Computers & Security最新文献_第10页

Securing automated insulin delivery systems: A review of security threats and protective strategies 确保自动化胰岛素输送系统的安全：安全威胁和保护策略综述

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-29 DOI: 10.1016/j.cose.2025.104733

Yuchen Niu, Siew-Kei Lam

Automated Insulin Delivery (AID) systems represent a significant advancement in diabetes care and wearable physiological closed-loop control technologies, integrating continuous glucose monitoring, control algorithms, and insulin pumps to improve blood glucose level control and reduce the burden of patient self-management. However, their increasing dependence on wireless communication and automatic control introduces security risks that may compromise patient privacy or result in life-threatening treatment errors. This paper presents a comprehensive survey of the AID system security landscape, covering technical vulnerabilities, regulatory frameworks, and commercial security measures. In addition, we conduct a systematic review of attack vectors and defence mechanisms proposed in the literature, following the PRISMA framework. Our findings highlight critical gaps, including the lack of specific security evaluation frameworks, insufficient protections in real-world deployments, and the need for comprehensive, lightweight, and adaptive defence mechanisms. We further investigate available research resources and outline open research challenges and future directions to guide the development of more secure and reliable AID systems. By focusing on AID systems, this review offers a representative case study for examining and improving the cybersecurity of safety-critical medical wearable systems.

自动化胰岛素输送（AID）系统代表了糖尿病护理和可穿戴生理闭环控制技术的重大进步，集成了连续血糖监测、控制算法和胰岛素泵，以改善血糖水平控制，减轻患者自我管理的负担。然而，它们对无线通信和自动控制的日益依赖带来了安全风险，可能会损害患者隐私或导致危及生命的治疗错误。本文展示了AID系统安全景观的全面调查，涵盖了技术漏洞、监管框架和商业安全措施。此外，根据PRISMA框架，我们对文献中提出的攻击媒介和防御机制进行了系统审查。我们的研究结果突出了关键的差距，包括缺乏具体的安全评估框架，在实际部署中保护不足，以及需要全面、轻量级和自适应的防御机制。我们进一步调查了现有的研究资源，概述了开放的研究挑战和未来的方向，以指导开发更安全可靠的AID系统。通过关注AID系统，本综述为检查和改进安全关键型医疗可穿戴系统的网络安全提供了一个具有代表性的案例研究。

{"title":"Securing automated insulin delivery systems: A review of security threats and protective strategies","authors":"Yuchen Niu, Siew-Kei Lam","doi":"10.1016/j.cose.2025.104733","DOIUrl":"10.1016/j.cose.2025.104733","url":null,"abstract":"<div><div>Automated Insulin Delivery (AID) systems represent a significant advancement in diabetes care and wearable physiological closed-loop control technologies, integrating continuous glucose monitoring, control algorithms, and insulin pumps to improve blood glucose level control and reduce the burden of patient self-management. However, their increasing dependence on wireless communication and automatic control introduces security risks that may compromise patient privacy or result in life-threatening treatment errors. This paper presents a comprehensive survey of the AID system security landscape, covering technical vulnerabilities, regulatory frameworks, and commercial security measures. In addition, we conduct a systematic review of attack vectors and defence mechanisms proposed in the literature, following the PRISMA framework. Our findings highlight critical gaps, including the lack of specific security evaluation frameworks, insufficient protections in real-world deployments, and the need for comprehensive, lightweight, and adaptive defence mechanisms. We further investigate available research resources and outline open research challenges and future directions to guide the development of more secure and reliable AID systems. By focusing on AID systems, this review offers a representative case study for examining and improving the cybersecurity of safety-critical medical wearable systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104733"},"PeriodicalIF":5.4,"publicationDate":"2025-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Risk assessment and defense resource allocation optimization for mining cyber-physical systems under coordinated attacks 协同攻击下挖掘网络物理系统风险评估与防御资源配置优化

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-28 DOI: 10.1016/j.cose.2025.104741

Pan Du, Chang Su, Xinping Wang, Tiezhi Li, Taiwen Kong, Zhaoyu He

With the intelligent transformation of the mining industry, mining cyber-physical systems (CPS) face multiple, interacting threats including cyberattacks, equipment failures, and natural disasters. Such interactions can severely undermine system stability and resilience. Existing assessment methods typically address single risk factors in isolation, neglecting both the interplay among multiple threats and the benefits of dynamic emergency response strategies. This paper proposes an integrated risk assessment framework tailored to mining CPS. We develop a multi-risk evaluation model that captures interactions among diverse hazard sources and embed it within a coordinated recovery network to optimize emergency response strategies. Through MATLAB-based simulations across various risk scenarios, we validate the effectiveness of the proposed model. Results demonstrate that the synergy among multiple threats markedly accelerates system performance degradation, whereas a coordinated recovery strategy prioritizing key nodes significantly enhances restoration efficiency and reduces resource consumption. Furthermore, our optimized resource allocation scheme substantially lowers total energy use, improves utilization rates, and bolsters overall system stability. The main contributions of this work are: (1) the introduction of a comprehensive multi-risk assessment framework providing theoretical foundations for intelligent mining; (2) the design of a coordinated recovery network model that refines the system restoration process; and (3) the implementation of a dynamic emergency response mechanism that elevates recovery efficiency and curtails resource expenditure.

随着采矿业的智能化转型，采矿网络物理系统（CPS）面临着网络攻击、设备故障、自然灾害等多种相互影响的威胁。这种相互作用会严重破坏系统的稳定性和弹性。现有的评估方法通常孤立地处理单一风险因素，忽视了多种威胁之间的相互作用和动态应急响应战略的好处。本文提出了一个适合矿业CPS的综合风险评估框架。我们开发了一个多风险评估模型，该模型捕获了不同危险源之间的相互作用，并将其嵌入到协调的恢复网络中，以优化应急响应策略。通过基于matlab的各种风险情景模拟，我们验证了所提出模型的有效性。结果表明，多种威胁之间的协同效应显著加速了系统性能的下降，而优先考虑关键节点的协调恢复策略可显著提高恢复效率并降低资源消耗。此外，我们优化的资源分配方案大大降低了总能源使用，提高了利用率，并增强了整体系统的稳定性。本文的主要贡献有：(1)提出了一个综合的多风险评估框架，为智能采矿提供了理论基础；(2)设计协调恢复网络模型，细化系统恢复流程；(3)实施动态应急机制，提高恢复效率，减少资源支出。

{"title":"Risk assessment and defense resource allocation optimization for mining cyber-physical systems under coordinated attacks","authors":"Pan Du, Chang Su, Xinping Wang, Tiezhi Li, Taiwen Kong, Zhaoyu He","doi":"10.1016/j.cose.2025.104741","DOIUrl":"10.1016/j.cose.2025.104741","url":null,"abstract":"<div><div>With the intelligent transformation of the mining industry, mining cyber-physical systems (CPS) face multiple, interacting threats including cyberattacks, equipment failures, and natural disasters. Such interactions can severely undermine system stability and resilience. Existing assessment methods typically address single risk factors in isolation, neglecting both the interplay among multiple threats and the benefits of dynamic emergency response strategies. This paper proposes an integrated risk assessment framework tailored to mining CPS. We develop a multi-risk evaluation model that captures interactions among diverse hazard sources and embed it within a coordinated recovery network to optimize emergency response strategies. Through MATLAB-based simulations across various risk scenarios, we validate the effectiveness of the proposed model. Results demonstrate that the synergy among multiple threats markedly accelerates system performance degradation, whereas a coordinated recovery strategy prioritizing key nodes significantly enhances restoration efficiency and reduces resource consumption. Furthermore, our optimized resource allocation scheme substantially lowers total energy use, improves utilization rates, and bolsters overall system stability. The main contributions of this work are: (1) the introduction of a comprehensive multi-risk assessment framework providing theoretical foundations for intelligent mining; (2) the design of a coordinated recovery network model that refines the system restoration process; and (3) the implementation of a dynamic emergency response mechanism that elevates recovery efficiency and curtails resource expenditure.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104741"},"PeriodicalIF":5.4,"publicationDate":"2025-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145467666","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The privacy cost of fun: A measurement study of user data exposure in tiktok mini-games 乐趣的隐私成本：tiktok小游戏中用户数据暴露的测量研究

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-27 DOI: 10.1016/j.cose.2025.104728

Sideeq Bello, Lamine Noureddine, Babangida Bappah, Aisha Ali-Gombe

TikTok Mini Games represent a growing class of interactive, embedded experiences within social media platforms. Delivered through filters and effects, these games offer high engagement, but raise underexplored privacy concerns. Unlike standalone mobile games, TikTok Mini Games operate entirely within the app’s ecosystem-blurring the lines between entertainment, content creation, and data collection. Despite their popularity, little is known about how these features collect, process, and expose user data. This paper presents the first comprehensive privacy analysis of TikTok Mini Games using a mixed-method framework. We combine documentation review and experimental development, developmental toolkit analysis, interface and behavioral heuristic evaluation, network traffic and code analysis, data synthesis for privacy sensitivity, and comparative analysis to examine how privacy risks are architected, operationalized, and experienced. Our analysis reveals systemic privacy gaps: AR functionalities and motion sensors operate without granular consent mechanisms, UI designs lack transparency, and sensitive data streams (facial landmarks, geolocation, behavioral telemetry) are extensively collected, often without explicit interface-level disclosures. We also identify misalignments between TikTok’s runtime data practices and disclosed privacy policies, raising concerns about informed consent and accountability. A comparative analysis with Facebook Instant Games highlights structural differences in developer access, API use, and data governance. To address these concerns, we recommend platform-level reforms, including per-feature consent and embedded transparency mechanisms for interactive content. Our findings inform both the platform design and the regulatory discourse as gamified content embedded becomes a dominant mode of digital interaction.

抖音小游戏代表了社交媒体平台中不断增长的交互式嵌入式体验。通过过滤器和特效，这些游戏提供了高粘性，但却引发了未被充分开发的隐私问题。与独立的手机游戏不同，抖音小游戏完全在应用程序的生态系统内运行——模糊了娱乐、内容创作和数据收集之间的界限。尽管它们很受欢迎，但人们对这些特性如何收集、处理和公开用户数据知之甚少。本文首次使用混合方法框架对抖音小游戏进行了全面的隐私分析。我们结合文档审查和实验开发、开发工具包分析、界面和行为启发式评估、网络流量和代码分析、隐私敏感性数据综合以及比较分析来研究隐私风险是如何架构、操作和体验的。我们的分析揭示了系统性的隐私漏洞：AR功能和运动传感器在没有粒度同意机制的情况下运行，UI设计缺乏透明度，敏感数据流（面部地标、地理位置、行为遥测）被广泛收集，通常没有明确的界面级披露。我们还发现了TikTok运行时数据实践与披露的隐私政策之间的不一致，引发了对知情同意和问责制的担忧。与Facebook Instant Games的对比分析突出了开发者访问、API使用和数据管理方面的结构性差异。为了解决这些问题，我们建议进行平台级改革，包括每个功能的同意和交互式内容的嵌入式透明度机制。随着嵌入的游戏化内容成为数字交互的主导模式，我们的研究结果为平台设计和监管话语提供了信息。

{"title":"The privacy cost of fun: A measurement study of user data exposure in tiktok mini-games","authors":"Sideeq Bello, Lamine Noureddine, Babangida Bappah, Aisha Ali-Gombe","doi":"10.1016/j.cose.2025.104728","DOIUrl":"10.1016/j.cose.2025.104728","url":null,"abstract":"<div><div>TikTok Mini Games represent a growing class of interactive, embedded experiences within social media platforms. Delivered through filters and effects, these games offer high engagement, but raise underexplored privacy concerns. Unlike standalone mobile games, TikTok Mini Games operate entirely within the app’s ecosystem-blurring the lines between entertainment, content creation, and data collection. Despite their popularity, little is known about how these features collect, process, and expose user data. This paper presents the first comprehensive privacy analysis of TikTok Mini Games using a mixed-method framework. We combine documentation review and experimental development, developmental toolkit analysis, interface and behavioral heuristic evaluation, network traffic and code analysis, data synthesis for privacy sensitivity, and comparative analysis to examine how privacy risks are architected, operationalized, and experienced. Our analysis reveals systemic privacy gaps: AR functionalities and motion sensors operate without granular consent mechanisms, UI designs lack transparency, and sensitive data streams (facial landmarks, geolocation, behavioral telemetry) are extensively collected, often without explicit interface-level disclosures. We also identify misalignments between TikTok’s runtime data practices and disclosed privacy policies, raising concerns about informed consent and accountability. A comparative analysis with Facebook Instant Games highlights structural differences in developer access, API use, and data governance. To address these concerns, we recommend platform-level reforms, including per-feature consent and embedded transparency mechanisms for interactive content. Our findings inform both the platform design and the regulatory discourse as gamified content embedded becomes a dominant mode of digital interaction.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104728"},"PeriodicalIF":5.4,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145520267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles 联网车辆网络威胁系统影响评估的定量方法

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-27 DOI: 10.1016/j.cose.2025.104729

Don Nalin Dharshana Jayaratne , Qian Lu , Abdur Rakib , Muhamad Azfar Ramli , Rakhi Manohar Mepparambath , Siraj Ahmed Shaikh , Hoang Nga Nguyen

The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative impact ratings at the vehicle boundary, with limited systemic quantification. This study presents a systematic, simulation-based methodology for quantifying the systemic operational and safety impacts of cyber threats on connected vehicles, evaluating cascading effects across the transport network. Three representative scenarios are examined: (I) telematics-induced sudden braking causing a cascading collision, (II) remote disabling on a motorway (M25) segment, and (III) a compromised Roadside Unit (RSU) spoofing Variable Speed Limit (VSL) and phantom lane closure messages to connected and automated vehicles (CAVs). The results highlight the potential for cascading safety incidents and systemic operational degradation, as evidenced by the defined systemic operational and safety vectors, factors that are insufficiently addressed in the current scope of the ISO/SAE 21434 standard, which primarily focuses on individual vehicle-level threats. The findings underscore the need to incorporate systemic evaluation into existing frameworks to enhance cyber resilience across connected vehicle ecosystems. The framework complements ISO/SAE 21434 by supplying quantitative, reproducible evidence for the impact rating step at a systemic scale, reducing assessor subjectivity and supporting policy and operations, enabling more data-driven evaluations of systemic cyber risks.

随着数字技术越来越多地集成到联网车辆中，网络安全风险将超越单个车辆，并有可能破坏整个交通系统。目前的实践（例如ISO/SAE 21434 TARA）侧重于车辆边界的威胁识别和定性影响评级，系统量化有限。本研究提出了一种系统的、基于模拟的方法，用于量化网络威胁对联网车辆的系统运行和安全影响，评估整个交通网络的级联效应。研究了三种典型场景：(I)远程信息处理引起的突然制动导致级联碰撞，（II）在高速公路（M25）路段上远程禁用，以及（III）路边单元（RSU）受到损害，欺骗可变速度限制（VSL）和幻影车道关闭信息，以连接和自动驾驶车辆（cav）。研究结果强调了级联安全事件和系统操作退化的可能性，正如定义的系统操作和安全向量所证明的那样，这些因素在ISO/SAE 21434标准的当前范围内没有得到充分解决，该标准主要侧重于单个车辆级别的威胁。研究结果强调，需要将系统评估纳入现有框架，以增强互联汽车生态系统的网络弹性。该框架补充了ISO/SAE 21434，为系统规模的影响评级步骤提供了定量的、可重复的证据，减少了评估人员的主观性，支持了政策和操作，实现了更多数据驱动的系统网络风险评估。

{"title":"A quantitative methodology for systemic impact assessment of cyber threats in connected vehicles","authors":"Don Nalin Dharshana Jayaratne , Qian Lu , Abdur Rakib , Muhamad Azfar Ramli , Rakhi Manohar Mepparambath , Siraj Ahmed Shaikh , Hoang Nga Nguyen","doi":"10.1016/j.cose.2025.104729","DOIUrl":"10.1016/j.cose.2025.104729","url":null,"abstract":"<div><div>The increasing integration of digital technologies in connected vehicles introduces cybersecurity risks that extend beyond individual vehicles, with the potential to disrupt entire transportation systems. Current practice (e.g., ISO/SAE 21434 TARA) focuses on threat identification and qualitative impact ratings at the vehicle boundary, with limited systemic quantification. This study presents a systematic, simulation-based methodology for quantifying the systemic operational and safety impacts of cyber threats on connected vehicles, evaluating cascading effects across the transport network. Three representative scenarios are examined: (I) telematics-induced sudden braking causing a cascading collision, (II) remote disabling on a motorway (M25) segment, and (III) a compromised Roadside Unit (RSU) spoofing Variable Speed Limit (VSL) and phantom lane closure messages to connected and automated vehicles (CAVs). The results highlight the potential for cascading safety incidents and systemic operational degradation, as evidenced by the defined systemic operational and safety vectors, factors that are insufficiently addressed in the current scope of the ISO/SAE 21434 standard, which primarily focuses on individual vehicle-level threats. The findings underscore the need to incorporate systemic evaluation into existing frameworks to enhance cyber resilience across connected vehicle ecosystems. The framework complements ISO/SAE 21434 by supplying quantitative, reproducible evidence for the impact rating step at a systemic scale, reducing assessor subjectivity and supporting policy and operations, enabling more data-driven evaluations of systemic cyber risks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104729"},"PeriodicalIF":5.4,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145467664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Control-Flow Integrity for Resource-Constrained Devices 资源受限设备的控制流完整性

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-26 DOI: 10.1016/j.cose.2025.104730

Gianluca Roascio , Nicolò Maunero , Gabriele Costa

Control-Flow Integrity (CFI) ensures that an attacker cannot tamper with the execution logic of a program, e.g., by reusing its code to implement malicious operations. In the past, several attacks have actively exploited CFI failures for hijacking the control logic of programs. Although enforcing the CFI of programs is a significant concern, implementing effective control mechanisms is highly complex. Although often control-flow properties are regarded as practically enforceable, as most languages include data-driven branch operators, CFI is, in fact, also a data-flow property. Furthermore, when the execution platform supports any sort of non-determinism, e.g., think of program interrupts, static models for CFI analysis, such as control-flow graphs (CFG), cannot be accurately computed. Thus, it is not surprising that CFI is often only partially guaranteed by means of weaker security models.

In this paper, we present a novel CFI enforcement framework for dealing with the aforementioned issues. Like other proposals, our method relies on code instrumentation for deploying CFI checks among the instructions of a target program. However, our policy enforcement framework also monitors interrupt routines to ensure that the attacker cannot exploit them. Finally, we provide our proposal with formal semantics that we use to provide the correctness of our solution.

控制流完整性（CFI）确保攻击者不能篡改程序的执行逻辑，例如，通过重用其代码来实现恶意操作。在过去，一些攻击已经积极地利用CFI故障来劫持程序的控制逻辑。虽然执行项目的CFI是一个重要的问题，但实施有效的控制机制是非常复杂的。尽管通常认为控制流属性实际上是可执行的，因为大多数语言都包含数据驱动的分支操作符，但CFI实际上也是一个数据流属性。此外，当执行平台支持任何类型的非确定性时，例如，考虑程序中断，用于CFI分析的静态模型，如控制流图（CFG），无法精确计算。因此，CFI通常仅通过较弱的安全模型得到部分保证也就不足为奇了。在本文中，我们提出了一个新的CFI执行框架来处理上述问题。与其他建议一样，我们的方法依赖于在目标程序的指令之间部署CFI检查的代码插装。然而，我们的策略实施框架还监视中断例程，以确保攻击者无法利用它们。最后，我们为我们的建议提供形式化语义，我们使用形式化语义来提供解决方案的正确性。

{"title":"Control-Flow Integrity for Resource-Constrained Devices","authors":"Gianluca Roascio , Nicolò Maunero , Gabriele Costa","doi":"10.1016/j.cose.2025.104730","DOIUrl":"10.1016/j.cose.2025.104730","url":null,"abstract":"<div><div>Control-Flow Integrity (CFI) ensures that an attacker cannot tamper with the execution logic of a program, e.g., by reusing its code to implement malicious operations. In the past, several attacks have actively exploited CFI failures for hijacking the control logic of programs. Although enforcing the CFI of programs is a significant concern, implementing effective control mechanisms is highly complex. Although often control-flow properties are regarded as practically enforceable, as most languages include data-driven branch operators, CFI is, in fact, also a data-flow property. Furthermore, when the execution platform supports any sort of non-determinism, e.g., think of program interrupts, static models for CFI analysis, such as control-flow graphs (CFG), cannot be accurately computed. Thus, it is not surprising that CFI is often only partially guaranteed by means of weaker security models.</div><div>In this paper, we present a novel CFI enforcement framework for dealing with the aforementioned issues. Like other proposals, our method relies on code instrumentation for deploying CFI checks among the instructions of a target program. However, our policy enforcement framework also monitors interrupt routines to ensure that the attacker cannot exploit them. Finally, we provide our proposal with formal semantics that we use to provide the correctness of our solution.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"161 ","pages":"Article 104730"},"PeriodicalIF":5.4,"publicationDate":"2025-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145694033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Surviving zero-day attacks using spatial specialization 利用空间专门化抵御零日攻击

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-26 DOI: 10.1016/j.cose.2025.104709

A S M Asadujjaman , Eduardo Falcão , Andrey Brito , Elisa Rojas

Applications and OS kernels contain numerous vulnerabilities that are being discovered, reported, exploited, and patched on a regular basis. The discovery of vulnerabilities may be done by both security professionals and malicious actors. Sometimes, once a vulnerability is discovered by malicious actors, it may not be known to security professionals and remain unpatched for years. This leaves even systems that require a high level of security and adopt strong threat models, such as those based on confidential computing, vulnerable to attacks, including remote arbitrary code execution. Control flow enforcement solutions may fail to prevent such attacks due to the vulnerability being related to part of an unusual but valid program control flow. Once such attacks are successful, an attacker may inflict further damage by performing secondary actions such as privilege escalation or container escape. Existing solutions fail to defend against such attacks in many cases. In this work, we propose a novel approach, called spatial specialization, to protect cloud VMs and containers from zero-day attacks exploiting unknown vulnerabilities. Spatial specialization works by limiting the execution of system calls according to where, in the address space, they are required by the application. Our approach is applicable to server applications as well as software tools. We implement our solution in C, and through experimental evaluations, we show that it can prevent up to 96 % of attacks, while the state-of-the-art solution can only prevent 66 %. Through performance benchmarking, we show that our solution has a reasonably low overhead.

应用程序和操作系统内核包含大量的漏洞，这些漏洞经常被发现、报告、利用和修补。漏洞的发现可能由安全专业人员和恶意参与者共同完成。有时，一旦漏洞被恶意行为者发现，安全专业人员可能不知道它，并且多年未修补。这使得即使是需要高级别安全性并采用强大威胁模型的系统（例如基于机密计算的系统）也容易受到攻击，包括远程任意代码执行。控制流强制解决方案可能无法阻止此类攻击，因为漏洞与不寻常但有效的程序控制流的一部分相关。一旦此类攻击成功，攻击者可能会通过执行特权升级或容器逃逸等次要操作造成进一步的破坏。在许多情况下，现有的解决方案无法抵御此类攻击。在这项工作中，我们提出了一种称为空间专业化的新方法，以保护云虚拟机和容器免受利用未知漏洞的零日攻击。空间专门化的工作原理是根据应用程序在地址空间中需要的位置来限制系统调用的执行。我们的方法适用于服务器应用程序和软件工具。我们在C语言中实现了我们的解决方案，通过实验评估，我们表明它可以防止高达96%的攻击，而最先进的解决方案只能防止66%的攻击。通过性能基准测试，我们表明我们的解决方案具有相当低的开销。

{"title":"Surviving zero-day attacks using spatial specialization","authors":"A S M Asadujjaman , Eduardo Falcão , Andrey Brito , Elisa Rojas","doi":"10.1016/j.cose.2025.104709","DOIUrl":"10.1016/j.cose.2025.104709","url":null,"abstract":"<div><div>Applications and OS kernels contain numerous vulnerabilities that are being discovered, reported, exploited, and patched on a regular basis. The discovery of vulnerabilities may be done by both security professionals and malicious actors. Sometimes, once a vulnerability is discovered by malicious actors, it may not be known to security professionals and remain unpatched for years. This leaves even systems that require a high level of security and adopt strong threat models, such as those based on confidential computing, vulnerable to attacks, including remote arbitrary code execution. Control flow enforcement solutions may fail to prevent such attacks due to the vulnerability being related to part of an unusual but valid program control flow. Once such attacks are successful, an attacker may inflict further damage by performing secondary actions such as privilege escalation or container escape. Existing solutions fail to defend against such attacks in many cases. In this work, we propose a novel approach, called <em>spatial specialization</em>, to protect cloud VMs and containers from zero-day attacks exploiting unknown vulnerabilities. Spatial specialization works by limiting the execution of system calls according to where, in the address space, they are required by the application. Our approach is applicable to server applications as well as software tools. We implement our solution in C, and through experimental evaluations, we show that it can prevent up to 96 % of attacks, while the state-of-the-art solution can only prevent 66 %. Through performance benchmarking, we show that our solution has a reasonably low overhead.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104709"},"PeriodicalIF":5.4,"publicationDate":"2025-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145467670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Android app suspicious hidden sensitive operation detection with high coverage of program execution path Android应用可疑隐藏敏感操作检测，程序执行路径覆盖率高

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-24 DOI: 10.1016/j.cose.2025.104723

Yongxin Lu , Zhao Zhang , Senlin Luo, Limin Pan

Detection of Suspicious Hidden Sensitive Operations (SHSO) is essential for identifying security vulnerabilities in Android applications. However, accurately identifying SHSO is complicated by anomalous control flow. Existing methods represent the main program, which includes exception handling code, as a control flow graph. The uncertainty of anomalous control flow results in missing edges between certain subgraphs and the main program entry, rendering certain subgraphs unreachable and preventing SHSO detection. Additionally, the distribution of normal sensitive operations is often imbalanced, resulting in prediction bias and misidentification of minority class samples. To address these issues, a method for detecting Android app SHSO that achieves high coverage of program execution paths is proposed. This method uses instruction labels to pinpoint exception handling code and extracts relevant sensitive function calls to complete execution paths. We implement similarity-based binary clustering of normal sensitive operations to filter minority classes and construct independent classification models for each class to reduce false positives. Experimental results show that the method significantly outperforms state-of-the-art techniques across multiple datasets, enhancing both recall and accuracy in SHSO detection.

可疑隐藏敏感操作检测（SHSO）对于识别Android应用程序中的安全漏洞至关重要。然而，由于异常控制流的存在，使得准确识别SHSO变得复杂。现有方法将主程序（包括异常处理代码）表示为控制流图。异常控制流的不确定性导致某些子图与主程序入口之间缺边，使某些子图无法到达，从而阻止了SHSO检测。此外，正常敏感操作的分布往往不平衡，导致少数类样本的预测偏差和错误识别。为了解决这些问题，提出了一种检测Android应用程序SHSO的方法，该方法实现了程序执行路径的高覆盖率。该方法使用指令标签来精确定位异常处理代码，并提取相关的敏感函数调用来完成执行路径。我们实现了基于相似度的正常敏感操作的二值聚类来过滤少数类，并为每个类构建独立的分类模型来减少误报。实验结果表明，该方法在多个数据集上明显优于当前的技术，提高了SHSO检测的召回率和准确率。

{"title":"Android app suspicious hidden sensitive operation detection with high coverage of program execution path","authors":"Yongxin Lu , Zhao Zhang , Senlin Luo, Limin Pan","doi":"10.1016/j.cose.2025.104723","DOIUrl":"10.1016/j.cose.2025.104723","url":null,"abstract":"<div><div>Detection of Suspicious Hidden Sensitive Operations (SHSO) is essential for identifying security vulnerabilities in Android applications. However, accurately identifying SHSO is complicated by anomalous control flow. Existing methods represent the main program, which includes exception handling code, as a control flow graph. The uncertainty of anomalous control flow results in missing edges between certain subgraphs and the main program entry, rendering certain subgraphs unreachable and preventing SHSO detection. Additionally, the distribution of normal sensitive operations is often imbalanced, resulting in prediction bias and misidentification of minority class samples. To address these issues, a method for detecting Android app SHSO that achieves high coverage of program execution paths is proposed. This method uses instruction labels to pinpoint exception handling code and extracts relevant sensitive function calls to complete execution paths. We implement similarity-based binary clustering of normal sensitive operations to filter minority classes and construct independent classification models for each class to reduce false positives. Experimental results show that the method significantly outperforms state-of-the-art techniques across multiple datasets, enhancing both recall and accuracy in SHSO detection.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104723"},"PeriodicalIF":5.4,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145467665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ActDroid: An active learning framework for android malware detection ActDroid: android恶意软件检测的主动学习框架

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-24 DOI: 10.1016/j.cose.2025.104724

Ali Muzaffar , Hani Ragab Hassen , Hind Zantout , Michael A. Lones

The growing popularity of Android requires malware detection systems that can keep up with the pace of new software being released. According to a recent study, a new piece of malware appears online every 12 seconds. To address this, we treat Android malware detection as a streaming data problem and explore the use of active online learning as a means of mitigating the problem of labelling applications in a timely and cost-effective manner. Specifically, we develop a semi-supervised active learning framework that incrementally trains online learning models using only samples with low prediction confidence, while detecting concept drift and retraining the models when drift is observed. Our resulting framework achieves accuracies of up to 96 % on a balanced dataset, requires as little as 24 % of the training data to be labelled, and compensates for concept drift that occurs between the release and labelling of an application. We also consider the broader practicalities of online learning within Android malware detection, and systematically explore the trade-offs between using different static, dynamic and hybrid feature sets to classify malware. We find that features derived from static API calls lead to the best performing models, though models based around lower-dimensional permission and opcode feature sets provide a potentially more practical basis for deployment, with only a marginal deficit in accuracy. Dynamic and hybrid feature sets are found to significantly increase feature extraction costs with no net benefit to predictive performance.

Android的日益普及要求恶意软件检测系统能够跟上新软件发布的步伐。根据最近的一项研究，每12秒就有一个新的恶意软件出现在网上。为了解决这个问题，我们将Android恶意软件检测视为一个流数据问题，并探索使用主动在线学习作为一种手段，以及时和经济有效的方式减轻标签应用程序的问题。具体来说，我们开发了一个半监督主动学习框架，该框架仅使用低预测置信度的样本增量训练在线学习模型，同时检测概念漂移并在观察到漂移时重新训练模型。我们的结果框架在平衡数据集上实现了高达96%的准确性，只需要标记24%的训练数据，并补偿了在应用程序发布和标记之间发生的概念漂移。我们还考虑了在线学习在Android恶意软件检测中的更广泛的实用性，并系统地探索了使用不同的静态、动态和混合特征集来分类恶意软件之间的权衡。我们发现，来自静态API调用的特征导致了性能最好的模型，尽管基于低维权限和操作码特征集的模型为部署提供了潜在的更实用的基础，但在准确性上只有轻微的缺陷。动态和混合特征集显著增加了特征提取成本，但对预测性能没有净收益。

{"title":"ActDroid: An active learning framework for android malware detection","authors":"Ali Muzaffar , Hani Ragab Hassen , Hind Zantout , Michael A. Lones","doi":"10.1016/j.cose.2025.104724","DOIUrl":"10.1016/j.cose.2025.104724","url":null,"abstract":"<div><div>The growing popularity of Android requires malware detection systems that can keep up with the pace of new software being released. According to a recent study, a new piece of malware appears online every 12 seconds. To address this, we treat Android malware detection as a streaming data problem and explore the use of active online learning as a means of mitigating the problem of labelling applications in a timely and cost-effective manner. Specifically, we develop a semi-supervised active learning framework that incrementally trains online learning models using only samples with low prediction confidence, while detecting concept drift and retraining the models when drift is observed. Our resulting framework achieves accuracies of up to 96 % on a balanced dataset, requires as little as 24 % of the training data to be labelled, and compensates for concept drift that occurs between the release and labelling of an application. We also consider the broader practicalities of online learning within Android malware detection, and systematically explore the trade-offs between using different static, dynamic and hybrid feature sets to classify malware. We find that features derived from static API calls lead to the best performing models, though models based around lower-dimensional permission and opcode feature sets provide a potentially more practical basis for deployment, with only a marginal deficit in accuracy. Dynamic and hybrid feature sets are found to significantly increase feature extraction costs with no net benefit to predictive performance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104724"},"PeriodicalIF":5.4,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145419385","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Empowering cybersecurity analysis: Unifying CVE, CWE, and CPE through knowledge graphs 增强网络安全分析能力：通过知识图谱统一CVE、CWE和CPE

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-24 DOI: 10.1016/j.cose.2025.104726

Kamal Benzekki , Mohamed-Lamine Messai

Properly managing and mitigating software vulnerabilities and weaknesses is crucial for cybersecurity. The MITRE Corporation’s community-driven initiatives, Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE), play a vital role by offering standardized identifiers and descriptions for known issues. However, the intricate relationships between these vulnerabilities present major challenges for effective mitigation. To address this, there is increasing interest in using graph-based modeling techniques to integrate CVE and CWE data into a unified knowledge graph. Our research aims to connect this data to enhance vulnerability analysis and management. We propose a method to build and refine a cybersecurity knowledge graph that consolidates information from the CVE, CWE, and Common Platform Enumeration (CPE) databases. This interconnected data network improves vulnerability classification, assessments, and the identification of recurring threat patterns and their relationships, leading to more effective patch recommendations.

妥善管理和缓解软件漏洞和弱点对网络安全至关重要。MITRE公司的社区驱动计划，公共漏洞和暴露（CVE）和公共弱点枚举（CWE），通过为已知问题提供标准化标识符和描述，发挥了至关重要的作用。然而，这些脆弱性之间错综复杂的关系对有效缓解构成了重大挑战。为了解决这个问题，人们对使用基于图的建模技术将CVE和CWE数据集成到统一的知识图中越来越感兴趣。我们的研究旨在将这些数据连接起来，以加强漏洞分析和管理。我们提出了一种方法来构建和完善网络安全知识图谱，该图谱整合了来自CVE、CWE和公共平台枚举（CPE）数据库的信息。这种相互连接的数据网络改进了漏洞分类、评估和识别反复出现的威胁模式及其关系，从而提供更有效的补丁建议。

引用次数: 0

KDPrint: Passive authentication using keystroke dynamics-to-image encoding via standardization KDPrint：通过标准化使用击键动态到图像编码的被动身份验证

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-10-24 DOI: 10.1016/j.cose.2025.104725

Yooshin Kim , Namhyeok Kwon , Donghoon Shin

Personal identification number (PIN) authentication remains prevalent in mobile and IoT systems due to its simplicity, yet it is inherently vulnerable to various attacks such as shoulder surfing, smudge analysis, and brute force attempts. To reinforce its security without compromising usability, we propose KDPrint, a passive authentication framework that transforms keystroke dynamics into graph-based image representations. By applying a hash-based permutation and standardized feature processing, KDPrint captures the temporal and spatial structure of user behavior while mitigating raw data exposure. The resulting images are used with lightweight anomaly detection models, enabling accurate user verification under resource-constrained environments. Experiments involving 50 participants across both laboratory and real-world environments demonstrated that KDPrint maintained robustness under two adversarial scenarios: an EER of 3.3 % when only the PIN was leaked, and an EER of 4.4 % when both the PIN and behavioral characteristics were exposed. These results demonstrate that KDPrint offers a practical and interpretable solution for augmenting PIN authentication in mobile and IoT systems, balancing robustness, efficiency, and user transparency.

由于其简单性，个人识别号码（PIN）认证在移动和物联网系统中仍然普遍存在，但它本身就容易受到各种攻击，例如肩部冲浪，污迹分析和暴力破解尝试。为了在不影响可用性的情况下增强其安全性，我们提出了KDPrint，这是一个将击键动力学转换为基于图形的图像表示的被动身份验证框架。通过应用基于散列的排列和标准化的特征处理，KDPrint可以捕获用户行为的时间和空间结构，同时减少原始数据的暴露。生成的图像与轻量级异常检测模型一起使用，从而在资源受限的环境下实现准确的用户验证。在实验室和现实环境中涉及50名参与者的实验表明，KDPrint在两种敌对情况下保持稳健性：仅泄露PIN时的EER为3.3%，暴露PIN和行为特征时的EER为4.4%。这些结果表明，KDPrint为增强移动和物联网系统中的PIN身份验证提供了一种实用且可解释的解决方案，可以平衡鲁棒性、效率和用户透明度。

{"title":"KDPrint: Passive authentication using keystroke dynamics-to-image encoding via standardization","authors":"Yooshin Kim , Namhyeok Kwon , Donghoon Shin","doi":"10.1016/j.cose.2025.104725","DOIUrl":"10.1016/j.cose.2025.104725","url":null,"abstract":"<div><div>Personal identification number (PIN) authentication remains prevalent in mobile and IoT systems due to its simplicity, yet it is inherently vulnerable to various attacks such as shoulder surfing, smudge analysis, and brute force attempts. To reinforce its security without compromising usability, we propose KDPrint, a passive authentication framework that transforms keystroke dynamics into graph-based image representations. By applying a hash-based permutation and standardized feature processing, KDPrint captures the temporal and spatial structure of user behavior while mitigating raw data exposure. The resulting images are used with lightweight anomaly detection models, enabling accurate user verification under resource-constrained environments. Experiments involving 50 participants across both laboratory and real-world environments demonstrated that KDPrint maintained robustness under two adversarial scenarios: an EER of 3.3 % when only the PIN was leaked, and an EER of 4.4 % when both the PIN and behavioral characteristics were exposed. These results demonstrate that KDPrint offers a practical and interpretable solution for augmenting PIN authentication in mobile and IoT systems, balancing robustness, efficiency, and user transparency.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"160 ","pages":"Article 104725"},"PeriodicalIF":5.4,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145419388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0