The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In the next future, IoT systems will be “ubiquitous” and “pervasive”, bringing several benefits to mankind and also many issues about interoperability, security and privacy. The intrinsic vulnerabilities of IoT devices, with limited resources and heterogeneous technologies, together with the lack of specifically designed IoT standards, represent a fertile ground for the expansion of specific cyber...
Modern mobile apps incorporate rich and complex features, opening the doors for different security concerns. Android is the dominant platform in mobile app markets, and enhancing its apps security is a considerable area of research. Android malware (introduced intentionally by developers) has been well studied and many tools are available to detect them. However, little attention has been directed...
This paper investigates the suitability of employing various measurable features derived from multiple wearable devices (Apple Watch), for the generation of unique authentication and encryption keys related to the user. This technique is termed as ICMetrics. The ICMetrics technology requires identifying the suitable features in an environment for key generation most useful for online services. This...
Assembly execution trace analysis is an effective approach for discovering potential software vulnerabilities. However, the size of the execution traces and the lack of source code makes this a manual, labor-intensive process. Instead of browsing billions of instructions one by one, software security analysts need higher-level information that can provide an overview of the execution of a program...
This paper describes the implementative aspects, the main challenges and the adopted solutions for an Internet voting system designed by LepidaSpA and dedicated for specific elections a Land Reclamation Authority in Italian Emilia-Romagna region. Besides the description of the voting system, we also present an efficient and simple administration tool for the management of all the election phases,...
With the development of information technology, software plays an increasingly important role in the process of social development. However, at the same time, the number of software vulnerabilities is growing, posing a threat to national security and social stability. Therefore, some scholars and research institutions are paying their attention to the study of software vulnerability. In this paper,...
Security vulnerabilities in system software are a major concern, especially when the software is highly exposed. This paper studies whether it is possible to emulate security vulnerabilities through software fault injection by using well known emulation operators. Emulating security vulnerabilities in the C programming language, in a realistic way using field data, is an unanswered research question,...
Developers frequently rely on free static analysis tools to automatically detect vulnerabilities in the source code of their applications, but it is well-known that the performance of such tools is limited and varies from one software development scenario to another, both in terms of coverage and false positives. Diversity is an obvi-ous direction to take to improve coverage, as different tools usual-ly...
This paper introduces a newly developed Object-Oriented Open Software Architecture designed for supporting security applications, while leveraging on the capabilities offered by dedicated Open Hardware devices. Specifically, we target the SEcube™ platform, an Open Hardware security platform based on a 3D SiP (System on Package) designed and produced by Blu5 Group. The platform integrates three components...
Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function...
With the current trend of introducing networking capabilities into traditional industries, Cyber-Physical Production Systems (CPPS) are increasingly targeted by cyber-attacks. Especially with the progression of introducing the industry 4.0 paradigm to sectors that until now worked with strictly sealed environments, new attack surfaces are brought to the attention of cyber-criminals that already possess...
Existing attestation solutions based on Linux Integrity Measurement Architecture treat the network as an untrusted input. Thus, they often employ strict access control mechanisms with tunneling policies to prevent network flows from tainting the system. However, these different access control policies are challenging for administrators to model and verify for different Linux deployments, making them...
We present in this paper a security analysis of electronic devices which considers the lifecycle properties of embedded systems. We first define a generic model of electronic devices lifecycle showing the complex interactions between the numerous assets and the actors. The method is illustrated through a case study: a connected insulin pump. The lifecycle induced vulnerabilities are analyzed using...
This short empirical paper investigates how well topic modeling and database meta-data characteristics can classify web and other proof-of-concept (PoC) exploits for publicly disclosed software vulnerabilities. By using a dataset comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is obtained in the empirical experiment. Text mining and topic modeling are a significant boost factor...
Exploitable software vulnerabilities pose severe threats to its information security and privacy. Although a great amount of efforts have been dedicated to improving software security, research on quantifying software exploitability is still in its infancy. In this work, we propose ExploitMeter, a fuzzing-based framework of quantifying software exploitability that facilitates decision-making for software...
The software defined optical network (SDON) service plays an important role in the production and operation of the network system. It's important to solve the problem of how to reduce the risk and distribute the service path more rationally. However, most of the existing algorithms do not take into account service importance. In this paper, a risk balancing routing assignment mechanism based service...
In this study, we present a method for extracting and representing knowledge of presentation slide creators based on the slide contents that are published on a slide sharing service. The proposed method regards the number of views, downloads, and likes from other users as the users rating for a presentation slide, and extract knowledge of the slide creator in terms of the usefulness and knowledge...
Due to the increasing complexity of web and client application's structure, security problem has become more and more critical. Among all the threats reported, SQL Injection Attacks (SQLIAs) have always been top-ranked in recent years, and network logs, which are very important for the detection of SQLIA, are often utilized to analyze the user's attacking behaviors. However, the collection of network...
A major cyber-security concern to date for webservers are Distributed Denial of Service (DDoS) attacks. Previously we proposed a novel overlay-based method consisting of distributed network of public servers (PS) for preparation, and access nodes (AN) for actual communication. The AN's performance is evaluated under difficult to detect HTTP(S)-DDoS attacks. Yet, attackers may attempt service denial...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.