Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Computer Security. ESORICS 2023 International Workshops : CyberICS, DPM, CBT, and SECPRE, the Hague, the Netherlands, September 25-29, 2023, Revised Selected Papers, Part I
| Computer Security. ESORICS 2023 International Workshops : CyberICS, DPM, CBT, and SECPRE, the Hague, the Netherlands, September 25-29, 2023, Revised Selected Papers, Part I |
| Autore | Katsikas Sokratis |
| Edizione | [1st ed.] |
| Pubbl/distr/stampa | Cham : , : Springer, , 2024 |
| Descrizione fisica | 1 online resource (518 pages) |
| Altri autori (Persone) |
Cuppensédéric
Cuppens-BoulahiaNora LambrinoudakisCostas Garcia-AlfaroJoaquin Navarro-ArribasGuillermo NespoliPantaleone KalloniatisChristos MylopoulosJohn AntónAnnie |
| Collana | Lecture Notes in Computer Science Series |
| ISBN | 3-031-54204-5 |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Contents - Part I -- Contents - Part II -- Effects of Organizational Cyber Security Culture Across the Energy Sector Supply Chain -- 1 Introduction -- 2 Related Work -- 2.1 Supply Chain Cyber Security -- 2.2 Cyber Security Culture -- 3 Method -- 3.1 Problem Identification and Literature Review -- 3.2 Data Collection and Analysis -- 3.3 Data Interpretation and Reporting -- 4 Results -- 4.1 Governance -- 4.2 Preparedness and Incident Response -- 4.3 Supply Chain Challenges -- 4.4 Trust -- 4.5 Looking Towards Others and Propagation of Trust -- 4.6 The Impact of Organization Size -- 5 Discussion -- 5.1 Discussion of Main Research Questions -- 5.2 Exploration of Additional Findings -- 6 Conclusion and Future Work -- References -- METRICS: A Methodology for Evaluating and Testing the Resilience of Industrial Control Systems to Cyberattacks -- 1 Introduction -- 2 Cybersecurity Research for ICSs -- 2.1 Testbeds -- 2.2 Datasets -- 2.3 Related Work -- 2.4 Toward a Cross-Domain ICS Evaluation -- 3 METRICS: A Cybersecurity Evaluation Methodology for ICSs -- 3.1 Exchangeable Evaluation Environment -- 3.2 Adversaries and Responses -- 3.3 Cross-Domain Metrics -- 3.4 Evaluation Control -- 4 Use Case: METRICS for Power Grids -- 4.1 Evaluation Phases -- 4.2 Discussion -- 5 Toward Cross-Domain Resilience -- 6 Conclusion -- A Environment Description File Example -- B Scenario Description File Example -- References -- Threat Analysis in Dairy Farming 4.0 -- 1 Introduction -- 2 Related Work -- 3 CPSs of a Dairy Farm 4.0 -- 4 Threat Modeling and Risk Assessment -- 4.1 Methodology -- 4.2 Threats and Risks in the Dairy Farm 4.0 -- 5 Conclusions -- References -- Overview of Social Engineering Protection and Prevention Methods -- 1 Introduction -- 2 Method Selection Methodology -- 3 Analysis -- 3.1 Overview of Protection Method Categories.
3.2 Criteria for Method Evaluation -- 3.3 Evaluation Results -- 3.4 Analysis of Evaluation Results -- 4 Conclusion -- References -- Skade - A Challenge Management System for Cyber Threat Hunting -- 1 Introduction -- 2 Related Work -- 3 Hypotheses Concerning Threat Hunting Training -- 3.1 Ensuring Constructive Alignment -- 3.2 Supporting Motivating Setting -- 3.3 Providing Feedback and Assessment -- 3.4 Covering Multiple Learning Dimensions -- 4 Realization of the Challenge Manager Skade -- 4.1 Features -- 4.2 Functions -- 4.3 Example Based on the Nordic-US Exercise of 2023 -- 5 Discussion -- 5.1 Skade as a Design Science Effort -- 5.2 Trainees and Requirements on Challenges -- 5.3 Interaction with Emulators -- 5.4 Learning Objectives and Learning Activities -- 5.5 Experiment Plan and Tests of Hypotheses -- 6 Conclusion -- References -- On the Usage of NLP on CVE Descriptions for Calculating Risk -- 1 Introduction -- 2 Cybersecurity Related Background -- 2.1 Common Vulnerabilities and Exposures (CVE) -- 2.2 Common Platform Enumeration (CPE) -- 2.3 Common Weakness Enumeration (CWE) -- 2.4 Common Attack Pattern Enumeration and Classification (CAPEC) -- 2.5 National Vulnerability Database (NVD) -- 2.6 Common Vulnerability Scoring System (CVSS) -- 3 Related Work -- 4 Natural Language Processing Background -- 4.1 Text Classification -- 4.2 spaCy -- 5 Implementation -- 6 Conclusion -- References -- Evaluation of an OPC UA-Based Access Control Enforcement Architecture -- 1 Introduction -- 2 Related Work -- 3 Architecture -- 3.1 Protocol Modeling -- 4 Implementation -- 5 Experiment -- 6 Results -- 6.1 Results on Connection Experiments -- 6.2 Results on Access Resource Experiments -- 6.3 Results on Different Token Expiry Times -- 6.4 Result on Different Token Sizes -- 6.5 Results on Lowering the CPU Clock Frequency of the Resource Server. 7 Suggestions on Optimizations of Session Activation -- 8 Discussion -- 8.1 Recommendations -- 8.2 Limitations and Impact -- 9 Conclusions -- References -- HoneyEVSE: An Honeypot to Emulate Electric Vehicle Supply Equipments -- 1 Introduction -- 2 Background -- 2.1 Internet Exchange Point -- 2.2 Honeypot -- 2.3 Vehicle-to-Grid (V2G) -- 3 Related Work -- 4 HoneyEVSE Honeypot -- 4.1 Architecture -- 4.2 Physical Process -- 4.3 Services and Interaction -- 4.4 Data Logging -- 5 Results -- 5.1 Interactions Analysis -- 5.2 Interactions Origin -- 6 Conclusion -- References -- DPM 2023 -- Foreword from the DPM 2023 Program Chairs -- 18th International Workshop on Data Privacy Management - DPM 2023 -- PC Chairs -- Program Committee -- Steering Committee -- Additional Reviewers -- Not Only Security and Privacy: The Evolving Ethical and Legal Challenges of E-Commerce -- 1 Introduction -- 2 Background -- 3 Methodology and Research Strategy -- 3.1 Research Questions -- 4 Results -- 4.1 The `old' Ethical Dilemmas of E-Commerce -- 4.2 The `New' Ethical Dilemmas of E-Commerce -- 5 Conclusions -- References -- Synthetic Is All You Need: Removing the Auxiliary Data Assumption for Membership Inference Attacks Against Synthetic Data -- 1 Introduction -- 2 Background and Related Work -- 2.1 Synthetic Data Generation -- 2.2 Membership Inference Attacks Against Synthetic Tabular Data -- 3 Attack Scenarios -- 3.1 (S0) Auxiliary -- 3.2 (S1) Black Box -- 3.3 (S2) Published -- 3.4 (S3) Upper Bound -- 4 Experimental Setup -- 4.1 Synthetic Data Generators -- 4.2 Real World Datasets -- 4.3 Meta-classifier Methods -- 4.4 Parameters of the Attack -- 5 Results -- 5.1 Query Based Attack -- 5.2 Target Attention Attack -- 5.3 Robustness Analysis for Number of Synthetic Records m -- 6 Future Work -- 6.1 Impact of Releasing Less Synthetic Records. 6.2 Differentially Private Synthetic Generation Methods -- 6.3 Bridging the Gap with the Upper Bound -- 7 Conclusion -- References -- Patient-Centric Health Data Sovereignty: An Approach Using Proxy Re-Encryption -- 1 Introduction -- 2 Proxy Re-Encryption -- 2.1 Syntax and Basic Definitions -- 2.2 Umbral's PRE Scheme -- 3 Related Work -- 4 Patient-Centric Health Data Sovereignty -- 4.1 Proposed Solution -- 4.2 Authentication/Authorisation -- 4.3 Access Delegation Scenario -- 4.4 Break-Glass Approach -- 5 Performance Analysis -- 6 Conclusion -- References -- PrivacySmart: Automatic and Transparent Management of Privacy Policies -- 1 Introduction -- 1.1 Related Work -- 1.2 Contribution and Plan of This Paper -- 2 Proposal Description -- 2.1 System Architecture Overview -- 2.2 User Privacy Preferences -- 2.3 Pop-Up Interaction Module -- 2.4 Consent Smart Contract -- 2.5 Workflow -- 3 Discussion -- 3.1 Implementation -- 3.2 Evaluation -- 4 Conclusions and Future Work -- References -- Try On, Spied On?: Privacy Analysis of Virtual Try-On Websites and Android Apps -- 1 Introduction -- 2 Related Work -- 3 Methodology -- 3.1 Collection of VTO Providers, Websites and Apps -- 3.2 Analyzing the Sharing of Users' Images on VTO Websites/Apps -- 3.3 Analyzing Privacy Policies w.r.t VTO Feature -- 3.4 Measurement of Trackers -- 3.5 Analysing VTO Service Providers -- 4 Results -- 4.1 Sharing of Users' Images on VTO Featuring Websites -- 4.2 Privacy Policy Analysis w.r.t VTO Feature on Websites -- 4.3 Sharing of Users' Images on VTO Featuring Apps -- 4.4 Privacy Policy Analysis w.r.t VTO Feature on Apps -- 4.5 Measurement of Trackers -- 4.6 Analysis of VTO Service Providers -- 5 Conclusion -- References -- Integrally Private Model Selection for Support Vector Machine -- 1 Introduction -- 2 Preliminaries -- 2.1 Support Vector Machine (SVM). 