您现在的位置:首页>外文期刊>Journal of computer security

期刊信息

  • 期刊名称:

    Journal of computer security

  • 中文名称: 计算机安全杂志
  • 刊频:
  • ISSN: 0926-227X
  • 出版社: -
  • 简介:
  • 排序:
  • 显示:
  • 每页:
全选(0
<1/20>
450条结果
  • 机译 与安全模式和攻击步骤相关联以设计安全应用程序的目录
    摘要:Design Patterns are now widely accepted and used in software engineering; they represent generic and reusable solutions to common problems in software design. Security patterns are specialised patterns whose purpose is to help design applications that should meet security requirements. The enthusiasm surrounding security patterns has made emerge several catalogues listing up to 180 different patterns at the moment. This growing number brings an increased difficulty in choosing the most appropriate patterns for a given design problem. We propose a security pattern classification to facilitate the security pattern choice and a classification method based on data integration. The classification exposes relationships among software attacks, security principles and security patterns. It expresses the pattern combinations that are countermeasures to a given attack. This classification is semi-automatically inferred by means of a data-store integrating disparate publicly available security data. The data-store is also used to generate Attack Defense Trees . In our context, these illustrate, for a given attack, its sub-attacks, steps, techniques and the related defenses given under the form of security pattern combinations. Such trees make the pattern classification more readable even for beginners in security patterns. Finally, we evaluate on human subjects the benefits of using a pattern classification established for Web applications, which covers 215 attacks, 66 security principles and 26 security patterns.
  • 机译 室内气候数据对隐私的影响
    摘要:Smart heating applications promise to increase energy efficiency and comfort by collecting and processing room climate data. While it has been suspected that the sensed data may leak crucial personal information about the occupants, this belief has up until now not been supported by evidence. In this work, we investigate privacy risks arising from the collection of room climate measurements. We assume that an attacker has access to the most basic measurements only: temperature and relative humidity. We train machine learning classifiers to predict the presence and number of room occupants and to discriminate between different types of activities. On data that was collected at three different locations, we show that occupancy can be detected from data measured by a single sensor with up to 93.5 % accuracy. One can even distinguish between the cases that no, one, or two persons are present with up to 66.4 % accuracy. Moreover, the four actions reading, working on a PC, standing, and walking, can be discriminated with up to 56.8 % accuracy, which is likewise clearly better than guessing (25 % ). Constraining the set of actions allows to achieve even higher prediction rates. For example, we discriminate standing and walking occupants with 96.3 % accuracy. In addition, we show that the accuracy can be increased in most cases if an attacker has access to measurements from two different sensors located in the same room. Our results provide evidence that even the leakage of such ‘inconspicuous’ data as temperature and relative humidity can seriously violate privacy.
  • 机译 分组ORAM,用于外包个人记录中的隐私和访问控制
    摘要:Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score systems. To tackle this problem, we present Π GORAM , a definitional framework for Group Oblivious RAM, in which we formalize several security and privacy properties such as secrecy, integrity, anonymity, and obliviousness. Π GORAM allows per entry access control, as selected by the data owner. Π GORAM is the first framework to define such a wide range of security and privacy properties for outsourced storage. Regarding obliviousness, we tackle two different attacker models: our first definition protects against an honest-but-curious server while our second definition protects against such a server colluding with malicious clients. In the latter model, we prove a server-side computational lower bound of Ω ( n ) where n is the number of entries in the database, i.e., every operations requires to process a constant fraction of the database. Furthermore, we present two constructions: a pure cryptographic instantiation, which achieves an O ( n ) amortized communication and computation complexity and a construction based on a trusted proxy with logarithmic communication and server-side computational complexity. The second construction bypasses the previously established lower bound leveraging a trusted party. Both schemes achieve secrecy, integrity, and obliviousness with respect to a server colluding with malicious clients, but not anonymity due to the deployed access control mechanism. In the former model, we present a cryptographic system that achieves secrecy, integrity, obliviousness, and anonymity. In the process of designing an efficient construction, we developed three new, generally applicable cryptographic schemes, namely, batched zero-knowledge proof of shuffle correctness, the hash-and-proof paradigm, which even improves upon the former, and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented our constructions in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction.
  • 机译 每个会话的安全性:重新基于密码的加密
    摘要:Cryptographic security is usually defined as a guarantee that holds except when a bad event with negligible probability occurs, and nothing is guaranteed in that bad case. However, in settings where such failure can happen with substantial probability, one needs to provide guarantees even for the bad case. A?typical example is where a (possibly weak) password is used instead of a secure cryptographic key to protect a session, the bad event being that the adversary correctly guesses the password. In a situation with multiple such sessions, a per-session guarantee is desired: any session for which the password has not been guessed remains secure, independently of whether other sessions have been compromised. A?new formalism for stating such gracefully degrading security guarantees is introduced and applied to analyze the examples of password-based message authentication and password-based encryption. While a natural per-message guarantee is achieved for authentication, the situation of password-based encryption is more delicate: a per-session confidentiality guarantee only holds against attackers for which the distribution of password-guessing effort over the sessions is known in advance. In contrast, for more general attackers without such a restriction, a strong, composable notion of security cannot be achieved.
  • 机译 通过抽象解释验证恒定时间实现
    摘要:Constant-time programming is an established discipline to secure programs against timing attackers. Several real-world secure C libraries such as NaCl, mbedTLS, or Open Quantum Safe, follow this discipline. We propose an advanced static analysis, based on state-of-the-art techniques from abstract interpretation, to report time leakage during programming. To that purpose, we analyze source C programs and use full context-sensitive and arithmetic-aware alias analyses to track the tainted flows. We give semantic evidence of the correctness of our approach on a core language. We also present a prototype implementation for C programs that is based on the CompCert compiler toolchain and its companion Verasco static analyzer. We present verification results on various real-world constant-time programs and report on a successful verification of a challenging SHA-256 implementation that was out of scope of previous tool-assisted approaches.
  • 机译 学习事件之间的概率依赖性,以便在云中进行主动安全审核
    摘要: Security compliance auditing is a viable solution to ensure the accountability and transparency of a cloud provider to its tenants. However, the sheer size of a cloud, coupled with the high operational complexity implied by the multi-tenancy and self-service nature, can easily render existing runtime auditing techniques too expensive and non-scalable. To this end, a proactive approach, which prepares for the auditing ahead of critical events, is a promising solution to reduce the response time to a practical level. However, a key limitation of such approaches is their reliance on manual efforts to extract the dependency relationships among events, which greatly restricts their practicality. What makes things worse is the fact that, as the most important input to security auditing, the logs and configuration databases of a real world cloud platform can be unstructured and not ready to be used for efficient security auditing. In this paper, we first propose a log processing technique, which prepares raw cloud logs for different analysis purposes, and then design a learning-based proactive security auditing system, namely, LeaPS + . To this end, we conduct case studies on current log formats in different real-world OpenStack (a popular cloud platform) deployments, and identify major challenges in log processing. Later, we design a stand-alone log processor for clouds, which may potentially be used for various log analyses. Consequently, we leverage the log processor outputs to extract probabilistic dependencies from runtime events for the dependency models. Finally, through these dependency models, we proactively prepare for security critical events and prevent security violations resulting from those critical events. Furthermore, we integrate LeaPS +  to OpenStack and perform extensive experiments in both simulated and real cloud environments that show a practical response time (e.g., 6 ms to audit a cloud of 100,000 VMs) and a significant improvement (e.g., about 50% faster) over existing proactive approaches. In addition, we successfully and efficiently apply our log processor outputs to other learning techniques (e.g., executing sequence pattern mining algorithms within 18 ms for 50,000 events).
