Blockchain is a potential technology for collaborating organizations, notably for executing their Inter-Organizational Business Processes (IOBPs). While Blockchain’s transparency and decentralized characteristics address the lack-of-trust issue in IOBPs, many existing Blockchain solutions share this data on the ledger, often at the expense of serious privacy concerns. Alternatively, Self-Sovereign Identity (SSI) systems are revolutionary Blockchain-based solutions that provide complete data control. Unlike traditional Blockchain solutions, many SSI systems do not record the exchange of transactional data between entities on the ledger in order to comply with privacy regulations. However, this can imply a gap in cases where legal traceability is required for audit purposes. To address traceability issues in SSI-based IOBP, this paper leverages Zero-Knowledge Proof (ZKP) and Fully Homomorphic Encryption (FHE) to provide an efficient privacy-preserving traceability solution. The purpose of this paper is to achieve traceability that strikes a balance between privacy and transparency. This paper also provides a proof-of-concept implementation and a comparative evaluation. The evaluation shows that the proposed ZKP approach provides better financial cost and performance results compared to traditional Blockchain-based traceability solutions.
{"title":"A privacy-preserving traceability system for self-sovereign identity-based inter-organizational business processes","authors":"Amal Abid , Saoussen Cheikhrouhou , Slim Kallel , Mohamed Jmaiel","doi":"10.1016/j.csi.2024.103930","DOIUrl":"10.1016/j.csi.2024.103930","url":null,"abstract":"<div><div>Blockchain is a potential technology for collaborating organizations, notably for executing their Inter-Organizational Business Processes (IOBPs). While Blockchain’s transparency and decentralized characteristics address the lack-of-trust issue in IOBPs, many existing Blockchain solutions share this data on the ledger, often at the expense of serious privacy concerns. Alternatively, Self-Sovereign Identity (SSI) systems are revolutionary Blockchain-based solutions that provide complete data control. Unlike traditional Blockchain solutions, many SSI systems do not record the exchange of transactional data between entities on the ledger in order to comply with privacy regulations. However, this can imply a gap in cases where legal traceability is required for audit purposes. To address traceability issues in SSI-based IOBP, this paper leverages Zero-Knowledge Proof (ZKP) and Fully Homomorphic Encryption (FHE) to provide an efficient privacy-preserving traceability solution. The purpose of this paper is to achieve traceability that strikes a balance between privacy and transparency. This paper also provides a proof-of-concept implementation and a comparative evaluation. The evaluation shows that the proposed ZKP approach provides better financial cost and performance results compared to traditional Blockchain-based traceability solutions.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103930"},"PeriodicalIF":4.1,"publicationDate":"2024-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142422180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Speech recognition systems have been widely employed in several fields including biometric access control. In such systems, handling sensitive data represents a real threat and risk to security and privacy, namely in the central environment. This paper proposes an innovative solution that integrates speech recognition power as a biometric modality with the decentralized and tamper-resistant nature of blockchain technology aims at designing, implementing, and evaluating an access control system that not only leverages the unique characteristics of speech recognition through the AutoEncoding Generative Adversarial Network (AE-GAN) model for user authentication but also ensures the enforcement of access policies and voice templates storage through two distinct Smart Contracts. The first smart contract aims at storing the ID of encrypted templates matched to the hash of the public address and encrypted attributes. While the second smart contract incorporates the security policy and takes charge of generating an access token if the conditions have been satisfied. Which makes it easier to upgrade specific components without affecting the entire system. Moreover, this architecture delegates the extraction features, conversion into template, encryption, and similarity calculation functions of encrypted templates using homomorphic encryption to an API to provide more security, privacy, scalability and interoperability and reduce the overhead within the blockchain. This API interacts with the smart contract using Oracle services that ensure the interaction between on-chain and off-chain, which provide a reliable, fine-grained, and robust scheme. The simulation of this proposed scheme proves its robustness, efficiency, and performance in terms of security, reliability, and resistance to several attacks.
{"title":"DBAC-DSR-BT: A secure and reliable deep speech recognition based-distributed biometric access control scheme over blockchain technology","authors":"Oussama Mounnan , Larbi Boubchir , Otman Manad , Abdelkrim El Mouatasim , Boubaker Daachi","doi":"10.1016/j.csi.2024.103929","DOIUrl":"10.1016/j.csi.2024.103929","url":null,"abstract":"<div><div>Speech recognition systems have been widely employed in several fields including biometric access control. In such systems, handling sensitive data represents a real threat and risk to security and privacy, namely in the central environment. This paper proposes an innovative solution that integrates speech recognition power as a biometric modality with the decentralized and tamper-resistant nature of blockchain technology aims at designing, implementing, and evaluating an access control system that not only leverages the unique characteristics of speech recognition through the AutoEncoding Generative Adversarial Network (AE-GAN) model for user authentication but also ensures the enforcement of access policies and voice templates storage through two distinct Smart Contracts. The first smart contract aims at storing the ID of encrypted templates matched to the hash of the public address and encrypted attributes. While the second smart contract incorporates the security policy and takes charge of generating an access token if the conditions have been satisfied. Which makes it easier to upgrade specific components without affecting the entire system. Moreover, this architecture delegates the extraction features, conversion into template, encryption, and similarity calculation functions of encrypted templates using homomorphic encryption to an API to provide more security, privacy, scalability and interoperability and reduce the overhead within the blockchain. This API interacts with the smart contract using Oracle services that ensure the interaction between on-chain and off-chain, which provide a reliable, fine-grained, and robust scheme. The simulation of this proposed scheme proves its robustness, efficiency, and performance in terms of security, reliability, and resistance to several attacks.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103929"},"PeriodicalIF":4.1,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-19DOI: 10.1016/j.csi.2024.103928
Shiyang Li , Wenjie Yang , Futai Zhang , Xinyi Huang , Rongmao Chen
Threshold signatures are important tools for addressing issues related to key management, certificate management, and cryptocurrencies. Among them, two-party SM2 signatures have received considerable interest recently. In this paper, we propose a fast and secure online/offline two-party SM2. By employing the re-sharing technique, we have successfully made the online phase of the signing process non-interactive while achieving nearly optimal computational efficiency. Additionally, in the offline phase, there is just a single call to the multiplicative-to-additive functionality based on Paillier encryption. Our protocol is existentially unforgeable under adaptive chosen message attacks in the random oracle model in the presence of a static adversary. Experimental results demonstrate that our proposed scheme outperforms previous similar schemes by approximately a factor of 2 in online computation and a factor of 3 in online communication. Our scheme can be applied in scenarios such as Certificate Authority (CA) and the signing of blockchain transactions to provide them with a more secure and flexible implementation method, enhancing the security and reliability of the systems.
{"title":"Practical two-party SM2 signing using multiplicative-to-additive functionality","authors":"Shiyang Li , Wenjie Yang , Futai Zhang , Xinyi Huang , Rongmao Chen","doi":"10.1016/j.csi.2024.103928","DOIUrl":"10.1016/j.csi.2024.103928","url":null,"abstract":"<div><div>Threshold signatures are important tools for addressing issues related to key management, certificate management, and cryptocurrencies. Among them, two-party SM2 signatures have received considerable interest recently. In this paper, we propose a fast and secure online/offline two-party SM2. By employing the re-sharing technique, we have successfully made the online phase of the signing process non-interactive while achieving nearly optimal computational efficiency. Additionally, in the offline phase, there is just a single call to the multiplicative-to-additive functionality based on Paillier encryption. Our protocol is existentially unforgeable under adaptive chosen message attacks in the random oracle model in the presence of a static adversary. Experimental results demonstrate that our proposed scheme outperforms previous similar schemes by approximately a factor of 2 in online computation and a factor of 3 in online communication. Our scheme can be applied in scenarios such as Certificate Authority (CA) and the signing of blockchain transactions to provide them with a more secure and flexible implementation method, enhancing the security and reliability of the systems.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103928"},"PeriodicalIF":4.1,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-17DOI: 10.1016/j.csi.2024.103927
Fengmei Tang , Yumei Li , Yudi Zhang , Willy Susilo , Bingbing Li
Health providers need to share patient information across healthcare networks efficiently and securely to improve medical and health services. Timely data synchronization among relevant parties is crucial for effectively containing and preventing the worsening of the condition. However, ensuring rapid information sharing while maintaining the security of sensitive patient data remains a pressing concern. In this paper, we introduce a cloud storage integrity auditing scheme that can protect auditors from procrastinating and preserve the privacy of sensitive information. Our proposed system requires healthcare institutions to encrypt sensitive patient data before uploading it to the cloud. It mandates the use of a data sanitizer for the secure processing of encrypted data blocks. Auditors must verify data integrity and promptly submit their audit results to the blockchain within a predefined time frame. Leveraging the time-sensitive nature of blockchain technology, healthcare institutions can monitor auditor compliance within the allotted validation timeframe. We conducted comprehensive security analysis and performance evaluations to demonstrate the feasibility and effectiveness of our solution in addressing the challenges of secure and timely cloud storage in healthcare settings.
{"title":"Real-time privacy-preserved auditing for shared outsourced data","authors":"Fengmei Tang , Yumei Li , Yudi Zhang , Willy Susilo , Bingbing Li","doi":"10.1016/j.csi.2024.103927","DOIUrl":"10.1016/j.csi.2024.103927","url":null,"abstract":"<div><p>Health providers need to share patient information across healthcare networks efficiently and securely to improve medical and health services. Timely data synchronization among relevant parties is crucial for effectively containing and preventing the worsening of the condition. However, ensuring rapid information sharing while maintaining the security of sensitive patient data remains a pressing concern. In this paper, we introduce a cloud storage integrity auditing scheme that can protect auditors from procrastinating and preserve the privacy of sensitive information. Our proposed system requires healthcare institutions to encrypt sensitive patient data before uploading it to the cloud. It mandates the use of a data sanitizer for the secure processing of encrypted data blocks. Auditors must verify data integrity and promptly submit their audit results to the blockchain within a predefined time frame. Leveraging the time-sensitive nature of blockchain technology, healthcare institutions can monitor auditor compliance within the allotted validation timeframe. We conducted comprehensive security analysis and performance evaluations to demonstrate the feasibility and effectiveness of our solution in addressing the challenges of secure and timely cloud storage in healthcare settings.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103927"},"PeriodicalIF":4.1,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000965/pdfft?md5=415902120bc5d079b282f17d38c9e44f&pid=1-s2.0-S0920548924000965-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142270690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-17DOI: 10.1016/j.csi.2024.103926
Yongjun Ren , Long Chen , Yongmei Bai , Jiale Ye , Yekang Zhao
With the growth of cloud computing, more and more organizations are outsourcing data to cloud platforms for flexibility and cost-effectiveness. However, this also poses the risk of data tampering or forgery, especially in the case of cross-domain queries, where the integrity of the query results needs to be ensured and cross-domain authentication is performed at the same time. Traditional approaches rely on centralized third-party authentication authorities, which increases complexity and potential security risks. To address these issues, we propose a blockchain-based Cross-domain Query Integrity Verification (CQIV) mechanism for outsourced databases. The mechanism leverages the decentralization and non-tamperability of the blockchain to achieve efficient cross-domain authentication and query integrity verification without the need for a third-party certification authority. By constructing a cuckoo filter on the blockchain, the authentication efficiency is improved and the storage cost is reduced. In addition, Dynamically Adjustable Capacity Cuckoo Filter (DACF) is designed to optimize query efficiency. Finally, the effectiveness and practicality of the mechanism are verified by comprehensive security analysis and performance evaluation.
{"title":"Blockchain-based cross-domain query integrity verification mechanism for outsourced database","authors":"Yongjun Ren , Long Chen , Yongmei Bai , Jiale Ye , Yekang Zhao","doi":"10.1016/j.csi.2024.103926","DOIUrl":"10.1016/j.csi.2024.103926","url":null,"abstract":"<div><div>With the growth of cloud computing, more and more organizations are outsourcing data to cloud platforms for flexibility and cost-effectiveness. However, this also poses the risk of data tampering or forgery, especially in the case of cross-domain queries, where the integrity of the query results needs to be ensured and cross-domain authentication is performed at the same time. Traditional approaches rely on centralized third-party authentication authorities, which increases complexity and potential security risks. To address these issues, we propose a blockchain-based Cross-domain Query Integrity Verification (CQIV) mechanism for outsourced databases. The mechanism leverages the decentralization and non-tamperability of the blockchain to achieve efficient cross-domain authentication and query integrity verification without the need for a third-party certification authority. By constructing a cuckoo filter on the blockchain, the authentication efficiency is improved and the storage cost is reduced. In addition, Dynamically Adjustable Capacity Cuckoo Filter (DACF) is designed to optimize query efficiency. Finally, the effectiveness and practicality of the mechanism are verified by comprehensive security analysis and performance evaluation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103926"},"PeriodicalIF":4.1,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-11DOI: 10.1016/j.csi.2024.103924
Shenando Stals , Lynne Baillie , Ryan Shah , Jamie Iona Ferguson , Manuel Maarek
We present an evaluation of a Serious Slow Game Jam (SSGJ) methodology as a mechanism for co-designing serious games in the application domain of cybersecurity, to evaluate how the SSGJ methodology contributed to improving the understanding of cybersecurity for different demographics. The aim of this study was to evaluate how the SSGJ contributed to improving the understanding of cybersecurity for young persons between the ages of 11 and 16 years old who had no formal training or education in cybersecurity, and to validate and compare these results to previous work where the same SSGJ methodology was used with a different target demographic (i.e.,M.Sc. students with no formal training or education in secure coding). To this end, we engaged 23 participants between the ages of 11 and 16 years old for 5 consecutive days over a one-week period, in a multidisciplinary SSGJ involving domain-specific, pedagogical, and game design knowledge, and encouraged engagement in-between scheduled events of the SSGJ. Findings show improved confidence of participants in their knowledge of cybersecurity, for both demographics, after undertaking the Serious Slow Game Jam (from 41.2% to 76.5% for young persons, and from 12.5% to 62.5% for M.Sc. students). Free-text answers specifically indicate an improved understanding of cybersecurity in general, and one specific security vulnerability, attack or defence for a quarter of young persons, and the trichotomy of security vulnerabilities, attacks, and defences for three quarters of the M.Sc. students. Also, confidence in knowledge of game design improved for both demographics (from 47.1% to 82.4% for young persons and from 12.5% to 75% for M.Sc. students). The SSGJ methodology also successfully engaged both demographics of participants in-between scheduled days. Finally, two serious games in the application domain of cybersecurity are presented that were co-designed during the SSGJ with participants and produced as an output of the SSGJs.
{"title":"Evaluating and validating the Serious Slow Game Jam methodology as a mechanism for co-designing serious games to improve understanding of cybersecurity for different demographics","authors":"Shenando Stals , Lynne Baillie , Ryan Shah , Jamie Iona Ferguson , Manuel Maarek","doi":"10.1016/j.csi.2024.103924","DOIUrl":"10.1016/j.csi.2024.103924","url":null,"abstract":"<div><div>We present an evaluation of a Serious Slow Game Jam (SSGJ) methodology as a mechanism for co-designing serious games in the application domain of cybersecurity, to evaluate how the SSGJ methodology contributed to improving the understanding of cybersecurity for different demographics. The aim of this study was to evaluate how the SSGJ contributed to improving the understanding of cybersecurity for young persons between the ages of 11 and 16 years old who had no formal training or education in cybersecurity, and to validate and compare these results to previous work where the same SSGJ methodology was used with a different target demographic (i.e.,M.Sc. students with no formal training or education in secure coding). To this end, we engaged 23 participants between the ages of 11 and 16 years old for 5 consecutive days over a one-week period, in a multidisciplinary SSGJ involving domain-specific, pedagogical, and game design knowledge, and encouraged engagement in-between scheduled events of the SSGJ. Findings show improved confidence of participants in their knowledge of cybersecurity, for both demographics, after undertaking the Serious Slow Game Jam (from 41.2% to 76.5% for young persons, and from 12.5% to 62.5% for M.Sc. students). Free-text answers specifically indicate an improved understanding of cybersecurity in general, and one specific security vulnerability, attack or defence for a quarter of young persons, and the trichotomy of security vulnerabilities, attacks, and defences for three quarters of the M.Sc. students. Also, confidence in knowledge of game design improved for both demographics (from 47.1% to 82.4% for young persons and from 12.5% to 75% for M.Sc. students). The SSGJ methodology also successfully engaged both demographics of participants in-between scheduled days. Finally, two serious games in the application domain of cybersecurity are presented that were co-designed during the SSGJ with participants and produced as an output of the SSGJs.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103924"},"PeriodicalIF":4.1,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-03DOI: 10.1016/j.csi.2024.103925
Fernando Pastor Ricós , Beatriz Marín , Tanja E.J. Vos , Rick Neeft , Pekka Aho
Recent software development methodologies emphasize iterative and incremental evolution to align with stakeholders’ needs. This perpetual and rapid software evolution demands ongoing research into verification practices and technologies that ensure swift responsiveness and effective management of software delta increments. Strategies such as code review have been widely adopted for development and verification, ensuring readability and consistency in the delta increments of software projects. However, the integration of techniques to detect and visually report delta changes within the Graphical User Interface (GUI) software applications remains an underutilized process. In this paper, we set out to achieve two objectives. First, we aim to conduct a comprehensive review of existing studies concerning GUI change detection in desktop, web, and mobile applications to recognize common practices. Second, we introduce a novel change detection tool capable of highlighting delta GUI changes for this diverse range of applications. To accomplish our first objective, we performed a systematic mapping of the literature using the Scopus database. To address the second objective, we designed and developed a GUI change detection tool. This tool simultaneously transits and compares state models inferred by a scriptless testing tool, enabling the detection and highlighting of GUI changes to detect the widgets or functionalities that have been added, removed, or modified. Our study reveals the existence of a multitude of techniques for change detection in specific GUI systems with different objectives. However, there is no widely adopted technique suitable for the diverse range of existing desktop, web, and mobile applications. Our tool and findings demonstrate the effectiveness of using inferred state models to highlight between 8 and 20 GUI changes in software delta increments containing a large number of changes over months and between 4 and 6 GUI changes in delta increments of small iterations performed over multiple weeks. Moreover, some of these changes were recognized by the software developers as GUI failures that required a fix. Finally, we expose the motivation for using this technique to help developers and testers analyze GUI changes to validate delta increments and detect potential GUI failures, thereby fostering knowledge dissemination and paving the way to standard practices.
{"title":"Delta GUI change detection using inferred models","authors":"Fernando Pastor Ricós , Beatriz Marín , Tanja E.J. Vos , Rick Neeft , Pekka Aho","doi":"10.1016/j.csi.2024.103925","DOIUrl":"10.1016/j.csi.2024.103925","url":null,"abstract":"<div><p>Recent software development methodologies emphasize iterative and incremental evolution to align with stakeholders’ needs. This perpetual and rapid software evolution demands ongoing research into verification practices and technologies that ensure swift responsiveness and effective management of software delta increments. Strategies such as code review have been widely adopted for development and verification, ensuring readability and consistency in the delta increments of software projects. However, the integration of techniques to detect and visually report delta changes within the Graphical User Interface (GUI) software applications remains an underutilized process. In this paper, we set out to achieve two objectives. First, we aim to conduct a comprehensive review of existing studies concerning GUI change detection in desktop, web, and mobile applications to recognize common practices. Second, we introduce a novel change detection tool capable of highlighting delta GUI changes for this diverse range of applications. To accomplish our first objective, we performed a systematic mapping of the literature using the Scopus database. To address the second objective, we designed and developed a GUI change detection tool. This tool simultaneously transits and compares state models inferred by a scriptless testing tool, enabling the detection and highlighting of GUI changes to detect the widgets or functionalities that have been added, removed, or modified. Our study reveals the existence of a multitude of techniques for change detection in specific GUI systems with different objectives. However, there is no widely adopted technique suitable for the diverse range of existing desktop, web, and mobile applications. Our tool and findings demonstrate the effectiveness of using inferred state models to highlight between 8 and 20 GUI changes in software delta increments containing a large number of changes over months and between 4 and 6 GUI changes in delta increments of small iterations performed over multiple weeks. Moreover, some of these changes were recognized by the software developers as GUI failures that required a fix. Finally, we expose the motivation for using this technique to help developers and testers analyze GUI changes to validate delta increments and detect potential GUI failures, thereby fostering knowledge dissemination and paving the way to standard practices.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103925"},"PeriodicalIF":4.1,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000941/pdfft?md5=27a9fbf4beea136b7a89fef0ed16bc0d&pid=1-s2.0-S0920548924000941-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Accessibility is an important component in the implementation of Web systems to ensure that these are usable, engaging, and enjoyable by all regardless of the level of ability, condition, or circumstances. Despite manifold efforts, the Web is still largely inaccessible for a plurality of reasons (e.g. poor navigation, lack of/unsuitable alternative text, complex Web forms) with significant impact on disabled users. The impact of Web accessibility barriers varies per disability, but current measures for the impact of barriers treat disabilities as a homogeneous group. In this work, we present a scoping review of the Web accessibility research landscape. Following a structured approach, 112 studies were reviewed, and findings are reported on common Web accessibility barriers and practices within the Web Accessibility Lifecycle. An assessment framework is further proposed to measure the impact of such barriers across disabled groups. Finally, the need for extensive qualitative research into organizational change and multinational studies on Web activity and disturbance by barriers per disabled user group are discussed as future avenues for accessibility research.
{"title":"Web accessibility barriers and their cross-disability impact in eSystems: A scoping review","authors":"Nikolaos Droutsas, Fotios Spyridonis, Damon Daylamani-Zad, Gheorghita Ghinea","doi":"10.1016/j.csi.2024.103923","DOIUrl":"10.1016/j.csi.2024.103923","url":null,"abstract":"<div><p>Accessibility is an important component in the implementation of Web systems to ensure that these are usable, engaging, and enjoyable by all regardless of the level of ability, condition, or circumstances. Despite manifold efforts, the Web is still largely inaccessible for a plurality of reasons (<em>e.g.</em> poor navigation, lack of/unsuitable alternative text, complex Web forms) with significant impact on disabled users. The impact of Web accessibility barriers varies per disability, but current measures for the impact of barriers treat disabilities as a homogeneous group. In this work, we present a scoping review of the Web accessibility research landscape. Following a structured approach, 112 studies were reviewed, and findings are reported on common Web accessibility barriers and practices within the Web Accessibility Lifecycle. An assessment framework is further proposed to measure the impact of such barriers across disabled groups. Finally, the need for extensive qualitative research into organizational change and multinational studies on Web activity and disturbance by barriers per disabled user group are discussed as future avenues for accessibility research.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103923"},"PeriodicalIF":4.1,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000928/pdfft?md5=f921d53ae3864451cd5b1e92e1a7c0f1&pid=1-s2.0-S0920548924000928-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142229628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The evolution of Graphics Processing Units (GPUs) has allowed the industry to overcome long-lasting problems and challenges. Many belong to the stream processing domain, whose central aspect is continuously receiving and processing data from streaming data producers such as cameras and sensors. Nonetheless, programming GPUs is challenging because it requires deep knowledge of many-core programming, mechanisms and optimizations for GPUs. Current GPU programming standards do not target stream processing and present programmability and code portability limitations. Among our main scientific contributions resides GSParLib, a C++ multi-level programming interface unifying CUDA and OpenCL for GPU processing on stream and data parallelism with negligible performance losses compared to manual implementations; GSParLib is organized in two layers: one for general-purpose computing and another for high-level structured programming based on parallel patterns; a methodology to provide unified and driver agnostic interfaces minimizing performance losses; a set of parallelism strategies and optimizations for GPU processing targeting stream and data parallelism; and new experiments covering GPU performance on applications exposing stream and data parallelism.
图形处理器(GPU)的发展使业界得以克服长期存在的问题和挑战。许多图形处理器属于流处理领域,其核心是不断接收和处理来自流数据生产者(如摄像头和传感器)的数据。尽管如此,GPU 编程仍具有挑战性,因为它需要对 GPU 的多核编程、机制和优化有深入的了解。目前的 GPU 编程标准并不针对流处理,因此存在可编程性和代码可移植性方面的限制。我们的主要科研贡献包括 GSParLib,它是一个 C++ 多层次编程接口,统一了 CUDA 和 OpenCL,用于 GPU 流和数据并行处理,与手动实现相比,性能损失可以忽略不计;GSParLib 分为两层:GSParLib 分为两层:一层用于通用计算,另一层用于基于并行模式的高级结构化编程;一种提供统一的、与驱动程序无关的接口的方法,可将性能损失降至最低;一套针对流和数据并行性的 GPU 处理的并行性策略和优化;以及新的实验,涵盖暴露流和数据并行性的应用程序的 GPU 性能。
{"title":"GSParLib: A multi-level programming interface unifying OpenCL and CUDA for expressing stream and data parallelism","authors":"Dinei A. Rockenbach , Gabriell Araujo , Dalvan Griebler, Luiz Gustavo Fernandes","doi":"10.1016/j.csi.2024.103922","DOIUrl":"10.1016/j.csi.2024.103922","url":null,"abstract":"<div><p>The evolution of Graphics Processing Units (GPUs) has allowed the industry to overcome long-lasting problems and challenges. Many belong to the stream processing domain, whose central aspect is continuously receiving and processing data from streaming data producers such as cameras and sensors. Nonetheless, programming GPUs is challenging because it requires deep knowledge of many-core programming, mechanisms and optimizations for GPUs. Current GPU programming standards do not target stream processing and present programmability and code portability limitations. Among our main scientific contributions resides <span><span>GSParLib</span></span>, a C++ multi-level programming interface unifying <span>CUDA</span> and <span>OpenCL</span> for GPU processing on stream and data parallelism with negligible performance losses compared to manual implementations; <span><span>GSParLib</span></span> is organized in two layers: one for general-purpose computing and another for high-level structured programming based on parallel patterns; a methodology to provide unified and driver agnostic interfaces minimizing performance losses; a set of parallelism strategies and optimizations for GPU processing targeting stream and data parallelism; and new experiments covering GPU performance on applications exposing stream and data parallelism.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103922"},"PeriodicalIF":4.1,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142122719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-30DOI: 10.1016/j.csi.2024.103920
Harshal Devidas Misalkar , Pon Harshavardhanan
The increasing ubiquity of Android devices has precipitated a concomitant surge in sophisticated malware attacks, posing critical challenges to cybersecurity infrastructures worldwide. Existing models have achieved significant strides in malware detection but often suffer from high false-positive rates, lower recall, and computational delays, thus demanding a more efficient and accurate system. Current techniques primarily rely on static features and simplistic learning models, leading to inadequate handling of temporal aspects and dynamic behaviors exhibited by advanced malware. These limitations compromise the detection of modern, evasive malware, and impede real-time analysis. This paper introduces a novel framework for Android malware detection that incorporates Temporal and Dynamic Behavior Analysis using Long Short-Term Memory (LSTM) networks and Attention Mechanisms. We further propose development of an efficient Grey Wolf Optimized (GWO) Decision Trees to find the most salient API call patterns associated with malwares. An Iterative Fuzzy Logic (IFL) layer is also deployed before classification to assess the "trustworthiness" of app metadata samples. For Ongoing Learning, we propose use of Deep Q-Networks (DQNs), which helps the reinforcement learning model to adapt more quickly to changes in the threat landscapes. By focusing on crucial system calls and behavioral characteristics in real-time, our model captures the nuanced temporal patterns often exhibited by advanced malwares. Empirical evaluations demonstrate remarkable improvements across multiple performance metrics. Compared to existing models, our approach enhances the precision of malware identification by 8.5 %, accuracy by 5.5 %, and recall by 4.9 %, while also achieving an 8.3 % improvement in the Area Under the Receiver Operating Characteristic Curve (AUC), with higher specificity and a 4.5 % reduction in identification delay. In malware pre-emption tasks, our model outperforms by improving precision by 4.3 %, accuracy by 3.9 %, recall by 4.9 %, AUC by 3.5 %, and increasing specificity by 2.9 %. These gains make our framework highly applicable for real-time detection systems, cloud-based security solutions, and threat intelligence services, thereby contributing to a safer Android ecosystem.
{"title":"TDBAMLA: Temporal and dynamic behavior analysis in Android malware using LSTM and attention mechanisms","authors":"Harshal Devidas Misalkar , Pon Harshavardhanan","doi":"10.1016/j.csi.2024.103920","DOIUrl":"10.1016/j.csi.2024.103920","url":null,"abstract":"<div><p>The increasing ubiquity of Android devices has precipitated a concomitant surge in sophisticated malware attacks, posing critical challenges to cybersecurity infrastructures worldwide. Existing models have achieved significant strides in malware detection but often suffer from high false-positive rates, lower recall, and computational delays, thus demanding a more efficient and accurate system. Current techniques primarily rely on static features and simplistic learning models, leading to inadequate handling of temporal aspects and dynamic behaviors exhibited by advanced malware. These limitations compromise the detection of modern, evasive malware, and impede real-time analysis. This paper introduces a novel framework for Android malware detection that incorporates Temporal and Dynamic Behavior Analysis using Long Short-Term Memory (LSTM) networks and Attention Mechanisms. We further propose development of an efficient Grey Wolf Optimized (GWO) Decision Trees to find the most salient API call patterns associated with malwares. An Iterative Fuzzy Logic (IFL) layer is also deployed before classification to assess the \"trustworthiness\" of app metadata samples. For Ongoing Learning, we propose use of Deep Q-Networks (DQNs), which helps the reinforcement learning model to adapt more quickly to changes in the threat landscapes. By focusing on crucial system calls and behavioral characteristics in real-time, our model captures the nuanced temporal patterns often exhibited by advanced malwares. Empirical evaluations demonstrate remarkable improvements across multiple performance metrics. Compared to existing models, our approach enhances the precision of malware identification by 8.5 %, accuracy by 5.5 %, and recall by 4.9 %, while also achieving an 8.3 % improvement in the Area Under the Receiver Operating Characteristic Curve (AUC), with higher specificity and a 4.5 % reduction in identification delay. In malware pre-emption tasks, our model outperforms by improving precision by 4.3 %, accuracy by 3.9 %, recall by 4.9 %, AUC by 3.5 %, and increasing specificity by 2.9 %. These gains make our framework highly applicable for real-time detection systems, cloud-based security solutions, and threat intelligence services, thereby contributing to a safer Android ecosystem.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103920"},"PeriodicalIF":4.1,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号