Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Computer Security - ESORICS 2000 [[electronic resource] ] : 6th European Symposium on Research in Computer Security Toulouse, France, October 4-6, 2000 Proceedings / / edited by Frederic Cuppens, Yves Deswarte, Dieter Gollmann, Michael Waidner
| Computer Security - ESORICS 2000 [[electronic resource] ] : 6th European Symposium on Research in Computer Security Toulouse, France, October 4-6, 2000 Proceedings / / edited by Frederic Cuppens, Yves Deswarte, Dieter Gollmann, Michael Waidner |
| Edizione | [1st ed. 2000.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2000 |
| Descrizione fisica | 1 online resource (X, 330 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computer communication systems
Operating systems (Computers) Data encryption (Computer science) Computer logic Management information systems Computer science Computer Communication Networks Operating Systems Cryptology Logics and Meanings of Programs Management of Computing and Information Systems |
| ISBN | 3-540-45299-0 |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Personal Devices and Smart Cards -- Checking Secure Interactions of Smart Card Applets -- Verification of a Formal Security Model for Multiapplicative Smart Cards -- How Much Negotiation and Detail Can Users Handle? Experiences with Security Negotiation and the Granularity of Access Control in Communications -- Electronic Commerce Protocols -- Secure Anonymous Signature-Based Transactions -- Metering Schemes for General Access Structures -- Access Control -- A Typed Access Control Model for CORBA -- Safety Analysis of the Dynamic-Typed Access Matrix Model -- A Formal Model for Role-Based Access Control Using Graph Transformation -- Protocol Verification -- A Formal Semantics for SPKI -- Formal Verification of Cardholder Registration in SET -- Automating Data Independence -- Internet Security -- Finding a Connection Chain for Tracing Intruders -- A Full Bandwidth ATM Firewall -- Security Property Analysis -- Analysing Time Dependent Security Properties in CSP Using PVS -- Unwinding Possibilistic Security Properties -- Authentication and Confidentiality via IPsec -- Mobile Agents -- A Security Framework for a Mobile Agent System -- A Distributed Access Control Model for Java -- Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code. |
| Record Nr. | UNISA-996466152903316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2000 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Computer Security - ESORICS 2000 : 6th European Symposium on Research in Computer Security Toulouse, France, October 4-6, 2000 Proceedings / / edited by Frederic Cuppens, Yves Deswarte, Dieter Gollmann, Michael Waidner
| Computer Security - ESORICS 2000 : 6th European Symposium on Research in Computer Security Toulouse, France, October 4-6, 2000 Proceedings / / edited by Frederic Cuppens, Yves Deswarte, Dieter Gollmann, Michael Waidner |
| Edizione | [1st ed. 2000.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2000 |
| Descrizione fisica | 1 online resource (X, 330 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computer communication systems
Operating systems (Computers) Data encryption (Computer science) Computer logic Management information systems Computer science Computer Communication Networks Operating Systems Cryptology Logics and Meanings of Programs Management of Computing and Information Systems |
| ISBN | 3-540-45299-0 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Personal Devices and Smart Cards -- Checking Secure Interactions of Smart Card Applets -- Verification of a Formal Security Model for Multiapplicative Smart Cards -- How Much Negotiation and Detail Can Users Handle? Experiences with Security Negotiation and the Granularity of Access Control in Communications -- Electronic Commerce Protocols -- Secure Anonymous Signature-Based Transactions -- Metering Schemes for General Access Structures -- Access Control -- A Typed Access Control Model for CORBA -- Safety Analysis of the Dynamic-Typed Access Matrix Model -- A Formal Model for Role-Based Access Control Using Graph Transformation -- Protocol Verification -- A Formal Semantics for SPKI -- Formal Verification of Cardholder Registration in SET -- Automating Data Independence -- Internet Security -- Finding a Connection Chain for Tracing Intruders -- A Full Bandwidth ATM Firewall -- Security Property Analysis -- Analysing Time Dependent Security Properties in CSP Using PVS -- Unwinding Possibilistic Security Properties -- Authentication and Confidentiality via IPsec -- Mobile Agents -- A Security Framework for a Mobile Agent System -- A Distributed Access Control Model for Java -- Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code. |
| Record Nr. | UNINA-9910144145503321 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2000 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Computer security - ESORICS 2021 : 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I / / edited by Elisa Bertino, Haya Shulman, and Michael Waidner
| Computer security - ESORICS 2021 : 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I / / edited by Elisa Bertino, Haya Shulman, and Michael Waidner |
| Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2021] |
| Descrizione fisica | 1 online resource (798 pages) |
| Disciplina | 005.82 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computer security
Data encryption (Computer science) |
| ISBN | 3-030-88418-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Keynotes -- Algorithms and the Law -- The Politics and Technology of (Hardware) Trojans -- Increasing Trust in ML Through Governance -- The Science of Computer Science: An Offensive Research Perspective -- Contents - Part I -- Contents - Part II -- Network Security -- More Efficient Post-quantum KEMTLS with Pre-distributed Public Keys -- 1 Introduction -- 1.1 Pre-distributed Keys -- 2 Preliminaries -- 3 KEMTLS with Pre-distributed Long-Term Keys -- 3.1 Proactive Client Authentication -- 4 Security Analysis -- 5 Instantiation and Evaluation -- 5.1 Choice of Primitives -- 5.2 Implementation -- 5.3 Handshake Sizes -- 5.4 Handshake Times -- 6 Discussion -- A KEMTLS -- References -- How to (Legally) Keep Secrets from Mobile Operators -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Work -- 2 Preliminaries -- 3 LIKE Protocols -- 4 Security Model -- 5 Our Protocol -- 6 Security -- 7 Proof-of-Concept Implementation -- 8 Conclusion -- A Model Complements -- B Proof Sketches -- References -- A Formal Security Analysis of Session Resumption Across Hostnames -- 1 Introduction -- 2 Preliminaries -- 2.1 Building Blocks -- 2.2 Multi-Stage Key Exchange -- 3 Breaking the Security of Session Resumption Across Hostnames in TLS 1.3 -- 3.1 Modeling TLS 1.3 Session Resumption as an MSKE Protocol -- 3.2 The Attack -- 4 Secure SRAH Protocols -- 4.1 Constructing Secure SRAH Protocols -- References -- Attacks -- Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data -- 1 Introduction -- 2 Motivation -- 3 Characteristics of the Vulnerability -- 3.1 Topologies -- 3.2 Traversals -- 3.3 Triggers -- 4 Modelling the Analysis -- 4.1 Preliminaries -- 4.2 Analysis Specification -- 5 Experimental Setup and Evaluation -- 5.1 Approach -- 5.2 Implementation -- 5.3 Libraries for Analysis -- 5.4 Triggers or Entry Points.
5.5 Evaluation -- 6 Results and Discussion -- 6.1 PDF Vulnerabilities -- 6.2 Scalable Vector Graphics (SVG) Vulnerability -- 6.3 YAML Vulnerability -- 6.4 Newly Discovered Security Vulnerabilities -- 6.5 Threats to Validity -- 7 Related Work -- 7.1 Detecting Algorithmic Complexity Vulnerabilities -- 7.2 Traversals/Performance Bugs -- 8 Conclusion -- References -- PoW-How: An Enduring Timing Side-Channel to Evade Online Malware Sandboxes -- 1 Introduction -- 2 Background -- 2.1 Malware and Malware Analysis -- 2.2 PoW for Malware Analysis Evasion -- 2.3 Side-Channel Measurement -- 3 Our Approach: PoW-How -- 3.1 Threat Model -- 3.2 System Design -- 3.3 Performance Profiling -- 3.4 Threshold Estimation -- 3.5 Malware Integration and Testing -- 4 Evaluation -- 4.1 Threshold Estimation and PoW Algorithm Choice -- 4.2 Case Study: Known Malware -- 4.3 Case Study: Fresh Malware Sample -- 5 Security Analysis -- 6 Countermeasures -- 7 Discussion -- 7.1 Ethical Considerations -- 7.2 Bare-Metal Environments -- 7.3 Economical Denial of Sustainability -- 8 Related Work -- 9 Conclusion -- References -- Characterizing GPU Overclocking Faults -- 1 Introduction -- 1.1 Background -- 1.2 Related Work -- 1.3 Contributions -- 2 Preliminaries -- 2.1 CUDA -- 2.2 General GPU Setup -- 2.3 Overclocking -- 2.4 Attack Model -- 3 GPU Faults and Temperature Dependency -- 3.1 Setup -- 3.2 Initial Tests -- 3.3 Basics of Faults -- 3.4 The Relationship Between Faults and Temperature -- 4 Faults Boundaries and Values -- 4.1 The Boundaries of Faults -- 4.2 Byte-Flips and Bit-Flips -- 5 Memory Remnants and Transaction Size -- 5.1 The Basic Memory Transaction Size -- 5.2 A Model of the Memory Remnants Hypothesis: -- 5.3 Experimental Results -- 5.4 A Unified Fault Model -- 6 Countermeasures and Conclusions -- 6.1 Countermeasures -- 6.2 Conclusions -- A Appendix -- A.1 CUDA basics. A.2 Future Work -- References -- Fuzzing -- ARIstoteles - Dissecting Apple's Baseband Interface -- 1 Introduction -- 2 Background and Related Work -- 2.1 Baseband Security Architecture -- 2.2 Baseband Interface Analysis Options on iOS -- 2.3 IOS Shared Libraries -- 3 Apple Remote Invocation Protocol -- 4 Fully-Automated Protocol Dissection -- 5 Automated