The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Over the years, system calls (syscalls) have become an increasingly popular data source for host intrusion detection systems (HIDS). This is partly due to their strong security semantic implications. As syscalls conform to a program's control-flow graph, a deviation in a syscall sequence may imply a deviation in a program's control-flow graph. This is useful for detecting the control-flow hijacking...
Internet-connected embedded systems have limited capabilities to defend themselves against remote hacking attacks. The potential effects of such attacks, however, can have a significant impact in the context of the Internet of Things, industrial control systems, smart health systems, etc. Embedded systems cannot effectively utilize existing software-based protection mechanisms due to limited processing...
Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions...
The Internet of Things (IoT) has penetrated various domains, from smart grids to precision agriculture, facilitating remote sensing and control. However, IoT devices are target to a spectrum of reliability and security issues. Therefore, capturing the normal behavior of these devices and detecting abnormalities in program execution is key for reliable deployment. However, existing program anomaly...
Smart Home solutions are currently booming and apply to a variety of areas in order to improve inhabitants' quality of life. Many Smart Home solutions are based on service-oriented pervasive platforms providing context services. These services may correspond to devices (a lamp for instance) or to any computing unit providing useful functions (luminosity in a room for example). One of the big issues...
Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence,...
The social internet of things (SIOT) is a thriving research field that emerged after the integration of social networking concepts in the internet of things. It resulted in the appearance of new and more powerful applications. Indeed, trust management system (TMS) has been considered as an effective security mechanism in the Internet of things. Thus, many research works have been carried to propose...
Provides an abstract for each of the tutorial presentations and a brief professional biography of each presenter. The complete presentations were not made available for publication as part of the conference proceedings.
Sexual harassment at workplace has been a criticalchallenge for women, especially in the service sector due to oddworking hours. Companies and Government on their part havetaken up measures to protect women employees but theproblem seems persistent. To address this, we have designed aregulatory solution based on operant conditioning. Operantconditioning argues that people's behaviors are primarilycontrolled...
Software development teams apply security practices to prevent vulnerabilities in the software they ship. However, vulnerabilities can be difficult to find, and security practices take time and effort. Stakeholders can better guide software development if they have empirical data on how security practices are applied by development teams. The goal of this paper is to inform managers and developers...
This paper presents our results from identifying anddocumenting false positives generated by static code analysistools. By false positives, we mean a static code analysis toolgenerates a warning message, but the warning message isnot really an error. The goal of our study is to understandthe different kinds of false positives generated so we can (1)automatically determine if an error message is truly...
Many organisations have adopted outsourcing for delivering critical IT services to their clients. Organisations need to identify the potential security threats of outsourced IT projects as early as possible to avoid or mitigate security incidents. Existing threat classification approaches suffer from limitations such as the lack of exhaustive threat classification criteria. In this paper, we propose...
The perception of risk is a driver for security analysts' decision making. However, security analysts may have conflicting views of a risk based on personal, system and environmental factors. This difference in perception and opinion, may impact effective decision making. In this paper, we propose a model that highlights areas contributing to the perception of risk in a socio-technical environment...
The efficient deployment of Internet of Things (IoT) over cellular networks, such as Long Term Evolution (LTE) or the next generation 5G, entails several challenges. For massive IoT, reducing the energy consumption on the device side becomes essential. One of the main characteristics of massive IoT is small data transmissions. To improve the support of them, the 3GPP has included two novel optimizations...
The complexity of contemporary external action missions is increasing with a growing number of civilian and other non-military actors operating in a shared environment. There are currently not sufficient capabilities for civil-military cooperation in place which hinders operational effectiveness and the full exploitation of the information sharing potential. We contribute to the assessment of information...
The past ten years has seen increasing calls to makesecurity research more "scientific".On the surface, most agree that this is desirable, given universal recognition of "science" as a positive force. However, we find that there is little clarity on what "scientific" means inthe context of computer security research, or consensus onwhat a "Science of Security"...
In order to develop efficient and effective framework for managing any conflict between security and privacy Non-Functional requirements and to reduce risk impact in software system, the goals set by the stakeholders need to be ascertained, and then the modeling language, tools, implementation and validation procedures need to be altered accordingly. Overall, this research is aimed for constructing...
In smart factories and smart homes, devices such as smart sensors are connected to the Internet. Independent of the context in which such a smart sensor is deployed, the possibility to change its configuration parameters in a secure way is essential. Existing solutions do provide only minimal security or do not allow to transfer arbitrary configuration data. In this paper, we present an NFC- and QR-code...
Security, interoperability, scalability, and mobility support are key challenges for the Internet of Things (IoT). Information Centric Networking (ICN) is an emerging paradigm for the Future Internet design that brings all the potential to face these challenges thanks to name-driven networking primitives. As a matter of fact, ICN natively supports multicast, mobility, content oriented security, and...
This paper studies information flows via timing channels in the presence ofautomatic memory management. We construct a series of example attacks thatillustrate that garbage collectors form a shared resource that can be used toreliably leak sensitive information at a rate of up to 1 byte/sec on a contemporarygeneral-purpose computer. The createdchannel is also observable across a network connection...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.