The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Denial-of-service (DoS) and distributed DoS (DDoS) are among the major threats to cyber-security, and client puzzle, which demands a client to perform computationally expensive operations before being granted services from a server, is a well-known countermeasure to them. However, an attacker can inflate its capability of DoS/DDoS attacks with fast puzzle-solving software and/or built-in graphics...
While most microkernel-based systems implement non-essential software components as user space tasks and strictly separate those tasks during runtime, they often rely on a static configuration and composition of their software components to ensure safety and security. In this paper, we extend a microkernel-based system architecture with a Trusted Platform Module (TPM) and propose a verification mechanism...
SSL VPN system depends on TUN device on Linux host. Without TUN device, it can't be deployed on Linux hosts. In order to overcome this limitation, a new kind of SSL VPN system is developed. This system is based on simulated virtual NIC based on loopback interface. With the help of simulated virtual NIC, SSL VPN client can be deployed on Linux hosts without TUN devices. Thus a Linux host without TUN...
With applications increasingly moving to the cloud, it is becoming common for an application to be separated by the network from the I/O devices with which the user is interacting. Currently this requires modifying the application to receive user input from the network rather than the device. We present a new I/O architecture in which the device driver is split into two parts, with the network between...
Network steganography describes all the methods used for transmitting data over a network without it being detected. Several methods for hiding data in a network have been proposed, but the main drawback of most of them is that they do not offer a secondary layer of protection. If steganography is detected, the data is in plain text. This article proposes an implementation called SCONeP (Steganography...
In information society, data is become one of the most important part to company or individual. At the same time, data protection has become urgent. Traditional file protection system-based on data encryption has the inherent defects. It can't prevent man-made data destruction and falsification of data. In this paper, using user space file system and authentication server combined with encryption...
Many security-critical web applications, such as online banking and e-commerce, require a secure communication path between the user and a remote server. Securing this endto- end path is challenging and can be broken down into several segments. The network part between the user's machine and the server is usually well protected, using secure communication protocols, such as the Transport Layer Security...
With the wide use of online social networks (OSNs), the problem of data privacy has attracted much attention. Several approaches have been proposed to address this issue. One of privacy management approaches for OSN leverages a key management technique to enable a user to simply post encrypted contents so that only users who can satisfy the associate security policy can derive the key to access the...
The stream control transmission protocol (SCTP) uses a cookie mechanism to tackle the security and traditional attack scenario. Unfortunately, SCTP is not secured against redirection attacks, bombing attacks and towards verification-tag guessing attacks which lead to association-hijacking and may force the victim client to starve out of service from the server. Therefore, we propose a secure SCTP...
Private computing on public platforms (PCPP) is a new technology designed to enable secure and private execution of applications on remote, potentially hostile, public platforms. PCPP must secure its encryption keys to ensure that application isolation is robust and reliable. To this end we offer a protection scheme for PCPP encryption keys. In this paper we first discuss a commonly used key storage...
Microkernels have been developed to minimize the size of software that needs to run in privileged CPU mode. It provides a minimal set of general hardware abstractions and able to implement an operating system with a high level of reliability and security. In L4 microkernel, the creation of address spaces, thread and inter process communication as fundamental abstraction is important in the development...
Software-based usage controls typically are vulnerable to attacks. Trusted platform modules (TPMs) can enable much more robust controls. However, as conventionally understood, TPM-secured systems may not support software updates or asynchronous communication. We contribute techniques that overcome these limitations, enabling updates, secure transmission of usage-controlled files via email or removable...
We design a framework that implements security at the TCP layer to meet the necessity for a practical and truly end-to-end security solution. We call our framework TCPsec. TCPsec is a security extension to TCP and implemented in the kernel. Applications may use TCPsec through regular TCP sockets by setting special socket options. TCPsec uses a Secure Socket Layer (SSL)-like handshake to set up a secure...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.