2.2 Model Comparison Attack for SVM and Integral Privacy -- 3 Methodology -- 3.1 Overview -- 3.2 Datasets -- 3.3 Creation of Partitions -- 3.4 Integrally Private SVM (IPSVM) -- 4 Results -- 4.1 Drawbacks -- 5 Conclusion and Future Work -- References -- Differentially Private Traffic Flow Prediction Using Transformers: A Federated Approach -- 1 Introduction -- 2 Preliminaries -- 2.1 Federated Learning -- 2.2 Differential Privacy -- 2.3 Temporal Fusion Transformers -- 3 Related Work -- 4 Differentially Private Federated Traffic Flow Prediction Using Temporal Fusion Transformers -- 4.1 Client-Side Training -- 4.2 Model Perturbation -- 4.3 Aggregation Algorithm -- 5 Dataset and Experimental Settings -- 6 Results and Analysis -- 7 Conclusion and Future Works -- References -- Analyzing Continuous Ks-Anonymization for Smart Meter Data -- 1 Introduction -- 2 Problem Statement and Related Work -- 3 ks-Anonymity and CASTLE -- 4 Evaluation -- 5 Conclusion -- References -- Towards Real-World Private Computations with Homomorphic Encryption: Current Solutions and Open Challenges -- 1 Introduction -- 2 Industrial Context -- 3 Background -- 4 Available Libraries -- 4.1 HElib -- 4.2 SEAL -- 4.3 PALISADE -- 4.4 OpenFHE -- 4.5 TFHE -- 4.6 Concrete -- 4.7 LATTIGO -- 5 Towards Real-World HE Applications: HELT -- 6 Related Work -- 7 Conclusion -- References -- AddShare: A Privacy-Preserving Approach for Federated Learning -- 1 Introduction -- 2 Background and Related Work -- 2.1 Federated Learning Attacks -- 2.2 Privacy in Federated Learning -- 3 The AddShare Approach -- 3.1 Threat Models -- 3.2 AddShare Algorithm -- 3.3 Implemented AddShare Variants -- 4 Empirical Evaluation -- 5 Results and Discussion -- 6 Conclusion -- References -- Secure Multiparty Sampling of a Biased Coin for Differential Privacy -- 1 Introduction -- 1.1 Other Background and Related Works. 1.2 Contribution. |
| Record Nr. | UNISA-996587860003316 |
Katsikas Sokratis
|
||
| Cham : , : Springer, , 2024 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Risks and Security of Internet and Systems : 18th International Conference, CRiSIS 2023, Rabat, Morocco, December 6–8, 2023, Revised Selected Papers / / edited by Abderrahim Ait Wakrime, Guillermo Navarro-Arribas, Frédéric Cuppens, Nora Cuppens, Redouane Benaini
| Risks and Security of Internet and Systems : 18th International Conference, CRiSIS 2023, Rabat, Morocco, December 6–8, 2023, Revised Selected Papers / / edited by Abderrahim Ait Wakrime, Guillermo Navarro-Arribas, Frédéric Cuppens, Nora Cuppens, Redouane Benaini |
| Autore | Ait Wakrime Abderrahim |
| Edizione | [1st ed. 2024.] |
| Pubbl/distr/stampa | Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 |
| Descrizione fisica | 1 online resource (294 pages) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
Navarro-ArribasGuillermo
Cuppensédéric CuppensNora BenainiRedouane |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data protection
Data and Information Security |
| ISBN |
9783031612312
9783031612305 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents -- Keynote Talks -- A Review of the Progressive Odyssey of AI-Driven Intrusion Detection Within Embedded Systems -- 1 Introduction -- 2 Background -- 3 Review of Recent IDSs for ES -- 3.1 Host-Based IDS -- 3.2 Network-Based IDS -- 4 Current State of IDS in ES -- 5 Key Challenges and Trends in IDS for ES -- 6 Research Gaps and Opportunities -- 7 Conclusion -- References -- Securing Autonomous Vehicles: Fundamentals, Challenges, and Perspectives -- 1 Introduction -- 2 Fundamentals -- 3 Challenges -- 3.1 Modeling and Communication Challenges -- 3.2 Security and Safety Challenges -- 4 Perspectives -- 5 Conclusion -- References -- Towards a B-Method Framework for Smart Contract Verification: The Case of ACTUS Financial Contracts -- 1 Introduction -- 2 Smart Contracts Scalability and the Rationale Behind the FeverTokens Open-Source Package-Oriented Framework -- 3 Overview of the Actus Standard and Financial Contracts -- 4 A Preliminary B-Method Framework for Financial Smart Contracts Under the Actus Standard -- 5 Conclusion and Perspectives -- References -- Security and Transportation Systems -- FERROMOBILE and Security for Low Moment of Traffic Level Crossing -- 1 Introduction -- 2 Objectives of the ``Ferromobile'' Project -- 3 A Solution to Ensure Safe Crossing for ``Ferromobiles'' -- 3.1 Overview of the Global Architecture -- 3.2 Wireless Communication Abilities and Contributions -- 3.3 Cryptography -- 4 Conclusion and Perspectives -- References -- Improvement and Evaluation of Resilience of Adaptive Cruise Control Against Spoofing Attacks Using Intrusion Detection System -- 1 Introduction -- 2 Related Work -- 2.1 Cyber-Attacks on Adaptive Cruise Control -- 2.2 Cyber-Resilience of Adaptive Cruise Control -- 3 Extending Adaptive Cruise Control with ML-Based Intrusion Detection System.
3.1 Overview of the Adaptive Cruise Control -- 3.2 Architecture of the Extended Adaptive Cruise Control -- 4 Evaluation of the ACC-IDS Using CARLA Simulation -- 4.1 Simulation Setup -- 4.2 Result and Analysis of the Simulation Experiments -- 4.3 Impacts and Limitations of the Study -- 5 Conclusion -- References -- A New Efficient PUF-Based Mutual Authentication Scheme for Drones -- 1 Introduction -- 2 Related Work -- 3 Preliminaries -- 4 The Proposed Scheme -- 4.1 System Model -- 4.2 Description of the Proposed Scheme -- 5 Security Analysis -- 5.1 Privacy Model -- 5.2 Formal Security Analysis -- 5.3 Informal Security Analysis -- 6 Practical Results and Comparison -- 7 Conclusion -- References -- Formalizing for Proving the System Safety of the Software Component for a Small Sized Guided Transport System -- 1 Introduction -- 2 Autonomous Train Control -- 3 Railway Signalling Systems -- 3.1 Danger Related to Train Movements -- 3.2 The Protective Safety Distance in an ATP System -- 4 Hybrid System Modeling with Event-B -- 4.1 Event-B Modeling of Hybrid Train Dynamics -- 4.2 Potential Solutions -- 5 Managing Uncertainties of a Real Cyber Physical System -- 5.1 Traction/Brake Control -- 5.2 Previous Step Towards Implementation -- 6 Conclusion -- References -- Blockchain and Distributed Ledger Technologies -- Smart Contracts for a Secure and Privacy-Preserving Smart Grid -- 1 Introduction -- 1.1 Related Work -- 1.2 Contribution and Plan of This Paper -- 2 Architecture and System Overview -- 2.1 General Architecture -- 2.2 Overview of the Proposal -- 3 The Proposed System in Detail -- 3.1 Main Smart Contract -- 3.2 Group Smart Contracts -- 3.3 Initialization -- 3.4 Price Calculation -- 3.5 Energy Trading -- 3.6 Debt Liquidation -- 4 Dealing with Security and Privacy Threats -- 5 Conclusions and Future Work -- References. EHRVault: A Secure, Patient-Centric, Privacy-Preserving and Blockchain-Based Platform for EHR Management -- 1 Introduction -- 2 Related Work -- 3 Preliminaries -- 3.1 PHI Standards and Regulations -- 3.2 Security Requirements for Health Data Management -- 3.3 Blockchain Technology -- 3.4 IPFS -- 3.5 Anonymization Technique -- 3.6 Cryptographic Primitives -- 4 EHRVault Platform Description -- 4.1 Architecture -- 4.2 System Functionalities -- 5 Discussion -- 6 Conclusion -- References -- Distributed Transactive Energy Management in Microgrids Based on Blockchain -- 1 Introduction -- 2 Background -- 2.1 Integration of DERs in Microgrids -- 2.2 Blockchain Structure -- 3 Related Work -- 3.1 Blockchain in Energy Trading -- 3.2 Blockchain for Secure Data Exchange, Aggregation, and Privacy -- 3.3 Learned Lessons -- 4 A Distributed Energy Trading Management Framework -- 4.1 Energy System Structure -- 4.2 Blockchain Energy System Structure -- 5 Implementation and Experimental Results -- 5.1 Tool's Implementation -- 5.2 Case Study on a 55 Bus Distribution Network -- 5.3 Results -- 6 Conclusion -- References -- Blockchain-Based Exchange Place: Genericity vs Performance -- 1 Introduction -- 2 Blockchain Based Marketplaces -- 2.1 Blockchain Background -- 2.2 Current Status of Blockchain-Based Marketplace Solutions -- 3 ODEP -- 3.1 Ecosystem and Architecture -- 3.2 On-Chain/Off-Chain Approach -- 4 Implementation -- 4.1 Network Configuration -- 4.2 Smart Contracts Design -- 5 Performance Evaluation -- 5.1 Throughput -- 5.2 Gas Used -- 5.3 Block Size -- 6 Conclusions -- References -- Security Approaches and Infrastructure -- A Privacy-Preserving Infrastructure to Monitor Encrypted DNS Logs -- 1 Introduction and Motivation -- 2 DNS Use Case -- 2.1 Description -- 2.2 Security Properties -- 3 Searchable Encryption -- 4 Application of Searchable Encryption to DNS Logs. 4.1 Studied Schemes -- 4.2 Platform Implementation -- 5 Evaluation -- 5.1 Security -- 5.2 Benchmarking -- 5.3 Discussion About Token Collision -- 5.4 Summary -- 6 Related Work -- 7 Conclusion -- References -- VAE-GAN for Robust IoT Malware Detection and Classification in Intelligent Urban Environments: An Image Analysis Approach -- 1 Introduction -- 2 Related Work -- 3 Methods -- 3.1 Visualisation of Software Characteristics -- 3.2 Generative Attack Network -- 3.3 Generative Models: AE and Variations -- 3.4 Transfer Learning-Based Discriminator -- 4 Experiment and Discussion -- 4.1 Baselines -- 4.2 Reconstruction Results -- 4.3 Classification Results -- 4.4 Discussion: Practicality and Applicability -- 5 Conclusion -- References -- A Novel Software Defined Security Framework for SDN -- 1 Introduction -- 2 Related Work -- 3 Proposed SDS Framework -- 3.1 Architecture -- 3.2 Implementation -- 4 Results and Discussion -- 4.1 Firewall Application -- 4.2 DDoS Detection and Prevention Application -- 5 Conclusion -- References -- A Process-Centric Approach to Insider Threats Identification in Information Systems -- 1 Introduction -- 2 Separation of Concerns -- 2.1 Functional Modeling -- 2.2 Security Modeling -- 3 Dealing with Business Processes -- 3.1 Animation in B4MSecure -- 3.2 A CSPB Approach -- 3.3 Insider Threats Identification -- 4 Related Works -- 5 Conclusion -- References -- Machine Learning and Security -- Deep Learning-Based Outliers Detection in Compressed Trajectories -- 1 Introduction -- 2 Anomalies Detection and Trajectories Compression Algorithms -- 2.1 Anomalies Detection: GM-VSAE and ATD-RNN -- 2.2 Trajectories Compression Algorithms -- 3 Experimental Setup -- 4 Results -- 5 Conclusion -- References -- Experimental Toolkit for Manipulating Executable Packing -- 1 Introduction -- 2 Background -- 3 Toolkit -- 4 Experiments. 4.1 Detectors Performance -- 4.2 Model Training -- 5 Conclusion -- References -- A Collaborative Real-Time Object Detection and Data Association Framework for Autonomous Robots Using Federated Graph Neural Network -- 1 Introduction -- 2 CoRODDA Framework -- 3 Experimental Results -- 3.1 GNN Model Architecture -- 3.2 Enhancements via FL -- 3.3 Integration with YOLOv5 and Performance Insights -- 4 Conclusion -- References -- Author Index. |
| Record Nr. | UNINA-9910865252703321 |
|
Ait Wakrime Abderrahim
|
||
| Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2024 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Risks and Security of Internet and Systems [[electronic resource] ] : 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers / / edited by Slim Kallel, Mohamed Jmaiel, Mohammad Zulkernine, Ahmed Hadj Kacem, Frédéric Cuppens, Nora Cuppens
| Risks and Security of Internet and Systems [[electronic resource] ] : 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers / / edited by Slim Kallel, Mohamed Jmaiel, Mohammad Zulkernine, Ahmed Hadj Kacem, Frédéric Cuppens, Nora Cuppens |
| Autore | Kallel Slim |
| Edizione | [1st ed. 2023.] |
| Pubbl/distr/stampa | Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2023 |
| Descrizione fisica | 1 online resource (268 pages) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
JmaielMohamed
ZulkernineMohammad Hadj KacemAhmed Cuppensédéric CuppensNora |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data protection
Data and Information Security |
| Soggetto non controllato |
Computer Security
Computers |
| ISBN |
9783031311086
9783031311079 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents -- Context Correlation for Automated Dynamic Android App Analysis to Improve Impact Rating of Privacy and Security Flaws -- 1 Introduction -- 2 Related Work -- 2.1 Contribution -- 3 Dynamic Analysis Environment -- 4 Context Correlation and Issue Generation -- 4.1 Privacy Sensitive Data Sources -- 4.2 Data Sinks -- 4.3 Graph Generation -- 4.4 Example Graph -- 4.5 Graph Analysis: Issue Creation -- 4.6 Issue Correlation Pass -- 5 Evaluation -- 5.1 Overview and Statistics -- 5.2 Deep Manual Issue Inspection -- 5.3 Damn Vulnerable App -- 6 Conclusion and Future Work -- References -- Errors in the CICIDS2017 Dataset and the Significant Differences in Detection Performances It Makes -- 1 Introduction -- 2 Related Works -- 2.1 Datasets -- 2.2 Machine Learning Use on CICDS2017 -- 2.3 Previous Criticism on CICIDS2017 -- 3 Errors in the CICIDS2017 Dataset and the CICFlowMeter Tool, and Their Fixes -- 3.1 CICFlowMeter Issue with Misordered Packets -- 3.2 Incoherent Timestamps -- 3.3 Dealing with Data Duplication -- 3.4 Attack Omission: Labelling Issues and Correction -- 4 Assessment of the Consequences on Intrusion Detection Models Performances -- 4.1 Experimental Evaluation Protocol -- 4.2 Experiments Results -- 5 Conclusion -- References -- A Comparative Study of Attribute Selection Algorithms on Intrusion Detection System in UAVs: A Case Study of UKM-IDS20 Dataset -- 1 Introduction -- 2 Literature Review -- 3 Dataset and Methods -- 3.1 Dataset -- 3.2 Attribute Selection Algorithms -- 3.3 Creating MLP Model -- 4 Modeling -- 5 Performance Evaluation -- 5.1 Scenario 1: 15 Feature -- 5.2 Scenario 2: 20 Feature -- 6 Conclusion -- References -- PRIAH: Private Alerts in Healthcare -- 1 Introduction -- 2 Background -- 2.1 Smart Hospital Ecosystem -- 2.2 Privacy-preserving Strategies.
2.3 Alert Detection and Edge Computing Paradigm -- 2.4 Big Data and Streaming Processing -- 3 Related Work -- 3.1 Alert Identification and Dissemination -- 3.2 Privacy Preservation -- 3.3 Real-Time Processing of Alerts -- 4 PRIAH Approach -- 4.1 PRIAH Components at the Edge -- 4.2 PRIAH Components at the Server Side -- 4.3 System Administrator -- 4.4 End-Users -- 5 Implementation and Results -- 5.1 Implementation -- 5.2 Evaluation -- 6 Conclusion -- References -- Tool Paper - SEMA: Symbolic Execution Toolchain for Malware Analysis -- 1 Context -- 2 The SEMA Toolset in a Nutshell -- 3 The Architecture of SEMA -- 4 SEMA in Action -- 5 Conclusion -- References -- Blockchain Survey for Security and Privacy in the e-Health Ecosystem -- 1 Introduction -- 2 Research Strategy -- 3 State of the Art -- 4 Background -- 4.1 Blockchain Technology Overview -- 4.2 e-Health Applications -- 5 Security and Privacy Requirements for e-Health Applications -- 6 Blockchain Platforms and Their Security Solutions -- 6.1 Hyperledger Fabric -- 6.2 Hyperledger Besu -- 6.3 Quorum -- 6.4 Corda R3 -- 6.5 Cosmos -- 7 A Security Framework for Blockchain-Based e-Health Applications -- 7.1 When Blockchain Can be Used in e-Health Applications ? -- 7.2 Which Blockchain Solution to Use? -- 8 Conclusions and Future Work -- References -- Towards a Dynamic Testing Approach for Checking the Correctness of Ethereum Smart Contracts -- 1 Introduction -- 2 Background Materials -- 2.1 Blockchain -- 2.2 Smart Contracts -- 2.3 Common Vulnerabilities -- 2.4 Blockchain Testing Techniques -- 3 Related Work -- 4 Proposed Approach -- 4.1 Modelling the Smart Contract and Its Blockchain Environment -- 4.2 Test Case Generation -- 4.3 Test Case Execution -- 4.4 Test Result Analysis and Test Report Generation -- 5 Illustration -- 5.1 Case Study Description -- 5.2 Modelling the E-voting System. 5.3 Test Case Generation -- 5.4 Test Tool Implementation -- 6 Conclusion -- References -- Blockchain Olive Oil Supply Chain -- 1 Introduction -- 2 Related Work -- 3 Proposed Approach -- 4 Obtained Results -- 4.1 Implemented Blockchain on Raspberry Pi -- 4.2 Web Application -- 5 Conclusion -- References -- Impact of EIP-1559 on Transactions in the Ethereum Blockchain and Its Rollups -- 1 Introduction -- 2 Background -- 2.1 Layers 1 and 2 in Ethereum -- 2.2 Eip-1559 -- 3 Testing Approach -- 3.1 Smart Contract -- 3.2 Interaction with the Smart Contract -- 4 Experimentation -- 4.1 Testing Results -- 4.2 Discussion -- 5 Conclusion -- References -- Towards a Secure Cross-Blockchain Smart Contract Architecture -- 1 Introduction -- 2 Background and Related Work -- 3 Bifröst Extension Proposal -- 3.1 Smart Contracts Invocation -- 3.2 Fault Tolerance -- 3.3 Security -- 4 Discussion and Challenges -- 5 Conclusion and Future Work -- References -- Security Analysis: From Model to System Analysis -- 1 Introduction -- 2 Background -- 2.1 Previous MBSE Approach -- 2.2 Property Specification Patterns -- 2.3 OBP Model Checker -- 3 Motivating Example -- 3.1 System Presentation -- 3.2 General Approach -- 4 Detailed Approach -- 4.1 Environment Modeling -- 4.2 System State and Behavior -- 4.3 The OBP Model Checker -- 5 Security Property Modelling -- 5.1 Raising Abstraction Level of Formal Security Properties -- 5.2 From Attacker Interests to Formal Security Properties -- 6 Property Verification Results Analysis -- 6.1 Model Checking Embedded System Code -- 6.2 Security Property Verification -- 7 Related Works -- 8 Conclusion -- References -- Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications -- 1 Introduction -- 2 Background -- 2.1 Model-Driven Engineering -- 2.2 SysML -- 2.3 Event-B -- 2.4 ATO over ERTMS Case Study Excerpt. 3 Related Work -- 4 The Proposed Approach -- 4.1 High-level Architecture Graphical Modeling -- 4.2 Model Transformation and Event-B Generation -- 4.3 Formal Verification -- 5 Conclusion -- References -- How IT Infrastructures Break: Better Modeling for Better Risk Management -- 1 Introduction -- 2 Related Work -- 2.1 Risk Analysis -- 2.2 Infrastructure Modeling -- 3 Guided Risk Management for IT Infrastructures -- 3.1 Side-Effect Analysis -- 3.2 Part Analysis -- 3.3 Assembly Analysis -- 4 Case Study: A Cloud Infrastructure -- 4.1 Requirements -- 4.2 Infrastructure Model -- 4.3 Constraints -- 4.4 Risk -- 4.5 Lessons Learned -- 5 Conclusion and Future Work -- References -- IoT Security Within Small and Medium-Sized Manufacturing Companies -- 1 Introduction -- 2 Research Methodology -- 3 Data and Findings -- 3.1 Screening -- 3.2 Experience -- 3.3 Awareness -- 3.4 Activities -- 3.5 Knowledge -- 4 Conclusion and Further Research -- References -- An Incentive Mechanism for Managing Obligation Delegation -- 1 Introduction -- 2 Background -- 2.1 The Beta Distribution -- 2.2 Defining Obligations -- 3 An Incentive Scheme for One Hop Delegation -- 3.1 Obligation Trust -- 3.2 Delegating Obligations -- 4 Incentivising Schemes -- 4.1 Updating Obligation Trust -- 4.2 Earning Reward Credits -- 4.3 Eligibility of Delegatees -- 5 Cascaded Delegation of Obligations -- 6 Evaluation -- 6.1 Experimental Setup -- 6.2 Results -- 7 Related Work -- 8 Concluding Remarks -- References -- Virtual Private Network Blockchain-based Dynamic Access Control Solution for Inter-organisational Large Scale IoT Networks -- 1 Introduction -- 2 Background -- 2.1 Blockchain -- 2.2 Virtual Private Networks (VPN) -- 3 Related Work -- 3.1 Basic Access Control Model in IoTs -- 3.2 Inter-organisational Access Control Solution Overview -- 4 VPNBDAC for Large Scale IoT Network -- 4.1 Actors. 4.2 Smart Contract and Transactions -- 5 Implementation of the Prototype -- 6 Performance Evaluation -- 7 Conclusions -- References -- Pseudonym Swapping with Secure Accumulators and Double Diffie-Hellman Rounds in Cooperative Intelligent Transport Systems -- 1 Introduction -- 1.1 Pseudonyms in Cooperative Intelligent Transport Systems -- 1.2 Problem Statement -- 1.3 Contribution -- 2 Related Work -- 3 Preliminaries -- 4 System Model and Architecture -- 4.1 C-ITS Trust Model and Architecture -- 4.2 Threat Model -- 4.3 Pseudonym Swapping System Model -- 5 Pseudonym Swapping with Accumulator-Based Storage -- 5.1 Proposed Alignment to ETSI Standard -- 5.2 Proposed Security Architecture -- 5.3 Protocol Definition and Algorithms -- 6 Security Analysis -- 7 Proof of Concept Implementation -- 8 Conclusion -- References -- Benchmark Performance of the Multivariate Polynomial Public Key Encapsulation Mechanism -- 1 Introduction -- 2 Related Work -- 3 Summary of MPPK KEM -- 3.1 Key Generation -- 3.2 Encryption -- 3.3 Decryption -- 4 Benchmarking MPPK -- 4.1 NIST Level I -- 4.2 NIST Level III -- 4.3 NIST Level V -- 5 Conclusion -- References -- Author Index. |
| Record Nr. | UNISA-996534467103316 |
|
Kallel Slim
|
||
| Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2023 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Risks and Security of Internet and Systems : 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers / / edited by Slim Kallel, Mohamed Jmaiel, Mohammad Zulkernine, Ahmed Hadj Kacem, Frédéric Cuppens, Nora Cuppens
| Risks and Security of Internet and Systems : 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers / / edited by Slim Kallel, Mohamed Jmaiel, Mohammad Zulkernine, Ahmed Hadj Kacem, Frédéric Cuppens, Nora Cuppens |
| Autore | Kallel Slim |
| Edizione | [1st ed. 2023.] |
| Pubbl/distr/stampa | Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2023 |
| Descrizione fisica | 1 online resource (268 pages) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
JmaielMohamed
ZulkernineMohammad Hadj KacemAhmed Cuppensédéric CuppensNora |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data protection
Data and Information Security |
| ISBN |
9783031311086
9783031311079 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Contents -- Context Correlation for Automated Dynamic Android App Analysis to Improve Impact Rating of Privacy and Security Flaws -- 1 Introduction -- 2 Related Work -- 2.1 Contribution -- 3 Dynamic Analysis Environment -- 4 Context Correlation and Issue Generation -- 4.1 Privacy Sensitive Data Sources -- 4.2 Data Sinks -- 4.3 Graph Generation -- 4.4 Example Graph -- 4.5 Graph Analysis: Issue Creation -- 4.6 Issue Correlation Pass -- 5 Evaluation -- 5.1 Overview and Statistics -- 5.2 Deep Manual Issue Inspection -- 5.3 Damn Vulnerable App -- 6 Conclusion and Future Work -- References -- Errors in the CICIDS2017 Dataset and the Significant Differences in Detection Performances It Makes -- 1 Introduction -- 2 Related Works -- 2.1 Datasets -- 2.2 Machine Learning Use on CICDS2017 -- 2.3 Previous Criticism on CICIDS2017 -- 3 Errors in the CICIDS2017 Dataset and the CICFlowMeter Tool, and Their Fixes -- 3.1 CICFlowMeter Issue with Misordered Packets -- 3.2 Incoherent Timestamps -- 3.3 Dealing with Data Duplication -- 3.4 Attack Omission: Labelling Issues and Correction -- 4 Assessment of the Consequences on Intrusion Detection Models Performances -- 4.1 Experimental Evaluation Protocol -- 4.2 Experiments Results -- 5 Conclusion -- References -- A Comparative Study of Attribute Selection Algorithms on Intrusion Detection System in UAVs: A Case Study of UKM-IDS20 Dataset -- 1 Introduction -- 2 Literature Review -- 3 Dataset and Methods -- 3.1 Dataset -- 3.2 Attribute Selection Algorithms -- 3.3 Creating MLP Model -- 4 Modeling -- 5 Performance Evaluation -- 5.1 Scenario 1: 15 Feature -- 5.2 Scenario 2: 20 Feature -- 6 Conclusion -- References -- PRIAH: Private Alerts in Healthcare -- 1 Introduction -- 2 Background -- 2.1 Smart Hospital Ecosystem -- 2.2 Privacy-preserving Strategies.
2.3 Alert Detection and Edge Computing Paradigm -- 2.4 Big Data and Streaming Processing -- 3 Related Work -- 3.1 Alert Identification and Dissemination -- 3.2 Privacy Preservation -- 3.3 Real-Time Processing of Alerts -- 4 PRIAH Approach -- 4.1 PRIAH Components at the Edge -- 4.2 PRIAH Components at the Server Side -- 4.3 System Administrator -- 4.4 End-Users -- 5 Implementation and Results -- 5.1 Implementation -- 5.2 Evaluation -- 6 Conclusion -- References -- Tool Paper - SEMA: Symbolic Execution Toolchain for Malware Analysis -- 1 Context -- 2 The SEMA Toolset in a Nutshell -- 3 The Architecture of SEMA -- 4 SEMA in Action -- 5 Conclusion -- References -- Blockchain Survey for Security and Privacy in the e-Health Ecosystem -- 1 Introduction -- 2 Research Strategy -- 3 State of the Art -- 4 Background -- 4.1 Blockchain Technology Overview -- 4.2 e-Health Applications -- 5 Security and Privacy Requirements for e-Health Applications -- 6 Blockchain Platforms and Their Security Solutions -- 6.1 Hyperledger Fabric -- 6.2 Hyperledger Besu -- 6.3 Quorum -- 6.4 Corda R3 -- 6.5 Cosmos -- 7 A Security Framework for Blockchain-Based e-Health Applications -- 7.1 When Blockchain Can be Used in e-Health Applications ? -- 7.2 Which Blockchain Solution to Use? -- 8 Conclusions and Future Work -- References -- Towards a Dynamic Testing Approach for Checking the Correctness of Ethereum Smart Contracts -- 1 Introduction -- 2 Background Materials -- 2.1 Blockchain -- 2.2 Smart Contracts -- 2.3 Common Vulnerabilities -- 2.4 Blockchain Testing Techniques -- 3 Related Work -- 4 Proposed Approach -- 4.1 Modelling the Smart Contract and Its Blockchain Environment -- 4.2 Test Case Generation -- 4.3 Test Case Execution -- 4.4 Test Result Analysis and Test Report Generation -- 5 Illustration -- 5.1 Case Study Description -- 5.2 Modelling the E-voting System. 5.3 Test Case Generation -- 5.4 Test Tool Implementation -- 6 Conclusion -- References -- Blockchain Olive Oil Supply Chain -- 1 Introduction -- 2 Related Work -- 3 Proposed Approach -- 4 Obtained Results -- 4.1 Implemented Blockchain on Raspberry Pi -- 4.2 Web Application -- 5 Conclusion -- References -- Impact of EIP-1559 on Transactions in the Ethereum Blockchain and Its Rollups -- 1 Introduction -- 2 Background -- 2.1 Layers 1 and 2 in Ethereum -- 2.2 Eip-1559 -- 3 Testing Approach -- 3.1 Smart Contract -- 3.2 Interaction with the Smart Contract -- 4 Experimentation -- 4.1 Testing Results -- 4.2 Discussion -- 5 Conclusion -- References -- Towards a Secure Cross-Blockchain Smart Contract Architecture -- 1 Introduction -- 2 Background and Related Work -- 3 Bifröst Extension Proposal -- 3.1 Smart Contracts Invocation -- 3.2 Fault Tolerance -- 3.3 Security -- 4 Discussion and Challenges -- 5 Conclusion and Future Work -- References -- Security Analysis: From Model to System Analysis -- 1 Introduction -- 2 Background -- 2.1 Previous MBSE Approach -- 2.2 Property Specification Patterns -- 2.3 OBP Model Checker -- 3 Motivating Example -- 3.1 System Presentation -- 3.2 General Approach -- 4 Detailed Approach -- 4.1 Environment Modeling -- 4.2 System State and Behavior -- 4.3 The OBP Model Checker -- 5 Security Property Modelling -- 5.1 Raising Abstraction Level of Formal Security Properties -- 5.2 From Attacker Interests to Formal Security Properties -- 6 Property Verification Results Analysis -- 6.1 Model Checking Embedded System Code -- 6.2 Security Property Verification -- 7 Related Works -- 8 Conclusion -- References -- Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications -- 1 Introduction -- 2 Background -- 2.1 Model-Driven Engineering -- 2.2 SysML -- 2.3 Event-B -- 2.4 ATO over ERTMS Case Study Excerpt. 3 Related Work -- 4 The Proposed Approach -- 4.1 High-level Architecture Graphical Modeling -- 4.2 Model Transformation and Event-B Generation -- 4.3 Formal Verification -- 5 Conclusion -- References -- How IT Infrastructures Break: Better Modeling for Better Risk Management -- 1 Introduction -- 2 Related Work -- 2.1 Risk Analysis -- 2.2 Infrastructure Modeling -- 3 Guided Risk Management for IT Infrastructures -- 3.1 Side-Effect Analysis -- 3.2 Part Analysis -- 3.3 Assembly Analysis -- 4 Case Study: A Cloud Infrastructure -- 4.1 Requirements -- 4.2 Infrastructure Model -- 4.3 Constraints -- 4.4 Risk -- 4.5 Lessons Learned -- 5 Conclusion and Future Work -- References -- IoT Security Within Small and Medium-Sized Manufacturing Companies -- 1 Introduction -- 2 Research Methodology -- 3 Data and Findings -- 3.1 Screening -- 3.2 Experience -- 3.3 Awareness -- 3.4 Activities -- 3.5 Knowledge -- 4 Conclusion and Further Research -- References -- An Incentive Mechanism for Managing Obligation Delegation -- 1 Introduction -- 2 Background -- 2.1 The Beta Distribution -- 2.2 Defining Obligations -- 3 An Incentive Scheme for One Hop Delegation -- 3.1 Obligation Trust -- 3.2 Delegating Obligations -- 4 Incentivising Schemes -- 4.1 Updating Obligation Trust -- 4.2 Earning Reward Credits -- 4.3 Eligibility of Delegatees -- 5 Cascaded Delegation of Obligations -- 6 Evaluation -- 6.1 Experimental Setup -- 6.2 Results -- 7 Related Work -- 8 Concluding Remarks -- References -- Virtual Private Network Blockchain-based Dynamic Access Control Solution for Inter-organisational Large Scale IoT Networks -- 1 Introduction -- 2 Background -- 2.1 Blockchain -- 2.2 Virtual Private Networks (VPN) -- 3 Related Work -- 3.1 Basic Access Control Model in IoTs -- 3.2 Inter-organisational Access Control Solution Overview -- 4 VPNBDAC for Large Scale IoT Network -- 4.1 Actors. 4.2 Smart Contract and Transactions -- 5 Implementation of the Prototype -- 6 Performance Evaluation -- 7 Conclusions -- References -- Pseudonym Swapping with Secure Accumulators and Double Diffie-Hellman Rounds in Cooperative Intelligent Transport Systems -- 1 Introduction -- 1.1 Pseudonyms in Cooperative Intelligent Transport Systems -- 1.2 Problem Statement -- 1.3 Contribution -- 2 Related Work -- 3 Preliminaries -- 4 System Model and Architecture -- 4.1 C-ITS Trust Model and Architecture -- 4.2 Threat Model -- 4.3 Pseudonym Swapping System Model -- 5 Pseudonym Swapping with Accumulator-Based Storage -- 5.1 Proposed Alignment to ETSI Standard -- 5.2 Proposed Security Architecture -- 5.3 Protocol Definition and Algorithms -- 6 Security Analysis -- 7 Proof of Concept Implementation -- 8 Conclusion -- References -- Benchmark Performance of the Multivariate Polynomial Public Key Encapsulation Mechanism -- 1 Introduction -- 2 Related Work -- 3 Summary of MPPK KEM -- 3.1 Key Generation -- 3.2 Encryption -- 3.3 Decryption -- 4 Benchmarking MPPK -- 4.1 NIST Level I -- 4.2 NIST Level III -- 4.3 NIST Level V -- 5 Conclusion -- References -- Author Index. |
| Record Nr. | UNINA-9910725087503321 |
|
Kallel Slim
|
||
| Cham : , : Springer Nature Switzerland : , : Imprint : Springer, , 2023 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||