Lattice model of secure information flow (referred as LIFS) is the foundation for building secure systems. In this paper, we capture the lattice model of security for mobility in a distributed setup using the formalism of Mobile Ambient calculus (MA) that has been widely used to model mobility and concurrency. Our model, referred to as Labelled Mobile Ambients (LMA), assigns labels to ambients for tracking information flow in the system, and provides semantics for preserving the distributed information flow policy specified by the labels. While there exist variants of the mobile ambient calculus for modelling application specific aspects of mandatory access control like confidentiality and integrity in the literature, our LMA model subsumes these models by capturing confidentiality and integrity as special cases of information flow properties. Thus, the LMA model enables a wide range of applications with complex security requirements, and permits a simple static analysis to establish whether the system violates information flow policy. A relative comparison to other prominent works is provided highlighting the merits of our LMA.
安全信息流的点阵模型(LIFS)是构建安全系统的基础。在本文中,我们使用移动环境演算(MA)的形式化来捕获分布式设置中移动安全性的格模型,该模型已被广泛用于建模移动和并发性。我们的模型被称为标签移动环境(labeled Mobile Ambients, LMA),它为环境分配标签以跟踪系统中的信息流,并提供语义以保留标签指定的分布式信息流策略。虽然在文献中存在用于对强制访问控制的应用特定方面(如机密性和完整性)建模的移动环境演算的变体,但我们的LMA模型通过捕获机密性和完整性作为信息流属性的特殊情况来包含这些模型。因此,LMA模型支持具有复杂安全需求的广泛应用程序,并允许简单的静态分析来确定系统是否违反信息流策略。并与其他著名著作作了比较,突出了我们的LMA的优点。
{"title":"Labelled mobile ambients model for information flow security in distributed systems","authors":"N. Kumar, R. Shyamasundar","doi":"10.1145/2799979.2800012","DOIUrl":"https://doi.org/10.1145/2799979.2800012","url":null,"abstract":"Lattice model of secure information flow (referred as LIFS) is the foundation for building secure systems. In this paper, we capture the lattice model of security for mobility in a distributed setup using the formalism of Mobile Ambient calculus (MA) that has been widely used to model mobility and concurrency. Our model, referred to as Labelled Mobile Ambients (LMA), assigns labels to ambients for tracking information flow in the system, and provides semantics for preserving the distributed information flow policy specified by the labels. While there exist variants of the mobile ambient calculus for modelling application specific aspects of mandatory access control like confidentiality and integrity in the literature, our LMA model subsumes these models by capturing confidentiality and integrity as special cases of information flow properties. Thus, the LMA model enables a wide range of applications with complex security requirements, and permits a simple static analysis to establish whether the system violates information flow policy. A relative comparison to other prominent works is provided highlighting the merits of our LMA.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131114644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In many organizations, there are numerous business processes that involve sensitive tasks that may encourage corruption. Conflict of interest policies are defined in an organization to deter corruption before it can happen. Existing research generally focuses on separation of duties, yet lacks attention for the underpinning conflicts of interest. Moreover, separation of duty is only one particular kind of conflicts of interest. Other kinds do exist and must be resolved as well. In this paper a novel approach is proposed to define conflict of interest policies and to facilitate their enforcement. Our work provides an expressive mechanism that can be applied for a wide range of conflicts of interest that go beyond separation of duty policies. Furthermore, we show how policies can be enforced in the context of the role-oriented access control model (ROAC), which we extend to provide a stronger basis for the enforcement of conflict of interest policies.
{"title":"Mitigating conflicts of interest by authorization policies","authors":"N. Nassr, E. Steegmans","doi":"10.1145/2799979.2800013","DOIUrl":"https://doi.org/10.1145/2799979.2800013","url":null,"abstract":"In many organizations, there are numerous business processes that involve sensitive tasks that may encourage corruption. Conflict of interest policies are defined in an organization to deter corruption before it can happen. Existing research generally focuses on separation of duties, yet lacks attention for the underpinning conflicts of interest. Moreover, separation of duty is only one particular kind of conflicts of interest. Other kinds do exist and must be resolved as well. In this paper a novel approach is proposed to define conflict of interest policies and to facilitate their enforcement. Our work provides an expressive mechanism that can be applied for a wide range of conflicts of interest that go beyond separation of duty policies. Furthermore, we show how policies can be enforced in the context of the role-oriented access control model (ROAC), which we extend to provide a stronger basis for the enforcement of conflict of interest policies.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130553038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The article is devoted to solving the urgent practical problem of determining the strategy for responding to information security incidents with the help of case based analysis. The apparatus of case based analysis is proposed to be used to solve the problem of choosing the strategy for responding to information security incidents. Incidents are compared with classes of precedents on the basis of similarities found in each class. An incident is compared with a specific precedent in the class and its associated response strategy according to the degree of similarity. In accordance with the proposed concept of the analysis of incidents a new algorithm of classification of information security incidents in information systems based on the case and statistical analysis was developed. The developed algorithm differs from the known ones due to automatic selection of the optimal cut-off value using the ROC-analysis. The assessment of the efficiency of the developed algorithm on a set of test data was made.
{"title":"Case based analysis in information security incidents management system","authors":"Andrey Shalyapin, V. Zhukov","doi":"10.1145/2799979.2799990","DOIUrl":"https://doi.org/10.1145/2799979.2799990","url":null,"abstract":"The article is devoted to solving the urgent practical problem of determining the strategy for responding to information security incidents with the help of case based analysis. The apparatus of case based analysis is proposed to be used to solve the problem of choosing the strategy for responding to information security incidents. Incidents are compared with classes of precedents on the basis of similarities found in each class. An incident is compared with a specific precedent in the class and its associated response strategy according to the degree of similarity. In accordance with the proposed concept of the analysis of incidents a new algorithm of classification of information security incidents in information systems based on the case and statistical analysis was developed. The developed algorithm differs from the known ones due to automatic selection of the optimal cut-off value using the ROC-analysis. The assessment of the efficiency of the developed algorithm on a set of test data was made.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132014088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jyoti Gajrani, Jitendra Sarswat, Meenakshi Tripathi, V. Laxmi, M. Gaur, M. Conti
Due to an increase in the number of Android malware applications and their diversity, it has become necessary for the security community to develop automated dynamic analysis systems. Static analysis has its limitations that can be overcome by dynamic analysis. Many tools based on dynamic analysis approach have been developed which employ emulated/virtualized environment for analysis. While it has been an effective technique for analysis, it can be espied and evaded by recent sophisticated malware. Malware families such as Pincer, AnserverBot, BgServ, Wroba have incorporated methods to check the presence of emulated or virtualized environment. Once the presence of the sandbox is detected, they do not execute any malicious behavior. In this paper, a robust emulated environment has been proposed and developed that is resilient against most of the detection techniques. We have compared our malware analysis tool DroidAnalyst against 12 publicly available dynamic analysis services and shown that our service is best when considering resilience against anti-emulation techniques. Incorporation of anti anti-detection techniques in the dynamic analysis that are purely based on emulation hinders the detection and evasion of emulated environment by malware.
{"title":"A robust dynamic analysis system preventing SandBox detection by Android malware","authors":"Jyoti Gajrani, Jitendra Sarswat, Meenakshi Tripathi, V. Laxmi, M. Gaur, M. Conti","doi":"10.1145/2799979.2800004","DOIUrl":"https://doi.org/10.1145/2799979.2800004","url":null,"abstract":"Due to an increase in the number of Android malware applications and their diversity, it has become necessary for the security community to develop automated dynamic analysis systems. Static analysis has its limitations that can be overcome by dynamic analysis. Many tools based on dynamic analysis approach have been developed which employ emulated/virtualized environment for analysis. While it has been an effective technique for analysis, it can be espied and evaded by recent sophisticated malware. Malware families such as Pincer, AnserverBot, BgServ, Wroba have incorporated methods to check the presence of emulated or virtualized environment. Once the presence of the sandbox is detected, they do not execute any malicious behavior. In this paper, a robust emulated environment has been proposed and developed that is resilient against most of the detection techniques. We have compared our malware analysis tool DroidAnalyst against 12 publicly available dynamic analysis services and shown that our service is best when considering resilience against anti-emulation techniques. Incorporation of anti anti-detection techniques in the dynamic analysis that are purely based on emulation hinders the detection and evasion of emulated environment by malware.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114037103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper focuses on the design and implementation of a distributed, highly scalable, and fault-tolerant anti-fraud service accessible via REST API. Web service works in near real-time and employs machine learning algorithms for predictive analytics. Our goal is to develop an affordable anti-fraud service, which provides a possibility for participating parties (i.e. merchants, aggregating agents, payment systems, and banks) to reduce the risks of fraudulent payments over their sites. We explore a number of approaches resulting in a significant reduction of hardware and software costs as well as the size of the team working on the project.
{"title":"Web service for detecting credit card fraud in near real-time","authors":"A. Tselykh, D. Petukhov","doi":"10.1145/2799979.2800039","DOIUrl":"https://doi.org/10.1145/2799979.2800039","url":null,"abstract":"This paper focuses on the design and implementation of a distributed, highly scalable, and fault-tolerant anti-fraud service accessible via REST API. Web service works in near real-time and employs machine learning algorithms for predictive analytics. Our goal is to develop an affordable anti-fraud service, which provides a possibility for participating parties (i.e. merchants, aggregating agents, payment systems, and banks) to reduce the risks of fraudulent payments over their sites. We explore a number of approaches resulting in a significant reduction of hardware and software costs as well as the size of the team working on the project.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115906419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dynamic taint analysis is an important technique for tracking information flow in software and it has been widely applied in the field of software testing, debugging and vulnerability detection. However, most of the dynamic taint analysis tools only handle explicit information flow, while ignoring the implicit information flow, resulting in a large number of false negative errors. Considering this situation, we present a dynamic marking method for implicit information flow, to handle a specific type of control-dependence. The method can identify and propagate implicit data during runtime, thus increasing the coverage of the tested program. we also propose pipeline, integrating our method in the process of dynamic taint analysis. Pipeline is implemented on the base of the dynamic taint analysis framework avalanche, and is designed to detect vulnerabilities in binary programs. In the studies, we applied the tool to 5 applications from some open-source projects, and it has effectively located and propagated the specific kind of implicit information flow.
{"title":"A dynamic marking method for implicit information flow in dynamic taint analysis","authors":"Xuefei Wang, Hengtai Ma, Lisha Jing","doi":"10.1145/2799979.2799988","DOIUrl":"https://doi.org/10.1145/2799979.2799988","url":null,"abstract":"Dynamic taint analysis is an important technique for tracking information flow in software and it has been widely applied in the field of software testing, debugging and vulnerability detection. However, most of the dynamic taint analysis tools only handle explicit information flow, while ignoring the implicit information flow, resulting in a large number of false negative errors. Considering this situation, we present a dynamic marking method for implicit information flow, to handle a specific type of control-dependence. The method can identify and propagate implicit data during runtime, thus increasing the coverage of the tested program. we also propose pipeline, integrating our method in the process of dynamic taint analysis. Pipeline is implemented on the base of the dynamic taint analysis framework avalanche, and is designed to detect vulnerabilities in binary programs. In the studies, we applied the tool to 5 applications from some open-source projects, and it has effectively located and propagated the specific kind of implicit information flow.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116221355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The article considers rapidly developing technology of self-organizing wireless networks. Investigated and analyzed "Wormhole" and "Blackhole" attacks. Also described and estimated "Wormhole" and "Blackhole" attacks prevention methods.
{"title":"Cybersecurity of ad-hoc distributed systems","authors":"M. Dmitry, I. Denis","doi":"10.1145/2799979.2800028","DOIUrl":"https://doi.org/10.1145/2799979.2800028","url":null,"abstract":"The article considers rapidly developing technology of self-organizing wireless networks. Investigated and analyzed \"Wormhole\" and \"Blackhole\" attacks. Also described and estimated \"Wormhole\" and \"Blackhole\" attacks prevention methods.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116639903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Shukhman, P. Polezhaev, Y. Ushakov, L. Legashev, V. Tarasov, N. Bakhareva
This paper presents the architecture of information security systems for enterprise software-defined networks. Its main advantages are modularity, expandability, unified network configuration and monitoring, flexibility, load scalability, efficient hardware use, total check of network traffic. The architecture has been implemented as a firewall. Our firewall algorithm was tested by the Mininet simulator. The results of network performance evaluation have confirmed the firewall efficiency by delays and bandwidth.
{"title":"Development of network security tools for enterprise software-defined networks","authors":"A. Shukhman, P. Polezhaev, Y. Ushakov, L. Legashev, V. Tarasov, N. Bakhareva","doi":"10.1145/2799979.2800009","DOIUrl":"https://doi.org/10.1145/2799979.2800009","url":null,"abstract":"This paper presents the architecture of information security systems for enterprise software-defined networks. Its main advantages are modularity, expandability, unified network configuration and monitoring, flexibility, load scalability, efficient hardware use, total check of network traffic. The architecture has been implemented as a firewall. Our firewall algorithm was tested by the Mininet simulator. The results of network performance evaluation have confirmed the firewall efficiency by delays and bandwidth.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114440625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traditionally the passwords are stored in hashed format. However, if the password file is compromised then by using the brute force attack there is a high chance that the original passwords can be leaked. False passwords -- also known as honeywords, are used to protect the original passwords from such leak. A good honeyword system is dependent on effective honeyword generation techniques. In this paper, the risk and limitations of some of the existing honeyword generation techniques have been identified as different notes. Three concepts -- modified tails, close number formation and caps key are introduced to address the existing issues. The experimental analysis shows that the proposed techniques with some preprocessing can protect high percentage of passwords. Finally a comparative analysis is presented to show how the proposed approaches stand with respect to the existing honeyword generation approaches.
{"title":"Few notes towards making honeyword system more secure and usable","authors":"Nilesh Chakraborty, S. Mondal","doi":"10.1145/2799979.2799992","DOIUrl":"https://doi.org/10.1145/2799979.2799992","url":null,"abstract":"Traditionally the passwords are stored in hashed format. However, if the password file is compromised then by using the brute force attack there is a high chance that the original passwords can be leaked. False passwords -- also known as honeywords, are used to protect the original passwords from such leak. A good honeyword system is dependent on effective honeyword generation techniques. In this paper, the risk and limitations of some of the existing honeyword generation techniques have been identified as different notes. Three concepts -- modified tails, close number formation and caps key are introduced to address the existing issues. The experimental analysis shows that the proposed techniques with some preprocessing can protect high percentage of passwords. Finally a comparative analysis is presented to show how the proposed approaches stand with respect to the existing honeyword generation approaches.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125866631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper reviews security problems in computer networks with dynamically reconfigurable topology (e.g. mesh, MANET, computing grid, virtualized network clusters, fog computing network). The dynamically organized networks might be subjected to some specific computer attacks, which are analyzed within this paper. Different methods of security improvement are discussed, and a new method of security flaws detection based on graph modeling is suggested.
{"title":"Information security in computer networks with dynamic topology","authors":"A. Minin, M. Kalinin","doi":"10.1145/2799979.2800023","DOIUrl":"https://doi.org/10.1145/2799979.2800023","url":null,"abstract":"This paper reviews security problems in computer networks with dynamically reconfigurable topology (e.g. mesh, MANET, computing grid, virtualized network clusters, fog computing network). The dynamically organized networks might be subjected to some specific computer attacks, which are analyzed within this paper. Different methods of security improvement are discussed, and a new method of security flaws detection based on graph modeling is suggested.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122445527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: