Filters








461 Hits in 6.1 sec

All your clouds are belong to us

Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono
2011 Proceedings of the 3rd ACM workshop on Cloud computing security workshop - CCSW '11  
As a follow up to those discoveries, we additionally describe the countermeasures against these attacks, as well as introduce a novel "black box" analysis methodology for public Cloud interfaces.  ...  In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus).  ...  We would also like to thank Xiaofeng Lou for his contributions.  ... 
doi:10.1145/2046660.2046664 dblp:conf/ccs/SomorovskyHJSGI11 fatcat:ytxh57hokzdpfbs563njgmo4fy

SEED

Wenliang Du, Ronghua Wang
2008 Journal on Educational Resources in Computing  
These labs provide opportunities for students to develop essential skills for secure computing practice. We have been using these labs in our courses during the last five years.  ...  To achieve effective education, learning security principles must be grounded in experience. This calls for effective laboratory exercises (or course projects).  ...  These labs will include more recent vulnerabilities and attacks, such as SQL injection attacks, cross-site scripting attacks, integer overflow attacks, etc.  ... 
doi:10.1145/1348713.1348716 fatcat:5l5o5rcrhneodpjngbwq5m4bjq

Paper titles

2020 2020 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-Taiwan)  
worker safety in noisy working environments A Power Management Unit Design for a Wearable ECG Application A Practical Exercise System Using Virtual Machines for Learning Cross-Site Scripting Countermeasures  ...  Web-based Virtual Reality Innovative Services Developing Cross-platform Web-based Virtual Reality Innovative Services Developing Immersion Virtual Reality for Supporting the Students to Learn Concepts  ... 
doi:10.1109/icce-taiwan49838.2020.9258179 fatcat:2eheaztzhncixhbvp7nrbzml4m

Incorporating active learning activities to the design and development of an undergraduate software and web security course

Thitima Srivatanakul, Fenio Annansingh
2021 Journal of Computers in Education  
Maintaining and protecting these systems requires a workforce that is educated with the practical and technical skills needed by cybersecurity experts for information warfare and non-technical skills demanded  ...  A course evaluation survey has suggested favorable results using active learning activities in the class.  ...  Data availability The datasets used and/or analyzed during the current study are available from the corresponding author on reasonable request.  ... 
doi:10.1007/s40692-021-00194-9 fatcat:kujfnbs4uvbnvdbvjs5t5a6hhe

Penetration Testing Curriculum Development in Practice

Chengcheng Li
2015 Journal of Information Technology Education Innovations in Practice  
The purpose of ethical hacking or penetration testing is to know what the "enemy" can do and then generate a report for the management team to aid in strengthening the system, never to cause any real damages  ...  "If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.  ...  A more comprehensive lab is installed on a "Sandbox" system which is a cloud-based VMware vSphere lab. There are eleven virtual machines (VM) preinstalled for each student in the Sandbox.  ... 
doi:10.28945/2189 fatcat:skhzetm4d5aapprj6vr4the5uu

Teaching Cybersecurity Using the Cloud

Khaled Salah, Mohammad Hammoud, Sherali Zeadally
2015 IEEE Transactions on Learning Technologies  
The cloud we used for this course was the Amazon Web Services (AWS) public cloud.  ...  Specifically, we share our experience when using cloud computing to teach a senior course on cybersecurity across two campuses via a virtual classroom equipped with live audio and video.  ...  ACKNOWLEDGMENTS The authors thank the anonymous reviewers for their valuable comments, which helped us to improve the content, quality, and presentation of this paper.  ... 
doi:10.1109/tlt.2015.2424692 fatcat:avioihlxs5bevhzehpzdyflqpu

Down the Rabbit Hole: Fostering Active Learning through Guided Exploration of a SCADA Cyber Range

Tiago Cruz, Paulo Simões
2021 Applied Sciences  
In this perspective, hands-on exercises and contact with high-fidelity environments play a vital part in fostering interest and promoting a rewarding learning experience.  ...  Making this possible requires having the ability to design and deploy different use case training scenarios in a flexible way, tailored to the specific needs of classroom-based, blended or e-learning teaching  ...  ) challenges, self-contained within Virtual Machines, to working with emulated or simulated environments, for pentesting, vulnerability assessment or to provide practical experience on dealing with various  ... 
doi:10.3390/app11209509 fatcat:vbt5o7l7wrgvxcs4fkipixhbg4

A retrospective on the VAX VMM security kernel

P.A. Karger, M.E. Zurko, D.W. Bonin, A.H. Mason, C.E. Kahn
1991 IEEE Transactions on Software Engineering  
The VAX Security Kernel supports multiple concurrent virtual machines on a single VAX system, providing isolation and controlled sharing of sensitive data.  ...  The kernel performs sufficiently well that much of its development was carried out in virtual machines running on the kernel itself, rather than in a conventional time-sharing system.  ...  Finally, we must thank our team from the National Computer Security Center for their participation throughout the long development effort and the referees for their suggestions for improving this paper  ... 
doi:10.1109/32.106971 fatcat:e3ba6srg3vfrjc5uwmehcpgxjq

A Comprehensive Overview on Cybersecurity: Threats and Attacks

Preetha S, P. Lalasa, Pradeepa R
2021 VOLUME-8 ISSUE-10, AUGUST 2019, REGULAR ISSUE  
A strong understanding of such attacks would benefit us to be cautious and develop effective solutions.  ...  With the increased use of technologies in our life, the cybercrimes have amplified.  ...  ACKNOWLEDGMENT The authors would like to acknowledge BMS college of Engineering and TEQIP III phase for their immense support in carrying out and encouraging this research work.  ... 
doi:10.35940/ijitee.h9242.0610821 fatcat:s46wfv2e4ffcjm53cjwqznk43e

The Spy in the Sandbox

Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Our attack, which is an extension to the last-level cache attacks of Liu et al. [14] , allows a remote adversary to recover information belonging to other processes, users, and even virtual machines running  ...  In addition, we show how it can be used to compromise user privacy in a common setting, letting an attacker spy after a victim that uses private browsing.  ...  Any opinions, findings, conclusions, or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government or ONR.  ... 
doi:10.1145/2810103.2813708 dblp:conf/ccs/OrenKSK15 fatcat:gg3mql62xbalpp6uiwx3ckldxq

Drive-By Key-Extraction Cache Attacks from Portable Code [chapter]

Daniel Genkin, Lev Pachmanov, Eran Tromer, Yuval Yarom
2018 Lecture Notes in Computer Science  
The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running  ...  ., enticed by phishing), or a page into which the attacker can inject HTML code (e.g., by a cross-site scripting attack).  ...  Whenever a user navigated to a site that uses that service, and our ad was selected for display, the attack code was triggered (see Fig. 1 ).  ... 
doi:10.1007/978-3-319-93387-0_5 fatcat:n47wbyz5zfgatpeka77sluw26a

STORM - Collaborative Security Management Environment [chapter]

Theodoros Ntouskas, George Pentafronimos, Spyros Papastergiou
2011 Lecture Notes in Computer Science  
Security Management is a necessary process in order to obtain an accurate security policy for Information and Communication Systems (ICS).  ...  Identifying these weaknesses and exploiting advanced open-source technologies and interactive software tools, we propose a secure, collaborative environment (STORM) for the security management of ICS's  ...  The authors would like to thank the GSRT for funding the S-Port project, and the E.C. for funding the ImmigrationPolicy2.0 project.  ... 
doi:10.1007/978-3-642-21040-2_23 fatcat:qmgepfhmgvdtffao7com65kxjy

Feature-based Malicious URL and Attack Type Detection Using Multi-class Classification

Dharmaraj R. Patil, Jayantrao Bhaurao Patil
2018 Isecure  
Experiments are performed on the binary and multi-class dataset using the aforementioned machine learning classifiers.  ...  To evaluate the proposed approach, the state-of-the-art supervised batch and online machine learning classifiers are used.  ...  They used a number of machine learning algorithms for the purpose of evaluation.  ... 
doi:10.22042/isecure.2018.0.0.1 dblp:journals/isecure/PatilP18 fatcat:t22tysad3vavdipfxs2osj6qiq

How to Train Your Browser

Dimitris Mitropoulos, Konstantinos Stroggylos, Diomidis Spinellis, Angelos D. Keromytis
2016 ACM Transactions on Privacy and Security  
Cross-Site Scripting (XSS) is one of the most common web application vulnerabilities. It is therefore sometimes referred to as the "buffer overflow of the web."  ...  This layer is designed to detect every script that reaches the browser, from every possible route, and compare it to a list of valid scripts for the site or page being accessed; scripts not on the list  ...  ACKNOWLEDGMENTS We thank Georgios Gousios for helping us port the Crawljax framework. We also thank George Argyros, Vasileios P.  ... 
doi:10.1145/2939374 fatcat:cf7pd4hlbrezrmrwdxnlnm2oaa

A Scenario-Based Methodology for Cloud Computing Security Risk Assessment

Ishraga Mohamed Ahmed Khogali, Hany Ammar
2017 International journal for innovation education and research  
In this paper, we use the National Institute of Standards and Technology (NIST) Risk Management Framework and present a dynamic scenario-based methodology for risk assessment.  ...  Existing work does not address the dynamic nature of cloud applications and there is a need for methods that calculate the security risk factor dynamically.  ...  References: Figure 1 : 1 NIST Risk Assessment Methodology Flowchart [18] Vol: , Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF) , Buffer Overflows , Weak Authentication and/or Session  ... 
doi:10.31686/ijier.vol5.iss12.875 fatcat:cpdqr65jtbdddid7zjlc5e6jky
« Previous Showing results 1 — 15 out of 461 results