Logo des Repositoriums

Auflistung nach Schlagwort "security"

1 - 10 von 22
  • Konferenzbeitrag
    An anomaly detection approach for backdoored neural networks: face recognition as a case study
    (BIOSIG 2022, 2022) Alexander Unnervik and Sébastien Marcel
    Backdoor attacks allow an attacker to embed functionality jeopardizing proper behavior of any algorithm, machine learning or not. This hidden functionality can remain inactive for normal use of the algorithm until activated by the attacker. Given how stealthy backdoor attacks are, consequences of these backdoors could be disastrous if such networks were to be deployed for applications as critical as border or access control. In this paper, we propose a novel backdoored network detection method based on the principle of anomaly detection, involving access to the clean part of the training data and the trained network.We highlight its promising potential when considering various triggers, locations and identity pairs, without the need to make any assumptions on the nature of the backdoor and its setup. We test our method on a novel dataset of backdoored networks and report detectability results with perfect scores.
  • Konferenzbeitrag
    `Baymax' or `RoboCop'? Exploring Different Feminine Avatar Personalities for Shared Automated Vehicles
    (Proceedings of Mensch und Computer 2024, 2024) Schuß, Martina; Röhr, Tatjana; Riener, Andreas
    Shared automated vehicles (SAVs) will offer a lot of benefits, from improving the overall mobility to environmental benefits. However, perceived security in SAVs is a major concern and may influence their acceptance and adoption negatively. To address this, we propose a digital companion (DC) concept embodied as an avatar inside the vehicle to accompany passengers in substitution of a human driver. In a co-creation workshop with participants (N = 6) we collected ideas about the appearance and personality of such DCs and derived two contrasting concepts (‘Baymax’ and ‘RoboCop’). Inspired by a design space from the gaming context, we implemented the two DCs and evaluated them in a VR study (N = 23) experiencing two scenarios in SAVs. The results show that a DC improves passengers’ perceived security. Generally, the ‘Baymax’ companion was preferred in both scenarios but no correlation between scenario and preferred personality type could be determined.
  • Konferenzbeitrag
    Case Study: Securing MMU-less Linux Using CHERI
    (SE 2024 - Companion, 2024) Almatary, Hesham; Mazzinghi, Alfredo; Watson, Robert N. M.
    MMU-less Linux variant lacks security because it does not have protection or isolation mechanisms. It also does not use MPUs as they do not fit with its software model because of the design drawbacks of MPUs (i. e. coarse-grained protection with fixed number of protected regions). We secure the existing MMU-less Linux version of the RISC-V port using CHERI. CHERI is a hardware-software capability-based system that extends the ISA, toolchain, programming languages, operating systems, and applications in order to provide complete pointer and memory safety. We believe that CHERI could provide significant security guarantees for high-end dynamic MMU-less embedded systems at lower costs, compared to MMUs and MPUs, by: 1) building the entire software stack in pure-capability CHERI C mode which provides complete spatial memory safety at the kernel and user-level, 2) isolating user programs as separate ELFs, each with its own CHERI-based capability table; this provides spatial memory safety similar to what the MMU offers (i. e. user programs cannot access each other’s memory), 3) isolating user programs from the kernel as the kernel has its own capability table from the users and vice versa, and 4) compartmentalising kernel modules using CompartOS’ linkage-based compartmentalisation. This offers a new security front that is not possible using the current MMU-based Linux, where vulnerable/malicious kernel modules (e. g. device drivers) executing in the kernel space would not compromise or take down the entire system. These are the four main contributions of this paper, presenting novel CHERI-based mechanisms to secure MMU-less embedded Linux.
  • Konferenzbeitrag
    Designing Automotive Case Studies for Architectural Security Analyses
    (Softwaretechnik-Trends Band 43, Heft 4, 2023) Boltz, Nicolas; Walter, Maximilian; Gerking, Christopher
    Digitalization is one of the biggest drivers of advancements in the modern automotive domain. The resulting increase in communication is leading to a more intensive exchange of data and the opening up of for merly closed systems. This raises questions about security and data protection. Software architecture analyses can help identify potential issues, thereby making systems more secure and compliant with data protection laws. Such analyses require representative case studies for development and evaluation. In this paper, we showcase the results of applying requirements and processes for case-study research during three bachelor theses with students. The resulting three case studies center around the automotive and mobility domain and focus on different security and privacy properties. We discuss our insights and experiences regarding the creation of case studies.
  • Konferenzbeitrag
    Extending the 0Auth2 Workflow to Audit Data Usage for Users and Service Providers In a Cooperative Scenario
    (10. DFN-Forum Kommunikationstechnologien, 2017) Politze, Marius; Decker, Bernd
    The increasing amount and heterogeneity of devices demands changes in IT infrastructure. Many web service architectures used to meet these demands use the OAuth2 workflow to secure their interfaces. These implementations usually tightly couple web services and an OAuth2 authorization service. The presented extension to the OAuth2 workflow is capable handling authorizations for multiple attached services and therefore combines existing services of a central IT service provider but also allows other services running in a cooperative model with only a single instance ofthe authorization server. Based on auditing parameters it is possible to present access per resource or per method giving service providers and application developers more insight in how their services are used and show users by whom their personal data is used.
  • Zeitschriftenartikel
    Fault-tolerant data management in the gaston peer-to-peer file system
    (Wirtschaftsinformatik: Vol. 45, No. 3, 2003) Dynda, Vladimír; Rydlo, Pavel
    Gaston is a peer-to-peer large-scale file system designed to provide a fault-tolerant and highly available file service for a virtually unlimited number of users. Data management in Gaston disseminates and stores replicas of files on multiple machines to achieve the requested level of data availability and uses a dynamic tree-topology structure to connect replication schema members. We present generic algorithms for replication schema creation and maintenance according to file user requirements and autonomous constraints that are set on individual nodes. We also show specific data object structure as well as mechanisms for secure and efficient update propagation among replicas with data consistency control. Finally, we introduce a scalable and efficient technique improving fault-tolerance of the tree-topology structure connecting replicas.
  • Konferenzbeitrag
    IdToken: a new decentralized approach to digital identi-ty
    (Open Identity Summit 2020, 2020) Talamo, Edoardo; Pennacchi, Alma
    The ability to store and share digital data offers benefits that the digitization of information has become a growing trend but has raised questions about the security of personal data. There have been countless high-profile hacks and personal information leaks. Furthermore users don’t (and shouldn’t) always trust an external server of a third party to store their personal data. Blockchain tries to offer a compelling solution to the problem of combining accessibility with privacy and security. Records can be held securely, using end-to-end encryption, and yet openly authenticated so that data can still be trusted as reliable. This project goes deeper in this solution thanks to an innovative idea and development of a new kind of blockchain non fungible token specifically created to store and manage digital identities and sensible data. It has the potential to resolve issues blockchain alone was starting to approach and improves security, privacy and accessibility.
  • Zeitschriftenartikel
    Improving Real-World Applicability of Static Taint Analysis
    (Softwaretechnik-Trends Band 42, Heft 2, 2022) Luo, Linghui
    Security breaches happen on a daily basis and are a serious threat to our society. Security incidents do not only cost a significant amount of money and company reputation, but can also be a threat to national security. Static taint analysis is a program analysis technique that can be used to prevent a wide range of security vulnerabilities and detect malicious software. This dissertation focuses on improving the real-world applicability of static taint analysis. It addresses three existing problems that hinder the real-world adoption of static taint analysis.
  • Konferenzbeitrag
    The Interplay between Personal Relationships \& Shoulder Surfing Mitigation
    (Mensch und Computer 2021 - Tagungsband, 2021) Farzand, Habiba; Bhardwaj, Kinshuk; Marky, Karola; Khamis, Mohamed
    Shoulder surfing refers to observing someone’s device screen without their consent. Conspicuously switching off the screen upon noticing a friend observing private messages may create an embarrassing situation. Initial evidence indicates that users adopt strategies to mitigate shoulder surfing based on their relationship to the observer. However, the social implications of such mitigation strategies remain largely unexplored. We present findings from an interview study with 12 participants to address this. We analyze experiences with shoulder surfers of different relationships to the user and collect feedback on eleven state-of-the-arts strategies for mitigating shoulder surfing. We show that the user-observer relationship impacts the choice of mitigation methods and that users often do not want observers to know they were caught. Based on our results, we conclude with implications for designing socially acceptable privacy protection mechanisms on mobile devices.
  • Konferenzbeitrag
    Methods to secure services in an untrusted environment
    (Software Engineering 2011 – Fachtagung des GI-Fachbereichs Softwaretechnik, 2011) Huber, Matthias; Müller-Quade, Jörn
    Software services offer many opportunities like reduced cost for IT infrastructure. They also introduce new risks, for example the clients lose control over their data. While data can be secured against external threats using standard techniques, the service providers themselves have to be trusted to ensure privacy. In this paper, we examine methods that can increase the level of privacy a service offers without the need to fully trust the service provider.