Reverse-Engineering -- 5.1 Group and TLV Definitions -- 5.2 Type Definitions -- 5.3 Integrating Existing Dissectors -- 5.4 iOS Version Change Tracking -- 6 Fuzzing -- 6.1 Initial Fuzzing Considerations -- 6.2 Building and Optimizing Fuzzers -- 6.3 Crash Evaluation -- 7 Conclusion -- References -- webFuzz: Grey-Box Fuzzing for Web Applications -- 1 Introduction -- 1.1 Contributions -- 2 webFuzz -- 2.1 Instrumentation -- 2.2 Fuzzing Analysis -- 3 Bug Injection -- 3.1 Analysis and Injection -- 3.2 Bug Template -- 4 Evaluation -- 4.1 Code Coverage -- 4.2 Throughput -- 4.3 Vulnerability Detection -- 5 Limitations -- 6 Future Work -- 7 Related Work -- 8 Conclusion -- References -- My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers -- 1 Introduction -- 2 Background -- 3 Statistical Evaluations -- 4 Problem Description and Related Work -- 5 Our Methodology -- 5.1 Comparing Fuzzers -- 5.2 Test Set Selection -- 5.3 Seed Sets -- 5.4 Statistical Evaluation -- 5.5 Fuzzing Evaluation Setup -- 5.6 Test Runs -- 6 Experiments -- 6.1 Fuzzers -- 6.2 Seed Set -- 6.3 Run-Time -- 6.4 Number of Trials -- 6.5 Number of Bugs/Targets -- 6.6 Further Insights -- 7 Discussion -- 8 Conclusion -- References -- Malware -- Rope: Covert Multi-process Malware Execution with Return-Oriented Programming -- 1 Introduction -- 2 Background -- 2.1 Defenses for Systems and Applications -- 2.2 Distributed Malware -- 3 Challenges for Covert Distributed Malware -- 4 Rope -- 4.1 Architecture. 4.2 Loader Component -- 4.3 Chunk Crafting and ROP-TxF Layout -- 4.4 Bootstrap Component -- 4.5 Discussion -- 5 Implementation -- 6 Evaluation -- 7 Countermeasures and Wrap-Up -- References -- Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains -- 1 Introduction -- 2 Shortcomings of State-of-the-Art Approaches -- 3 Design -- 3.1 Gadgets -- 3.2 Logical Encoding -- 3.3 Preconditions and Postconditions -- 3.4 Formula Generation -- 3.5 Algorithm Configuration -- 4 Implementation -- 5 Evaluation -- 5.1 Setup -- 5.2 Finding a Chain -- 5.3 Real-World Applicability -- 5.4 Target-Specific Constraints -- 5.5 Chain Statistics -- 5.6 SGC's Configuration -- 6 Discussion -- 7 Related Work -- 8 Conclusion -- A Modeling -- B dnsmasq CVE-2017-14493 -- References -- Peeler: Profiling Kernel-Level Events to Detect Ransomware -- 1 Introduction -- 2 Related Work -- 3 Key Characteristics to Detect Ransomware -- 3.1 Application Contextual Behavior -- 3.2 Application Behavioral Characteristics -- 4 System Design -- 4.1 Overview -- 4.2 System Events Monitor -- 4.3 Malicious Commands Detector -- 4.4 Machine Learning-Based Classifier -- 5 Dataset Collection -- 5.1 Ransomware -- 5.2 Benign Applications -- 6 Evaluation -- 6.1 Detection Accuracy -- 6.2 Effectiveness in Detecting Abused Tools/utilities -- 6.3 Robustness Against Unseen Families -- 7 Conclusion -- A Dataset -- A.1 Ransomware families -- A.2 Benign applications -- References -- User Behaviour and Underground Economy -- Mingling of Clear and Muddy Water: Understanding and Detecting Semantic Confusion in Blackhat SEO -- 1 Introduction -- 2 Background -- 2.1 Search Engine Optimization (SEO) -- 2.2 Blackhat SEO -- 2.3 Semantic-Based Techniques -- 3 Semantic Confusion Detection -- 3.1 System Overview -- 3.2 Datasets -- 3.3 Data Processor -- 3.4 Semantic Analyzer -- 3.5 SEO Collector. 4 Implementation and Evaluation -- 4.1 Implementation -- 4.2 Evaluation -- 5 Measurement -- 5.1 Overview -- 5.2 SEO Domains -- 5.3 SEO Campaigns -- 5.4 Real-World Deployment -- 6 Practical Issues -- 7 Discussion -- 8 Related Work -- 9 Conclusion -- References -- An Explainable Online Password Strength Estimator -- 1 Introduction -- 1.1 Background -- 1.2 Contributions -- 2 Rank Estimation and Key Enumeration in Cryptographic Side-Channel Attacks -- 3 Multi-dimensional Models for Passwords -- 3.1 Overview -- 3.2 The Data Corpus -- 3.3 Selecting Dimensions -- 3.4 The Learning Phase -- 3.5 The Estimation Phase -- 3.6 Estimating the Ranks of Unleaked Password Parts -- 3.7 Performance -- 4 Usability of PESrank -- 4.1 A Proof of Concept Study -- 4.2 Explainability -- 5 Comparison with Existing Methods -- 5.1 Comparison to Cracker-Based and Neural Methods -- 5.2 Storage Requirements -- 6 Related Work -- 7 Conclusions -- A Additional Related Work -- A.1 Heuristic pure-estimator approaches -- A.2 Tweakable extensions and variations -- References -- Detecting Video-Game Injectors Exchanged in Game Cheating Communities -- 1 Introduction -- 2 Methodology -- 2.1 Data Collection -- 2.2 Post Analysis -- 2.3 Attachment Analysis -- 2.4 Injector Classifier -- 3 Results -- 3.1 Dataset Characterization -- 3.2 Injectors Classifier -- 3.3 Forum Analysis -- 4 Related Work -- 5 Discussion and Conclusions -- A Analysis Features -- References -- Blockchain -- Revocable Policy-Based Chameleon Hash -- 1 Introduction -- 2 Overview -- 3 Preliminaries -- 3.1 Bilinear Map -- 3.2 Hard Assumption -- 3.3 Access Structure -- 3.4 Revocable Attribute-Based Encryption -- 3.5 Tree-Based Structure for User Revocation -- 4 Revocable Policy-Based Chameleon Hash -- 4.1 System Model -- 4.2 Formal Definition -- 4.3 Security Model -- 5 Revocable Policy-Based Chameleon Hash -- 5.1 Proposed RABE. 5.2 Proposed RPCH. |
| Record Nr. | UNISA-996464497003316 |
| Cham, Switzerland : , : Springer, , [2021] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Computer security - ESORICS 2021 : 26th European symposium on research in computer security, Darmstadt, Germany, October 4-8, 2021 : proceedings, Part 2 / / edited by Elisa Bertino, Haya Shulman, Michael Waidner
| Computer security - ESORICS 2021 : 26th European symposium on research in computer security, Darmstadt, Germany, October 4-8, 2021 : proceedings, Part 2 / / edited by Elisa Bertino, Haya Shulman, Michael Waidner |
| Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2021] |
| Descrizione fisica | 1 online resource (799 pages) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computer security
Data encryption (Computer science) Computer organization |
| ISBN | 3-030-88428-7 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Record Nr. | UNISA-996464489703316 |
| Cham, Switzerland : , : Springer, , [2021] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Computer security - ESORICS 2021 : 26th European symposium on research in computer security, Darmstadt, Germany, October 4-8, 2021 : proceedings, Part 2 / / edited by Elisa Bertino, Haya Shulman, Michael Waidner
| Computer security - ESORICS 2021 : 26th European symposium on research in computer security, Darmstadt, Germany, October 4-8, 2021 : proceedings, Part 2 / / edited by Elisa Bertino, Haya Shulman, Michael Waidner |
| Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2021] |
| Descrizione fisica | 1 online resource (799 pages) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computer security
Data encryption (Computer science) Computer organization |
| ISBN | 3-030-88428-7 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Record Nr. | UNINA-9910502617003321 |
| Cham, Switzerland : , : Springer, , [2021] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Computer security - ESORICS 2021 : 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I / / edited by Elisa Bertino, Haya Shulman, and Michael Waidner
| Computer security - ESORICS 2021 : 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I / / edited by Elisa Bertino, Haya Shulman, and Michael Waidner |
| Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2021] |
| Descrizione fisica | 1 online resource (798 pages) |
| Disciplina | 005.82 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Computer security
Data encryption (Computer science) |
| ISBN | 3-030-88418-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Intro -- Preface -- Organization -- Keynotes -- Algorithms and the Law -- The Politics and Technology of (Hardware) Trojans -- Increasing Trust in ML Through Governance -- The Science of Computer Science: An Offensive Research Perspective -- Contents - Part I -- Contents - Part II -- Network Security -- More Efficient Post-quantum KEMTLS with Pre-distributed Public Keys -- 1 Introduction -- 1.1 Pre-distributed Keys -- 2 Preliminaries -- 3 KEMTLS with Pre-distributed Long-Term Keys -- 3.1 Proactive Client Authentication -- 4 Security Analysis -- 5 Instantiation and Evaluation -- 5.1 Choice of Primitives -- 5.2 Implementation -- 5.3 Handshake Sizes -- 5.4 Handshake Times -- 6 Discussion -- A KEMTLS -- References -- How to (Legally) Keep Secrets from Mobile Operators -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Related Work -- 2 Preliminaries -- 3 LIKE Protocols -- 4 Security Model -- 5 Our Protocol -- 6 Security -- 7 Proof-of-Concept Implementation -- 8 Conclusion -- A Model Complements -- B Proof Sketches -- References -- A Formal Security Analysis of Session Resumption Across Hostnames -- 1 Introduction -- 2 Preliminaries -- 2.1 Building Blocks -- 2.2 Multi-Stage Key Exchange -- 3 Breaking the Security of Session Resumption Across Hostnames in TLS 1.3 -- 3.1 Modeling TLS 1.3 Session Resumption as an MSKE Protocol -- 3.2 The Attack -- 4 Secure SRAH Protocols -- 4.1 Constructing Secure SRAH Protocols -- References -- Attacks -- Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data -- 1 Introduction -- 2 Motivation -- 3 Characteristics of the Vulnerability -- 3.1 Topologies -- 3.2 Traversals -- 3.3 Triggers -- 4 Modelling the Analysis -- 4.1 Preliminaries -- 4.2 Analysis Specification -- 5 Experimental Setup and Evaluation -- 5.1 Approach -- 5.2 Implementation -- 5.3 Libraries for Analysis -- 5.4 Triggers or Entry Points.
5.5 Evaluation -- 6 Results and Discussion -- 6.1 PDF Vulnerabilities -- 6.2 Scalable Vector Graphics (SVG) Vulnerability -- 6.3 YAML Vulnerability -- 6.4 Newly Discovered Security Vulnerabilities -- 6.5 Threats to Validity -- 7 Related Work -- 7.1 Detecting Algorithmic Complexity Vulnerabilities -- 7.2 Traversals/Performance Bugs -- 8 Conclusion -- References -- PoW-How: An Enduring Timing Side-Channel to Evade Online Malware Sandboxes -- 1 Introduction -- 2 Background -- 2.1 Malware and Malware Analysis -- 2.2 PoW for Malware Analysis Evasion -- 2.3 Side-Channel Measurement -- 3 Our Approach: PoW-How -- 3.1 Threat Model -- 3.2 System Design -- 3.3 Performance Profiling -- 3.4 Threshold Estimation -- 3.5 Malware Integration and Testing -- 4 Evaluation -- 4.1 Threshold Estimation and PoW Algorithm Choice -- 4.2 Case Study: Known Malware -- 4.3 Case Study: Fresh Malware Sample -- 5 Security Analysis -- 6 Countermeasures -- 7 Discussion -- 7.1 Ethical Considerations -- 7.2 Bare-Metal Environments -- 7.3 Economical Denial of Sustainability -- 8 Related Work -- 9 Conclusion -- References -- Characterizing GPU Overclocking Faults -- 1 Introduction -- 1.1 Background -- 1.2 Related Work -- 1.3 Contributions -- 2 Preliminaries -- 2.1 CUDA -- 2.2 General GPU Setup -- 2.3 Overclocking -- 2.4 Attack Model -- 3 GPU Faults and Temperature Dependency -- 3.1 Setup -- 3.2 Initial Tests -- 3.3 Basics of Faults -- 3.4 The Relationship Between Faults and Temperature -- 4 Faults Boundaries and Values -- 4.1 The Boundaries of Faults -- 4.2 Byte-Flips and Bit-Flips -- 5 Memory Remnants and Transaction Size -- 5.1 The Basic Memory Transaction Size -- 5.2 A Model of the Memory Remnants Hypothesis: -- 5.3 Experimental Results -- 5.4 A Unified Fault Model -- 6 Countermeasures and Conclusions -- 6.1 Countermeasures -- 6.2 Conclusions -- A Appendix -- A.1 CUDA basics. A.2 Future Work -- References -- Fuzzing -- ARIstoteles - Dissecting Apple's Baseband Interface -- 1 Introduction -- 2 Background and Related Work -- 2.1 Baseband Security Architecture -- 2.2 Baseband Interface Analysis Options on iOS -- 2.3 IOS Shared Libraries -- 3 Apple Remote Invocation Protocol -- 4 Fully-Automated Protocol Dissection -- 5 Automated Reverse-Engineering -- 5.1 Group and TLV Definitions -- 5.2 Type Definitions -- 5.3 Integrating Existing Dissectors -- 5.4 iOS Version Change Tracking -- 6 Fuzzing -- 6.1 Initial Fuzzing Considerations -- 6.2 Building and Optimizing Fuzzers -- 6.3 Crash Evaluation -- 7 Conclusion -- References -- webFuzz: Grey-Box Fuzzing for Web Applications -- 1 Introduction -- 1.1 Contributions -- 2 webFuzz -- 2.1 Instrumentation -- 2.2 Fuzzing Analysis -- 3 Bug Injection -- 3.1 Analysis and Injection -- 3.2 Bug Template -- 4 Evaluation -- 4.1 Code Coverage -- 4.2 Throughput -- 4.3 Vulnerability Detection -- 5 Limitations -- 6 Future Work -- 7 Related Work -- 8 Conclusion -- References -- My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers -- 1 Introduction -- 2 Background -- 3 Statistical Evaluations -- 4 Problem Description and Related Work -- 5 Our Methodology -- 5.1 Comparing Fuzzers -- 5.2 Test Set Selection -- 5.3 Seed Sets -- 5.4 Statistical Evaluation -- 5.5 Fuzzing Evaluation Setup -- 5.6 Test Runs -- 6 Experiments -- 6.1 Fuzzers -- 6.2 Seed Set -- 6.3 Run-Time -- 6.4 Number of Trials -- 6.5 Number of Bugs/Targets -- 6.6 Further Insights -- 7 Discussion -- 8 Conclusion -- References -- Malware -- Rope: Covert Multi-process Malware Execution with Return-Oriented Programming -- 1 Introduction -- 2 Background -- 2.1 Defenses for Systems and Applications -- 2.2 Distributed Malware -- 3 Challenges for Covert Distributed Malware -- 4 Rope -- 4.1 Architecture. 4.2 Loader Component -- 4.3 Chunk Crafting and ROP-TxF Layout -- 4.4 Bootstrap Component -- 4.5 Discussion -- 5 Implementation -- 6 Evaluation -- 7 Countermeasures and Wrap-Up -- References -- Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains -- 1 Introduction -- 2 Shortcomings of State-of-the-Art Approaches -- 3 Design -- 3.1 Gadgets -- 3.2 Logical Encoding -- 3.3 Preconditions and Postconditions -- 3.4 Formula Generation -- 3.5 Algorithm Configuration -- 4 Implementation -- 5 Evaluation -- 5.1 Setup -- 5.2 Finding a Chain -- 5.3 Real-World Applicability -- 5.4 Target-Specific Constraints -- 5.5 Chain Statistics -- 5.6 SGC's Configuration -- 6 Discussion -- 7 Related Work -- 8 Conclusion -- A Modeling -- B dnsmasq CVE-2017-14493 -- References -- Peeler: Profiling Kernel-Level Events to Detect Ransomware -- 1 Introduction -- 2 Related Work -- 3 Key Characteristics to Detect Ransomware -- 3.1 Application Contextual Behavior -- 3.2 Application Behavioral Characteristics -- 4 System Design -- 4.1 Overview -- 4.2 System Events Monitor -- 4.3 Malicious Commands Detector -- 4.4 Machine Learning-Based Classifier -- 5 Dataset Collection -- 5.1 Ransomware -- 5.2 Benign Applications -- 6 Evaluation -- 6.1 Detection Accuracy -- 6.2 Effectiveness in Detecting Abused Tools/utilities -- 6.3 Robustness Against Unseen Families -- 7 Conclusion -- A Dataset -- A.1 Ransomware families -- A.2 Benign applications -- References -- User Behaviour and Underground Economy -- Mingling of Clear and Muddy Water: Understanding and Detecting Semantic Confusion in Blackhat SEO -- 1 Introduction -- 2 Background -- 2.1 Search Engine Optimization (SEO) -- 2.2 Blackhat SEO -- 2.3 Semantic-Based Techniques -- 3 Semantic Confusion Detection -- 3.1 System Overview -- 3.2 Datasets -- 3.3 Data Processor -- 3.4 Semantic Analyzer -- 3.5 SEO Collector. 4 Implementation and Evaluation -- 4.1 Implementation -- 4.2 Evaluation -- 5 Measurement -- 5.1 Overview -- 5.2 SEO Domains -- 5.3 SEO Campaigns -- 5.4 Real-World Deployment -- 6 Practical Issues -- 7 Discussion -- 8 Related Work -- 9 Conclusion -- References -- An Explainable Online Password Strength Estimator -- 1 Introduction -- 1.1 Background -- 1.2 Contributions -- 2 Rank Estimation and Key Enumeration in Cryptographic Side-Channel Attacks -- 3 Multi-dimensional Models for Passwords -- 3.1 Overview -- 3.2 The Data Corpus -- 3.3 Selecting Dimensions -- 3.4 The Learning Phase -- 3.5 The Estimation Phase -- 3.6 Estimating the Ranks of Unleaked Password Parts -- 3.7 Performance -- 4 Usability of PESrank -- 4.1 A Proof of Concept Study -- 4.2 Explainability -- 5 Comparison with Existing Methods -- 5.1 Comparison to Cracker-Based and Neural Methods -- 5.2 Storage Requirements -- 6 Related Work -- 7 Conclusions -- A Additional Related Work -- A.1 Heuristic pure-estimator approaches -- A.2 Tweakable extensions and variations -- References -- Detecting Video-Game Injectors Exchanged in Game Cheating Communities -- 1 Introduction -- 2 Methodology -- 2.1 Data Collection -- 2.2 Post Analysis -- 2.3 Attachment Analysis -- 2.4 Injector Classifier -- 3 Results -- 3.1 Dataset Characterization -- 3.2 Injectors Classifier -- 3.3 Forum Analysis -- 4 Related Work -- 5 Discussion and Conclusions -- A Analysis Features -- References -- Blockchain -- Revocable Policy-Based Chameleon Hash -- 1 Introduction -- 2 Overview -- 3 Preliminaries -- 3.1 Bilinear Map -- 3.2 Hard Assumption -- 3.3 Access Structure -- 3.4 Revocable Attribute-Based Encryption -- 3.5 Tree-Based Structure for User Revocation -- 4 Revocable Policy-Based Chameleon Hash -- 4.1 System Model -- 4.2 Formal Definition -- 4.3 Security Model -- 5 Revocable Policy-Based Chameleon Hash -- 5.1 Proposed RABE. 5.2 Proposed RPCH. |
| Record Nr. | UNINA-9910502619303321 |
| Cham, Switzerland : , : Springer, , [2021] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Computer Security -- ESORICS 2002 [[electronic resource] ] : 7th European Symposium on Research in Computer Security Zurich, Switzerland, October 14-16, 2002, Proceedings / / edited by Dieter Gollmann, Günter Karjoth, Michael Waidner
| Computer Security -- ESORICS 2002 [[electronic resource] ] : 7th European Symposium on Research in Computer Security Zurich, Switzerland, October 14-16, 2002, Proceedings / / edited by Dieter Gollmann, Günter Karjoth, Michael Waidner |
| Edizione | [1st ed. 2002.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2002 |
| Descrizione fisica | 1 online resource (CCCVIII, 298 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data encryption (Computer science)
Operating systems (Computers) Computer communication systems Database management Cryptology Operating Systems Computer Communication Networks Database Management |
| ISBN | 3-540-45853-0 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Computational Probabilistic Non-interference -- Bit-Slice Auction Circuit -- Confidentiality Policies and Their Enforcement for Controlled Query Evaluation -- Cardinality-Based Inference Control in Sum-Only Data Cubes -- Outbound Authentication for Programmable Secure Coprocessors -- Hamming Weight Attacks on Cryptographic Hardware — Breaking Masking Defense -- A Fully Compliant Research Implementation of the P3P Standard for Privacy Protection: Experiences and Recommendations -- Authentication for Distributed Web Caches -- Analysing a Stream Authentication Protocol Using Model Checking -- Equal To The Task? -- TINMAN: A Resource Bound Security Checking System for Mobile Code -- Confidentiality-Preserving Refinement is Compositional — Sometimes -- Formal Security Analysis with Interacting State Machines -- Decidability of Safety in Graph-Based Models for Access Control -- Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones -- Learning Fingerprints for a Database Intrusion Detection System. |
| Record Nr. | UNISA-996465392703316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2002 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Computer Security -- ESORICS 2002 : 7th European Symposium on Research in Computer Security Zurich, Switzerland, October 14-16, 2002, Proceedings / / edited by Dieter Gollmann, Günter Karjoth, Michael Waidner
| Computer Security -- ESORICS 2002 : 7th European Symposium on Research in Computer Security Zurich, Switzerland, October 14-16, 2002, Proceedings / / edited by Dieter Gollmann, Günter Karjoth, Michael Waidner |
| Edizione | [1st ed. 2002.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2002 |
| Descrizione fisica | 1 online resource (CCCVIII, 298 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Data encryption (Computer science)
Operating systems (Computers) Computer communication systems Database management Cryptology Operating Systems Computer Communication Networks Database Management |
| ISBN | 3-540-45853-0 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Computational Probabilistic Non-interference -- Bit-Slice Auction Circuit -- Confidentiality Policies and Their Enforcement for Controlled Query Evaluation -- Cardinality-Based Inference Control in Sum-Only Data Cubes -- Outbound Authentication for Programmable Secure Coprocessors -- Hamming Weight Attacks on Cryptographic Hardware — Breaking Masking Defense -- A Fully Compliant Research Implementation of the P3P Standard for Privacy Protection: Experiences and Recommendations -- Authentication for Distributed Web Caches -- Analysing a Stream Authentication Protocol Using Model Checking -- Equal To The Task? -- TINMAN: A Resource Bound Security Checking System for Mobile Code -- Confidentiality-Preserving Refinement is Compositional — Sometimes -- Formal Security Analysis with Interacting State Machines -- Decidability of Safety in Graph-Based Models for Access Control -- Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones -- Learning Fingerprints for a Database Intrusion Detection System. |
| Record Nr. | UNINA-9910143897003321 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2002 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Digital enlightenment yearbook 2013 : the value of personal data / / edited by Mireille Hildebrandt, Kieron O'Hara, and Michael Waidner
| Digital enlightenment yearbook 2013 : the value of personal data / / edited by Mireille Hildebrandt, Kieron O'Hara, and Michael Waidner |
| Pubbl/distr/stampa | Amsterdam ; ; Washington, D.C. : , : IOS Press, , [2013] |
| Descrizione fisica | 1 online resource (320 p.) |
| Disciplina | 004.6 |
| Altri autori (Persone) |
HildebrandtM
O'HaraKieron WaidnerMichael |
| Collana | stand alone |
| Soggetto topico |
Internet - Security measures
Internet - Social aspects |
| Soggetto genere / forma | Electronic books. |
| ISBN | 1-61499-295-9 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
""Title Page""; ""Foreword""; ""Contents""; ""Introduction""; ""Part I. Background""; ""Chapter 1. Die Aufklarung in the Age of Philosophical Engineering""; ""Chapter 2. Personal Data: Changing Selves, Changing Privacies""; ""Part II. The Need for Privacy""; ""Chapter 3. Not So Liminal Now: The Importance of Designing Privacy Features Across a Spectrum of Use""; ""Chapter 4. Privacy Value Network Analysis""; ""Chapter 5. Personal Data Ecosystem (PDE) - A Privacy by Design Approach to an Individual's Pursuit of Radical Control""
""Chapter 6. Personal Information Markets and Privacy: A New Model to Solve the Controversy""""Part III. Architectures for PDMs and PDEs""; ""Chapter 7. Online Privacy - Towards Informational Self-Determination on the Internet""; ""Chapter 8. Personal Information Dashboard: Putting the Individual Back in Control""; ""Chapter 9. Towards Effective, Consent Based Control of Personal Data""; ""Part IV. Other Sources of Data""; ""Chapter 10. Open Data Protection: Challenges, Perspectives, and Tools for the Reuse of PSI"" ""Chapter 11. Open Data: A New Battle in an Old War Between Access and Privacy?""""Chapter 12. Midata: Towards a Personal Information Revolution""; ""Part V. Personal Data Management: Examples and Overview""; ""Chapter 13. A User-Centred Approach to the Data Dilemma: Context, Architecture, and Policy""; ""Chapter 14. Life Management Platforms: Control and Privacy for Personal Data""; ""Chapter 15. Digital Enlightenment, Mydex, and Restoring Control over Personal Data to the Individual""; ""Chapter 16. Personal Data Management - A Structured Discussion""; ""Afterword""; ""Biographies"" ""Subject Index""""Author Index"" |
| Record Nr. | UNINA-9910453758203321 |
| Amsterdam ; ; Washington, D.C. : , : IOS Press, , [2013] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Digital enlightenment yearbook 2013 : the value of personal data / / edited by Mireille Hildebrandt, Kieron O'Hara, and Michael Waidner
| Digital enlightenment yearbook 2013 : the value of personal data / / edited by Mireille Hildebrandt, Kieron O'Hara, and Michael Waidner |
| Pubbl/distr/stampa | Amsterdam ; ; Washington, D.C. : , : IOS Press, , [2013] |
| Descrizione fisica | 1 online resource (320 p.) |
| Disciplina | 004.6 |
| Altri autori (Persone) |
HildebrandtM
O'HaraKieron WaidnerMichael |
| Collana | stand alone |
| Soggetto topico |
Internet - Security measures
Internet - Social aspects |
| ISBN | 1-61499-295-9 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
""Title Page""; ""Foreword""; ""Contents""; ""Introduction""; ""Part I. Background""; ""Chapter 1. Die Aufklarung in the Age of Philosophical Engineering""; ""Chapter 2. Personal Data: Changing Selves, Changing Privacies""; ""Part II. The Need for Privacy""; ""Chapter 3. Not So Liminal Now: The Importance of Designing Privacy Features Across a Spectrum of Use""; ""Chapter 4. Privacy Value Network Analysis""; ""Chapter 5. Personal Data Ecosystem (PDE) - A Privacy by Design Approach to an Individual's Pursuit of Radical Control""
""Chapter 6. Personal Information Markets and Privacy: A New Model to Solve the Controversy""""Part III. Architectures for PDMs and PDEs""; ""Chapter 7. Online Privacy - Towards Informational Self-Determination on the Internet""; ""Chapter 8. Personal Information Dashboard: Putting the Individual Back in Control""; ""Chapter 9. Towards Effective, Consent Based Control of Personal Data""; ""Part IV. Other Sources of Data""; ""Chapter 10. Open Data Protection: Challenges, Perspectives, and Tools for the Reuse of PSI"" ""Chapter 11. Open Data: A New Battle in an Old War Between Access and Privacy?""""Chapter 12. Midata: Towards a Personal Information Revolution""; ""Part V. Personal Data Management: Examples and Overview""; ""Chapter 13. A User-Centred Approach to the Data Dilemma: Context, Architecture, and Policy""; ""Chapter 14. Life Management Platforms: Control and Privacy for Personal Data""; ""Chapter 15. Digital Enlightenment, Mydex, and Restoring Control over Personal Data to the Individual""; ""Chapter 16. Personal Data Management - A Structured Discussion""; ""Afterword""; ""Biographies"" ""Subject Index""""Author Index"" |
| Record Nr. | UNINA-9910790523003321 |
| Amsterdam ; ; Washington, D.C. : , : IOS Press, , [2013] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
