Yu, Xiaodong, Feng, Wu-chun, Yao, Danfeng(Daphne), Becchi, Michela.
2016.
O3FA: A Scalable Finite Automata-based Pattern-Matching Engine for Out-of-Order Deep Packet Inspection. Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems. :1–11.
To match the signatures of malicious traffic across packet boundaries, network-intrusion detection (and prevention) systems (NIDS) typically perform pattern matching after flow reassembly or packet reordering. However, this may lead to the need for large packet buffers, making detection vulnerable to denial-of-service (DoS) attacks, whereby attackers exhaust the buffer capacity by sending long sequences of out-of-order packets. While researchers have proposed solutions for exact-match patterns, regular-expression matching on out-of-order packets is still an open problem. Specifically, a key challenge is the matching of complex sub-patterns (such as repetitions of wildcards matched at the boundary between packets). Our proposed approach leverages the insight that various segments matching the same repetitive sub-pattern are logically equivalent to the regular-expression matching engine, and thus, inter-changing them would not affect the final result. In this paper, we present O3FA, a new finite automata-based, deep packet-inspection engine to perform regular-expression matching on out-of-order packets without requiring flow reassembly. O3FA consists of a deterministic finite automaton (FA) coupled with a set of prefix-/suffix-FA, which allows processing out-of-order packets on the fly. We present our design, optimization, and evaluation for the O3FA engine. Our experiments show that our design requires 20x-4000x less buffer space than conventional buffering-and-reassembling schemes on various datasets and that it can process packets in real-time, i.e., without reassembly.
Guo, Rui, Yang, Geng, Shi, Huixian, Zhang, Yinghui, Zheng, Dong.
2021.
O3-R-CP-ABE: An Efficient and Revocable Attribute-Based Encryption Scheme in the Cloud-Assisted IoMT System. IEEE Internet of Things Journal. 8:8949–8963.
With the processes of collecting, analyzing, and transmitting the data in the Internet of Things (IoT), the Internet of Medical Things (IoMT) comprises the medical equipment and applications connected to the healthcare system and offers an entity with real time, remote measurement, and analysis of healthcare data. However, the IoMT ecosystem deals with some great challenges in terms of security, such as privacy leaking, eavesdropping, unauthorized access, delayed detection of life-threatening episodes, and so forth. All these negative effects seriously impede the implementation of the IoMT ecosystem. To overcome these obstacles, this article presents an efficient, outsourced online/offline revocable ciphertext policy attribute-based encryption scheme with the aid of cloud servers and blockchains in the IoMT ecosystem. Our proposal achieves the characteristics of fine-grained access control, fast encryption, outsourced decryption, user revocation, and ciphertext verification. It is noteworthy that based on the chameleon hash function, we construct the private key of the data user with collision resistance, semantically secure, and key-exposure free to achieve revocation. To the best of our knowledge, this is the first protocol for a revocation mechanism by means of the chameleon hash function. Through formal analysis, it is proven to be secure in a selectively replayable chosen-ciphertext attack (RCCA) game. Finally, this scheme is implemented with the Java pairing-based cryptography library, and the simulation results demonstrate that it enables high efficiency and practicality, as well as strong reliability for the IoMT ecosystem.
Conference Name: IEEE Internet of Things Journal
Kim, Jiha, Park, Hyunhee.
2021.
OA-GAN: Overfitting Avoidance Method of GAN Oversampling Based on xAI. 2021 Twelfth International Conference on Ubiquitous and Future Networks (ICUFN). :394–398.
The most representative method of deep learning is data-driven learning. These methods are often data-dependent, and lack of data leads to poor learning. There is a GAN method that creates a likely image as a way to solve a problem that lacks data. The GAN determines that the discriminator is fake/real with respect to the image created so that the generator learns. However, overfitting problems when the discriminator becomes overly dependent on the learning data. In this paper, we explain overfitting problem when the discriminator decides to fake/real using xAI. Depending on the area of the described image, it is possible to limit the learning of the discriminator to avoid overfitting. By doing so, the generator can produce similar but more diverse images.
Xu, H., Hu, L., Liu, P., Xiao, Y., Wang, W., Dayal, J., Wang, Q., Tang, Y..
2018.
Oases: An Online Scalable Spam Detection System for Social Networks. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). :98–105.
Web-based social networks enable new community-based opportunities for participants to engage, share their thoughts, and interact with each other. Theses related activities such as searching and advertising are threatened by spammers, content polluters, and malware disseminators. We propose a scalable spam detection system, termed Oases, for uncovering social spam in social networks using an online and scalable approach. The novelty of our design lies in two key components: (1) a decentralized DHT-based tree overlay deployment for harvesting and uncovering deceptive spam from social communities; and (2) a progressive aggregation tree for aggregating the properties of these spam posts for creating new spam classifiers to actively filter out new spam. We design and implement the prototype of Oases and discuss the design considerations of the proposed approach. Our large-scale experiments using real-world Twitter data demonstrate scalability, attractive load-balancing, and graceful efficiency in online spam detection for social networks.
Sun, Zhichuang, Feng, Bo, Lu, Long, Jha, Somesh.
2020.
OAT: Attesting Operation Integrity of Embedded Devices. 2020 IEEE Symposium on Security and Privacy (SP). :1433—1449.
Due to the wide adoption of IoT/CPS systems, embedded devices (IoT frontends) become increasingly connected and mission-critical, which in turn has attracted advanced attacks (e.g., control-flow hijacks and data-only attacks). Unfortunately, IoT backends (e.g., remote controllers or in-cloud services) are unable to detect if such attacks have happened while receiving data, service requests, or operation status from IoT devices (remotely deployed embedded devices). As a result, currently, IoT backends are forced to blindly trust the IoT devices that they interact with.To fill this void, we first formulate a new security property for embedded devices, called "Operation Execution Integrity" or OEI. We then design and build a system, OAT, that enables remote OEI attestation for ARM-based bare-metal embedded devices. Our formulation of OEI captures the integrity of both control flow and critical data involved in an operation execution. Therefore, satisfying OEI entails that an operation execution is free of unexpected control and data manipulations, which existing attestation methods cannot check. Our design of OAT strikes a balance between prover's constraints (embedded devices' limited computing power and storage) and verifier's requirements (complete verifiability and forensic assistance). OAT uses a new control-flow measurement scheme, which enables lightweight and space-efficient collection of measurements (97% space reduction from the trace-based approach). OAT performs the remote control-flow verification through abstract execution, which is fast and deterministic. OAT also features lightweight integrity checking for critical data (74% less instrumentation needed than previous work). Our security analysis shows that OAT allows remote verifiers or IoT backends to detect both controlflow hijacks and data-only attacks that affect the execution of operations on IoT devices. In our evaluation using real embedded programs, OAT incurs a runtime overhead of 2.7%.
Shi, Yang, Zhang, Qing, Liang, Jingwen, He, Zongjian, Fan, Hongfei.
2019.
Obfuscatable Anonymous Authentication Scheme for Mobile Crowd Sensing. IEEE Systems Journal. 13:2918—2929.
Mobile crowd sensing (MCS) is a rapidly developing technique for information collection from the users of mobile devices. This technique deals with participants' personal information such as their identities and locations, thus raising significant security and privacy concerns. Accordingly, anonymous authentication schemes have been widely considered for preserving participants' privacy in MCS. However, mobile devices are easy to lose and vulnerable to device capture attacks, which enables an attacker to extract the private authentication key of a mobile application and to further invade the user's privacy by linking sensed data with the user's identity. To address this issue, we have devised a special anonymous authentication scheme where the authentication request algorithm can be obfuscated into an unintelligible form and thus the authentication key is not explicitly used. This scheme not only achieves authenticity and unlinkability for participants, but also resists impersonation, replay, denial-of-service, man-in-the-middle, collusion, and insider attacks. The scheme's obfuscation algorithm is the first obfuscator for anonymous authentication, and it satisfies the average-case secure virtual black-box property. The scheme also supports batch verification of authentication requests for improving efficiency. Performance evaluations on a workstation and smart phones have indicated that our scheme works efficiently on various devices.
Brakerski, Zvika, Vaikuntanathan, Vinod, Wee, Hoeteck, Wichs, Daniel.
2016.
Obfuscating Conjunctions Under Entropic Ring LWE. Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science. :147–156.
We show how to securely obfuscate conjunctions, which are functions f(x1,...,xn) = ∧i∈I yi where I ⊆ [n] and each literal yi is either just xi or ¬ xi e.g., f(xi,...,x\_n) = xi ⊆ ¬ x3 ⊆ ¬ x7 ... ⊆ x\\textbackslashvphantom\n-1. Whereas prior work of Brakerski and Rothblum (CRYPTO 2013) showed how to achieve this using a non-standard object called cryptographic multilinear maps, our scheme is based on an "entropic" variant of the Ring Learning with Errors (Ring LWE) assumption. As our core tool, we prove that hardness assumptions on the recent multilinear map construction of Gentry, Gorbunov and Halevi (TCC 2015) can be established based on entropic Ring LWE. We view this as a first step towards proving the security of additional mutlilinear map based constructions, and in particular program obfuscators, under standard assumptions. Our scheme satisfies virtual black box (VBB) security, meaning that the obfuscated program reveals nothing more than black-box access to f as an oracle, at least as long as (essentially) the conjunction is chosen from a distribution having sufficient entropy.
Su, Fang-Hsiang, Bell, Jonathan, Kaiser, Gail, Ray, Baishakhi.
2018.
Obfuscation Resilient Search Through Executable Classification. Proceedings of the 2Nd ACM SIGPLAN International Workshop on Machine Learning and Programming Languages. :20-30.
Android applications are usually obfuscated before release, making it difficult to analyze them for malware presence or intellectual property violations. Obfuscators might hide the true intent of code by renaming variables and/or modifying program structures. It is challenging to search for executables relevant to an obfuscated application for developers to analyze efficiently. Prior approaches toward obfuscation resilient search have relied on certain structural parts of apps remaining as landmarks, un-touched by obfuscation. For instance, some prior approaches have assumed that the structural relationships between identifiers are not broken by obfuscators; others have assumed that control flow graphs maintain their structures. Both approaches can be easily defeated by a motivated obfuscator. We present a new approach, MACNETO, to search for programs relevant to obfuscated executables leveraging deep learning and principal components on instructions. MACNETO makes few assumptions about the kinds of modifications that an obfuscator might perform. We show that it has high search precision for executables obfuscated by a state-of-the-art obfuscator that changes control flow. Further, we also demonstrate the potential of MACNETO to help developers understand executables, where MACNETO infers keywords (which are from relevant un-obfuscated programs) for obfuscated executables.
Zhang, QianQian, Liu, Yazhou, Sun, Quansen.
2021.
Object Classification of Remote Sensing Images Based on Optimized Projection Supervised Discrete Hashing. 2020 25th International Conference on Pattern Recognition (ICPR). :9507–9513.
Recently, with the increasing number of large-scale remote sensing images, the demand for large-scale remote sensing image object classification is growing and attracting the interest of many researchers. Hashing, because of its low memory requirements and high time efficiency, has widely solve the problem of large-scale remote sensing image. Supervised hashing methods mainly leverage the label information of remote sensing image to learn hash function, however, the similarity of the original feature space cannot be well preserved, which can not meet the accurate requirements for object classification of remote sensing image. To solve the mentioned problem, we propose a novel method named Optimized Projection Supervised Discrete Hashing(OPSDH), which jointly learns a discrete binary codes generation and optimized projection constraint model. It uses an effective optimized projection method to further constraint the supervised hash learning and generated hash codes preserve the similarity based on the data label while retaining the similarity of the original feature space. The experimental results show that OPSDH reaches improved performance compared with the existing hash learning methods and demonstrate that the proposed method is more efficient for operational applications.
Park, Ho-rim, Hwang, Kyu-hong, Ha, Young-guk.
2021.
An Object Detection Model Robust to Out-of-Distribution Data. 2021 IEEE International Conference on Big Data and Smart Computing (BigComp). :275—278.
Most of the studies of the existing object detection models are studies to better detect the objects to be detected. The problem of false detection of objects that should not be detected is not considered. When an object detection model that does not take this problem into account is applied to an industrial field close to humans, false detection can lead to a dangerous situation that greatly interferes with human life. To solve this false detection problem, this paper proposes a method of fine-tuning the backbone neural network model of the object detection model using the Outlier Exposure method and applying the class-specific uncertainty constant to the confidence score to detect the object.
Yao, X., Zhou, X., Ma, J..
2015.
Object event visibility for anti-counterfeiting in RFID-enabled product supply chains. 2015 Science and Information Conference (SAI). :141–150.
RFID-enabled product supply chain visibility is usually implemented by building up a view of the product history of its activities starting from manufacturing or even earlier with a dynamically updated e-pedigree for track-and-trace, which is examined and authenticated at each node of the supply chain for data consistence with the pre-defined one. However, while effectively reducing the risk of fakes, this visibility can't guarantee that the product is authentic without taking further security measures. To the best of our knowledge, this requires deeper understandings on associations of object events with the counterfeiting activities, which is unfortunately left blank. In this paper, the taxonomy of counterfeiting possibilities is initially developed and analyzed, the structure of EPC-based events is then re-examined, and an object-centric coding mechanism is proposed to construct the object-based event “pedigree” for such event exception detection and inference. On this basis, the system architecture framework to achieve the objectivity of object event visibility for anti-counterfeiting is presented, which is also applicable to other aspects of supply chain management.
Wang, Wenhao, Xu, Xiaoyang, Hamlen, Kevin W..
2017.
Object Flow Integrity. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :1909–1924.
Object flow integrity (OFI) augments control-flow integrity (CFI) and software fault isolation (SFI) protections with secure, first-class support for binary object exchange across inter-module trust boundaries. This extends both source-aware and source-free CFI and SFI technologies to a large class of previously unsupported software: those containing immutable system modules with large, object-oriented APIs—which are particularly common in component-based, event-driven consumer software. It also helps to protect these inter-module object exchanges against confused deputy-assisted vtable corruption and counterfeit object-oriented programming attacks. A prototype implementation for Microsoft Component Object Model demonstrates that OFI is scalable to large interfaces on the order of tens of thousands of methods, and exhibits low overheads of under 1% for some common-case applications. Significant elements of the implementation are synthesized automatically through a principled design inspired by type-based contracts.
Shahriar, Hossain, Haddad, Hisham.
2016.
Object Injection Vulnerability Discovery Based on Latent Semantic Indexing. Proceedings of the 31st Annual ACM Symposium on Applied Computing. :801–807.
Object Injection Vulnerability (OIV) is an emerging threat for web applications. It involves accepting external inputs during deserialization operation and use the inputs for sensitive operations such as file access, modification, and deletion. The challenge is the automation of the detection process. When the application size is large, it becomes hard to perform traditional approaches such as data flow analysis. Recent approaches fall short of narrowing down the list of source files to aid developers in discovering OIV and the flexibility to check for the presence of OIV through various known APIs. In this work, we address these limitations by exploring a concept borrowed from the information retrieval domain called Latent Semantic Indexing (LSI) to discover OIV. The approach analyzes application source code and builds an initial term document matrix which is then transformed systematically using singular value decomposition to reduce the search space. The approach identifies a small set of documents (source files) that are likely responsible for OIVs. We apply the LSI concept to three open source PHP applications that have been reported to contain OIVs. Our initial evaluation results suggest that the proposed LSI-based approach can identify OIVs and identify new vulnerabilities.
Woon Cho, Abidi, M.A., Kyungwon Jeong, Nahyun Kim, Seungwon Lee, Joonki Paik, Gwang-Gook Lee.
2014.
Object retrieval using scene normalized human model for video surveillance system. Consumer Electronics (ISCE 2014), The 18th IEEE International Symposium on. :1-2.
This paper presents a human model-based feature extraction method for a video surveillance retrieval system. The proposed method extracts, from a normalized scene, object features such as height, speed, and representative color using a simple human model based on multiple-ellipse. Experimental results show that the proposed system can effectively track moving routes of people such as a missing child, an absconder, and a suspect after events.
Nathi, Rohan A., Sutar, Dimpal.
2019.
Object Secured TCP Socket for Remote Monitoring IoT Devices. 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–5.
With evolution of the communication technology remote monitoring has rooted into many applications. Swift innovation in Internet of Things (IoT) technology led to development of electronics embedded devices capable of sensing into the remote location and transferring the data through internet across the globe. Such devices transfers the sensitive data, which are susceptible to security attacks by the intruder and network hacker. Paper studies the existing security solutions and limitations for IoT environment and provides a pragmatic lightweight security scheme on Transmission Control Protocol (TCP) network for Remote Monitoring System devices over internet. This security scheme will aid Original Equipment Manufacturer (OEM) developing massive IoT products for remote monitoring. Real time evaluation of this scheme has been analyzed.
Alimadadi, Mohammadreza, Stojanovic, Milica, Closas, Pau.
2017.
Object Tracking Using Modified Lossy Extended Kalman Filter. Proceedings of the International Conference on Underwater Networks & Systems. :7:1–7:5.
We address the problem of object tracking in an underwater acoustic sensor network in which distributed nodes measure the strength of field generated by moving objects, encode the measurements into digital data packets, and transmit the packets to a fusion center in a random access manner. We allow for imperfect communication links, where information packets may be lost due to noise and collisions. The packets that are received correctly are used to estimate the objects' trajectories by employing an extended Kalman Filter, where provisions are made to accommodate a randomly changing number of obseravtions in each iteration. An adaptive rate control scheme is additionally applied to instruct the sensor nodes on how to adjust their transmission rate so as to improve the location estimation accuracy and the energy efficiency of the system. By focusing explicitly on the objects' locations, rather than working with a pre-specified grid of potential locations, we resolve the spatial quantization issues associated with sparse identification methods. Finally, we extend the method to address the possibility of objects entering and departing the observation area, thus improving the scalability of the system and relaxing the requirement for accurate knowledge of the objects' initial locations. Performance is analyzed in terms of the mean-squared localization error and the trade-offs imposed by the limited communication bandwidth.
Fujita, Koji, Shibahara, Toshiki, Chiba, Daiki, Akiyama, Mitsuaki, Uchida, Masato.
2022.
Objection!: Identifying Misclassified Malicious Activities with XAI. ICC 2022 - IEEE International Conference on Communications. :2065—2070.
Many studies have been conducted to detect various malicious activities in cyberspace using classifiers built by machine learning. However, it is natural for any classifier to make mistakes, and hence, human verification is necessary. One method to address this issue is eXplainable AI (XAI), which provides a reason for the classification result. However, when the number of classification results to be verified is large, it is not realistic to check the output of the XAI for all cases. In addition, it is sometimes difficult to interpret the output of XAI. In this study, we propose a machine learning model called classification verifier that verifies the classification results by using the output of XAI as a feature and raises objections when there is doubt about the reliability of the classification results. The results of experiments on malicious website detection and malware detection show that the proposed classification verifier can efficiently identify misclassified malicious activities.
Storteboom, Sarah, Thudt, Alice, Knudsen, Søren, Carpendale, Sheelagh.
2017.
Objective Meaning: Presentation Mediation in an Interactive Installation. Proceedings of the 2017 ACM International Conference on Interactive Surfaces and Spaces. :360–365.
We explore the presentation technique of visual abstraction as a form of mediation to manage content generated by the public in order to maintain a respectful discourse. We identify technological and social mediation as two dimensions within the space of content mediation, and discuss different solutions based on related work in public interactive displays and art installations. We further discuss a novel approach to technological mediation by describing our interactive artwork Objective Meaning - an installation that invites the audience to express themselves through anonymous text messages. The design of this system mediates discourse by visually abstracting the presentation of messages on a display by breaking messages apart into decontextualized words. We briefly discuss the public response during a one-month deployment of the installation in a library setting.
Jang, Uyeong, Wu, Xi, Jha, Somesh.
2017.
Objective Metrics and Gradient Descent Algorithms for Adversarial Examples in Machine Learning. Proceedings of the 33rd Annual Computer Security Applications Conference. :262–277.
Fueled by massive amounts of data, models produced by machine-learning (ML) algorithms are being used in diverse domains where security is a concern, such as, automotive systems, finance, health-care, computer vision, speech recognition, natural-language processing, and malware detection. Of particular concern is use of ML in cyberphysical systems, such as driver-less cars and aviation, where the presence of an adversary can cause serious consequences. In this paper we focus on attacks caused by adversarial samples, which are inputs crafted by adding small, often imperceptible, perturbations to force a ML model to misclassify. We present a simple gradient-descent based algorithm for finding adversarial samples, which performs well in comparison to existing algorithms. The second issue that this paper tackles is that of metrics. We present a novel metric based on few computer-vision algorithms for measuring the quality of adversarial samples.
Xia, Haijun.
2016.
Object-Oriented Interaction: Enabling Direct Physical Manipulation of Abstract Content via Objectification. Proceedings of the 29th Annual Symposium on User Interface Software and Technology. :13–16.
Touch input promises intuitive interactions with digital content as it employs our experience of manipulating physical objects: digital content can be rotated, scaled, and translated using direct manipulation gestures. However, the reliance on analog also confines the scope of direct physical manipulation: the physical world provides no mechanism to interact with digital abstract content. As such, applications on touchscreen devices either only include limited functionalities or fallback on the traditional form-filling paradigm, which is tedious, slow, and error prone for touch input. My research focuses on designing a new UI framework to enable complex functionalities on touch screen devices by expanding direct physical manipulation to abstract content via objectification. I present two research projects, objectification of attributes and selection, which demonstrate considerable promises.
Farulla, G. A., Pane, A. J., Prinetto, P., Varriale, A..
2017.
An object-oriented open software architecture for security applications. 2017 IEEE East-West Design Test Symposium (EWDTS). :1–6.
This paper introduces a newly developed Object-Oriented Open Software Architecture designed for supporting security applications, while leveraging on the capabilities offered by dedicated Open Hardware devices. Specifically, we target the SEcube™ platform, an Open Hardware security platform based on a 3D SiP (System on Package) designed and produced by Blu5 Group. The platform integrates three components employed for security in a single package: a Cortex-M4 CPU, a FPGA and an EAL5+ certified Smart Card. The Open Software Architecture targets both the host machine and the security device, together with the secure communication among them. To maximize its usability, this architecture is organized in several abstraction layers, ranging from hardware interfaces to device drivers, from security APIs to advanced applications, like secure messaging and data protection. We aim at releasing a multi-platform Open Source security framework, where software and hardware cooperate to hide to both the developer and the final users classical security concepts like cryptographic algorithms and keys, focusing, instead, on common operational security concepts like groups and policies.
Zhong, Chiyang, Sakis Meliopoulos, A. P., AlOwaifeer, Maad, Xie, Jiahao, Ilunga, Gad.
2020.
Object-Oriented Security Constrained Quadratic Optimal Power Flow. 2020 IEEE Power Energy Society General Meeting (PESGM). :1–5.
Increased penetration of distributed energy resources (DERs) creates challenges in formulating the security constrained optimal power flow (SCOPF) problem as the number of models for these resources proliferate. Specifically, the number of devices with different mathematical models is large and their integration into the SCOPF becomes tedious. Henceforth, a process that seamlessly models and integrates such new devices into the SCOPF problem is needed. We propose an object-oriented modeling approach that leads to the autonomous formation of the SCOPF problem. All device models in the system are cast into a universal syntax. We have also introduced a quadratization method which makes the models consisting of linear and quadratic equations, if nonlinear. We refer to this model as the State and Control Quadratized Device Model (SCQDM). The SCQDM includes a number of equations and a number of inequalities expressing the operating limits of the device. The SCOPF problem is then formed in a seamless manner by operating only on the SCQDM device objects. The SCOPF problem, formed this way, is also quadratic (i.e. consists of linear and quadratic equations), and of the same form and syntax as the SCQDM for an individual device. For this reason, we named it security constrained quadratic optimal power flow (SCQOPF). We solve the SCQOPF problem using a sequential linear programming (SLP) algorithm and compare the results with those obtained from the commercial solver Knitro on the IEEE 57 bus system.
Kuk, K., Milić, P., Denić, S..
2020.
Object-oriented software metrics in software code vulnerability analysis. 2020 International Conference on INnovations in Intelligent SysTems and Applications (INISTA). :1—6.
Development of quality object-oriented software contains security as an integral aspect of that process. During that process, a ceaseless burden on the developers was posed in order to maximize the development and at the same time to reduce the expense and time invested in security. In this paper, the authors analyzed metrics for object-oriented software in order to evaluate and identify the relation between metric value and security of the software. Identification of these relations was achieved by study of software vulnerabilities with code level metrics. By using OWASP classification of vulnerabilities and experimental results, we proved that there was relation between metric values and possible security issues in software. For experimental code analysis, we have developed special software called SOFTMET.
Wu, Pengfei, Deng, Robert, Shen, Qingni, Liu, Ximeng, Li, Qi, Wu, Zhonghai.
2019.
ObliComm: Towards Building an Efficient Oblivious Communication System. IEEE Transactions on Dependable and Secure Computing. :1–1.
Anonymous Communication (AC) hides traffic patterns and protects message metadata from being leaked during message transmission. Many practical AC systems have been proposed aiming to reduce communication latency and support a large number of users. However, how to design AC systems which possess strong security property and at the same time achieve optimal performance (i.e., the lowest latency or highest horizontal scalability) has been a challenging problem. In this paper, we propose an ObliComm framework, which consists of six modular AC subroutines. We also present a strong security definition for AC, named oblivious communication, encompassing confidentiality, unobservability, and a new requirement sending-and-receiving operation hiding. The AC subroutines in ObliComm allow for modular construction of oblivious communication systems in different network topologies. All constructed systems satisfy oblivious communication definition and can be provably secure in the universal composability (UC) framework. Additionally, we model the relationship between the network topology and communication measurements by queuing theory, which enables the system's efficiency can be optimized and estimated by quantitative analysis and calculation. Through theoretical analyses and empirical experiments, we demonstrate the efficiency of our scheme and soundness of the queuing model.