Biblio

Since computers are machines, it's tempting to think of computer security as purely a technical problem. However, computing systems are created, used, and maintained by humans, and exist to serve the goals of human and institutional stakeholders. Consequently, effectively addressing the security problem requires understanding this human dimension.

In this tutorial, we discuss this challenge and survey principal research approaches to it.
 

Maintaining the security and privacy hygiene of mobile apps is a critical challenge. Unfortunately, no program analysis algorithm can determine that an application is “secure” or “malware-free.” For example, if an application records audio during a phone call, it may be malware. However, the user may want to use such an application to record phone calls for archival and benign purposes. A key challenge for automated program analysis tools is determining whether or not that behavior is actually desired by the user (i.e., user expectation). This talk presents recent research progress in exploring user expectations in mobile app security.

It is necessary to improve the safety of the underwater acoustic sensor networks (UASNs) since it is mostly used in the military industry. Specific emitter identification is the process of identifying different transmitters based on the radio frequency fingerprint extracted from the received signal. The sonar transmitter is a typical low-frequency radiation source and is an important part of the UASNs. Class D power amplifier, a typical nonlinear amplifier, is usually used in sonar transmitters. The inherent nonlinearity of power amplifiers provides fingerprint features that can be distinguished without transmitters for specific emitter recognition. First, the nonlinearity of the sonar transmitter is studied in-depth, and the nonlinearity of the power amplifier is modeled and its nonlinearity characteristics are analyzed. After obtaining the nonlinear model of an amplifier, a similar amplifier in practical application is obtained by changing its model parameters as the research object. The output signals are collected by giving the same input of different models, and, then, the output signals are extracted and classified. In this paper, the memory polynomial model is used to model the amplifier. The power spectrum features of the output signals are extracted as fingerprint features. Then, the dimensionality of the high-dimensional features is reduced. Finally, the classifier is used to recognize the amplifier. The experimental results show that the individual sonar transmitter can be well identified by using the nonlinear characteristics of the signal. By this way, this method can enhance the communication safety of the UASNs.

In this paper, the role re-encryption is used to avoid the privacy data lekage and also to avoid the deduplication in a secure role re-encryption system(SRRS). And also it checks for the proof of ownership for to identify whether the user is authorized user or not. This is for the efficiency. Role re-encrytion method is to share the access key for the corresponding authorized user for accessing the particular file without the leakage of privacy data. In our project we are using both the avoidance of text and digital images. For example we have the personal images in our mobile, handheld devices, and in the desktop etc., So, as these images have to keep secure and so we are using the encryption for to increase the high security. The text file also important for the users now-a-days. It has to keep secure in a cloud server. Digital images have to be protected over the communication, however generally personal identification details like copies of pan card, Passport, ATM, etc., to store on one's own pc. So, we are protecting the text file and image data for avoiding the duplication in our proposed system.

ASA systems (firewall, IDS, IPS) are probable to become communication bottlenecks in networks with growing network bandwidths. To alleviate this issue, we suggest to use Application-aware mechanism based on Deep Packet Inspection (DPI) to bypass chosen traffic around firewalls. The services of Internet video sharing gained importance and expanded their share of the multimedia market. The Internet video should meet strict service quality (QoS) criteria to make the broadcasting of broadcast television a viable and comparable level of quality. However, since the Internet video relies on packet communication, it is subject to delays, transmission failures, loss of data and bandwidth restrictions that may have a catastrophic effect on the quality of multimedia.

In the communication model of wired and wireless Adhoc networks, the most needed requirement is the integration of security. Mobile Adhoc networks are more aroused with the attacks compared to the wired environment. Subsequently, the characteristics of Mobile Adhoc networks are also influenced by the vulnerability. The pre-existing unfolding solutions are been obtained for infrastructure-less networks. However, these solutions are not always necessarily suitable for wireless networks. Further, the framework of wireless Adhoc networks has uncommon vulnerabilities and due to this behavior it is not protected by the same solutions, therefore the detection mechanism of intrusion is combinedly used to protect the Manets. Several intrusion detection techniques that have been developed for a fixed wired network cannot be applied in this new environment. Furthermore, The issue of intensity in terms of energy is of a major kind due to which the life of the working battery is very limited. The objective this research work is to detect the Anomalous behavior of nodes in Manet's and Experimental analysis is done by making use of Network Simulator-2 to do the comparative analysis for the existing algorithm, we enhanced the previous algorithm in order to improve the Energy efficiency and results shown the improvement of energy of battery life and Throughput is checked with respect to simulation of test case analysis. In this paper, the proposed algorithm is compared with the existing approach.

Training the future cybersecurity workforce to respond to emerging threats requires introduction of novel educational interventions into the cybersecurity curriculum. To be effective, these interventions have to incorporate trending knowledge from cybersecurity and other related domains while allowing for experiential learning through hands-on experimentation. To date, the traditional interdisciplinary approach for cybersecurity training has infused political science, law, economics or linguistics knowledge into the cybersecurity curriculum, allowing for limited experimentation. Cybersecurity students were left with little opportunity to acquire knowledge, skills, and abilities in domains outside of these. Also, students in outside majors had no options to get into cybersecurity. With this in mind, we developed an interdisciplinary course for experiential learning in the fields of cybersecurity and interaction design. The inaugural course teaches students from cybersecurity, user interaction design, and visual design the principles of designing for secure use - or secure design - and allows them to apply them for prototyping of Internet-of-Things (IoT) products for smart homes. This paper elaborates on the concepts of secure design and how our approach enhances the training of the future cybersecurity workforce.

Mounting concerns about safety and security have resulted in an intricate ecosystem of guidelines, compliance measures, directives and policy reports for cybersecurity of all critical infrastructure. By definition, such guidelines and policies are written in linear sequential text form that makes them difficult to integrate, or to understand the policy-technology-security interactions, thus limiting their relevance for science of security. We propose to develop text-to-analytics methods and tools focusing on CPS domains such as smart grids

As information security became an increasing concern for software developers and users, requirements engineering (RE) researchers brought new insight to security requirements. Security requirements aim to address security at the early stages of system design while accommodating the complex needs of different stakeholders. Meanwhile, other research communities, such as usable privacy and security, have also examined these requirements with specialized goal to make security more usable for stakeholders from product owners, to system users and administrators. In this paper we report results from conducting a literature survey to compare security requirements research from RE Conferences with the Symposium on Usable Privacy and Security (SOUPS). We report similarities between the two research areas, such as common goals, technical definitions, research problems, and directions. Further, we clarify the differences between these two communities to understand how they can leverage each other’s insights. From our analysis, we recommend new directions in security requirements research mainly to expand the meaning of security requirements in RE to reflect the technological advancements that the broader field of security is experiencing. These recommendations to encourage cross- collaboration with other communities are not limited to the security requirements area; in fact, we believe they can be generalized to other areas of RE. 

Blockchain has revolutionized supply chain system security, especially with Internet of Things integration. Deploying blockchain in the supply chain incorporates immutability, transparency, and traceability mechanisms that promote secure data sharing and interactions between stakeholders in trustless environments. A blockchain-based supply chain as a layered architecture consists of three main layers: supply chain, blockchain, and IoT. This type of system is safer and more transparent, with better traceability than traditional supply chain; however, the system faces several security issues. This paper briefly discusses the primary security challenges related to blockchain-based supply chain systems.

Digital communication platforms, such as Gmail and Yahoo, are become essential in our professional and personal lives. In addition to the low cost of e-mails, they are fast. Despite the advantages of these tools, spammers try to send unsolicited e-mail, known as spam, daily. Recently, image spam, a new type of spam e-mail, is developed by spammers in order to avoid detection based on text-based spam filtering systems. Image spam contains more complex information as compared to text spam. For this reason, the detection of image spam is still a challenging task for researchers. Most of the developed image spam filtering systems are based on hand-crafted features and machine learning techniques, which are time-consuming and less efficient. In addition, these systems do not focus on the important features, which can have an impact on the detection process. In this paper, we apply the convolutional block attention module (CBAM) model in order to address the problem of image spam. The experiments are conducted on the available dataset, called image spam hunter (ISH). The results obtained are then compared, using the CBAM model, to other existing state-of-the-art methods. The results obtained have demonstrated that the convolutional block attention module (CBAM) is efficient for image spam detection.

CPS is generally complex to study, analyze, and design, as an important means to ensure the correctness of design and implementation of CPS system, simulation test is difficult to fully test, verify and evaluate the components or subsystems in the CPS system due to the inconsistent development progress of the com-ponents or subsystems in the CPS system. To address this prob-lem, we designed a hybrid P2P based collaborative simulation test framework composed of full physical nodes, hardware in the loop(HIL) nodes and full digital nodes to simulate the compo-nents or subsystems in the CPS system of different development progress, based on the framework, we then proposed collabora-tive simulation control strategy comprising sliding window based clock synchronization, dynamic adaptive time advancement and multi-priority task scheduling with preemptive time threshold. Experiments showed that the hybrid collaborative simulation testing method proposed in this paper can fully test CPS more effectively.

As the Industrial Internet of Things (IIot) becomes more prevalent in critical application domains, ensuring security and resilience in the face of cyber-attacks is becoming an issue of paramount importance. Cyber-attacks against critical infrastructures, for example, against smart water-distribution and transportation systems, pose serious threats to public health and safety. Owing to the severity of these threats, a variety of security techniques are available. However, no single technique can address the whole spectrum of cyber-attacks that may be launched by a determined and resourceful attacker. In light of this, we consider a multi-pronged approach for designing secure and resilient IIoT systems, which integrates redundancy, diversity, and hardening techniques. We introduce a framework for quantifying cyber-security risks and optimizing IIoT design by determining security investments in redundancy, diversity, and hardening. To demonstrate the applicability of our framework, we present two case studies in water distribution and transportation a case study in water-distribution systems. Our numerical evaluation shows that integrating redundancy, diversity, and hardening can lead to reduced security risk at the same cost.

Internet application providers now have more incentive than ever to collect user data, which greatly increases the risk of user privacy violations due to the emerging of deep neural networks. In this paper, we propose TensorClog-a poisoning attack technique that is designed for privacy protection against deep neural networks. TensorClog has three properties with each of them serving a privacy protection purpose: 1) training on TensorClog poisoned data results in lower inference accuracy, reducing the incentive of abusive data collection; 2) training on TensorClog poisoned data converges to a larger loss, which prevents the neural network from learning the privacy; and 3) TensorClog regularizes the perturbation to remain a high structure similarity, so that the poisoning does not affect the actual content in the data. Applying our TensorClog poisoning technique to CIFAR-10 dataset results in an increase in both converged training loss and test error by 300% and 272%, respectively. It manages to maintain data's human perception with a high SSIM index of 0.9905. More experiments including different limited information attack scenarios and a real-world application transferred from pre-trained ImageNet models are presented to further evaluate TensorClog's effectiveness in more complex situations.

The vast majority of companies are more exposed to cyberattacks than they have to be. To close the gaps in their security, CEOs can take a cue from the U.S. military. Once a vulnerable IT colossus, it is becoming an adroit operator of well-defended networks. Today the military can detect and remedy intrusions within hours, if not minutes. From September 2014 to June 2015 alone, it repelled more than 30 million known malicious attacks at the boundaries of its networks. Of the small number that did get through, fewer than 0.1% compromised systems in any way. Given the sophistication of the military’s cyberadversaries, that record is a significant feat.

Critical infrastructures, such as power grids and transportation systems, are increasingly using open networks for operation. The use of open networks poses many challenges for control systems.  The  classical  design  of  control systems  takes  into  account  modeling uncertainties  as  well  as  physical  disturbances,  providing  a  multitude  of control design methods such as robust control, adaptive control, and stochastic control. With the growing level of integration of control systems with new information technologies, modern control systems face uncertainties not only from the physical world but also from the cybercomponents of the system.  The vulnerabilities of the software deployed in the new control system infra- structure will expose the control system to many potential Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems risks and threats from attackers. Exploitation of these vulnerabilities can lead to severe damage as has been reported in various news outlets [1], [2]. More recently, it has been reported in [3] and [4] that a computer worm, Stuxnet, was spread to target Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes.