the system. These websites give a false impression of genuinity to the user by mirroring the real trusted web pages which then leads to the loss of important credentials of the user. So, Detection of such fraudulent websites is an essence and the need of the hour. In this paper, various classifiers have been considered and were found that ensemble classifiers predict to utmost efficiency. The idea behind was whether a combined classifier model performs better than a single classifier model leading to a better efficiency and accuracy. In this paper, for experimentation, three Meta Classifiers, namely, AdaBoostM1, Stacking, and Bagging have been taken into consideration for performance comparison. It is found that Meta Classifier built by combining of simple classifier(s) outperform the simple classifier's performance.

Modern large scale technical systems often face iterative changes on their behaviours with the requirement of validated quality which is not easy to achieve completely with traditional testing. Regression verification is a powerful tool for the formal correctness analysis of software-driven systems. By proving that a new revision of the software behaves similarly as the original version of the software, some of the trust that the old software and system had earned during the validation processes or operation histories can be inherited to the new revision. This trust inheritance by the formal analysis relies on a number of implicit assumptions which are not self-evident but easy to miss, and may lead to a false sense of safety induced by a misunderstood regression verification processes. This paper aims at pointing out hidden, implicit assumptions of regression verification in the context of cyber-physical systems by making them explicit using practical examples. The explicit trust inheritance analysis would clarify for the engineers to understand the extent of the trust that regression verification provides and consequently facilitate them to utilize this formal technique for the system validation.

Security challenges present in Machine-to-Machine Communication (M2M-C) and big data paradigm are fundamentally different from conventional network security challenges. In M2M-C paradigms, “Trust” is a vital constituent of security solutions that address security threats and for such solutions,it is important to quantify and evaluate the amount of trust in the information and its source. In this work, we focus on Machine Learning (ML) Based Trust (MLBT) evaluation model for detecting malicious activities in a vehicular Based M2M-C (VBM2M-C) network. In particular, we present an Entropy Based Feature Engineering (EBFE) coupled Extreme Gradient Boosting (XGBoost) model which is optimized with Binary Particle Swarm optimization technique. Based on three performance metrics, i.e., Accuracy Rate (AR), True Positive Rate (TPR), False Positive Rate (FPR), the effectiveness of the proposed method is evaluated in comparison to the state-of-the-art ensemble models, such as XGBoost and Random Forest. The simulation results demonstrates the superiority of the proposed model with approximately 10% improvement in accuracy, TPR and FPR, with reference to the attacker density of 30% compared with the start-of-the-art algorithms.

We consider distributed Kalman filter for dynamic state estimation over wireless sensor networks. It is promising but challenging when network is under cyber attacks. Since the information exchange between nodes, the malicious attacks quickly spread across the entire network, which causing large measurement errors and even to the collapse of sensor networks. Aiming at the malicious network attack, a trust-based distributed processing frame is proposed. Which allows neighbor nodes to exchange information, and a series of trusted nodes are found using truth discovery. As a demonstration, distributed Cooperative Localization is considered, and numerical results are provided to evaluate the performance of the proposed approach by considering random, false data injection and replay attacks.

Vehicular communication systems increase traffic efficiency and safety by allowing vehicles to share safety-related information and location-based services. Pseudonym schemes are the standard solutions providing driver/vehicle anonymity, whilst enforcing vehicle accountability in case of liability issues. State-of-the-art PKI-based pseudonym schemes present scalability issues, notably due to the centralized architecture of certificate-based solutions. The first Direct Anonymous Attestation (DAA)-based pseudonym scheme was introduced at VNC 2017, providing a decentralized approach to the pseudonym generation and update phases. The DAA-based construction leverages the properties of trusted computing, allowing vehicles to autonomously generate their own pseudonyms by using a (resource constrained) Trusted Hardware Module or Component (TC). This proposition however requires the TC to delegate part of the (heavy) pseudonym generation computations to the (more powerful) vehicle's On-Board Unit (OBU), introducing security and privacy issues in case the OBU becomes compromised. In this paper, we introduce a novel pseudonym scheme based on a variant of DAA, namely a pre-DAA-based pseudonym scheme. All secure computations in the pre-DAA pseudonym lifecycle are executed by the secure element, thus creating a secure enclave for pseudonym generation, update, and revocation. We instantiate vehicle-to-everything (V2X) with our pre-DAA solution, thus ensuring user anonymity and user-controlled traceability within the vehicular network. In addition, the pre-DAA-based construction transfers accountability from the vehicle to the user, thus complying with the many-to-many driver/vehicle relation. We demonstrate the efficiency of our solution with a prototype implementation on a standard Javacard (acting as a TC), showing that messages can be anonymously signed and verified in less than 50 ms.

With the rapid development of the Internet, flow-based approach has attracted more and more attention. To this end, this paper presents a new and efficient architecture to balance accountability and privacy based on network flows. A self-certifying identifier is proposed to efficiently identify a flow. In addition, a delegate-registry cooperation scheme and a multi-delegate mechanism are developed to ensure users' privacy. The effectiveness and overhead of the proposed architecture are evaluated by virtue of the real trace collected from an Internet service provider. The experimental results show that our architecture can achieve a better network performance in terms of lower resource consumption, lower response time, and higher stability.

The prevalence of Cloud Computing has appealed many users to put their business into low-cost and flexible cloud servers instead of bare-metal machines. Most virtual machines in the cloud run commodity operating system(e.g., linux), and the complexity of such operating systems makes them more bug-prone and easier to be compromised. To mitigate the security threats, previous works attempt to mediate and filter system calls, transform all unpopular paths into popular paths, or implement a nested kernel along with the untrusted outter kernel to enforce certain security policies. However, such solutions only enforce read-only protection or assume that popular paths in the kernel to contain almost no bug, which is not always the case in the real world. To overcome their shortcomings and combine their advantages as much as possible, we propose a hardware-assisted isolation mechanism that isolates untrusted part of the kernel. To achieve isolation, we prepare multiple restricted Extended Page Table (EPT) during boot time, each of which has certain critical data unmapped from it so that the code executing in the isolated environment could not access sensitive data. We leverage the VMFUNC instruction already available in recent Intel processors to directly switch to another pre-defined EPT inside guest virtual machine without trapping into the underlying hypervisor, which is faster than the traditional trap-and-emulate procedure. The semantic gap is minimized and real-time check is achieved by allowing EPT violations to be converted to Virtualization Exception (VE), which could be handled inside guest kernel in non-root mode. Our preliminary evaluation shows that with hardware virtualization feature, we are able to run the untrusted code in an isolated environment with negligible overhead.

Research in combating misinformation reports many negative results: facts may not change minds, especially if they come from sources that are not trusted. Individuals can disregard and justify lies told by trusted sources. This problem is made even worse by social recommendation algorithms which help amplify conspiracy theories and information confirming one's own biases due to companies' efforts to optimize for clicks and watch time over individuals' own values and public good. As a result, more nuanced voices and facts are drowned out by a continuous erosion of trust in better information sources. Most misinformation mitigation techniques assume that discrediting, filtering, or demoting low veracity information will help news consumers make better information decisions. However, these negative results indicate that some news consumers, particularly extreme or conspiracy news consumers will not be helped. We argue that, given this background, technology solutions to combating misinformation should not simply seek facts or discredit bad news sources, but instead use more subtle nudges towards better information consumption. Repeated exposure to such nudges can help promote trust in better information sources and also improve societal outcomes in the long run. In this article, we will talk about technological solutions that can help us in developing such an approach, and introduce one such model called Trust Nudging.

Today, Internet of Things (IoT) implements an ecosystem where a panoply of interconnected devices collect data from physical environments and supply them to processing services, on top of which cloud-based applications are built and provided to mobile end users. The undebatable advantages of smart IoT systems clash with the need of a secure and trustworthy environment. In this paper, we propose a service-based methodology based on blockchain and smart contracts for trustworthy evidence collection at the basis of a trustworthy IoT assurance evaluation. The methodology balances the provided level of trustworthiness and its performance, and is experimentally evaluated using Hyperledger fabric blockchain.

Many blockchain transactions require blockchain-external data sources to provide data. Oracle systems have been proposed as a link between blockchains and blockchain-external resources. However, these Oracle systems vary greatly in assumptions and applicability and each system addresses the challenge of data on-chaining partly. We argue that Data On-chaining must be done in a trustworthy manner and, as a first contribution, define a set of key requirements for Trustworthy Data On-chaining. Further, we provide an in-depth assessment and comparison of state-of-the-art Oracle systems with regards to these requirements. This differentiation pinpoints the need for a uniform understanding of and directions for future research on Trustworthy Data On-chaining.

TEE(Trusted Execution Environment) has became one of the most popular security features for mobile platforms. Current TEE solutions usually implement secure functions in Trusted applications (TA) running over a trusted OS in the secure world. Host App may access these secure functions through the TEE driver. Unfortunately, such architecture is not very secure. A trusted OS has to be loaded in secure world to support TA running. Thus, the code size in secure world became large. As more and more TA is installed, the secure code size will be further larger and larger. Lots of real attack case have been reported [1]. In this paper, we present a novel TEE constructing method named ALTEE. Different from existing TEE solutions, ALTEE includes secure code in host app, and constructs a trustworthy execution environment for it dynamically whenever the code needs to be run.

This paper describes the goals of the ATMOSPHERE project, which is a multi-institutional research and development (R&D) effort aiming at designing and implementing a framework and platform to develop, build, deploy, measure and evolve trustworthy, cloud-enabled applications. The proposed system addresses the federation of geographically distributed cloud computing providers that rely on lightweight virtualization, and provide access to heterogeneous sets of resources. In addition, the system also considers both classic trustworthiness properties from the systems community, such as dependability and security, and from the machine learning community, such as fairness and transparency. We present the architecture that has been proposed to address these challenges and discuss some preliminary results.

Public Key Infrastructure (PKI) has been popularized in many scenarios such as e-government applications, enterprises, etc. Due to the construction of PKI system of various regions and departments, there formed a lot of isolated PKI management domains, cross-domain authentication has become a problem that cannot ignored, which also has some traditional solutions such as cross-authentication, trust list, etc. However, some issues still exist, which hinder the popularity of unified trust services. For example, lack of unified cross domain standard, the update period of Certificate Revocation List (CRL) is too long, which affects the security of cross-domain authentication. In this paper, we proposed a trust transferring model by using blockchain consensus instead of traditional trusted third party for e-government applications. We exploit how to solve the unified trust service problem of PKI at the national level through consensus and transfer some CA management functions to the blockchain. And we prove the scheme's feasibility from engineering perspective. Besides, the scheme has enough scalability to satisfy trust transfer requirements of multiple PKI systems. Meanwhile, the security and efficiency are also guaranteed compared with traditional solutions.

Due to the diversity and mobility of blockchain network nodes and the decentralized nature of blockchain networks, traditional trust value evaluation indicators cannot be directly used. In order to obtain trusted nodes, a trustworthiness calculation method based on trust blockchain nodes is proposed. Different from the traditional P2P network trust value calculation, the trust blockchain not only acquires the working state of the node, but also collects the special behavior information of the node, and calculates the joining time by synthesizing the trust value generated by the node transaction and the trust value generated by the node behavior. After the attenuation factor is comprehensively evaluated, the trusted nodes are selected to effectively ensure the security of the blockchain network environment, while reducing the average transaction delay and increasing the block rate.

Threat intelligence sharing is posited as an important aid to help counter cybersecurity attacks and a number of threat intelligence sharing communities exist. There is a general consensus that many challenges remain to be overcome to achieve fully effective sharing, including concerns about privacy, negative publicity, policy/legal issues and expense of sharing, amongst others. One recent trend undertaken to address this is the use of decentralized blockchain based sharing architectures. However while these platforms can help increase sharing effectiveness they do not fully address all of the above challenges. In particular, issues around trust are not satisfactorily solved by current approaches. In this paper, we describe a novel trust enhancement framework -TITAN- for decentralized sharing based on the use of P2P reputation systems to address open trust issues. Our design uses blockchain and Trusted Execution Environment technologies to ensure security, integrity and privacy in the operation of the threat intelligence sharing reputation system.

IoT trust management is a security solution that assures the trust between different IoT entities before establishing any relationship with other anonymous devices. Recent researches presented in the literature tend to use a Blockchain-based trust management model for IoT besides the fog node approach in order to address the constraints of IoT resources. Actually, Blockchain has solved many drawbacks of centralized models. However, it is still not preferable for dealing with massive data produced by IoT because of its drawbacks such as delay, network overhead, and scalability issues. Therefore, in this paper we define some factors that should be considered when designing scalable models, and we propose a fully distributed trust management model for IoT that provide a large-scale trust model and address the limitations of Blockchain. We design our model based on a new approach called Holochain considering some security issues, such as detecting misbehaviors, data integrity and availability.

As trust becomes increasingly important in the software domain. Due to its complex composite concept, people face great challenges, especially in today's dynamic and constantly changing internet technology. In addition, measuring the software trustworthiness correctly and effectively plays a significant role in gaining users trust in choosing different software. In the context of security, trust is previously measured based on the vulnerability time occurrence to predict the total number of vulnerabilities or their future occurrence time. In this study, we proposed a new unified index called "loss speed index" that integrates the most important variables of software security such as vulnerability occurrence time, number and severity loss, which are used to evaluate the overall software trust measurement. Based on this new definition, a new model called software trustworthy security growth model (STSGM) has been proposed. This paper also aims at filling the gap by addressing the severity of vulnerabilities and proposed a vulnerability severity prediction model, the results are further evaluated by STSGM to estimate the future loss speed index. Our work has several features such as: (1) It is used to predict the vulnerability severity/type in future, (2) Unlike traditional evaluation methods like expert scoring, our model uses historical data to predict the future loss speed of software, (3) The loss metric value is used to evaluate the risk associated with different software, which has a direct impact on software trustworthiness. Experiments performed on real software vulnerability datasets and its results are analyzed to check the correctness and effectiveness of the proposed model.

In monolithic operating system (OS), any error of system software can be exploit to destroy the whole system. The situation becomes much more severe in cloud environment, when the kernel and the hypervisor share the same address space. The security of guest Virtual Machines (VMs), both sensitive data and vital code, can no longer be guaranteed, once the hypervisor is compromised. Therefore, it is essential to deploy some security approaches to secure VMs, regardless of the hypervisor is safe or not. Some approaches propose microhypervisor reducing attack surface, or a new software requiring a higher privilege level than hypervisor. In this paper, we propose a novel approach, named HyperPS, which separates the fundamental and crucial privilege into a new trusted environment in order to monitor hypervisor. A pivotal condition for HyperPS is that hypervisor must not be allowed to manipulate any security-sensitive system resources, such as page tables, system control registers, interaction between VM and hypervisor as well as VM memory mapping. Besides, HyperPS proposes a trusted environment which does not rely on any higher privilege than the hypervisor. We have implemented a prototype for KVM hypervisor on x86 platform with multiple VMs running Linux. KVM with HyperPS can be applied to current commercial cloud computing industry with portability. The security analysis shows that this approach can provide effective monitoring against attacks, and the performance evaluation confirms the efficiency of HyperPS.

Over the last two decades, the Internet has established itself as part of everyday life. With the recent invention of Social Media, the advent of the Internet of Things as well as trends like "bring your own device" (BYOD), the needs for connectivity rise exponentially and so does the need for proper cyber security. However, human factors research of cyber security in private contexts comprises only a small fraction of the research in the field. In this study, we investigated adoption behaviours and trust in cyber security in private contexts by measuring - among other trust measures - disposition to trust and providing five cyber security scenarios. In each, a person/agent recommends the use of a cyber security tool. Trust is then measured regarding the recommending agent. We compare personal, expert, institutional, and magazine recommendations along with manufacturer information in an exploratory study of sixty participants. We found that personal, expert and institutional recommendations were trusted significantly more than manufacturer information and magazine reports. The highest trust scores were produced by the expert and the personal recommendation scenarios. We argue that technical and professional communicators should aim for cyber security knowledge permeation through personal relations, educating people with high technology self-efficacy beliefs who then disperse the acquired knowledge.