Benjamin Taubmann, Manuel Huber, Sascha Wessel, Lukas Heim, Hans P. Reiser, G. Sigl
Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these devices can provide against digital forensics is of particular interest. A common method to access arbitrary data in main memory is the cold boot attack. The cold boot attack exploits theremanence effect that causes data in DRAM modules not to lose the content immediately in case of a power cut-off. This makes it possible to restart a device and extract the data in main memory. In this paper, we present a novel framework for cold boot based data acquisition with a minimal bare metal application on a mobile device. In contrast to other cold boot approaches, our forensics tool overwrites only a minimal amount of data in main memory. This tool requires no more than five kilobytes of constant data in the kernel code section. We hence sustain all of the data relevant for the analysis of the previously running system. This makes it possible to analyze the memory with data acquisition tools. For this purpose, we extend the memory forensics tool Volatility in order to request parts of the main memory dynamically from our bare metal application. We show the feasibility of our approach by comparing it to a traditional memory dump based analysis using the Samsung Galaxy S4 mobile device.
{"title":"A Lightweight Framework for Cold Boot Based Forensics on Mobile Devices","authors":"Benjamin Taubmann, Manuel Huber, Sascha Wessel, Lukas Heim, Hans P. Reiser, G. Sigl","doi":"10.1109/ARES.2015.47","DOIUrl":"https://doi.org/10.1109/ARES.2015.47","url":null,"abstract":"Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these devices can provide against digital forensics is of particular interest. A common method to access arbitrary data in main memory is the cold boot attack. The cold boot attack exploits theremanence effect that causes data in DRAM modules not to lose the content immediately in case of a power cut-off. This makes it possible to restart a device and extract the data in main memory. In this paper, we present a novel framework for cold boot based data acquisition with a minimal bare metal application on a mobile device. In contrast to other cold boot approaches, our forensics tool overwrites only a minimal amount of data in main memory. This tool requires no more than five kilobytes of constant data in the kernel code section. We hence sustain all of the data relevant for the analysis of the previously running system. This makes it possible to analyze the memory with data acquisition tools. For this purpose, we extend the memory forensics tool Volatility in order to request parts of the main memory dynamically from our bare metal application. We show the feasibility of our approach by comparing it to a traditional memory dump based analysis using the Samsung Galaxy S4 mobile device.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131233783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we investigate insider threat cases in which the insider had relationships with the Internet under-ground community. To this end, we begin by explaining our insider threat corpus and the current state of Internet underground forums. Next, we provide a discussion of each of the 17 cases that blend insider threat with the use of malicious Internet underground forums. Based on those cases, we provide an in-depth analysis to include:1) who the insiders are, 2) why they strike, 3) how they strike, 4) what sectors are most at risk, and 5) how the insiders were identified. Lastly, we describe our aggregated results and provide best practices to help mitigate the type of insider threat we describe.
{"title":"Malicious Insiders with Ties to the Internet Underground Community","authors":"Jason W. Clark, Matt Collins, Jeremy R. Strozer","doi":"10.1109/ARES.2015.63","DOIUrl":"https://doi.org/10.1109/ARES.2015.63","url":null,"abstract":"In this paper, we investigate insider threat cases in which the insider had relationships with the Internet under-ground community. To this end, we begin by explaining our insider threat corpus and the current state of Internet underground forums. Next, we provide a discussion of each of the 17 cases that blend insider threat with the use of malicious Internet underground forums. Based on those cases, we provide an in-depth analysis to include:1) who the insiders are, 2) why they strike, 3) how they strike, 4) what sectors are most at risk, and 5) how the insiders were identified. Lastly, we describe our aggregated results and provide best practices to help mitigate the type of insider threat we describe.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128170409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bernd Jäger, Reiner Kraft, Sebastian Luhn, Ann Selzer, Ulrich Waldmann
If a company uses cloud computing services to process their employees or their customers personal data, they need to ensure that the cloud provider complies with the relevant privacy statues. One of the things that need to be ensured is that all personal data are processed only in lawful locations. Data sources that can be used to automatically determine the current location of data processing could help cloud users to ful fill their duty and to strengthen the confidence in a privacy friendly processing of their personal data. For that, data location metrics need to be defined, appropriate data sources need to be determined and the measured data need to be combined reasonable. This paper describes the procedure and system architecture of such data location metrics.
{"title":"The Measurement of Data Locations in the Cloud","authors":"Bernd Jäger, Reiner Kraft, Sebastian Luhn, Ann Selzer, Ulrich Waldmann","doi":"10.1109/ARES.2015.37","DOIUrl":"https://doi.org/10.1109/ARES.2015.37","url":null,"abstract":"If a company uses cloud computing services to process their employees or their customers personal data, they need to ensure that the cloud provider complies with the relevant privacy statues. One of the things that need to be ensured is that all personal data are processed only in lawful locations. Data sources that can be used to automatically determine the current location of data processing could help cloud users to ful fill their duty and to strengthen the confidence in a privacy friendly processing of their personal data. For that, data location metrics need to be defined, appropriate data sources need to be determined and the measured data need to be combined reasonable. This paper describes the procedure and system architecture of such data location metrics.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126210725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
B. Mathieu, G. Doyen, Wissam Mallouli, T. Silverston, Olivier Bettan, François-Xavier Aguessy, Thibault Cholez, Abdelkader Lahmadi, Patrick Truong, Edgardo Montes de Oca
Network operators are currently very cautious before deploying a new network equipment. This is done only if the new networking solution is fully monitored, secured and can provide rapid revenues (short Return of Investment). For example, the NDN (Named Data Networking) solution is admitted as promising but still uncertain, thus making network operators reluctant to deploy it. Having a flexible environment would allow network operators to initiate the deployment of new network solutions at low cost and low risk. The virtualization techniques, appeared a few years ago, can help to provide such a flexible networking architecture. However, with it, emerge monitoring and security issues which should be solved. In this paper, we present our secure virtualized networking environment to deploy new functions and protocol stacks in the network, with a specific focus on the NDN use-case as one of the potential Future Internet technology. As strong requirements for a network operator, we then focus on monitoring and security components, highlighting where and how they can be deployed and used. Finally, we introduce our preliminary evaluation, with a focus on security, before presenting the test bed, involving end-users consuming real contents, that we will set up for the assessment of our approach.
{"title":"Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment","authors":"B. Mathieu, G. Doyen, Wissam Mallouli, T. Silverston, Olivier Bettan, François-Xavier Aguessy, Thibault Cholez, Abdelkader Lahmadi, Patrick Truong, Edgardo Montes de Oca","doi":"10.1109/ARES.2015.71","DOIUrl":"https://doi.org/10.1109/ARES.2015.71","url":null,"abstract":"Network operators are currently very cautious before deploying a new network equipment. This is done only if the new networking solution is fully monitored, secured and can provide rapid revenues (short Return of Investment). For example, the NDN (Named Data Networking) solution is admitted as promising but still uncertain, thus making network operators reluctant to deploy it. Having a flexible environment would allow network operators to initiate the deployment of new network solutions at low cost and low risk. The virtualization techniques, appeared a few years ago, can help to provide such a flexible networking architecture. However, with it, emerge monitoring and security issues which should be solved. In this paper, we present our secure virtualized networking environment to deploy new functions and protocol stacks in the network, with a specific focus on the NDN use-case as one of the potential Future Internet technology. As strong requirements for a network operator, we then focus on monitoring and security components, highlighting where and how they can be deployed and used. Finally, we introduce our preliminary evaluation, with a focus on security, before presenting the test bed, involving end-users consuming real contents, that we will set up for the assessment of our approach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121563925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Geumhwan Cho, Junsung Cho, Youngbae Song, Hyoungshick Kim
Smartphone advertisement is increasingly used among many applications and allows developers to obtain revenue through in-app advertising. Our study aims at identifying potential security risks of a type of mobile advertisement where advertisers are charged for their advertisements only when a user clicks (or touches) on the advertisements in their applications. In the Android platform, we design an automated click generation attack and empirically evaluate eight popular advertising networks by performing real attacks on them. Our experimental results show that six advertising networks (75%) out of eight (Millennial Media, App Lovin, Ad Fit, Mdot M, Rev Mob and Cauly Ads) are vulnerable to our attacks. We also discuss how to develop effective defense mechanisms to mitigate such automated click fraud attacks.
{"title":"An Empirical Study of Click Fraud in Mobile Advertising Networks","authors":"Geumhwan Cho, Junsung Cho, Youngbae Song, Hyoungshick Kim","doi":"10.1109/ARES.2015.62","DOIUrl":"https://doi.org/10.1109/ARES.2015.62","url":null,"abstract":"Smartphone advertisement is increasingly used among many applications and allows developers to obtain revenue through in-app advertising. Our study aims at identifying potential security risks of a type of mobile advertisement where advertisers are charged for their advertisements only when a user clicks (or touches) on the advertisements in their applications. In the Android platform, we design an automated click generation attack and empirically evaluate eight popular advertising networks by performing real attacks on them. Our experimental results show that six advertising networks (75%) out of eight (Millennial Media, App Lovin, Ad Fit, Mdot M, Rev Mob and Cauly Ads) are vulnerable to our attacks. We also discuss how to develop effective defense mechanisms to mitigate such automated click fraud attacks.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117281903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nasser Al-Hadhrami, B. Aziz, S. Sardesai, L. B. Othmane
Role Based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling RBAC models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing RBAC policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the RBAC specification, using model checking and proof obligations.
{"title":"Incremental Development of RBAC-Controlled E-Marking System Using the B Method","authors":"Nasser Al-Hadhrami, B. Aziz, S. Sardesai, L. B. Othmane","doi":"10.1109/ARES.2015.95","DOIUrl":"https://doi.org/10.1109/ARES.2015.95","url":null,"abstract":"Role Based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling RBAC models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing RBAC policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the RBAC specification, using model checking and proof obligations.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115257248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The phenomenal increase in the use of social media in recent years has raised a number of issues related to privacy. In this paper, we propose a framework for raising the awareness of Online Social Network (OSN) users with respect to the information about them that is disclosed and that can be inferred by OSN service operators as well as by third parties that can access their data. This framework takes the form of a semantic, hierarchical scoring structure, that enables users to easily browse over different privacy-related aspects of their presence in a social network. Contrary to previous privacy scoring approaches, the proposed framework provides a finer and more intuitive organization of privacy information. Importantly, it also takes into account both information that is explicitly mentioned in users' shared content, as well as implicit information, that may be inferred from it. We make available an open source implementation of the framework.
{"title":"PScore: A Framework for Enhancing Privacy Awareness in Online Social Networks","authors":"Georgios Petkos, S. Papadopoulos, Y. Kompatsiaris","doi":"10.1109/ARES.2015.80","DOIUrl":"https://doi.org/10.1109/ARES.2015.80","url":null,"abstract":"The phenomenal increase in the use of social media in recent years has raised a number of issues related to privacy. In this paper, we propose a framework for raising the awareness of Online Social Network (OSN) users with respect to the information about them that is disclosed and that can be inferred by OSN service operators as well as by third parties that can access their data. This framework takes the form of a semantic, hierarchical scoring structure, that enables users to easily browse over different privacy-related aspects of their presence in a social network. Contrary to previous privacy scoring approaches, the proposed framework provides a finer and more intuitive organization of privacy information. Importantly, it also takes into account both information that is explicitly mentioned in users' shared content, as well as implicit information, that may be inferred from it. We make available an open source implementation of the framework.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124877488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
I. Baggili, Jeff Oduro, Kyle Anthony, Frank Breitinger, Glenn McGee
This work presents preliminary forensic analysis of two popular smart watches, the Samsung Gear 2 Neo and LG G. These wearable computing devices have the form factor of watches and sync with smart phones to display notifications, track footsteps and record voice messages. We posit that as smart watches are adopted by more users, the potential for them becoming a haven for digital evidence will increase thus providing utility for this preliminary work. In our work, we examined the forensic artifacts that are left on a Samsung Galaxy S4 Active phone that was used to sync with the Samsung Gear 2 Neo watch and the LG G watch. We further outline a methodology for physically acquiring data from the watches after gaining root access to them. Our results show that we can recover a swath of digital evidence directly form the watches when compared to the data on the phone that is synced with the watches. Furthermore, to root the LG G watch, the watch has to be reset to its factory settings which is alarming because the process may delete data of forensic relevance. Although this method is forensically intrusive, it may be used for acquiring data from already rooted LG watches. It is our observation that the data at the core of the functionality of at least the two tested smart watches, messages, health and fitness data, e-mails, contacts, events and notifications are accessible directly from the acquired images of the watches, which affirms our claim that the forensic value of evidence from smart watches is worthy of further study and should be investigated both at a high level and with greater specificity and granularity.
{"title":"Watch What You Wear: Preliminary Forensic Analysis of Smart Watches","authors":"I. Baggili, Jeff Oduro, Kyle Anthony, Frank Breitinger, Glenn McGee","doi":"10.1109/ARES.2015.39","DOIUrl":"https://doi.org/10.1109/ARES.2015.39","url":null,"abstract":"This work presents preliminary forensic analysis of two popular smart watches, the Samsung Gear 2 Neo and LG G. These wearable computing devices have the form factor of watches and sync with smart phones to display notifications, track footsteps and record voice messages. We posit that as smart watches are adopted by more users, the potential for them becoming a haven for digital evidence will increase thus providing utility for this preliminary work. In our work, we examined the forensic artifacts that are left on a Samsung Galaxy S4 Active phone that was used to sync with the Samsung Gear 2 Neo watch and the LG G watch. We further outline a methodology for physically acquiring data from the watches after gaining root access to them. Our results show that we can recover a swath of digital evidence directly form the watches when compared to the data on the phone that is synced with the watches. Furthermore, to root the LG G watch, the watch has to be reset to its factory settings which is alarming because the process may delete data of forensic relevance. Although this method is forensically intrusive, it may be used for acquiring data from already rooted LG watches. It is our observation that the data at the core of the functionality of at least the two tested smart watches, messages, health and fitness data, e-mails, contacts, events and notifications are accessible directly from the acquired images of the watches, which affirms our claim that the forensic value of evidence from smart watches is worthy of further study and should be investigated both at a high level and with greater specificity and granularity.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127803754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Armin, Bryn Thompson, Davide Ariu, G. Giacinto, F. Roli, P. Kijewski
Governments needs reliable data on crime in order to both devise adequate policies, and allocate the correct revenues so that the measures are cost-effective, i.e., The money spent in prevention, detection, and handling of security incidents is balanced with a decrease in losses from offences. The analysis of the actual scenario of government actions in cyber security shows that the availability of multiple contrasting figures on the impact of cyber-attacks is holding back the adoption of policies for cyber space as their cost-effectiveness cannot be clearly assessed. The most relevant literature on the topic is reviewed to highlight the research gaps and to determine the related future research issues that need addressing to provide a solid ground for future legislative and regulatory actions at national and international levels.
{"title":"2020 Cybercrime Economic Costs: No Measure No Solution","authors":"J. Armin, Bryn Thompson, Davide Ariu, G. Giacinto, F. Roli, P. Kijewski","doi":"10.1109/ARES.2015.56","DOIUrl":"https://doi.org/10.1109/ARES.2015.56","url":null,"abstract":"Governments needs reliable data on crime in order to both devise adequate policies, and allocate the correct revenues so that the measures are cost-effective, i.e., The money spent in prevention, detection, and handling of security incidents is balanced with a decrease in losses from offences. The analysis of the actual scenario of government actions in cyber security shows that the availability of multiple contrasting figures on the impact of cyber-attacks is holding back the adoption of policies for cyber space as their cost-effectiveness cannot be clearly assessed. The most relevant literature on the topic is reviewed to highlight the research gaps and to determine the related future research issues that need addressing to provide a solid ground for future legislative and regulatory actions at national and international levels.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117101391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aida Ben Chehida Douss, S. Ayed, Ryma Abassi, N. Cuppens-Boulahia, S. Fatmi
MANETs (Mobile Ad hoc Networks) are described assets of mobile nodes connected with wireless links. To be efficient, routing protocols in MANETs should, in fact, manage mobility, handle nodes energy dissipation and ensure security. We argue in this paper that trust negotiation is appropriate in such context to enhance the network performances. Trust concept is of concern to communication and network protocol designers. Thus, building trust relationships among participating nodes is critical to enabling collaborative optimization of system metrics. The main contribution of this paper is an extension of our previous proposition DTMCA (Delegation Trust Mobility-based Clustering Approach) which defines a new clustering approach, a trust management process and a delegation process. This environment allows the localization and the isolation of malicious nodes in MANETs. The extension proposed in this paper extends the trust management process by adding a trust negotiation module used in order to minimize the risk that malicious nodes join the MANETs.
{"title":"Trust Negotiation Based Approach to Enforce MANET Routing Security","authors":"Aida Ben Chehida Douss, S. Ayed, Ryma Abassi, N. Cuppens-Boulahia, S. Fatmi","doi":"10.1109/ARES.2015.99","DOIUrl":"https://doi.org/10.1109/ARES.2015.99","url":null,"abstract":"MANETs (Mobile Ad hoc Networks) are described assets of mobile nodes connected with wireless links. To be efficient, routing protocols in MANETs should, in fact, manage mobility, handle nodes energy dissipation and ensure security. We argue in this paper that trust negotiation is appropriate in such context to enhance the network performances. Trust concept is of concern to communication and network protocol designers. Thus, building trust relationships among participating nodes is critical to enabling collaborative optimization of system metrics. The main contribution of this paper is an extension of our previous proposition DTMCA (Delegation Trust Mobility-based Clustering Approach) which defines a new clustering approach, a trust management process and a delegation process. This environment allows the localization and the isolation of malicious nodes in MANETs. The extension proposed in this paper extends the trust management process by adding a trust negotiation module used in order to minimize the risk that malicious nodes join the MANETs.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117211902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: