VoIP steganography is a real-time network steganography, which utilizes VoIP protocols and traffic as a covert channel to conceal secret messages. Recently, there has been a noticeable increase in the interest in VoIP steganography due to the volume of VoIP traffic generated, which proved to be economically feasible to utilize. This paper discusses VoIP steganography challenges, compares the existing mechanisms, and proposes a new VoIP steganography approach. Current VoIP steganography techniques lack mechanisms to provide reliability without weakening the steganography system. Accordingly, this paper modifies the (k, n) threshold secret sharing scheme, which is based on Lagrange's Interpolation, and then applies a two phase approach on the LACK steganography mechanism to provide reliability and fault tolerance and to increase steganalysis complexity. The cost of reliability is a loss in bandwidth, therefore, the proposed approach also provides mechanisms to maximize packets utilization to mitigate the effect of adding redundancy.
{"title":"ReLACK: A Reliable VoIP Steganography Approach","authors":"Mohammad Hamdaqa, L. Tahvildari","doi":"10.1109/SSIRI.2011.24","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.24","url":null,"abstract":"VoIP steganography is a real-time network steganography, which utilizes VoIP protocols and traffic as a covert channel to conceal secret messages. Recently, there has been a noticeable increase in the interest in VoIP steganography due to the volume of VoIP traffic generated, which proved to be economically feasible to utilize. This paper discusses VoIP steganography challenges, compares the existing mechanisms, and proposes a new VoIP steganography approach. Current VoIP steganography techniques lack mechanisms to provide reliability without weakening the steganography system. Accordingly, this paper modifies the (k, n) threshold secret sharing scheme, which is based on Lagrange's Interpolation, and then applies a two phase approach on the LACK steganography mechanism to provide reliability and fault tolerance and to increase steganalysis complexity. The cost of reliability is a loss in bandwidth, therefore, the proposed approach also provides mechanisms to maximize packets utilization to mitigate the effect of adding redundancy.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"312-315 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130861264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As the capability to automatically generate code from different models becomes more sophisticated, it is critical that these models be adequately tested for quality assurance prior to code generation. Although simulation-based blackbox testing strategies exist for these models, it is important that we also employ white-box testing strategies similar to those used to test implementation code. More precisely, we apply coverage testing to architectural design models represented by SDL (Specification and Description Language). Our previous study [30] defined a methodology for automatic test generation with respect to structural-based criteria such as all-node and all-edge. Now, we propose new coverage criteria such as n-step message transfer and sender-receiver round-trip, aiming at the communication between SDL processes.
{"title":"Validation of SDL-Based Architectural Design Models: New Coverage Criteria","authors":"Andy Restrepo, W. Eric Wong","doi":"10.1109/SSIRI.2011.29","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.29","url":null,"abstract":"As the capability to automatically generate code from different models becomes more sophisticated, it is critical that these models be adequately tested for quality assurance prior to code generation. Although simulation-based blackbox testing strategies exist for these models, it is important that we also employ white-box testing strategies similar to those used to test implementation code. More precisely, we apply coverage testing to architectural design models represented by SDL (Specification and Description Language). Our previous study [30] defined a methodology for automatic test generation with respect to structural-based criteria such as all-node and all-edge. Now, we propose new coverage criteria such as n-step message transfer and sender-receiver round-trip, aiming at the communication between SDL processes.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116722441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software security has become more and more critical as we are increasingly depending on the Internet, an untrustworthy computing environment. Software functionality and security are tightly related to each other, vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns, however, are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior, then integrates this behavior into state chart-based functional models. Through the focus on both the functional and threat behavior, software engineers can introduce, clearly define and understand security concerns as software is designed. To identify vulnerabilities, our approach then applies security analysis and threat identification to the integrated model.
{"title":"Towards an Enhanced Design Level Security: Integrating Attack Trees with Statecharts","authors":"O. Ariss, Jianfei Wu, Dianxiang Xu","doi":"10.1109/SSIRI.2011.11","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.11","url":null,"abstract":"Software security has become more and more critical as we are increasingly depending on the Internet, an untrustworthy computing environment. Software functionality and security are tightly related to each other, vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns, however, are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior, then integrates this behavior into state chart-based functional models. Through the focus on both the functional and threat behavior, software engineers can introduce, clearly define and understand security concerns as software is designed. To identify vulnerabilities, our approach then applies security analysis and threat identification to the integrated model.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125308174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Service-oriented architecture (SOA) provides an ability to satisfy the increasing demand of the customer for complicated services in business environments via the composition of service components scattered on the Internet. Service composition is a mechanism to create a new service by the integration of several services to meet complex business goals. Web services are frequently exposed to unexpected service faults in network environments, because most SOA has been recently realized in the area of web services. Thus, services participating in the service composition cannot always be free of service faults, thereby decreasing the reliability of service composition. It is necessary to improve the reliability of the service composition to provide a reliable service. In this paper, we focus on the availability of a web service and propose a technique to improve service composition reliability using the web service-business process execution language (WS-BPEL) to support successful service composition. The proposed technique performs dynamic service replacement with the WS-BPEL extension. This is combined as the concept of the aspect-oriented programming when a web service fault is detected. We can prevent the failures of composite web service from unexpected service faults using our technique.
{"title":"Dynamic Service Replacement to Improve Composite Service Reliability","authors":"Jong-Phil Kim, Jang-Eui Hong","doi":"10.1109/SSIRI.2011.23","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.23","url":null,"abstract":"Service-oriented architecture (SOA) provides an ability to satisfy the increasing demand of the customer for complicated services in business environments via the composition of service components scattered on the Internet. Service composition is a mechanism to create a new service by the integration of several services to meet complex business goals. Web services are frequently exposed to unexpected service faults in network environments, because most SOA has been recently realized in the area of web services. Thus, services participating in the service composition cannot always be free of service faults, thereby decreasing the reliability of service composition. It is necessary to improve the reliability of the service composition to provide a reliable service. In this paper, we focus on the availability of a web service and propose a technique to improve service composition reliability using the web service-business process execution language (WS-BPEL) to support successful service composition. The proposed technique performs dynamic service replacement with the WS-BPEL extension. This is combined as the concept of the aspect-oriented programming when a web service fault is detected. We can prevent the failures of composite web service from unexpected service faults using our technique.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115584581","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: