20 Hits in 6.1 sec

Supply chain malware targets SGX: Take care of what you sign [article]

Andrei Mogage, Rafael Pires, Vlad Crăciun, Emanuel Onica and Pascal Felber
2019 arXiv   pre-print
To our knowledge, there was no serious attempt yet to overcome the SGX protection by leveraging the software supply chain infrastructure, such as weaknesses in the development, build or signing servers  ...  While SGX protection does not specifically take into consideration such threats, we show in the current paper that a simple malware attack exploiting a separation between the build and signing processes  ...  ACKNOWLEDGEMENTS Some of the activities that contributed to this work were funded by the European Union's Horizon 2020 research and innovation programme under grant agreement No 692178.  ... 
arXiv:1907.05096v1 fatcat:zkrauahhorcsbbs2fagxv3zvnm

IoT Software Security Building Blocks [chapter]

Sunil Cheruvu, Anil Kumar, Ned Smith, David M. Wheeler
2019 Demystifying Internet of Things Security  
But what are you really downloading? Are you getting the latest version with the latest bug fixes? Or are you installing the latest version that was corrupted with malware?  ...  These guarantees are part of what makes SGX mode a TEE.  ... 
doi:10.1007/978-1-4842-2896-8_4 fatcat:5ffon6fjtnh6rfkpnbtwoxk7ou

Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities

Joseph I. Choi, Kevin R. B. Butler
2019 Security and Communication Networks  
This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC.  ...  The traditional enabler of SMC is cryptography, but the significant number of cryptographic operations required results in these techniques being impractical for most real-time, online computations.  ...  Acknowledgments Special thanks are due to Patrick Traynor and Thomas Shrimpton for their interest in and constructive criticisms of this work.  ... 
doi:10.1155/2019/1368905 fatcat:izynm6msrvehfa3ghkw7tykk34

IoT Vertical Applications and Associated Security Requirements [chapter]

Sunil Cheruvu, Anil Kumar, Ned Smith, David M. Wheeler
2019 Demystifying Internet of Things Security  
Careful thought and study of recent attacks (Devil's Ivy and Perisai) must be done.  ...  In this chapter, we present what Intel is doing in the arena of IoT as complete vertical solutions.  ... 
doi:10.1007/978-1-4842-2896-8_6 fatcat:eznovqjwwbbn5a4czv3q5cj3cm

Toward Engineering a Secure Android Ecosystem

Meng Xu, Chenxiong Qian, Sangho Lee, Taesoo Kim, Chengyu Song, Yang Ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee
2016 ACM Computing Surveys  
CCS Concepts: r Security and privacy → Mobile platform security; Malware and its mitigation; Social aspects of security and privacy Additional  ...  The openness and extensibility of Android have made it a popular platform for mobile devices and a strong candidate to drive the Internet-of-Things.  ...  What You See Is What You eXecute is an intuitive policy aiming to ensure that the actual app behaviors should be consistent to users' perceptions: a functionality not stated or implied in the app description  ... 
doi:10.1145/2963145 fatcat:d5vhxpdywrevvbh4as6vvt576q

D2.2 The COLLABS Level-3 Security Package for Secure Digital Supply Networks: 1st complete version

Panagiotis Rizomiliotis, Konstantinos Tserpes, Aikaterini Triakosia
2021 Zenodo  
(Statistical Analytics and Machine- / Deep-Learning on shared data), T2.5 (Distributed anomaly detection for Industrial IoT) and T2.6 (Workflow-driven security for supply chain and compliance in manufacturing  ...  ) related to the 1st version of integrated platform of the project.  ...  ALES Scenario 3 -Trusted compliance data share across the supply chain The manufacturing of complex and safety-critical systems requires collaboration between supply chain parties.  ... 
doi:10.5281/zenodo.5667012 fatcat:xgzhqfeq6nbwte4h256pntlkau


Andre Rein
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
Without you, this work would never have been completed in this way, and I would like to express my sincere thanks to all of you.  ...  Acknowledgements In the years in which the results of this work have been completed, I have enjoyed the help of many amazing and extraordinary people.  ...  Therefore, this work does not take into consideration the severity of malware.  ... 
doi:10.1145/3052973.3052975 dblp:conf/ccs/Rein17 fatcat:fhee7m5vazc6zkxrqbcj6tsuk4

Blockchain and IoT Integration: A Systematic Survey

Alfonso Panarello, Nachiket Tapas, Giovanni Merlino, Francesco Longo, Antonio Puliafito
2018 Sensors  
The Internet of Things (IoT) refers to the interconnection of smart devices to collect data and make intelligent decisions.  ...  The objective of this paper is to analyze the current research trends on the usage of BC-related approaches and technologies in an IoT context.  ...  The first question is: what will happen if the number of nodes taking part in the BC network decrease?  ... 
doi:10.3390/s18082575 pmid:30082633 fatcat:ugnnd2unqnbm5mejatahog3lzm

D2.1 The COLLABS Level-3 Security Package for Secure Digital Supply Networks: MVP

Miloš Radovanović, Nataša Vujnović Sedlar, Srđan Škrbić
2020 Zenodo  
), T2.4 (Statistical Analytics and Machine- / Deep-Learning on shared data), T2.5 (Distributed anomaly detection for Industrial IoT) and T2.6 (Workflow-driven security for supply chain and compliance in  ...  manufacturing) related to the minimum viable product of the project.  ...  These signatures will contain the fingerprint of certain actions of malicious tools and malware which target or use the TLS protocol.  ... 
doi:10.5281/zenodo.5666952 fatcat:hwa4x5pwnrdqva2tbp4kspnkhi

IoT Frameworks and Complexity [chapter]

Sunil Cheruvu, Anil Kumar, Ned Smith, David M. Wheeler
2019 Demystifying Internet of Things Security  
or supply chain supplied identity.  ...  Privacy requirements need to be anticipated as part of supply chain tracking mechanisms.  ... 
doi:10.1007/978-1-4842-2896-8_2 fatcat:amuzgyvgyjakvln6b5il2emsha

Privacy-preserving solutions for Blockchain: review and challenges

Jorge Bernal Bernabe, Jose L. Canovas, Jose L. Hernandez-Ramos, Rafael Torres Moreno, Antonio Skarmeta
2019 IEEE Access  
To deal with these challenges, novel privacy-preserving solutions for blockchain based on crypto-privacy techniques are emerging to empower users with mechanisms to become anonymous and take control of  ...  However, blockchains are subject to different scalability, security and potential privacy issues, such as transaction linkability, crypto-keys management (e.g. recovery), on-chain data privacy, or compliance  ...  Other relevant scenarios of the application of blockchain are represented by manufacturing/supply chain [159] and financial [160] sectors.  ... 
doi:10.1109/access.2019.2950872 fatcat:kf2rl7onmrbvnozjudspxrcatu

Overcoming Security Challenges in Microservice Architectures

Tetiana Yarygina, Anya Helene Bagge
2018 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE)  
A natural progression of this work is to propose an architectural style that incorporates basic security principles.  ...  RESTUS partially addresses the security issues of the stateless resource constraint, but not the issues related to the cache and code-on-demand constraints.  ...  The server must maintain the key(s) used to sign tokens, which introduces more resource states. The demand of "taking no advantage of any stored context on the server" is impractical.  ... 
doi:10.1109/sose.2018.00011 dblp:conf/sose/YaryginaB18 fatcat:54wjuoxxhff2tlldyvowt2p2em

System memory protection and vulnerability assessment in presence of software attacks

Mingbo Zhang
For each specific vulnerability, our mitigation either leverages a new CPU features such as Intel SGX or an existing CPU feature in a novel way to achieve adequate protection with a modest performance  ...  Addressing protection of system critical variables, heap layout, and user variables that are referenced freely from the kernel are the state-of-art challenges.  ...  In many parts of the supply chain, such as the factory and shipment, numerous employees have the opportunity to access the PLC.  ... 
doi:10.7282/t3-93x2-2f36 fatcat:gbofmgzffbgrrdjhzxlz6vpjwa

Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM), Summer Semester 2017 [article]

Georg Carle, Daniel Raumer, Lukas Schwaighofer, Chair Of Network Architectures
Keywords Malware Detection, Static Analysis, Dynamic Analysis, Heuristic Analysis, Kernel Integrity  ...  Acknowledgement This work was partly performed at IsarNet Software Solutions GmbH and funded as part of the AutoMon project by the German Federal Ministry of Education and Research (BMBF) with contract  ...  The domain signs its name and DCP either with its DNSSEC private key and includes a signature chain to the DNS root or in the case of TLS it signs with its TLS private key and includes a chain to a root  ... 
doi:10.2313/net-2017-09-1 fatcat:qtxz2tweurbszpmvspmsek3bsq

Trust as a Programming Primitive

Adrien Ghosn
My PhD started with one of their papers [67] and ended with both of them taking part in my private defense.  ...  Thanks for tolerating my constant interruptions in the office, for always taking the time to listen to my ideas and discuss them, for continuing to give me time and advices, even after you left EPFL.  ...  As part of enclave creation, developers need to provide a measurement of the enclave, i.e., a signed hash of the SGX instructions and arguments used to instantiate the enclave, as well as of selected portions  ... 
doi:10.5075/epfl-thesis-8165 fatcat:4fzojr5gxbgkppth7ze2b5lsiu
« Previous Showing results 1 — 15 out of 20 results