The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Security, interoperability, scalability, and mobility support are key challenges for the Internet of Things (IoT). Information Centric Networking (ICN) is an emerging paradigm for the Future Internet design that brings all the potential to face these challenges thanks to name-driven networking primitives. As a matter of fact, ICN natively supports multicast, mobility, content oriented security, and...
Hardware-Assisted Flow Integrity extension (HAFIX) was proposed as a defense against code-reuse attacks that exploit backward edges (returns). HAFIX provides finegrained protection by confining return addresses to only target call sites in functions active on the call stack. We study whether the backward-edge policy in HAFIX is sufficient to prevent code-reuse exploits on real-world programs. In this...
Computer-system logs often contain high volumes of interesting, useful information, and are an important data source for network security analysis. In this paper, we propose a distributed log stream processing system consisting of three main parts: log collection module, log transmission module and log statistics module. The system uses several open source technologies, not only supports multi-source...
In this paper, a new locking protocolis being proposed which will be applied on a distributed database system. Two Phase Locking protocol will be implemented along with Secure Hash Algorithm-3, 512 variant. The Two phase locking algorithm is used to provide resources to the user which reduces the chances of deadlock. A hash value is calculated for every data that is sent to the client by the database...
With the today's the rapid developing of wireless mobile networks, various types of mobile devices have emerged and a variety of applications have been developed. People's desire for more convenient life and more efficient collaboration may be coming true in this era. Meanwhile there are lots of security challenges in wireless mobile networks. To resist conventional attacks and obtain stronger securities...
Code diversification is an effective strategy to prevent modern code-reuse exploits. Unfortunately, diversification techniques are inherently vulnerable to information disclosure. Recent diversification-aware ROP exploits have demonstrated that code disclosure attacks are a realistic threat, with an attacker able to read or execute arbitrary code memory and gather enough gadgets to bypass state-of-the-art...
With the constant increase of multimedia internet penetration as well as rapid spread and sharing of various information, people pay more and more attention to the information related to daily power utilization. In order to realize the interaction between power companies and power utilization information of users, the power companies apply and register their public accounts to establish their own...
The main objective of this paper is to compare and document low cost open source SCADA options available for remote controlling and monitoring of inverters. To achieve this objective from the client side, interface between inverter and the SCADA has been developed. Three low cost options are being tested and tabulated the paper comparing inherent advantages and disadvantages. From the server side...
We explore a reference monitor (RM) design which borrows from the Flask security architecture. Our RM design goal is to achieve complete mediation by checking and verifying the authority and authenticity of every access to every system object. Access decisions are administered by a security logic server implemented as an extension of the peripheral bus. Initial results show a minimal increase in resource...
Despite many applications, mobile cloud computinginduces privacy concerns. In particular, when mobile device usersoffload the computation of a mobile app to the cloud, they may notwant the cloud service provider (CSP) to know what kind of appthey are using, since that information might be used to infer theirpersonal activities and living habits. One possible way for the CSPto learn the type of an...
This investigation proposes a methodology with a practical approach for privacy vulnerability analysis on Android Applications. The methodology combines the controls of the OWASP Mobile Security Project [1], Open Android Security Assessment Methodology [2], and good practices from the current state of the art. The proposed assessment is composed of the following stages: collection of information,...
Over the years cybercriminals have misused the Domain Name System (DNS) – a critical component of the Internet – to gain profit. Despite this persisting trend, little empirical information about the security of Top-Level Domains (TLDs) and of the overall 'health' of the DNS ecosystem exists. In this paper, we present security metrics for this ecosystem and measure the operational values of such metrics...
Zeus is a well-known and effective family of ‘man-in-the-browser’ malware. This qualitative case study analyses posts in online cybercrime forums that discuss Zeus configuration. Online cybercriminals were found to share, sell, steal, and trade configuration files. The discussions and advertisements on the forums, which span four years, were found to evolve with market conditions and externalities,...
Malicious domains are basic tools in the hands of cybercriminals. Once a victim is malware-infected, malware will tend to connect malicious domains to do internet crime such as awaiting the remote control command or delivering the malware reported feedback. Recent studies have paid much effort on detecting malicious domains, but still have room to improve. For the purpose of detecting malicious domains...
Open source and closed software security has been debated for decades, vulnerabilities reported for both types of software has been under scrutiny for years. In this study, a descriptive and correlation study for two selected systems is conducted using SPSS 19. The results show that the severity score average of Linux kernel vulnerabilities is lower by %30 than the severity score average of vulnerabilities...
The Web today is a growing universe of pages and applications teeming with interactive content. The security of such applications is of the utmost importance, as exploits can have a devastating impact on personal and economic levels. The number one programming language in Web applications is PHP, powering more than 80% of the top ten million websites. Yet it was not designed with security in mind...
In Pakistan, annual occurrence of lifethreatening during the Muhram, Rabiul Awal, Mela, Eid events. There is no mechanism, to control the huge crowed during these events so they are great challenges for security managers to monitor, manage and save the lives of peoples. Saudi Arabia is using gadgets for monitoring the big crowd of pilgrims during hajj event. But security is still a big issue because...
We present a novel approach for detecting malicious user activity in databases. Specifically, we propose a new machine learning algorithm for detecting attacks such as a stolen user account or illegal use by a user. Our algorithm relies on two main components that examine the consistency of a user's activity and compare it with activity patterns learned from past access. The first component tests...
Thanks to their crucial role in different areas such as supply chain and healthcare, Radio Frequency Identification (RFID) technologies have currently attracted a lot of attention. They are mainly used for identifying objects and people based on a combination of tags and readers. Nevertheless, this identification brings out many challenges and concerns including security which still remains an open...
The purpose of this study is to showcase the design and development of a web-enabled home automation system prototype. The unit was developed using low-cost components such as the ubiquitous Arduino microcontroller. One of the features of the developed unit is the ability to monitor the power consumed by electrical loads. The unit also has the ability to control the status of individual loads through...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.