  • 机译 网格中的安全身份验证:DNP3 SAv5的形式分析
    摘要: Most of the world’s power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated. We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol’s sub-protocols. In doing so, we consider the full state machine, the protocol’s asymmetric mode, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard’s intended security properties. For our analysis, we leverage the Tamarin  prover for the symbolic analysis of security protocols. Our analysis shows that the core DNP3: SAv5 design meets its intended security properties. Notably, we show that a previously reported attack does not apply to the standard. However, our analysis also leads to several concrete recommendations for improving future versions of the standard.
  • 机译 Web上的子会话劫持:根本原因和预防
    摘要: Since cookies act as the only proof of a user identity, web sessions are particularly vulnerable to session hijacking attacks, where the browser run by a given user sends requests associated to the identity of another user. When n > 1 cookies are used to implement a session, there might actually be n sub-sessions running at the same website, where each cookie is used to retrieve part of the state information related to the session. Sub-session hijacking breaks the ideal view of the existence of a unique user session by selectively hijacking m sub-sessions, with m < n . This may reduce the security of the session to the security of its weakest sub-session. In this paper, we take a systematic look at the root causes of sub-session hijacking attacks and we introduce sub-session linking as a possible defense mechanism. Out of two flavors of sub-session linking desirable for security, which we call intra-scope and inter-scope sub-session linking respectively, only the former is relatively smooth to implement. Luckily, we also identify programming practices to void the need for inter-scope sub-session linking. We finally present Warden, a server-side proxy which automatically enforces intra-scope sub-session linking on incoming HTTP(S) requests, and we evaluate it in terms of protection, performances, backward compatibility and ease of deployment.
  • 机译 DABKE:安全的可拒绝基于属性的密钥交换框架
    摘要: We introduce the first deniable attribute-based key exchange (DABKE) framework that is resilient to impersonation attacks. We define the formal security models for DABKE framework, and propose a generic compiler that converts any attribute-based key exchanges into deniable ones. We prove that it can achieve session key security and user privacy in the standard model, and strong deniability in the simulation-based paradigm. In particular, the proposed generic compiler ensures: 1) a dishonest user cannot impersonate other user’s session participation in conversations since implicit authentication is used among authorized users; 2) an authorized user can plausibly deny his/her participation after secure conversations with others; 3) the strongest form of deniability is achieved using one-round communication between two authorized users.
  • 机译 一种无限制验证隐私类型属性的方法
    摘要: In this paper, we consider the problem of verifying anonymity and unlinkability in the symbolic model, where protocols are represented as processes in a variant of the applied pi calculus, notably used in the ProVerif  tool. Existing tools and techniques do not allow to verify directly these properties, expressed as behavioral equivalences. We propose a different approach: we design two conditions on protocols which are sufficient to ensure anonymity and unlinkability, and which can then be effectively checked automatically using ProVerif . Our two conditions correspond to two broad classes of attacks on unlinkability, i.e.  data and control-flow leaks. This theoretical result is general enough that it applies to a wide class of protocols based on a variety of cryptographic primitives. In particular, using our tool, UKano , we provide the first formal security proofs of protocols such as BAC and PACE (e-passport), Hash-Lock (RFID authentication), etc. Our work has also lead to the discovery of new attacks, including one on the LAK protocol (RFID authentication) which was previously claimed to be unlinkable (in a weak sense).
  • 机译 站在最后的人:通过控制器综合实现静态,递减和动态弹性
    摘要: The workflow satisfiability problem is the problem of finding an assignment of users to tasks (i.e., a plan) so that all authorization constraints are satisfied. The workflow resiliency problem is a dynamic workflow satisfiability problem coping with the absence of users. If a workflow is resilient, it is of course satisfiable, but the vice versa does not hold. There are three levels of resiliency: in static resiliency, up to k users might be absent before the execution starts and never become available for that execution; in decremental resiliency, up to k users might be absent before or during execution and, again, they never become available for that execution; in dynamic resiliency, up to k users might be absent before executing any task and they may in general turn absent and available continuously, before or during the execution. Much work has been carried out to address static resiliency, little for decremental resiliency and, to the best of our knowledge, for dynamic resiliency no exact approach that returns a dynamic execution plan if and only if a workflow is resilient has been provided so far. In this paper, we tackle workflow resiliency via extended game automata . We provide three encodings (having polynomial-time complexity) from workflows to extended game automata to model each kind of resiliency as an instantaneous game and we use Uppaal-TIGA to synthesize a winning strategy (i.e., a controller) for such a game. If a controller exists, then the workflow is resilient (as the controller’s strategy corresponds to a dynamic plan). If it doesn’t, then the workflow is breakable . The approach that we propose is correct because it corresponds to a reachability problem for extended game automata (TCTL model checking). Moreover, we have developed Erre , the first tool for workflow resiliency that relies on a controller synthesis approach for the three kinds of resiliency. Thanks to Erre , our approach is thus also fully-automated from analysis to simulation.
  • 机译 串通攻击和公平的时间锁定存款,用于比特币中的快速付款交易
    摘要: In Bitcoin network, the distributed storage of multiple copies of the block chain opens up possibilities for double-spending, i.e., a payer issues two separate transactions to two different payees transferring the same coins. While Bitcoin has inherent security mechanism to prevent double-spending attacks, it requires a certain amount of time to detect the double-spending attacks after the transaction has been initiated. Therefore, it is impractical to protect the payees from suffering in double-spending attacks in fast payment scenarios where the time between the exchange of currency and goods or services is shorten to few seconds. Although we cannot prevent double-spending attacks immediately for fast payments, decentralized non-equivocation contracts have been proposed to penalize the malicious payer after the attacks have been detected. The basic idea of these contracts is that the payer locks some coins in a deposit when he initiates a transaction with the payee. If the payer double-spends, a cryptographic primitive called accountable assertions can be used to reveal his Bitcoin credentials for the deposit. Thus, the malicious payer could be penalized by the loss of deposit coins. However, such decentralized non-equivocation contracts are subjected to collusion attacks where the payer colludes with the beneficiary of the depoist and transfers the Bitcoin deposit back to himself when he double-spends, resulting in no penalties. On the other hand, even if the beneficiary behaves honestly, the victim payee cannot get any compensation directly from the deposit in the original design. To prevent such collusion attacks, we design fair time-locked deposits for Bitcoin transactions to defend against double-spending. The fair deposits ensure that the payer will be penalized by the loss of his deposit coins if he double-spends and the victim payee’s loss will be compensated within a locked time period. We start with the protocols of making a deposit for one transaction. In particular, for the transaction with single input and output and the transaction with multiple inputs and outputs, we provide different designs of the deposits. We analyze the performance of deposits made for one transaction and show how the fair deposits work efficiently in Bitcoin. We also provide protocols of making a deposit for multiple transactions, which can reduce the burdens of a honest payer. In the end, we extend the fair deposits to non-equivocation contracts for other distributed systems.
  • 机译 网络钓鱼电子邮件的说服力如何?
    摘要: Context: In the current era of digital technology, social engineers are using various tactics to undermine human weaknesses. Social Engineers target human psychology to achieve their target(s) which are in the form of data, account details, or IT devices etc. According to our research, one of the first methods social engineers used to target victims is Phishing/Spear Phishing. Objective: The objective of this study is to utilize serious game to: i) educate players regarding phishing and spear-phishing attacks; ii) make aware and educate players regarding dangers associated with excessive online information disclosure. Method: In order to address the objectives we have: i) performed an in-depth literature review to extract insights related to social engineering, phishing, game design, learning functions, human interaction, and game-based learning etc; ii) proposed and aligned the game design with social engineering ontology concepts; iii) performed an empirical evaluation to evaluate the effectiveness of the designed board game. Conclusion: From this research study, we conclude that: i) PhishI game is useful in educating players regarding excessive online information disclosure and phishing awareness; ii) game-based learning is an effective method for inculcating and general cyber-related awareness in players.
  • 机译 将编码习惯与功能分离,以实现有效的二进制作者身份
    摘要: Binary authorship attribution refers to the process of identifying the author of a given anonymous binary file based on stylistic characteristics. It aims to automate the laborious and error-prone reverse engineering task of discovering information related to the author(s) of a binary code. Existing works typically employ machine learning methods to extract features that are unique for each author and subsequently match them against a given binary to identify the author. However, most existing works share a common critical limitation, i.e., they cannot distinguish between features representing program functionality and those representing authorship (e.g., authors’ coding habits). Such distinction is crucial for effective authorship attribution because what is unique in a particular binary may be attributed to either author, compiler, or function. In this study, we present BinAuthor a system capable of decoupling program functionality from authors’ coding habits in binary code. To capture coding habits, BinAuthor leverages a set of features that are based on collections of functionality-independent choices made by authors during coding. Our evaluation demonstrates that BinAuthor outperforms existing methods in several aspects. First, it successfully attributes a larger number of authors with a significantly higher accuracy (around 90 % ) based on the large datasets extracted from selected open-source C+ + projects in GitHub, Google Code Jam events, Planet Source Code contests, and several programming projects. Second, BinAuthor is more robust than previous methods; there is no significant drop in accuracy when the code is subjected to refactoring techniques, simple obfuscation, and processed with different compilers. Finally, decoupling authorship from functionality allows us to apply BinAuthor to real malware binaries (Citadel , Zeus , Stuxnet , Flame , Bunny , and Babar ) to automatically generate evidence on similar coding habits.
  • 机译 多服务器遗忘的动态可搜索加密框架
    摘要: Data privacy is one of the main concerns for data outsourcing on the cloud. Although standard encryption can provide confidentiality, it prevents the client from searching/retrieving meaningful information on the outsourced data thereby, degrading the benefits of using cloud services. To address this data utilization versus privacy dilemma, Dynamic Searchable Symmetric Encryption (DSSE) has been proposed. DSSE enables encrypted search and update functionality over the encrypted data via a secure index. However, the state-of-the-art DSSE constructions leak information from the access pattern, making them vulnerable against various attacks. While generic Oblivious Random Access Machine (ORAM) can hide the access pattern, it incurs a heavy communication overhead, which was shown costly to be directly used in the DSSE setting. In this article, by exploiting the multi-cloud infrastructure, we develop a comprehensive Oblivious Distributed DSSE (ODSE) framework that allows oblivious search and updates on the encrypted index with high security and improved efficiency over the use of generic ORAM. Our framework contains a series of ODSE schemes each featuring different levels of performance and security required by various types of real-life applications. ODSE offers desirable security guarantees such as information-theoretic security and robustness in the presence of a malicious adversary. We fully implemented ODSE framework and evaluated its performance in a real cloud environment (Amazon EC2). Our experiments showed that ODSE schemes are 3 × -57 × faster than using generic ORAMs on a DSSE encrypted index under real network settings.
  • 机译 使用辅助通道TCP功能实时检测恶意软件连接
    摘要: During the past years, deep packet inspection has been prevalent in network intrusion detection systems. Most solutions employ complex algorithms to analyze the intended behaviour and underlying characteristics of packets and their payloads, in an effort to detect and prevent malicious users and software from communicating over business intranets and wider networks. Still, there are multiple issues that inhibit their success rate. Most signature-based security software is plagued by false positives and/or false negatives. On the other hand, behavioral-based solutions achieve better detection rates but need to analyze large amounts of traffic. In this article, we present a real-time network traffic monitoring system that implements machine learning over side channel characteristics of TCP network packets to distinguish normal from malicious TCP sessions, even when encryption is in place. We test in university networks and test multiple different types of traffic. We show that, our approach (i) requires notably less information to achieve similar (if not better) detection rates, (ii) works over encrypted traffic as well, and (iii) has notably low false positives and false negatives in everyday case study scenarios.
  • 机译 跟踪工业生态系统中的APT:概念验证
    摘要: In recent years, Advanced Persistent Threats (APTs) have become a major issue for critical infrastructures that are increasingly integrating modern IT technologies. This requires the development of advanced cyber-security services that can holistically detect and trace these attacks, beyond traditional solutions. In this sense, Opinion Dynamics has been proven as an effective solution, as they can locate the most affected areas within the industrial network. With this information, it is possible to put in place accurate response techniques to limit the impact of attacks on the infrastructure. In this paper, we analyze the applicability of Opinion Dynamics to trace an APT throughout its entire life cycle, by correlating different anomalies over time and accounting for the persistence of threats and the criticality of resources. Moreover, we run various experiments with this novel technique over a testbed that models a real control system, thereby assessing its effectiveness in an actual industrial scenario.
  • 机译 取得针对分组密码上的远程缓存定时侧通道集成Warm和DELAY的最佳性能
    摘要: Cache timing side channels allow a remote attacker to disclose the cryptographic keys, by repeatedly invoking the encryption/decryption functions and measuring the execution time. Warm and Delay are two algorithm-independent and implementation-transparent countermeasures against remote cache-based timing side channels for block ciphers. They destroy the relationship between the execution time and the cache misses/hits which are determined by the secret key, but bring remarkable performance overhead. In this paper, we investigate the performance of cryptographic functions protected by Warm and Delay , and attempt to find the best strategy to integrate these two countermeasures with the optimal performance while effectively eliminate remote cache timing side channels for block ciphers implementations with lookup tables. To the best of our knowledge, this work is the first to systematically analyze the performance of integrating Warm and Delay against cache side channels.We derive the optimal scheme to integrate Warm and Delay , and apply it to AES. It is proven that the integration scheme achieves the optimal performance with the least extra operations on commodity systems. Finally, we implement it on Linux with Intel CPUs. Experimental results confirm that, (a ) the execution time does not leak information on cache access, (b ) the scheme outperforms other integration strategies of Warm and Delay , and (c ) the implementation works without any privileged operations on the computer.
  • 机译 社交网络中基于共享习惯的隐私控制
    摘要:We study users behavior in online social networks (OSN) as a means to preserve privacy. People widely use OSN for a variety of objectives and fields. Each OSN has different characteristics, requirements, and vulnerabilities of the private data shared. Sharing-habits refers to users’ patterns of sharing information. Sharing-habits are implied by the communication between users and their peers. While social networks allow users to have some control over the dissemination of their information, most users are not aware that the private information they share might leak to users with whom they do not wish to share it. In this paper we address the growing need of social network users to share information with close fiends while hiding it from others. We apply several different well-known strategies from graph-flow theory to an OSN graph with sharing-habits insights, to control the information flow among OSN users. The goal of the method we present is to allow maximum information sharing while enforcing a user’s pre-defined privacy criteria. Our method is evaluated using real data from well known social networks and the results are analyzed in terms of accuracy and run-time.
  • 机译 在保护访问机密性的同时执行授权
    摘要:Cloud computing is the reference paradigm to provide data storage and management in a convenient and scalable manner. However, moving data to the cloud raises several issues, including the confidentiality of data and of accesses that are no more under the direct control of the data owner. The shuffle index has been proposed as a solution for addressing these issues when data are stored at an external third party. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach is based on the use of selective encryption and on the organization of data and authorizations in two shuffle indexes. Owners regulate access to their data through authorizations that allow different users to access different portions of the data, while, at the same time, the confidentiality of accesses is guaranteed. The proposed approach also supports update operations over the outsourced data collection (i.e., insertion, removal, and update) as well as of the access control policy (i.e., grant and revoke). Also, our approach protects the nature of each access operation, making revoke operations and resource removal operations indistinguishable by the storing server and/or observing users.
  • 联系方式:010-58892860转803 (工作时间) 18141920177 (微信同号)
  • 客服邮箱:kefu@zhangqiaokeyan.com
  • 京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-1 六维联合信息科技(北京)有限公司©版权所有
  • 客服微信
  • 服务号