713 Hits in 5.2 sec

Securing networked embedded systems code through distributed systems analysis

Fernando A. Teixeira, Jose M. S. Nogueira, Leonardo B. Oliveira
2017 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)  
Things and Cloud Computing are increasing the importance of techniques to analyze and understand Networked Embedded Systems.  ...  outra, uma ferramenta que chamamos de DistViewer, usa os grafos gerados pelo arcabouço para fornecer uma visão inter-programa do sistema distribuído. ix Abstract New technologies such as the Internet of  ...  The instance SIoT described in Section 4.2 detects memory accesses that are vulnerable to buer overow attacks.  ... 
doi:10.23919/inm.2017.7987383 dblp:conf/im/TeixeiraNO17 fatcat:zacdqtdyqncj5nf5irwv7rsdgi

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing [article]

William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele
2020 arXiv   pre-print
We evaluate SRI's effectiveness by comparing the performance of micro-fuzzing with SRI, measured by the number of AC vulnerabilities detected, to simply using empty values as seed inputs.  ...  In this paper, we present HotFuzz, a framework for automatically discovering AC vulnerabilities in Java libraries.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as representing the official policies or endorsements, either expressed or implied, of any government agency  ... 
arXiv:2002.03416v1 fatcat:zb72iomeabdmjiig2yn5vdgsz4

Spectre is here to stay: An analysis of side-channels and speculative execution [article]

Ross Mcilroy, Jaroslav Sevcik, Tobias Tebbi, Ben L. Titzer, Toon Verwaest
2019 arXiv   pre-print
For (1) we introduce a mathematical meta-model that clarifies the source of side-channels in simulations and CPUs.  ...  In the face of this reality, we have shifted the security model of the Chrome web browser and V8 to process isolation.  ...  Acknowledgements Our work on Spectre was a close collaboration among dozens of engineers across several companies. We  ... 
arXiv:1902.05178v1 fatcat:yfsanonptreebphbefhyydfen4

POW-HOW: An enduring timing side-channel to evade online malware sandboxes [article]

Antonio Nappa, Panagiotis Papadopoulos, Matteo Varvello, Daniel Aceituno Gomez, Juan Tapiador, Andrea Lanzi
2021 arXiv   pre-print
Specifically, we leverage the asymptotic behavior of the computational cost of PoW algorithms when they run on some classes of hardware platforms to effectively detect a non bare-metal environment of the  ...  In this paper, we show how an attacker can evade detection on such online services by incorporating a Proof-of-Work (PoW) algorithm into a malware sample.  ...  Side-channel Measurement Various techniques have been proposed to detect if applications are running inside a sandbox/virtualizer/emulator.  ... 
arXiv:2109.02979v2 fatcat:2pgzanyjtrdjbmz7pqhz7qmcdi

The Meaning of Attack-Resistant Systems [article]

Vijay Ganesh, Sebastian Banescu, Martín Ochoa
2015 arXiv   pre-print
Can we quantify and show that these defense mechanisms provide formal security guarantees, albeit partial, even in the presence of exploitable vulnerabilities?".  ...  In our setting, a program may contain exploitable vulnerabilities, such as buffer overflows, but appropriate defense mechanisms built into the program or the operating system render such vulnerabilities  ...  On the other hand, in the past years several attacks have been published against implementation of many of those defense mechanisms: some of these attacks leverage side-channels (i.e. timing side-channels  ... 
arXiv:1502.04023v3 fatcat:fqpbykjrore5tib655lozlpfaq

High performance distributed Denial-of-Service resilient web cluster architecture

Supranamaya Ranjan, Edward Knightly
2008 NOMS 2008 - 2008 IEEE Network Operations and Management Symposium  
WARD is better-suited to handling overload conditions in dynamic web content, which are known to stress compute resources more than the network.  ...  This dissertation proposes a web hosting architecture consisting of a grid of clusters, to provide high-performance in the presence of standard overload conditions as well as resilience during attacks.  ...  Vulnerability to Attacks This section characterizes the effectiveness of layer-7 DDoS attacks in overwhelming the server resources on an e-commerce application.  ... 
doi:10.1109/noms.2008.4575272 dblp:conf/noms/RanjanK08 fatcat:442lbj36gnbfdnpo2a4wsd4lgy

Trend Towards the Use of Complex Networks in Cloud Computing Environment

Mini Singh Ahuja, Randeep Kaur, Dinesh Kumar
2015 International Journal of Hybrid Information Technology  
Computation in cloud is completed with the aim to reach maximum resource utilization with higher availability at minimized cost.  ...  Its main focus may be the analysis of small networks to that particular of system with thousands or millions of node.  ...  The flip side is that such networks are vulnerable to deliberate attacks on the hubs [7] .  ... 
doi:10.14257/ijhit.2015.8.3.26 fatcat:yonoeg54pjfrjpxvcgg6ala5pa

Research challenges towards the Future Internet

Marco Conti, Song Chong, Serge Fdida, Weijia Jia, Holger Karl, Ying-Dar Lin, Petri Mähönen, Martin Maier, Refik Molva, Steve Uhlig, Moshe Zukerman
2011 Computer Communications  
This calls for extraordinary research efforts at all levels of the protocol stack to address the challenges of existing and future networked applications and services in terms of scalability, mobility,  ...  , identified by members of the journal editorial board to stimulate further research activities in these areas.  ...  resolution video is played back across screens of two mobile devices placed side by side.  ... 
doi:10.1016/j.comcom.2011.09.001 fatcat:wuuutbnyafglditfge46ejs2yu

A Decentralized and Proactive Architecture based on the Cyber Physical System Paradigm for Smart Transmission Grids Modelling, Monitoring and Control

E. M. Carlini, G. M. Giannuzzi, P. Mercogliano, P. Schiano, A. Vaccaro, D. Villacci
2016 Technology and Economics of Smart Grids and Sustainable Energy  
More specifically, the idea is to conceptualize a holistic architecture that enables the computing resources to deliver much more automation that the sum of its individually self-managed components, allowing  ...  Moreover, it allows TSO to develop content-based data extraction and aggregation from a host of pervasive sensors network and to exploit distributed embedded computing resources aimed at solving large-scale  ...  The idea is to conceptualize a holistic framework based on a collection of interactive web services, which enables the computing resources to deliver much more automation that the sum of its individually  ... 
doi:10.1007/s40866-016-0006-1 fatcat:u4p7ahyf2rco3i7u7uacvh25ay

D3.1 Final System Architecture, Programming Interfaces And Security Framework Specification

Carlos Parada, Francisco Fontes, Isabel Borges, Omer Gurewitz, Asaf Cohen, Philip Eardley, Andy Reid, Giuseppe Bianchi, Nicola Blefari Melazzi, Luca Chiaraviglio, Pierpaolo Loreti, Stefano Salsano (+23 others)
2018 Zenodo  
This deliverable provides the specification of the architecture, APIs and the security framework designed by the Superfluidity project.  ...  application (e.g., a web server).  ...  Prevention control reduces the vulnerabilities e.g., by reducing the number of possible targets and/or hiding some of them. Detection takes action on incidents already in progress.  ... 
doi:10.5281/zenodo.1230494 fatcat:sockptarwjhq7gciqicfzemm5i

A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements and Future Directions

Rabia Khan, Pardeep Kumar, Dushantha Nalin K. Jayakody, Madhusanka Liyanage
2019 IEEE Communications Surveys and Tutorials  
of detection and MMSE channel estimation.  ...  Ring-fencing provide flexibility to run in all conditions. Side channel attacks due to same set of primary hardware.  ... 
doi:10.1109/comst.2019.2933899 fatcat:bulfng6levdelgmel7oxoi6pna

Efficient Testing of Recovery Code Using Fault Injection

Paul D. Marinescu, George Candea
2011 ACM Transactions on Computer Systems  
We present a framework for writing precise triggers that inject desired faults, in the form of error return codes and corresponding side effects, at the boundary between applications and libraries.  ...  In this article, we present a library-level fault injection engine that enables the productive use of fault injection for software testing.  ...  ACKNOWLEDGMENTS We thank Radu Banabic for his help on the experimental section of this article.  ... 
doi:10.1145/2063509.2063511 fatcat:lvwuz2cwbfagtbhyas3wfh3si4

Virtual and Augmented Reality

Victoria Interrante, Tobias Hollerer, Anatole Lecuyer
2018 IEEE Computer Graphics and Applications  
Distinguish different vulnerabilities associated with computer systems. 4. Reproduce and detect vulnerable scenarios in existing software.  ...  Web architecture and its security challenges Overview of the web architecture; essential aspects of http; focus on serverside scripting and client-side scripting for delivering dynamic web pages.  ...  Identify the sources of vulnerability in a cyber physical system systematically via attack surfaces 4.  ... 
doi:10.1109/mcg.2018.021951630 fatcat:qbnwukkylvf7dacyk2ko5fval4

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

Daniel Diaz-Sanchez, Andres Marin-Lopez, Florina Almenarez, Patricia Arias, R. Simon Sherratt
2019 IEEE Communications Surveys and Tutorials  
Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios.  ...  According to this, this paper provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current certificate pinning solutions in order to illustrate the potential  ...  The impact of the use of side channels depends on when the side channel will be used. The first case consists on the use of the side channel during the TLS handshake.  ... 
doi:10.1109/comst.2019.2914453 fatcat:lwwk7pbogfeidhc4t6wth5gvne

Security and Privacy Issues in Autonomous Vehicles: A Layer-Based Survey

Muhammad Hataba, Ahmed Sherif, Mohamed Mahmoud, Mohamed Abdallah, Waleed Alasmary
2022 IEEE Open Journal of the Communications Society  
We examine different attacks launched in a layer-based approach. We conceptualize the architecture of AVs in a four-layered model.  ...  They collect huge troves of information, which needs to be protected from breaches. In this work, we investigate security challenges and privacy concerns in AVs.  ...  In addition, parts of this paper, specifically Sections I, II, IV, and V, were made possible by NPRP grants NPRP13S-0205-200270 from the Qatar National Research VOLUME 3, 2022  ... 
doi:10.1109/ojcoms.2022.3169500 fatcat:dfiozub5kfag7gcdygumj7ieuy
« Previous Showing results 1 — 15 out of 713 results