Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1137
Ralf Kundel, Paul Stiegele, D. Tran, Julian Zobel, Osama Abboud, Rhaban Hark, R. Steinmetz
Quality of Service indicators in computer networks reached tremendous importance over the last years. Especially throughput and latency are directly influenced by the dimension of packet queues. Determining the optimal dimension based on the inevitable tradeoff between throughput and latency tends to be a hard, almost infeasible challenge. Several algorithms for Active Queue Management have been proposed to address this challenge over the last years. However, the deployment and by that the development of such algorithms is challenging as they are usually located within the operation systems’ kernel or implemented in fixed hardware. In this work, we investigate how novel algorithms can be deployed in user space for rapid prototyping with tolerable effort. We provide core performance characteristics and highlight the viability and reasonability of this approach.
{"title":"User Space Packet Schedulers: Towards Rapid Prototyping of Queue-Management Algorithms","authors":"Ralf Kundel, Paul Stiegele, D. Tran, Julian Zobel, Osama Abboud, Rhaban Hark, R. Steinmetz","doi":"10.14279/TUJ.ECEASST.80.1137","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1137","url":null,"abstract":"Quality of Service indicators in computer networks reached tremendous importance over the last years. Especially throughput and latency are directly influenced by the dimension of packet queues. Determining the optimal dimension based on the inevitable tradeoff between throughput and latency tends to be a hard, almost infeasible challenge. Several algorithms for Active Queue Management have been proposed to address this challenge over the last years. However, the deployment and by that the development of such algorithms is challenging as they are usually located within the operation systems’ kernel or implemented in fixed hardware. In this work, we investigate how novel algorithms can be deployed in user space for rapid prototyping with tolerable effort. We provide core performance characteristics and highlight the viability and reasonability of this approach.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116682965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1146.1115
Aditya Tyagi, Razieh Nokhbeh Zaeem, K. S. Barber
While many organizations share threat intelligence, there is still a lack of actionable data for organizations to proactively and effectively respond to emerging identity threats to mitigate a wide range of crimes. There currently exists no solution for organizations to access current trends and intelligence to understand emerging threats and how to appropriately respond to them. This research project delivers I-WARN to help bridge that gap. Using a wide range of open-source information, I-WARN gathers, analyzes, and reports on threats related to the theft, fraud, and abuse of Personally Identifiable Information (PII). I-WARN then maps those threats to the MITRE ATT&CK -- a framework that helps understand lateral movement of an attack -- to offer mitigation and risk reduction tactics. I-WARN aims to deliver actionable intelligence, offering early warning into threat behaviors, and mitigation responses. This paper discusses the technical details of I-WARN, non-exhaustive current solutions for threat intelligence sharing, and future work.
{"title":"Early Warning Identity Threat and Mitigation System","authors":"Aditya Tyagi, Razieh Nokhbeh Zaeem, K. S. Barber","doi":"10.14279/TUJ.ECEASST.80.1146.1115","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1146.1115","url":null,"abstract":"While many organizations share threat intelligence, there is still a lack of actionable data for organizations to proactively and effectively respond to emerging identity threats to mitigate a wide range of crimes. There currently exists no solution for organizations to access current trends and intelligence to understand emerging threats and how to appropriately respond to them. This research project delivers I-WARN to help bridge that gap. Using a wide range of open-source information, I-WARN gathers, analyzes, and reports on threats related to the theft, fraud, and abuse of Personally Identifiable Information (PII). I-WARN then maps those threats to the MITRE ATT&CK -- a framework that helps understand lateral movement of an attack -- to offer mitigation and risk reduction tactics. I-WARN aims to deliver actionable intelligence, offering early warning into threat behaviors, and mitigation responses. This paper discusses the technical details of I-WARN, non-exhaustive current solutions for threat intelligence sharing, and future work.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121916408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1155.1088
Martin Byrenheid, Stefanie Roos, T. Strufe
Routing based on greedy network embeddings enables efficient and privacy-preserving routing in overlays where connectivity is restricted to mutually trusted nodes. In previous works, we proposed security enhancements to the embedding and routing procedures to protect against denial-of-service attacks by malicious overlay participants. In this work, we propose an improved timeout scheme to reduce the stabilization overhead of secure tree maintenance in response to node failures and malicious behavior. Furthermore, we present an attack-resistant packet replication scheme that leverages alternative paths discovered during routing.
{"title":"Improvements to the Secure Construction and Utilization of Greedy Embeddings in Friend-to-Friend Overlays","authors":"Martin Byrenheid, Stefanie Roos, T. Strufe","doi":"10.14279/TUJ.ECEASST.80.1155.1088","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1155.1088","url":null,"abstract":"Routing based on greedy network embeddings enables efficient and privacy-preserving routing in overlays where connectivity is restricted to mutually trusted nodes. In previous works, we proposed security enhancements to the embedding and routing procedures to protect against denial-of-service attacks by malicious overlay participants. In this work, we propose an improved timeout scheme to reduce the stabilization overhead of secure tree maintenance in response to node failures and malicious behavior. Furthermore, we present an attack-resistant packet replication scheme that leverages alternative paths discovered during routing.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124769866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1179
Katharina Dietz, Michael Mühlhauser, Michael Seufert, N. Gray, T. Hossfeld, Dominik Herrmann
As modern communication networks grow more and more complex, manually maintaining an overview of deployed soft- and hardware is challenging. Mechanisms such as fingerprinting are utilized to automatically extract information from ongoing network traffic and map this to a specific device or application, e.g., a browser. Active approaches directly interfere with the traffic and impose security risks or are simply infeasible. Therefore, passive approaches are employed, which only monitor traffic but require a well-designed feature set since less information is available. However, even these passive approaches impose privacy risks. Browser identification from encrypted traffic may lead to data leakage, e.g., the browser history of users. We propose a passive browser fingerprinting method based on explainable features and evaluate two privacy protection mechanisms, namely differentially private classifiers and differentially private data generation. With a differentially private Random Decision Forest, we achieve an accuracy of 0.877. If we train a non-private Random Forest on differentially private synthetic data, we reach an accuracy up to 0.887, showing a reasonable trade-off between utility and privacy.
{"title":"Browser Fingerprinting: How to Protect Machine Learning Models and Data with Differential Privacy?","authors":"Katharina Dietz, Michael Mühlhauser, Michael Seufert, N. Gray, T. Hossfeld, Dominik Herrmann","doi":"10.14279/TUJ.ECEASST.80.1179","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1179","url":null,"abstract":"As modern communication networks grow more and more complex, manually maintaining an overview of deployed soft- and hardware is challenging. Mechanisms such as fingerprinting are utilized to automatically extract information from ongoing network traffic and map this to a specific device or application, e.g., a browser. Active approaches directly interfere with the traffic and impose security risks or are simply infeasible. Therefore, passive approaches are employed, which only monitor traffic but require a well-designed feature set since less information is available. However, even these passive approaches impose privacy risks. Browser identification from encrypted traffic may lead to data leakage, e.g., the browser history of users. We propose a passive browser fingerprinting method based on explainable features and evaluate two privacy protection mechanisms, namely differentially private classifiers and differentially private data generation. With a differentially private Random Decision Forest, we achieve an accuracy of 0.877. If we train a non-private Random Forest on differentially private synthetic data, we reach an accuracy up to 0.887, showing a reasonable trade-off between utility and privacy.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131027409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1133.1095
William Tarneberg, M. Gunnarsson, M. Kihl, C. Gehrmann
Digital twins are taking a central role in the industry 4.0 narrative. How- ever, they are still illusive. Many aspects of the digital-twins have yet to materialize. For example, to what degree will they be integrated into cloud and industry 4.0 sys- tems as well as how and if they should augment their physical counterpart. Those choices are accompanied by challenging security aspects, many of which have to be studied partially. In this paper, we present a novel digital-twin demonstrator that en- ables experimentation and advanced research on such systems. The demonstrator is cloud-native, has a distributed adaptive control system, incorporates edge and public clouds, a PLC, intrusion detection, a wireless network emulator, and an attacker.
{"title":"Demonstration: A cloud-native digital twin with adaptive cloud-based control and intrusion detection","authors":"William Tarneberg, M. Gunnarsson, M. Kihl, C. Gehrmann","doi":"10.14279/TUJ.ECEASST.80.1133.1095","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1133.1095","url":null,"abstract":"Digital twins are taking a central role in the industry 4.0 narrative. How- ever, they are still illusive. Many aspects of the digital-twins have yet to materialize. For example, to what degree will they be integrated into cloud and industry 4.0 sys- tems as well as how and if they should augment their physical counterpart. Those choices are accompanied by challenging security aspects, many of which have to be studied partially. In this paper, we present a novel digital-twin demonstrator that en- ables experimentation and advanced research on such systems. The demonstrator is cloud-native, has a distributed adaptive control system, incorporates edge and public clouds, a PLC, intrusion detection, a wireless network emulator, and an attacker.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130620578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1175
David Monschein, O. P. Waldhorst
Since password-based authentication is no longer sufficient for web applications, additional authentication factors are required. Especially in the context of mobile devices and with regard to usability, there is an increasing focus on methods where the user's behavior is used as authentication factor (e.g., touchscreen interactions or sensors). As this typically requires the processing of large amounts of sensitive data, issues related to privacy and scalability arise. Our work addresses the issues by presenting a scalable and privacy-friendly approach for authenticating users of mobile applications based on information about their network connections.
{"title":"Privacy-Preserving and Scalable Authentication based on Network Connection Traces","authors":"David Monschein, O. P. Waldhorst","doi":"10.14279/TUJ.ECEASST.80.1175","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1175","url":null,"abstract":"Since password-based authentication is no longer sufficient for web applications, additional authentication factors are required. Especially in the context of mobile devices and with regard to usability, there is an increasing focus on methods where the user's behavior is used as authentication factor (e.g., touchscreen interactions or sensors). As this typically requires the processing of large amounts of sensitive data, issues related to privacy and scalability arise. Our work addresses the issues by presenting a scalable and privacy-friendly approach for authenticating users of mobile applications based on information about their network connections.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131403917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1172
K. Thimmaraju, B. Scheuermann
QUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker to count the number of server instances behind a middlebox, e.g., a load balancer. We found 4/15 (~25%) implementations vulnerable to our enumeration attack. We then concretely describe how an attacker can count the number of instances behind a load balancer that either uses Round Robin or Hashing.
{"title":"Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers","authors":"K. Thimmaraju, B. Scheuermann","doi":"10.14279/TUJ.ECEASST.80.1172","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1172","url":null,"abstract":"QUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker to count the number of server instances behind a middlebox, e.g., a load balancer. We found 4/15 (~25%) implementations vulnerable to our enumeration attack. We then concretely describe how an attacker can count the number of instances behind a load balancer that either uses Round Robin or Hashing.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134603483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1139
Hassan Ismail Fawaz, D. Zeghlache, Tran Anh Quang Pham, Jérémie Leguay, P. Medagliani
With the goal of meeting the stringent throughput and delay requirements of classified network flows, we propose a Deep Q-learning Network (DQN) for optimal weight selection in an active queue management system based on Weighted Fair Queuing (WFQ). Our system schedules flows belonging to different priority classes (Gold, Silver, and Bronze) into separate queues, and learns how and when to dequeue from each queue. The neural network implements deep reinforcement learning tools such as target networks and replay buffers to help learn the best weights depending on the network state. We show, via simulations, that our algorithm converges to an efficient model capable of adapting to the flow demands, producing thus lower delays with respect to traditional WFQ.
{"title":"Deep Reinforcement Learning for Smart Queue Management","authors":"Hassan Ismail Fawaz, D. Zeghlache, Tran Anh Quang Pham, Jérémie Leguay, P. Medagliani","doi":"10.14279/TUJ.ECEASST.80.1139","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1139","url":null,"abstract":"With the goal of meeting the stringent throughput and delay requirements of classified network flows, we propose a Deep Q-learning Network (DQN) for optimal weight selection in an active queue management system based on Weighted Fair Queuing (WFQ). Our system schedules flows belonging to different priority classes (Gold, Silver, and Bronze) into separate queues, and learns how and when to dequeue from each queue. The neural network implements deep reinforcement learning tools such as target networks and replay buffers to help learn the best weights depending on the network state. We show, via simulations, that our algorithm converges to an efficient model capable of adapting to the flow demands, producing thus lower delays with respect to traditional WFQ.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125226766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1150
Christoph Funda, K. Hielscher, R. German
Hardware-in-the-loop test benches are distributed computer systems including software, hardware and networking devices, which require strict real-time guarantees. To guarantee strict real-time of the simulator the performance needs to be evaluated. To evaluate the timing performance a discrete event simulation model is built up. The input modeling is based on measurements from the real system in a prototype phase. The results of the simulation model are validated with measurements from a prototype of the real system. The workload is increased until the streaming source becomes unstable, by either exceeding a certain limit of bytes or exceeding the number of parallel software processes running on the cores of the central processing unit. To evaluate the performance beyond these limits, the discrete event simulation model needs to be enriched by a scheduler and a hardware model. To provide real-time guarantees an analytical model needs to be built up.
{"title":"Discrete event simulation for the purpose of real-time performance evaluation of distributed hardware-in-the-loop simulators for autonomous driving vehicle validation","authors":"Christoph Funda, K. Hielscher, R. German","doi":"10.14279/TUJ.ECEASST.80.1150","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1150","url":null,"abstract":"Hardware-in-the-loop test benches are distributed computer systems including software, hardware and networking devices, which require strict real-time guarantees. To guarantee strict real-time of the simulator the performance needs to be evaluated. To evaluate the timing performance a discrete event simulation model is built up. The input modeling is based on measurements from the real system in a prototype phase. The results of the simulation model are validated with measurements from a prototype of the real system. The workload is increased until the streaming source becomes unstable, by either exceeding a certain limit of bytes or exceeding the number of parallel software processes running on the cores of the central processing unit. To evaluate the performance beyond these limits, the discrete event simulation model needs to be enriched by a scheduler and a hardware model. To provide real-time guarantees an analytical model needs to be built up.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125472246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: