ScienceDirect

Forensic Science International

The ever-increasing size of digital media presents a continuous challenge to digital investigators who must rapidly assess computer media to find and identify evidence. To meet this challenge, methods must continuously be sought to expedite the examination process. This paper investigates using the file ownership property as an analytical tool focusing on activity by individuals associated with the computer. Research centered on the New Technology File System (NTFS), which is the default file system in Microsoft® Windows Operating System (OS). This was done because Microsoft®'s worldwide market penetration makes Windows® and NTFS the most likely OS and file system to be encountered in digital forensic examinations. Significantly, digital forensic software now allows examination of NTFS file attributes and properties including the ownership property. The paper outlines potential limitations regarding interpreting ownership findings, and suggests areas for further research. Overall, file ownership is seen as a potentially viable new digital forensic tool.

Digital Forensic Examination; File ownership; Media examination; NTFS

ScienceDirect

Loss and theft of information from organisations continues to be a significant problem. Given the amount of attention to this issue and the wealth of standards and technology available, why do these leaks still occur and what can be done to improve matters? Loss and theft of information from organisations continues to be a significant problem. Why do these leaks still occur and what can be done to improve matters? People would not treat money with the same disregard that they treat information and data. Taking care to look after property that is not your own is called stewardship, and what is needed is better information stewardship, explains Mike Small, a member of the London Chapter of the ISACA Security Advisory Group.

ScienceDirect

Li, Ling; He, Wu; Xu, Li; Ash, Ivan; Anwar, Mohd; Yuan, Xiaohong

Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior

International Journal of Information Management

As internet technology and mobile applications increase in volume and complexity, malicious cyber-attacks are evolving, and as a result society is facing greater security risks in cyberspace more than ever before. This study has extended the published literature on cybersecurity by theoretically defining the conceptual domains of employees’ security behavior, and developed and tested operational measures to advance information security behavior research in the workplace. A conceptual framework is proposed and tested using survey results from 579 business managers and professionals. Structural equation modeling and ANOVA procedures are employed to test the proposed hypotheses. The results show that when employees are aware of their company’s information security policy and procedures, they are more competent to manage cybersecurity tasks than those who are not aware of their companies’ cybersecurity policies. The study also indicates that an organizational information security environment positively influences employees’ threat appraisal and coping appraisal abilities, which in turn, positively contribute to their cybersecurity compliance behavior.

Information security; Protection motivation theory; Cues to action; Cybersecurity policy compliance; Peer behavior

ScienceDirect

Sharafaldin, Iman; Lashkari, Arash Habibi; Ghorbani, Ali A.

Computers & Security

Visualization helps to comprehend and analyze large amounts of data, a fundamental necessity for network security due to the large volume of audits traces produced each day. In this paper, we dissect the majority of recent work conducted in network security visualization and offer a taxonomy that provides a basis for classifying recently published works using nine criteria. Moreover, a comprehensive evaluation framework for comparing and ranking network security visualization systems and techniques is developed and presented. Finally, we present a taxonomy of network attacks, which covers most of the existing network attacks and provides a framework for the categorization of recent network security visualization systems.

Evaluation framework; Information visualization; Network attack taxonomy; Network attacks; Network security visualization

ScienceDirect

Accorsi, Rafael; Lehmann, Andreas; Lohmann, Niels

Information leak detection in business process models: Theory, application, and tool support

Information Systems

Despite the correct deployment of access control mechanisms, information leaks can persist and threaten the reliability of business process execution. This paper presents an automated and effective approach for the verification of information flow control for business process models. Building on the concept of place-based non-interference and declassification, the core contribution of this paper is the application of Petri net reachability to detect places in which information leaks occur. Such a feature allows for the use of state-of-the-art tool support to model-check business process models and detect leaks. We show that the approach is sound and complete, and present the Anica tool to identify leaks. An extensive evaluation comprising over 550 industrial process models is carried out and shows that information flow analysis of process models can be done in milliseconds. This motivates a tight integration of business process modeling and non-interference checking.

Automated analysis; Business process security; Software and process engineering

ScienceDirect

Hassan, Charaf; Tuschák, Róbert; Vajk, István; Bars, Ruth; Hetthéssy, Jenö; Kovács, Ferenc; Szitnyai, György

IFAC Proceedings Volumes

At the Department of Automation, Technical University of Budapest in the last years the basic course of control theory has been renewed significantly using CAD devices, especially Matlab in the computer classroom. In this way the theoretical knowledge became more understandable and convincing for the students. Recently the Internet culture has burst into our everyday life, providing new possibilities for control education, too. It was a challenge lo combine the facilities provided both by the Web and Matlab. In the background of the system the Matlab program package supports the teaching process executing the computations. A new control curriculum using these facilities has been being developed.

user interfaces; reachability; CAD/CAM models; control education; integration; teaching

ScienceDirect

Johnston, Andy; Reust, Jessica

Digital Investigation

As new legislation is written mandating notification of affected parties following the compromise of confidential data, reliable investigative procedures into unauthorized access of such data assume increasing importance. The increasing costs and penalties associated with exposure of sensitive data can be mitigated through forensic preparation and the ability to employ digital forensics. A case study of the compromise of several systems containing sensitive data is outlined, with particular attention given to the procedures followed during the initial response and their impact on the subsequent digital forensic examination. Practical problems and challenges that arise in intrusion investigations are discussed, along with solutions and methodologies to address these issues. This case study illustrates both the importance of evaluating the evidence analyzed and of corroborating findings and conclusions with multiple independent sources of evidence. An initial response that incorporates forensic procedures provides a solid foundation for a successful and thorough forensic examination.

Incident response; Compromise of sensitive information; Digital forensic examination; Forensic preparedness; Intrusion investigation; Network forensics

ScienceDirect

Khan, Saad; Parkinson, Simon

Journal of Information Security and Applications

Vulnerability assessment and security configuration of computer systems is heavily dependent on human experts, which are widely attributed as being in short supply. This can result in a system being left insecure because of the lack of easily accessible experience and specialist resources. While performing security tasks, human experts often revert to a system’s event logs to establish security information (configuration changes, errors, etc.). However, finding and exploiting knowledge from event logs is a challenging and time-consuming task for non-experts. Hence there is a strong need to provide mechanisms to make the process easier for security experts, as well as providing tools for those with significantly less security expertise. In this paper, we present a novel technique to process security event logs of a system that have been evaluated and configured by a security expert, extract key domain knowledge indicative of human decision making, and automatically apply acquired knowledge to previously unseen systems by non-experts to propose security improvements. The proposed solution utilises rule mining algorithms to extract security actions from event log entries. The set of identified rules is represented as a domain action model. The domain model and problem instance generated from a previously unseen system can then be used to produce a plan-of-action, which can be exploited by non-professionals to improve their system’s security. Empirical analysis is subsequently performed on 21 event logs, where the acquired domain model and identified plans are discussed in terms of accuracy and performance.

Event logs; Association rule mining; Automated planning; Causality

ScienceDirect

Vulnerabilities and mitigation techniques toning in the cloud: A cost and vulnerabilities coverage optimization approach using Cuckoo search algorithm with Lévy flights

Computers & Security

Information and Communication Technology (ICT) security issues have been a major concern for decades. Today's ICT infrastructure faces sophisticated attacks using combinations of multiple vulnerabilities to penetrate networks with devastating impact. With the recent rise of cloud computing as a new utility computing paradigm, organizations have been considering it as a viable option to outsource major IT services in order to cut costs. Some organizations have opted for a private or hybrid cloud to take advantage of the emerging technologies and services. However, ICT security issues have to be appropriately mitigated. This research proposes a cloud security framework and an approach for vulnerabilities coverage and cost optimization using Cuckoo search algorithm with Lévy flights as random walks. The objective is to mitigate an identified set of vulnerabilities using a selected set of techniques when minimizing cost and maximizing coverage. The results show that Cloud Computing providers and organizations implementing cloud technology within their premises can effectively balance IT security coverage and cost using the proposed approach.

Cloud computing; Cuckoo search algorithm; ICT security; Lévy flights algorithm; Optimization; Vulnerabilities mapping

ScienceDirect

Landauer, Max; Skopik, Florian; Wurzenberger, Markus; Rauber, Andreas

Computers & Security

Log files give insight into the state of a computer system and enable the detection of anomalous events relevant to cyber security. However, automatically analyzing log data is difficult since it contains massive amounts of unstructured and diverse messages collected from heterogeneous sources. Therefore, several approaches that condense or summarize log data by means of clustering techniques have been proposed. Picking the right approach for a particular application domain is, however, non-trivial, since algorithms are designed towards specific objectives and requirements. This paper therefore surveys existing approaches. It thereby groups approaches by their clustering techniques, reviews their applicability and limitations, discusses trends and identifies gaps. The survey reveals that approaches usually pursue one or more of four major objectives: overview and filtering, parsing and signature extraction, static outlier detection, and sequences and dynamic anomaly detection. Finally, this paper also outlines a concept and tool that support the selection of appropriate approaches based on user-defined requirements.

Cyber security; Anomaly detection; Log clustering; Log mining; Signature extraction

ScienceDirect

Zhang, Qikun; Wang, Xianmin; Yuan, Junling; Liu, Lu; Wang, Ruifang; Huang, Hong; Li, Yuanzhang

A hierarchical group key agreement protocol using orientable attributes for cloud computing

Information Sciences

Group key agreement is one of the key technologies for ensuring information exchange security among group members. Due to different sensitivities of the information, group members may only want to exchange certain secret information under certain circumstances, and also due to different access permissions of member, certain information exchange may aim at different access authorities. Aiming at these requirements, a hierarchical group key agreement protocol using orientable attribute (HGKA-OA) is proposed in this paper. In this protocol, different secret information is shared among a set of members who have different authority levels. Assuming different permission levels correspond to different attributes or their combinations of the terminal, when one people has some secret information he can exchange information with some people who have the appropriate level of security permissions, rather than all the members in the group. The proposed scheme eliminates a majority of the computation task of terminals by moving identity authentication computation to the registration. In addition, the group key factors are also calculated before the group key agreement, which eliminates most of computation overhead due to group key agreement. This protocol is proven secure under the Decisional Bilinear Diffie-Hellman (DBDH) problem assumption and performance analysis shows that the proposed scheme is more efficient than existing works.

Asymmetric group key agreement; Attribute-based sharing permissions; Information exchange; Permission level

ScienceDirect

Ezhei, Mansooreh; Ladani, Behrouz Tork

Expert Systems with Applications

Sharing cyber security information helps firms to decrease cyber security risks, prevent attacks, and increase their overall resilience. Hence it affects reducing the social security cost. Although previously cyber security information sharing was being performed in an informal and ad hoc manner, nowadays through development of information sharing and analysis centers (ISACs), cyber security information sharing has become more structured, regular, and frequent. This is while, the privacy risk and information disclosure concerns are still major challenges faced by ISACs that act as barriers in activating the potential impacts of ISACs. This paper provides insights on decisions about security investments and information sharing in consideration of privacy risk and security knowledge growth. By the latest concept i.e. security knowledge growth, we mean fusing the collected security information, adding prior knowledge, and performing extra analyses to enrich the shared information. The impact of this concept on increasing the motivation of firms for voluntarily sharing their sensitive information to authorities such as ISACs has been analytically studied for the first time in this paper. We propose a differential game model in which a linear fusion model for characterizing the process of knowledge growth via the ISAC is employed. The Nash equilibrium of the proposed game including the optimized values of security investment, and the thresholds of data sharing with the price of privacy are highlighted. We analytically find the threshold in which the gain achieved by sharing sensitive information outweighs the privacy risks and hence the firms have natural incentive to share their security information. Moreover, since in this case the threshold of data sharing and the security investment levels chosen in Nash equilibrium may be lower than social optimum, accordingly we design mechanisms which would encourage the firms and lead to a socially optimal outcome. The direct impact of the achieved results is on analyzing the way ISACs can convince firms to share their security information with them.

Privacy; Information sharing; Differential game; Information security economics; Security investment; Security knowledge growth

ScienceDirect

Park, Jaemin; Park, Sungjin; Kang, Brent Byunghoon; Kim, Kwangjo

Computers & Security

Software Guard Extensions (SGX) is a good candidate to address sensitive information disclosure in cloud computing because SGX creates enclaves for applications that protect security sensitive code and data from malicious access. However, existing SGX-enabled Virtual Machine Managers (VMMs) do not provide live migration of SGX-enabled Virtual Machines (VMs). This management operation is impossible because the VMM cannot directly access the Enclave Page Cache (EPC) pages where the VM’s enclaves reside. SGX supports the EPC page swapping mechanism that evicts the EPC pages into the untrusted memory which the VMM can access. However, this mechanism has the limitations to be applied to enclave migration. In this paper, we propose an SGX extension for migrating enclaves called eMotion that adds additional instructions and migration support to the SGX architecture for enabling the secure managed migration of running enclaves. eMotion allows that the participating hosts establish a key used in enclave migration and the VMMs in the hosts migrate running enclaves using the established key. We implement a prototype on top of OpenSGX, an open source SGX emulator, to demonstrate the operations of eMotion and to estimate the impact on enclave migration.

Enclave migration; Managed migration; OpenSGX; SGX; Trusted execution environment

ScienceDirect

Mokdad, Akram; Probst, Wilfried

Telematics and Informatics

In the past 20 years, Network and Systems Management (N&SM) has thrived on mostly centralized or weakly distributed paradigms. Advances in technologies and software engineering suggested new ways of doing N&SM. The computational object approach is one of the main management technologies that have recently appeared. Based on this approach, the architecture proposed in this paper uses programming concepts instead of protocol concepts and conceals protocol complexity by easily manipulated components. Concerning the information model, the Common Information Model (CIM) is used which is designed in an object-oriented manner that is the key behind scalable N&SM.The implementation is done in the Windows environment and using the C++ programming language.

Common information model; Computational objects; Distributed objects; Network and Systems Management; Object-oriented methodology; Web-Based Enterprise Management

ScienceDirect

Bashir, Masooda; Wee, Colin; Memon, Nasir; Guo, Boyi

Profiling cybersecurity competition participants: Self-efficacy, decision-making and interests predict effectiveness of competitions as a recruitment tool

Computers & Security

This paper presents the main results of a large-scale survey on cybersecurity competition participants in the past decade. 588 participants of the Cybersecurity Awareness Week (CSAW) competition were surveyed with measures of personality, interests, culture, decision-making and attachment styles in an exploratory study designed to identify the characteristics of cybersecurity competition participants. Subgroups analyses were performed to examine individual differences between self-proclaimed hackers and non-hackers, males and females, and cybersecurity employees versus students. Regression analyses were used to identify variables that influenced the extent to which cybersecurity competitions were effective at convincing participants to pursue a future career in cybersecurity. Cybersecurity participants who displayed higher self-efficacy, rational decision-making style, and more investigative interests were more likely to declare an interest in a career in cybersecurity after the competition.

Cybersecurity; Information assurance; Career choice; Cybersecurity competitions; Human factors; Recruitment

ScienceDirect

Chakraborty, Rajarshi; Lee, Jaeung; Bagchi-Sen, Sharmistha; Upadhyaya, Shambhu; Rao, H. Raghav

Online shopping intention in the context of data breach in online retail stores: An examination of older and younger adults

Decision Support Systems

Data breaches through hacking incidents have become a significant phenomenon in the world of online shopping. These breaches can result in loss of personal data belonging to customers. This study builds a research model to examine people's intention to engage in e-commerce in the context of a significant data breach (the Target breach in December 2013). In addition, this paper focuses on the difference in responses regarding post-breach online shopping intent among younger adults (below 55years) and older adults (senior citizens—above 55years). Our findings show the importance of internal (self) monitoring of bank transactions in reducing the effect of perceptions of severity of data breaches on post-breach online shopping intent particularly for senior citizens. The study also demonstrates that perceptions of severity of a hacking incident are significant drivers of perceived online shopping risk for both age groups. Further, perceptions of severity of a hacking incident are significant drivers of post-breach online shopping intent but only marginally significant for younger adults. Trusting beliefs in online shopping services and attitude toward e-commerce are significant for the older generation for post-breach online shopping intentions and also for younger adults. Gender is significant for seniors while it is not significant for younger adults. The impact of perceived online shopping risk on post-breach online shopping is significantly different between the two age groups. The implication of this research lies in informing shopping websites the need to prepare better plans for notifying customers about not only data breaches but also their proposed mitigation steps so as to increase trust and reduce perceived risks associated with online shopping.

Trust; Age; Data breach; Internal monitoring; Online shopping; Perceived risk

ScienceDirect

Digital Investigation

Immature IT security, increasing network connectivity and unwavering media attention is causing an increase in the number of control system cyber security incidents. For forensic examinations in these environments, knowledge and skills are needed in the field of hardware, networks and data analysis. For forensic examiners, this paper is meant to be a crash course on control systems and their forensic opportunities, focussing on the differences compared to regular IT systems. Assistance from experienced field engineers during forensic acquisition of control systems seems inevitable in order to guarantee process safety, business continuity and examination efficiency. For people working in the control system community, this paper may be helpful to get an idea about specific forensic issues about which they would normally not bother, but may be crucial as soon as their systems are under attack or become part of a law enforcement investigation. For analysis of acquired data, existing tools for network security monitoring have useful functionality for forensic applications but are designed for real-time acquisition and often not directly usable for post-mortem analysis of acquired data in a forensically sound way. The constant and predictable way in which control systems normally behave makes forensic application of anomaly-based threat detection an interesting topic for further research.

Cyber security; SCADA; Forensics; Control systems; ICS

ScienceDirect

Mitropoulos, Sarandis; Patsos, Dimitrios; Douligeris, Christos

Computers & Security

Incident Response has always been an important aspect of Information Security but it is often overlooked by security administrators. Responding to an incident is not solely a technical issue but has many management, legal, technical and social aspects that are presented in this paper. We propose a detailed management framework along with a complete structured methodology that contains best practices and recommendations for appropriately handling a security incident. We also present the state-of-the art technology in computer, network and software forensics as well as automated trace-back artifacts, schemas and protocols. Finally, we propose a generic Incident Response process within a corporate environment.

Computer forensics; Incident Handling; Incident Response; Internet forensics; Software forensics; Trace-back mechanisms

ScienceDirect

Biondi, Fabrizio; Given-Wilson, Thomas; Legay, Axel

Information Sciences

Preserving the privacy of private communication is a fundamental concern of computing addressed by encryption. Information-theoretic reasoning models unconditional security where the strength of the results does not depend on computational hardness or unproven results. Usually the information leaked about the message by the ciphertext is used to measure the privacy of a communication, with perfect secrecy when the leakage is 0. However this is hard to achieve in practice. An alternative measure is the equivocation, intuitively the average number of message/key pairs that could have produced a given ciphertext. We show a theoretical bound on equivocation called max-equivocation and show that this generalizes perfect secrecy when achievable, and provides an alternative measure when perfect secrecy is not achievable. We derive bounds for max-equivocation for symmetric encoder functions and show that max-equivocation is achievable when the entropy of the ciphertext is minimized. We show that max-equivocation easily accounts for key re-use scenarios, and that large keys relative to the message perform very poorly under equivocation. We study encoders under this new perspective, deriving results on their achievable maximal equivocation and showing that some popular approaches such as Latin squares are not optimal. We show how unicity attacks can be naturally modeled, and how relaxing encoder symmetry improves equivocation. We present some algorithms for generating encryption functions that are practical and achieve 90−95% of the theoretical best, improving with larger message spaces.

Entropy; Max-equivocation; Perfect secrecy; Private-key cryptography; Symmetric encryption; Unconditional security

ScienceDirect

Finogeev, Alexey G.; Finogeev, Anton A.

Information attacks and security in wireless sensor networks of industrial SCADA systems

Journal of Industrial Information Integration

The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical research the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks. The cryptographic encryption tasks in the wireless sensor networks have been resolved by means of the built-in mechanism for symmetric AES encryption with 128 bit keys according to the ZigBee Pro Feature Set specification. However, analysis of the current state in the field of security of wireless sensor networks has shown that the key management problem is almost no solved. The article considers the problems and objectives of key management for data encryption in wireless sensor networks (WSN) of SCADA systems. The structure of the key information in the ZigBee network and methods of keys obtaining are discussed. The use of a hybrid key management schemes is most suitable for WSN. The session symmetric key is used to encrypt the sensor data, asymmetric keys are used to encrypt the session key transmitted from the routing information. Three algorithms of hybrid key management using routing information frames determined by routing methods and the WSN topology are presented.

Information security; Network attacks; Intrusion detection system; Key management; Attacks detection; Data encryption; Routing protocol; SCADA system; Wireless sensor network

ScienceDirect

Karbab, ElMouatez Billah; Debbabi, Mourad

MalDy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports

Digital Investigation

In response to the volume and sophistication of malicious software or malware, security investigators rely on dynamic analysis for malware detection to thwart obfuscation and packing issues. Dynamic analysis is the process of executing binary samples to produce reports that summarise their runtime behaviors. The investigator uses these reports to detect malware and attribute threat types leveraging manually chosen features. However, the diversity of malware and the execution environments make manual approaches not scalable because the investigator needs to manually engineer fingerprinting features for new environments. In this paper, we propose, MalDy (mal die), a portable (plug and play) malware detection and family threat attribution framework using supervised machine learning techniques. The key idea of MalDy portability is the modeling of the behavioral reports into a sequence of words, along with advanced natural language processing (NLP) and machine learning (ML) techniques for automatic engineering of relevant security features to detect and attribute malware without the investigator intervention. More precisely, we propose to use bag-of-words (BoW) NLP model to formulate the behavioral reports. Afterward, we build ML ensembles on top of BoW features. We extensively evaluate MalDy on various datasets from different platforms (Android and Win32) and execution environments. The evaluation shows the effectiveness and the portability of MalDy across the spectrum of the analyses and settings.

Malware; Android; Machine learning; Behavioral analysis; NLP; Win32

ScienceDirect

Domínguez, Manuel; Prada, Miguel A.; Reguera, Perfecto; Fuertes, Juan J.; Alonso, Serafín; Morán, Antonio

Cybersecurity training in control systems using real equipment**This work was supported by the Spanish Secretary of State for Research, Development and Innovation (Ministry of Economy and Competitivity), under grant UNLE13-3E-1578 of the National Programme for Fostering Excellence in Scientific and Technical Research -FEDER funds, and by the Spanish National Cybersecurity Institute (INCIBE), through the 17th Addendum of the Framework Agreement between INCIBE and the University of León

IFAC-PapersOnLine

The relevance of cybersecurity in the field of critical infrastructures has been reinforced in the last years, as a result of the increased number of incidents. The European Union has developed policies oriented to promote research and education in security and critical infrastructure protection. It is widely recognized that there is a shortage of qualified cybersecurity professionals due to the increasing demand. The situation is even more serious in the area of cybersecurity of critical infrastructures, due to the special characteristics of the control and monitoring systems needed for their operation. Furthermore, there is a knowledge gap between the industrial control experts, who generally have not received training in computer security, and the cybersecurity experts, who ignore the operation of industrial control systems. It is therefore necessary to create educational environments that support training and research oriented to bridge this gap without. For that reason, this paper presents a Laboratory of Critical Infrastructures Cybersecurity (CICLab) that is flexible enough to create different settings that simulate real situations on the critical infrastructure control systems. For that purpose, the laboratory includes different field, control and monitoring technologies that are widely used in four sectors: industry, energy management, building management and smart cities. Some educational activities are presented in the framework of this laboratory.

12179 - 12184

Cybersecurity; Education; Industrial Control Systems; Laboratory

ScienceDirect

Lin, Jiaping; Niu, Jianwei; Li, Hui; Atiquzzaman, Mohammed

Future Generation Computer Systems

With the advance of wireless communication techniques and the popularity of embedded devices, Location-Based Service (LBS) has gained a great attention in the Internet-of-Things (IoT) recently. For instance, in smart transportation, reporting all the drivers’ location in a regular frequency is conducive to sense urban traffic congestion. However, it also posts a serious threat to drivers’ privacy because of the exposure to the real-time location. To alleviate this problem, we propose a Secure and Efficient Location-based Service (SELS) scheme for smart transportation in this paper. In the SELS scheme, drivers first utilize smart phones to encrypt their location-based data and then outsource them to a cloud center incessantly. Then they have the ability to call the cloud center to compute the ciphertext of LBS queries, by using a secure homomorphic encryption scheme and group signature scheme. After decrypting the ciphertext, they obtain accurate results of the queries without sacrificing the location privacy. Furthermore, the SELS scheme also supports multi-dimension data by employing a weighted distance algorithm. Finally, the security of the SELS scheme is proved and the cost of computation and communication is analyzed, in order to prove the security and efficiency of the scheme.

Internet-of-Things (IoT); Location-based Service (LBS); Outsourced cloud; Privacy preserving

ScienceDirect

Discrete Applied Mathematics

Known secure multi-party computation protocols are quite complex, involving non-trivial mathematical structures and sub-protocols. The purpose of this paper is to present a very simple approach to secure multi-party computation with straight-forward security proofs. This approach naturally yields protocols secure for mixed (active and passive) corruption and general (as opposed to threshold) adversary structures, confirming the previously proved tight bounds in a simpler framework. Due to their simplicity, the described protocols are well-suited for didactic purposes, which is a main goal of this paper.

Adversary structures; Secure multi-party computation; Verifyable secret sharing

ScienceDirect

Suarez-Tangil, Guillermo; Palomar, Esther; Ribagorda, Arturo; Sanz, Ivan

Information Fusion

Security information and event management (SIEM) is considered to be a promising paradigm to reconcile traditional intrusion detection processes along with most recent advances on artificial intelligence techniques in providing automatic and self-adaptive systems. However, classic management-related flaws still persist, e.g. the fusion of large amounts of security events reported from many heterogeneous systems, whilst novel intriguing challenges arise specially when dealing with the adaptation to newly encountered and multi-step attacks. In this article, we provide SIEM correlation with self-adaptation capabilities to optimize and significantly reduce the intervention of operators. In particular, our enhanced correlation engine automatically learns and produces correlation rules based on the context for different types of multi-step attacks using genetic programming. The context is considered as the knowledge and reasoning, not only acquired by a human expert but also inferred by our system, which assist in the identification and fusion of events. In this regard, a number of artificial neural networks are trained to classify events according to the corresponding context established for the attack. Experimentation is conducted on a real deployment within OSSIM to validate our proposal.

SIEM; Adaptive system; Artificial neural networks; Event correlation; Genetic programming

ScienceDirect

Procedia Engineering

Present methods for evaluating reliance on the information system security do not take into account the socio-technical nature of the information system and modern humanitarian approaches to the evaluation of reliance on them. The article defines the term “reliance to the personnel security of the information system” and substantiates a multi-criteria classification that categorizes evaluation levels of the reliance on the information system personnel security. The classification is the scientific novelty of this research. Seven stated evaluation levels of reliance on the personnel security are relevant to the seven evaluation levels of reliance on the information technologies embodied in the international standard ISO / IEC 15408-3: 2008 Information Technology - Security Techniques - Evaluation Criteria For IT Security - Part 3. Security Assurance Components.

information security; assessment; information system.; level; personnel security; reliance; user

ScienceDirect

Askarov, Aslan; Hedin, Daniel; Sabelfeld, Andrei

Theoretical Computer Science

Cryptographic operations are essential for many security-critical systems. Reasoning about information flow in such systems is challenging because typical (noninterference-based) information-flow definitions allow no flow from secret to public data. Unfortunately, this implies that programs with encryption are ruled out because encrypted output depends on secret inputs: the plaintext and the key. However, it is desirable to allow flows arising from encryption with secret keys provided that the underlying cryptographic algorithm is strong enough. In this article we conservatively extend the noninterference definition to allow safe encryption, decryption, and key generation. To illustrate the usefulness of this approach, we propose (and implement) a type system that guarantees noninterference for a small imperative language with primitive cryptographic operations. The type system prevents dangerous program behavior (e.g., giving away a secret key or confusing keys and nonkeys), which we exemplify with secure implementations of cryptographic protocols. Because the model is based on a standard noninterference property, it allows us to develop some natural extensions. In particular, we consider public-key cryptography and integrity, which accommodate reasoning about primitives that are vulnerable to chosen-ciphertext attacks.

Cryptography; Information flow; Noninterference; Language-based security; Security type systems

ScienceDirect

Anastopoulos, Vasileios; Katsikas, Sokratis

Journal of Information Security and Applications

The collection of log data is a challenging operation for organizations that wish to monitor their infrastructure for security reasons. In this paper a methodology for the implementation of a log management infrastructure for real-time security monitoring on a large scale infrastructure is proposed. Related methods are adjusted and adopted to compose parts of the proposed methodology, avoiding to “re-invent the wheel” where possible. Social network analysis is employed to make and justify decisions that were formerly performed either intuitively or based on experience and vendors’ best practices. The methodology concludes with the creation of a repository of the necessary data. The result is an innovative methodology that can be used as a step-by-step guide for the implementation of a log management infrastructure in an organization. The proposed methodology is applied to a real WAN.

SIEM; Log management; Security monitoring; Social network analysis

ScienceDirect

Bhardwaj, Akashdeep; Goundar, Sam

Computer Fraud & Security

Cloud computing has become one of the most critical components of businesses and corporate organisations worldwide. It is a technology that has applications and services running on distributed networks and pooled virtualised resources that small, medium and large organisations can utilise to host their applications, processes and portals online via datacentres to provide access over the Internet to end users, customers and employees. In today's dynamic business world, traditional IT systems cannot keep up with ever-changing market demands and complex environments. Cloud computing has become one of the most critical components of enterprises worldwide. In today's dynamic business world, traditional IT systems cannot keep up with ever-changing market demands and complex environments. Many organisations are seeking an all-purpose cloud deployment to achieve increased service quality, which translates into better security and higher performance. In such cases, it becomes critical to concentrate on metrics for security and performance. Akashdeep Bhardwaj and Sam Goundar propose a framework for examining those two crucial elements.

ScienceDirect

Cazier, Joseph A.; Shao, Benjamin B. M.; Louis, Robert D. St

Information & Management

For e-business, location is irrelevant and competition is intense. To succeed in this environment, organizations must find new ways to differentiate themselves from their competition. One way to achieve e-business differentiation is to foster trust by building a perception of value congruence and avoiding a perception of value conflict. We explore how value congruence contributes to and how value conflict decreases trust in e-businesses. An experiment was conducted to examine the respective impacts of value congruence and value conflict on trust in an e-commerce setting. Our results show that, for e-businesses, value congruence has an enabling effect on trust while value conflict reduces trust. Such effects are strong enough to suggest that value congruence can be employed as an effective way for e-businesses to differentiate themselves while creating and sustaining competitive advantage. Managerial implications are drawn from our results.

E-commerce; Trust; Competitive advantage; Differentiation; E-business; Value conflict; Value congruence

ScienceDirect

Roos, Jan; Jordaan, Derick; Markgraaff, Marieta; Rooyen, Frieda van

Computer Communications

The standards for network management developed by the open systems interconnection working groups and prescribed by the OSI/NM Forum are based on the managed object and manager-agent concepts. Because multi-level management systems will exist, a management system must be able to support both manager and agent roles simultaneously. This manager role could be to agents, managed by the system and the agent role could be to a superior manager. Such a management system model is proposed and compared with other models defined for network management. Based on the model, an implementation architecture for management systems is described covering both the manager and agent roles. Aspects of a user interface for a network management system are also described. Some unique features of the user interface for multi-vendor, integrated network management are high-lighted.

user interface; network management; open systems interconnection; OSI/NM Forum

ScienceDirect

Chang, Beom-Hwan; Kim, Dong-Soo; Kim, Hyun-Ku; Na, Jung-Chan; Chung, Tai-Myoung

Future Generation Computer Systems

Due to its open protocol, the Internet has revolutionized computer networks, but this revolution brings new risks and threats. The best way to protect computer networks is to prevent attackers from intruding, using fast automated procedures. However, the current state of protection is insufficient, because providing for all attacks or preventing unknown types of attack is almost impossible, and the methods used are manual. We solve this problem by using active security management, based on sharing information about attacks and cooperation between organizations. Secure Zone Cooperation, a framework that establishes mutual collaboration and cooperation between trusted zones, can protect systems and networks from potential attacks. This framework can predict and respond to attacks by exchanging security information and cooperating with each zone. It is a dynamic, powerful security architecture that rapidly enables security policy to be updated and response modules to be deployed.

Active network; Secure Zone Cooperation; Security management

ScienceDirect

The thesis of this article is that cyber war technologies are spilling over into precision strike and nuclear mission areas. The result will transform deterrence and arms race stability and lead to other significant changes. The driver behind this is a combination of long standing problems with mobile missiles along with new technologies not usually factored into strategic assessments: big data analytics, computer vision, and related information systems. When combined with drones and precision strike, the hunt for mobile missiles is becoming faster, cheaper, and better. The implications of this finding vary by country, but will shape major power nuclear modernization, crisis stability among secondary powers, and conventional attack of nuclear deterrents.

ScienceDirect

Reyna, Ana; Martín, Cristian; Chen, Jaime; Soler, Enrique; Díaz, Manuel

Future Generation Computer Systems

In the Internet of Things (IoT) vision, conventional devices become smart and autonomous. This vision is turning into a reality thanks to advances in technology, but there are still challenges to address, particularly in the security domain e.g., data reliability. Taking into account the predicted evolution of the IoT in the coming years, it is necessary to provide confidence in this huge incoming information source. Blockchain has emerged as a key technology that will transform the way in which we share information. Building trust in distributed environments without the need for authorities is a technological advance that has the potential to change many industries, the IoT among them. Disruptive technologies such as big data and cloud computing have been leveraged by IoT to overcome its limitations since its conception, and we think blockchain will be one of the next ones. This paper focuses on this relationship, investigates challenges in blockchain IoT applications, and surveys the most relevant work in order to analyze how blockchain could potentially improve the IoT.

Internet of Things; Trust; Blockchain; Smart contract

ScienceDirect

Raja, M. Siva Niranjan; Vasudevan, A. R.

Procedia Computer Science

Security Information and Event Management (SIEM) is a combination of Security Information Management and Security Event Management. SIEM helps in the collection of events from heterogeneous devices and ordering into Common Event Format. The events collected are correlated and observed for changes in the system behaviour. Homogeneous Events such as DoS/Probe attacks can be detected by monitoring single event source. In this paper, TCP SYN flood attack is considered. RETE algorithm is applied on the network event attributes to formulate the rules and stored in database. An alert is triggered, when the rule for TCP SYN attack is matched.

Homogeneous Event; RETE Algorithm; SIEM tool; TCP SYN attack

ScienceDirect

Wu, Shinn-Shyan; Liu, Chen-Ching; Shosha, Ahmed F.; Gladyshev, Pavel

IFAC Proceedings Volumes

Abstract The concept of smart grid is built on both electrical and two-way information flow, which is intended to facilitate efficient usage of energy for the future. However, cyber security and information privacy issues have raised concerns as potential loopholes since large-scale communication networks will be needed to connect numerous devices from geographically dispersed sites to a control centre. Leakage or manipulation of sensitive operational data in a smart grid may result in serious financial losses as well as power system contingencies. Hence, for the interdependencies between the electric power infrastructure and networked computers, defence of the cyber network in a smart grid must be strengthened in order to avoid catastrophes that can be caused by electronic intrusions. The focus of this paper is to propose intrusion prevention systems to provide secure communications in a smart grid environment. Detailed functions of intrusion prevention systems are described and attack scenarios are developed to validate the effectiveness of the proposed methodology.

13696 - 13704

cyber security; information security; information and communications technology; intrusion prevention system; smart grid

ScienceDirect

Electronic Notes in Theoretical Computer Science

Language-based approaches to information security have led to the development of security type systems that permit the programmer to describe confidentiality policies on data. Security type systems are usually intended to enforce noninterference, a property that requires that high-security information not affect low-security computation. However, in practice, noninterference is often too restrictive—the desired policy does permit some information leakage. To compensate for the strictness of noninterference, practical approaches include some mechanism for declassifying high-security information. But such declassification is potentially dangerous, and its use should be restricted to prevent unintended information leaks. Zdancewic and Myers previously introduced the notion of robust declassification in an attempt to capture the desired restrictions on declassification, but that work did not propose a method for determining when a program satisfies the robust declassification condition. This paper motivates robust declassification and shows that a simple change to a security type system can enforce it. The idea is to extend the lattice of security labels to include integrity constraints as well as confidentiality constraints and then require that the decision to perform a declassification have high integrity.