Extremism appears to be on the increase. Electronic communication reaches countless people across borders, canvassing support for radical views and/or inciting hatred and/or violence. This legal discussion deals with many inter-related questions that are of global relevance as electronic communication permeates our lives. Should a government tighten surveillance of electronic communication to combat and/or detect extremism or does such information gathering practices violate the user's right to freedom of expression and privacy? Should government agencies carry out the surveillance or should the ISP as provider of access and/or hosting of information gather information on extremist communication? Will the aftermath of the 2013 Snowden revelations of unwarranted, general and bulk state surveillance result in governments being wary to tighten state surveillance powers or has the level of extremism reached such a degree that it warrants governments to focus on monitoring as a surveillance method counteracting radicalism that may endanger the safety and security of a country. Tension between human rights protection and government use of surveillance powers is unavoidable as some argue that security and safety factors are exaggerated to justify extension of state surveillance powers, however the evidence of extremism unfortunately speaks for itself. This discussion provides an overview of the approach to surveillance a government may apply to online extremism.
{"title":"Intensifying State Surveillance of Electronic Communications: A Legal Solution in Addressing Extremism or Not?","authors":"M. Watney","doi":"10.1109/ARES.2015.51","DOIUrl":"https://doi.org/10.1109/ARES.2015.51","url":null,"abstract":"Extremism appears to be on the increase. Electronic communication reaches countless people across borders, canvassing support for radical views and/or inciting hatred and/or violence. This legal discussion deals with many inter-related questions that are of global relevance as electronic communication permeates our lives. Should a government tighten surveillance of electronic communication to combat and/or detect extremism or does such information gathering practices violate the user's right to freedom of expression and privacy? Should government agencies carry out the surveillance or should the ISP as provider of access and/or hosting of information gather information on extremist communication? Will the aftermath of the 2013 Snowden revelations of unwarranted, general and bulk state surveillance result in governments being wary to tighten state surveillance powers or has the level of extremism reached such a degree that it warrants governments to focus on monitoring as a surveillance method counteracting radicalism that may endanger the safety and security of a country. Tension between human rights protection and government use of surveillance powers is unavoidable as some argue that security and safety factors are exaggerated to justify extension of state surveillance powers, however the evidence of extremism unfortunately speaks for itself. This discussion provides an overview of the approach to surveillance a government may apply to online extremism.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"29 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114007276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Agile methodologies are becoming increasingly common on Software Engineering Teams. Unfortunately, their relation with the security activities is complex to approach, even more complex when the Security Team has strong requirements of independence. This paper shows a case study of a software security testing process, based on the Microsoft Software Development Lifecycle for Agile, on a company moving their Software Engineering Teams from waterfall to agile. The results of this case study show a successful synchronization between the tasks of agile Software Engineering Teams and the independent Security Team.
{"title":"Independent Security Testing on Agile Software Development: A Case Study in a Software Company","authors":"Jesus Choliz, Julian Vilas, Jose Moreira","doi":"10.1109/ARES.2015.79","DOIUrl":"https://doi.org/10.1109/ARES.2015.79","url":null,"abstract":"Agile methodologies are becoming increasingly common on Software Engineering Teams. Unfortunately, their relation with the security activities is complex to approach, even more complex when the Security Team has strong requirements of independence. This paper shows a case study of a software security testing process, based on the Microsoft Software Development Lifecycle for Agile, on a company moving their Software Engineering Teams from waterfall to agile. The results of this case study show a successful synchronization between the tasks of agile Software Engineering Teams and the independent Security Team.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129951160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well, therefore, trustworthy interactions of the different systems are a priority. We have proposed a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Using this approach, some limitations regarding the testers resources have been found. In this paper, we identify the constraints and propose and new language suited for testing at runtime in different environments.
{"title":"TEAR: A Multi-purpose Formal Language Specification for TEsting at Runtime","authors":"Jorge López, S. Maag, Gerardo Morales","doi":"10.1109/ARES.2015.90","DOIUrl":"https://doi.org/10.1109/ARES.2015.90","url":null,"abstract":"Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well, therefore, trustworthy interactions of the different systems are a priority. We have proposed a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Using this approach, some limitations regarding the testers resources have been found. In this paper, we identify the constraints and propose and new language suited for testing at runtime in different environments.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134445888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.
{"title":"Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code","authors":"Mykola Protsenko, Sebastien Kreuter, Tilo Müller","doi":"10.1109/ARES.2015.98","DOIUrl":"https://doi.org/10.1109/ARES.2015.98","url":null,"abstract":"With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132928800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper a novel steganographic method, called Hide F0, dedicated to IP telephony is proposed. It is based on the approximation of the parameter that describes the F0 frequency (the pitch) of the speaker's voice. We show that thanks to approximating some fragments of the "fine pitch" parameter in the Speex codec we can create efficient hidden transmission channels. We determined that for Speex working in mode 5 the Hide F0 method can provide a hidden channel with a capacity of ca. 220 bps at the optimal operating point. We also demonstrated that the proposed method offers a significantly more advantageous trade-off between the steganographic bandwidth and steganographic cost than the classic least significant bit (LSB) approach.
{"title":"Novel Method of Hiding Information in IP Telephony Using Pitch Approximation","authors":"A. Janicki","doi":"10.1109/ARES.2015.12","DOIUrl":"https://doi.org/10.1109/ARES.2015.12","url":null,"abstract":"In this paper a novel steganographic method, called Hide F0, dedicated to IP telephony is proposed. It is based on the approximation of the parameter that describes the F0 frequency (the pitch) of the speaker's voice. We show that thanks to approximating some fragments of the \"fine pitch\" parameter in the Speex codec we can create efficient hidden transmission channels. We determined that for Speex working in mode 5 the Hide F0 method can provide a hidden channel with a capacity of ca. 220 bps at the optimal operating point. We also demonstrated that the proposed method offers a significantly more advantageous trade-off between the steganographic bandwidth and steganographic cost than the classic least significant bit (LSB) approach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130628606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Victoria M. Katilu, V. N. Franqueira, Olga Angelopoulou
Cloud computing has gained popularity due to its efficiency, robustness and cost effectiveness. Carrying out digital forensic investigations in the cloud is currently a relevant and open issue. The root of this issue is the fact that servers cannot be physically accessed, coupled with the dynamic and distributed nature of cloud computing with regards to data processing and storage. This renders traditional methods of evidence collection impractical. The use of provenance data in cloud forensics is critical as it provides forensic investigators with data history in terms of people, entities and activities involved in producing related data objects. Therefore, cloud forensics requires effective provenance collection mechanisms. This paper provides an overview of current provenance challenges in cloud computing and identifies limitations of current provenance collection mechanisms. Recommendations for additional research in digital provenance for cloud forensics are also presented.
{"title":"Challenges of Data Provenance for Cloud Forensic Investigations","authors":"Victoria M. Katilu, V. N. Franqueira, Olga Angelopoulou","doi":"10.1109/ARES.2015.54","DOIUrl":"https://doi.org/10.1109/ARES.2015.54","url":null,"abstract":"Cloud computing has gained popularity due to its efficiency, robustness and cost effectiveness. Carrying out digital forensic investigations in the cloud is currently a relevant and open issue. The root of this issue is the fact that servers cannot be physically accessed, coupled with the dynamic and distributed nature of cloud computing with regards to data processing and storage. This renders traditional methods of evidence collection impractical. The use of provenance data in cloud forensics is critical as it provides forensic investigators with data history in terms of people, entities and activities involved in producing related data objects. Therefore, cloud forensics requires effective provenance collection mechanisms. This paper provides an overview of current provenance challenges in cloud computing and identifies limitations of current provenance collection mechanisms. Recommendations for additional research in digital provenance for cloud forensics are also presented.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131568583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper aims at inferring probing campaigns by investigating dark net traffic. The latter probing events refer to a new phenomenon of reconnaissance activities that are distinguished by their orchestration patterns. The objective is to provide a systematic methodology to infer, in a prompt manner, whether or not the perceived probing packets belong to an orchestrated campaign. Additionally, the methodology could be easily leveraged to generate network traffic signatures to facilitate capturing incoming packets as belonging to the same inferred campaign. Indeed, this would be utilized for early cyber attack warning and notification as well as for simplified analysis and tracking of such events. To realize such goals, the proposed approach models such challenging task as a problem of interpolating and predicting time series with missing values. By initially employing trigonometric interpolation and subsequently executing state space modeling in conjunction with a time-varying window algorithm, the proposed approach is able to pinpoint orchestrated probing campaigns by only monitoring few orchestrated flows. We empirically evaluate the effectiveness of the proposed model using 330 GB of real dark net data. By comparing the outcome with a previously validated work, the results indeed demonstrate the promptness and accuracy of the proposed approach.
{"title":"A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic","authors":"E. Bou-Harb, M. Debbabi, C. Assi","doi":"10.1109/ARES.2015.9","DOIUrl":"https://doi.org/10.1109/ARES.2015.9","url":null,"abstract":"This paper aims at inferring probing campaigns by investigating dark net traffic. The latter probing events refer to a new phenomenon of reconnaissance activities that are distinguished by their orchestration patterns. The objective is to provide a systematic methodology to infer, in a prompt manner, whether or not the perceived probing packets belong to an orchestrated campaign. Additionally, the methodology could be easily leveraged to generate network traffic signatures to facilitate capturing incoming packets as belonging to the same inferred campaign. Indeed, this would be utilized for early cyber attack warning and notification as well as for simplified analysis and tracking of such events. To realize such goals, the proposed approach models such challenging task as a problem of interpolating and predicting time series with missing values. By initially employing trigonometric interpolation and subsequently executing state space modeling in conjunction with a time-varying window algorithm, the proposed approach is able to pinpoint orchestrated probing campaigns by only monitoring few orchestrated flows. We empirically evaluate the effectiveness of the proposed model using 330 GB of real dark net data. By comparing the outcome with a previously validated work, the results indeed demonstrate the promptness and accuracy of the proposed approach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133034853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hafizah Mansor, K. Markantonakis, Raja Naeem Akram, K. Mayes
In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system (s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using Casper FDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security.
{"title":"Don't Brick Your Car: Firmware Confidentiality and Rollback for Vehicles","authors":"Hafizah Mansor, K. Markantonakis, Raja Naeem Akram, K. Mayes","doi":"10.1109/ARES.2015.58","DOIUrl":"https://doi.org/10.1109/ARES.2015.58","url":null,"abstract":"In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system (s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using Casper FDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129797209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper describes the TestGen-IF tool, that allows the automatic generation of test cases based on model based active testing techniques. This paper describes the overall functionality and architecture of the tool, discusses its strengths and weaknesses, and reports our experience with using the tool on a case study, the Dynamic Route Planning (DRP) service of Vehicular Networks. This case study demonstrates how to use our testing tool to verify the system implementation against its security requirements. This paper also proposes improvements to this tool in the form of a GUI interface to facilitate its use and an approach which permits a gain in time and efficiency by generating test objectives.
{"title":"An Active Testing Tool for Security Testing of Distributed Systems","authors":"Mohamed H. E. Aouadi, Khalifa Toumi, A. Cavalli","doi":"10.1109/ARES.2015.97","DOIUrl":"https://doi.org/10.1109/ARES.2015.97","url":null,"abstract":"This paper describes the TestGen-IF tool, that allows the automatic generation of test cases based on model based active testing techniques. This paper describes the overall functionality and architecture of the tool, discusses its strengths and weaknesses, and reports our experience with using the tool on a case study, the Dynamic Route Planning (DRP) service of Vehicular Networks. This case study demonstrates how to use our testing tool to verify the system implementation against its security requirements. This paper also proposes improvements to this tool in the form of a GUI interface to facilitate its use and an approach which permits a gain in time and efficiency by generating test objectives.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116944810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Raphael Machado, D. Boccardo, V. P. D. Sá, J. Szwarcfiter
Digital watermarks embed information into a host artifact in such a way that the functionalities of the artifact remain unchanged. Allowing for the timely retrieval of authorship/ownership information, and ideally hard to be removed, watermarks discourage piracy and have thus been regarded as important tools to protect the intellectual property. A watermark aimed at uniquely identifying an artifact is referred to as a fingerprint. After presenting a formal definition of digital watermarks, we introduce an unbiased fingerprinting protocol -- based on oblivious transfer -- that lends no advantage to the prosecuting party in a dispute around intellectual property breach.
{"title":"Fair Fingerprinting Protocol for Attesting Software Misuses","authors":"Raphael Machado, D. Boccardo, V. P. D. Sá, J. Szwarcfiter","doi":"10.1109/ARES.2015.29","DOIUrl":"https://doi.org/10.1109/ARES.2015.29","url":null,"abstract":"Digital watermarks embed information into a host artifact in such a way that the functionalities of the artifact remain unchanged. Allowing for the timely retrieval of authorship/ownership information, and ideally hard to be removed, watermarks discourage piracy and have thus been regarded as important tools to protect the intellectual property. A watermark aimed at uniquely identifying an artifact is referred to as a fingerprint. After presenting a formal definition of digital watermarks, we introduce an unbiased fingerprinting protocol -- based on oblivious transfer -- that lends no advantage to the prosecuting party in a dispute around intellectual property breach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123203732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: