In this paper, we describe binary and multi-symbol packet length covert channels. Then we design a technique to estimate and limit their capacity. The method to choose parameters of counteraction tools is given, it takes into account an allowable value of covert channel capacity and error level. The novelty of the investigation undertaken is that the covert channel capacity is limited preliminary, whereas state of the art methods focus on detecting active IP covert channels.
{"title":"Protection from binary and multi-symbol packet length covert channels","authors":"A. Epishkina, K. Kogos","doi":"10.1145/2799979.2799994","DOIUrl":"https://doi.org/10.1145/2799979.2799994","url":null,"abstract":"In this paper, we describe binary and multi-symbol packet length covert channels. Then we design a technique to estimate and limit their capacity. The method to choose parameters of counteraction tools is given, it takes into account an allowable value of covert channel capacity and error level. The novelty of the investigation undertaken is that the covert channel capacity is limited preliminary, whereas state of the art methods focus on detecting active IP covert channels.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"226 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123097790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Amirkhanyan, Andrey Sapegin, Marian Gawron, Feng Cheng, C. Meinel
For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.
{"title":"Simulation user behavior on a security testbed using user behavior states graph","authors":"A. Amirkhanyan, Andrey Sapegin, Marian Gawron, Feng Cheng, C. Meinel","doi":"10.1145/2799979.2799985","DOIUrl":"https://doi.org/10.1145/2799979.2799985","url":null,"abstract":"For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134007632","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rapidly expanding information technologies field clearly discovers tendency of increasing computer systems' heterogeneity and distribution level. In this paper authors reveal the hidden attributes of IT security evolution towards more assumptions about attacker power and less assertions on provided security level. The proposed view of IT security evolution makes it possible to classify security providing technologies in terms of control theory. This comparison, in turn, allows to borrow a rich theoretical framework of appropriate control theory methods (for non-linear, non-stationary, discrete-continuous automatic control systems) and adopt them for cyber security purposes. Moreover, proposed control theory view enables prediction of the future security evolution stages and allows to partially determine them.
{"title":"Large-scale systems security evolution: control theory approach","authors":"T. Stepanova, D. Zegzhda","doi":"10.1145/2799979.2799993","DOIUrl":"https://doi.org/10.1145/2799979.2799993","url":null,"abstract":"Rapidly expanding information technologies field clearly discovers tendency of increasing computer systems' heterogeneity and distribution level. In this paper authors reveal the hidden attributes of IT security evolution towards more assumptions about attacker power and less assertions on provided security level. The proposed view of IT security evolution makes it possible to classify security providing technologies in terms of control theory. This comparison, in turn, allows to borrow a rich theoretical framework of appropriate control theory methods (for non-linear, non-stationary, discrete-continuous automatic control systems) and adopt them for cyber security purposes. Moreover, proposed control theory view enables prediction of the future security evolution stages and allows to partially determine them.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133507842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An important problem for secure communication is that of achieving jam resistance, without any prior shared secret between the sender and receiver, and without limits on the assumed computational power of the attacker. To date, only one system has been proposed for this, the BBC system, which is based on coding theory using codes derived from arbitrary hash functions. It is unfortunate that only one, narrow solution has been found for this important problem. We now propose a new algorithm for this problem: the HBT algorithm. It is very different from BBC, using codes based on monotone Boolean functions (MBF), rather than hash functions. It is also more general. We show that despite being very different from BBC, the latter can be viewed as a special case of it. In fact, a theorem proves that all such codes are special cases of this new system. We give empirical results suggesting that this new approach is useful, and describe directions for future research.
{"title":"A new algorithm for unkeyed jam resistance","authors":"Hamid Hanifi, L. Baird, R. Thurimella","doi":"10.1145/2799979.2800008","DOIUrl":"https://doi.org/10.1145/2799979.2800008","url":null,"abstract":"An important problem for secure communication is that of achieving jam resistance, without any prior shared secret between the sender and receiver, and without limits on the assumed computational power of the attacker. To date, only one system has been proposed for this, the BBC system, which is based on coding theory using codes derived from arbitrary hash functions. It is unfortunate that only one, narrow solution has been found for this important problem. We now propose a new algorithm for this problem: the HBT algorithm. It is very different from BBC, using codes based on monotone Boolean functions (MBF), rather than hash functions. It is also more general. We show that despite being very different from BBC, the latter can be viewed as a special case of it. In fact, a theorem proves that all such codes are special cases of this new system. We give empirical results suggesting that this new approach is useful, and describe directions for future research.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115718998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. S. Awan, Mohammed A. Alghamdi, Sultan H. Almotiri, P. Burnap, O. Rana
An increasingly mature, stealthy and dynamic techniques and attack vectors used by cyber criminals have made the critical network infrastructure more vulnerable to security breaches. Following 'Bring Your Own Device (BYOD)' policies and remote-work style of accessing network infra structure leaves the whole network vulnerable to new unknown malware, botnets, advanced persistent threats, coordinated attack patterns, etc., in addition to existing vulnerabilities inherent in software applications. Such an environment demands a network administrator to understand the nature and patterns of cyber-attacks targeting the network infra structure so that appropriate measures could be introduced. In this paper we propose a framework to classify cyber-attacks based on their pattern of occurrence. We validate the classification approach using real malicious traffic logs by focusing on: i) temporal behaviour of cyber-attacks; ii) correlation between cyber-attacks; and iii) targeted software applications.
{"title":"A classification framework for distinct cyber-attacks based on occurrence patterns","authors":"M. S. Awan, Mohammed A. Alghamdi, Sultan H. Almotiri, P. Burnap, O. Rana","doi":"10.1145/2799979.2800037","DOIUrl":"https://doi.org/10.1145/2799979.2800037","url":null,"abstract":"An increasingly mature, stealthy and dynamic techniques and attack vectors used by cyber criminals have made the critical network infrastructure more vulnerable to security breaches. Following 'Bring Your Own Device (BYOD)' policies and remote-work style of accessing network infra structure leaves the whole network vulnerable to new unknown malware, botnets, advanced persistent threats, coordinated attack patterns, etc., in addition to existing vulnerabilities inherent in software applications. Such an environment demands a network administrator to understand the nature and patterns of cyber-attacks targeting the network infra structure so that appropriate measures could be introduced. In this paper we propose a framework to classify cyber-attacks based on their pattern of occurrence. We validate the classification approach using real malicious traffic logs by focusing on: i) temporal behaviour of cyber-attacks; ii) correlation between cyber-attacks; and iii) targeted software applications.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121608669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Browser functionalities can be widely extended by browser extensions. One of the key features that makes browser extensions so powerful is that they run with "high" privileges. As a consequence, a vulnerable or malicious extension might expose browser, and operating system (OS) resources to possible attacks such as privilege escalation, information stealing, and session hijacking. The resources are referred as browser as well as OS components accessed through browser extension such as accessing information on the web application, executing arbitrary processes, and even access files from a host file system. This paper presents sandFOX (secure sandbox and iso- lated environment), a client-side browser policies for constructing sandbox environment. sandFOX allows the browser extension to express fine-grained OS specific security policies that are enforced at runtime. In particular, our proposed policies provide the protection to OS resources (e.g., host file system, network and processes) from the browser attacks. We use Security-Enhanced Linux (SELinux) to tune OS and build a sandbox that helps in reducing potential damage from attacks on the OS resources. To show the practicality of sandFOX in a range of settings, we compute the effectiveness of sandFOX for various browser attacks on OS resources. We also show that sandFOX enabled browser experiences low overhead on loading pages and utilizes negligible memory when running with sandbox environment.
浏览器功能可以通过浏览器扩展进行广泛扩展。使浏览器扩展如此强大的一个关键特性是它们以“高”权限运行。因此,易受攻击或恶意的扩展可能会将浏览器和操作系统(OS)资源暴露给可能的攻击,例如特权升级、信息窃取和会话劫持。这些资源被称为浏览器以及通过浏览器扩展访问的操作系统组件,例如访问web应用程序上的信息,执行任意进程,甚至访问主机文件系统中的文件。本文提出了构建沙盒环境的客户端浏览器策略sandFOX (secure sandbox and iso- lated environment)。sandFOX允许浏览器扩展表达在运行时强制执行的细粒度操作系统特定的安全策略。特别是,我们建议的策略提供了对操作系统资源(例如,主机文件系统,网络和进程)免受浏览器攻击的保护。我们使用Security-Enhanced Linux (SELinux)来调优操作系统并构建一个沙箱,以帮助减少对操作系统资源的攻击所造成的潜在损害。为了展示sandFOX在一系列设置中的实用性,我们计算了sandFOX在各种浏览器攻击操作系统资源时的有效性。我们还展示了启用sandFOX的浏览器在加载页面时的开销很低,并且在沙箱环境下运行时使用的内存可以忽略不计。
{"title":"sandFOX: secure sandboxed and isolated environment for firefox browser","authors":"Anil Saini, M. Gaur, V. Laxmi, P. Nanda","doi":"10.1145/2799979.2800000","DOIUrl":"https://doi.org/10.1145/2799979.2800000","url":null,"abstract":"Browser functionalities can be widely extended by browser extensions. One of the key features that makes browser extensions so powerful is that they run with \"high\" privileges. As a consequence, a vulnerable or malicious extension might expose browser, and operating system (OS) resources to possible attacks such as privilege escalation, information stealing, and session hijacking. The resources are referred as browser as well as OS components accessed through browser extension such as accessing information on the web application, executing arbitrary processes, and even access files from a host file system. This paper presents sandFOX (secure sandbox and iso- lated environment), a client-side browser policies for constructing sandbox environment. sandFOX allows the browser extension to express fine-grained OS specific security policies that are enforced at runtime. In particular, our proposed policies provide the protection to OS resources (e.g., host file system, network and processes) from the browser attacks. We use Security-Enhanced Linux (SELinux) to tune OS and build a sandbox that helps in reducing potential damage from attacks on the OS resources. To show the practicality of sandFOX in a range of settings, we compute the effectiveness of sandFOX for various browser attacks on OS resources. We also show that sandFOX enabled browser experiences low overhead on loading pages and utilizes negligible memory when running with sandbox environment.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117310043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we present a method for the assessment of the share of cardholders most prone to various types of bank fraud (i.e. fishing, vishing, skimming). For this purpose, a forecasting information system has been designed. It is based on a clustering module used for output of a certain set of cluster indices that depend on the percentage of aggrieved clients in the training sample. The k-means method is used for clustering. The initial coordinates of centroids are defined using advanced k-means++ algorithm.
{"title":"Application of cluster analysis for the assessment of the share of fraud victims among bank card holders","authors":"S. Alkhasov, Alexander Tselykh, A. Tselykh","doi":"10.1145/2799979.2800033","DOIUrl":"https://doi.org/10.1145/2799979.2800033","url":null,"abstract":"In this paper, we present a method for the assessment of the share of cardholders most prone to various types of bank fraud (i.e. fishing, vishing, skimming). For this purpose, a forecasting information system has been designed. It is based on a clustering module used for output of a certain set of cluster indices that depend on the percentage of aggrieved clients in the training sample. The k-means method is used for clustering. The initial coordinates of centroids are defined using advanced k-means++ algorithm.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"62 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114003515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Use of mobile phones has tremendously increased over last two decades. Common man's life revolves around the usage of cell phones from payment of bills to secure conversation with family and friends. End-To-End Security is an important concern for such security critical applications with focus on key management. We have presented a model based on Web-of-trust style key management, with server involvement for mobile devices in cellular network environment. Our introduced server has some additive roles and responsibilities, which will help in efficient public key management by using the cellular network service. As public key cryptographic operations are computationally intensive, so proposed scheme is tested on mobile device for processing capability.
{"title":"Improved trust based key management for end-to-end secure communication in cellular networks","authors":"Naila Mukhtar, M. S. Baig, L. A. Khan","doi":"10.1145/2799979.2800014","DOIUrl":"https://doi.org/10.1145/2799979.2800014","url":null,"abstract":"Use of mobile phones has tremendously increased over last two decades. Common man's life revolves around the usage of cell phones from payment of bills to secure conversation with family and friends. End-To-End Security is an important concern for such security critical applications with focus on key management. We have presented a model based on Web-of-trust style key management, with server involvement for mobile devices in cellular network environment. Our introduced server has some additive roles and responsibilities, which will help in efficient public key management by using the cellular network service. As public key cryptographic operations are computationally intensive, so proposed scheme is tested on mobile device for processing capability.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131115442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paper investigates and analyzes problems of data protection in industrial corporations at all stages of the life cycle of its architecture. The basic risks and threats of information security are shown up, covering all layers of the enterprise architecture, which must be taken into account when building the security architecture. Also those threats of information security are investigated which are difficult to prevent through a variety of means and methods of special protection.
{"title":"Problems of data protection in industrial corporations enterprise architecture","authors":"V. Glukhov, I. Ilin, A. Anisiforov","doi":"10.1145/2799979.2800032","DOIUrl":"https://doi.org/10.1145/2799979.2800032","url":null,"abstract":"The paper investigates and analyzes problems of data protection in industrial corporations at all stages of the life cycle of its architecture. The basic risks and threats of information security are shown up, covering all layers of the enterprise architecture, which must be taken into account when building the security architecture. Also those threats of information security are investigated which are difficult to prevent through a variety of means and methods of special protection.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131872260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
When aggregating medical data for research, it is necessary to link data on the same person, but from different sources. Linking enables a researcher to conduct longitudinal studies. Typically such linking can be accomplished by using personal identifying information, such as names, birthdates, addresses, and national or local identifying codes, though occasionally this method does not work because of incompleteness or inaccuracies in the data. For research, the Health Insurance Portability and Accountability Act (HIPAA) privacy rules severely restrict researcher access to identifiers. Therefore, an important research problem is how to link data from a geographic region whose data sources have significant overlap in the actual patients included. In this talk, I describe various challenges and opportunities that exist while tackling this problem.
{"title":"Record linkage applications in health services research: opportunities and challenges","authors":"R. Thurimella, Rinku Dewri, William Mitchell","doi":"10.1145/2799979.2799983","DOIUrl":"https://doi.org/10.1145/2799979.2799983","url":null,"abstract":"When aggregating medical data for research, it is necessary to link data on the same person, but from different sources. Linking enables a researcher to conduct longitudinal studies. Typically such linking can be accomplished by using personal identifying information, such as names, birthdates, addresses, and national or local identifying codes, though occasionally this method does not work because of incompleteness or inaccuracies in the data. For research, the Health Insurance Portability and Accountability Act (HIPAA) privacy rules severely restrict researcher access to identifiers. Therefore, an important research problem is how to link data from a geographic region whose data sources have significant overlap in the actual patients included. In this talk, I describe various challenges and opportunities that exist while tackling this problem.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"200 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133254102","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: