Auflistung nach Schlagwort "security"
1 - 10 von 21
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAn anomaly detection approach for backdoored neural networks: face recognition as a case study(BIOSIG 2022, 2022) Alexander Unnervik and Sébastien MarcelBackdoor attacks allow an attacker to embed functionality jeopardizing proper behavior of any algorithm, machine learning or not. This hidden functionality can remain inactive for normal use of the algorithm until activated by the attacker. Given how stealthy backdoor attacks are, consequences of these backdoors could be disastrous if such networks were to be deployed for applications as critical as border or access control. In this paper, we propose a novel backdoored network detection method based on the principle of anomaly detection, involving access to the clean part of the training data and the trained network.We highlight its promising potential when considering various triggers, locations and identity pairs, without the need to make any assumptions on the nature of the backdoor and its setup. We test our method on a novel dataset of backdoored networks and report detectability results with perfect scores.
- KonferenzbeitragCase Study: Securing MMU-less Linux Using CHERI(SE 2024 - Companion, 2024) Almatary, Hesham; Mazzinghi, Alfredo; Watson, Robert N. M.MMU-less Linux variant lacks security because it does not have protection or isolation mechanisms. It also does not use MPUs as they do not fit with its software model because of the design drawbacks of MPUs (i. e. coarse-grained protection with fixed number of protected regions). We secure the existing MMU-less Linux version of the RISC-V port using CHERI. CHERI is a hardware-software capability-based system that extends the ISA, toolchain, programming languages, operating systems, and applications in order to provide complete pointer and memory safety. We believe that CHERI could provide significant security guarantees for high-end dynamic MMU-less embedded systems at lower costs, compared to MMUs and MPUs, by: 1) building the entire software stack in pure-capability CHERI C mode which provides complete spatial memory safety at the kernel and user-level, 2) isolating user programs as separate ELFs, each with its own CHERI-based capability table; this provides spatial memory safety similar to what the MMU offers (i. e. user programs cannot access each other’s memory), 3) isolating user programs from the kernel as the kernel has its own capability table from the users and vice versa, and 4) compartmentalising kernel modules using CompartOS’ linkage-based compartmentalisation. This offers a new security front that is not possible using the current MMU-based Linux, where vulnerable/malicious kernel modules (e. g. device drivers) executing in the kernel space would not compromise or take down the entire system. These are the four main contributions of this paper, presenting novel CHERI-based mechanisms to secure MMU-less embedded Linux.
- KonferenzbeitragDesigning Automotive Case Studies for Architectural Security Analyses(Softwaretechnik-Trends Band 43, Heft 4, 2023) Boltz, Nicolas; Walter, Maximilian; Gerking, ChristopherDigitalization is one of the biggest drivers of advancements in the modern automotive domain. The resulting increase in communication is leading to a more intensive exchange of data and the opening up of for merly closed systems. This raises questions about security and data protection. Software architecture analyses can help identify potential issues, thereby making systems more secure and compliant with data protection laws. Such analyses require representative case studies for development and evaluation. In this paper, we showcase the results of applying requirements and processes for case-study research during three bachelor theses with students. The resulting three case studies center around the automotive and mobility domain and focus on different security and privacy properties. We discuss our insights and experiences regarding the creation of case studies.
- KonferenzbeitragExtending the 0Auth2 Workflow to Audit Data Usage for Users and Service Providers In a Cooperative Scenario(10. DFN-Forum Kommunikationstechnologien, 2017) Politze, Marius; Decker, BerndThe increasing amount and heterogeneity of devices demands changes in IT infrastructure. Many web service architectures used to meet these demands use the OAuth2 workflow to secure their interfaces. These implementations usually tightly couple web services and an OAuth2 authorization service. The presented extension to the OAuth2 workflow is capable handling authorizations for multiple attached services and therefore combines existing services of a central IT service provider but also allows other services running in a cooperative model with only a single instance ofthe authorization server. Based on auditing parameters it is possible to present access per resource or per method giving service providers and application developers more insight in how their services are used and show users by whom their personal data is used.
- ZeitschriftenartikelFault-tolerant data management in the gaston peer-to-peer file system(Wirtschaftsinformatik: Vol. 45, No. 3, 2003) Dynda, Vladimír; Rydlo, PavelGaston is a peer-to-peer large-scale file system designed to provide a fault-tolerant and highly available file service for a virtually unlimited number of users. Data management in Gaston disseminates and stores replicas of files on multiple machines to achieve the requested level of data availability and uses a dynamic tree-topology structure to connect replication schema members. We present generic algorithms for replication schema creation and maintenance according to file user requirements and autonomous constraints that are set on individual nodes. We also show specific data object structure as well as mechanisms for secure and efficient update propagation among replicas with data consistency control. Finally, we introduce a scalable and efficient technique improving fault-tolerance of the tree-topology structure connecting replicas.
- KonferenzbeitragIdToken: a new decentralized approach to digital identi-ty(Open Identity Summit 2020, 2020) Talamo, Edoardo; Pennacchi, AlmaThe ability to store and share digital data offers benefits that the digitization of information has become a growing trend but has raised questions about the security of personal data. There have been countless high-profile hacks and personal information leaks. Furthermore users don’t (and shouldn’t) always trust an external server of a third party to store their personal data. Blockchain tries to offer a compelling solution to the problem of combining accessibility with privacy and security. Records can be held securely, using end-to-end encryption, and yet openly authenticated so that data can still be trusted as reliable. This project goes deeper in this solution thanks to an innovative idea and development of a new kind of blockchain non fungible token specifically created to store and manage digital identities and sensible data. It has the potential to resolve issues blockchain alone was starting to approach and improves security, privacy and accessibility.
- ZeitschriftenartikelImproving Real-World Applicability of Static Taint Analysis(Softwaretechnik-Trends Band 42, Heft 2, 2022) Luo, LinghuiSecurity breaches happen on a daily basis and are a serious threat to our society. Security incidents do not only cost a significant amount of money and company reputation, but can also be a threat to national security. Static taint analysis is a program analysis technique that can be used to prevent a wide range of security vulnerabilities and detect malicious software. This dissertation focuses on improving the real-world applicability of static taint analysis. It addresses three existing problems that hinder the real-world adoption of static taint analysis.
- KonferenzbeitragThe Interplay between Personal Relationships \& Shoulder Surfing Mitigation(Mensch und Computer 2021 - Tagungsband, 2021) Farzand, Habiba; Bhardwaj, Kinshuk; Marky, Karola; Khamis, MohamedShoulder surfing refers to observing someone’s device screen without their consent. Conspicuously switching off the screen upon noticing a friend observing private messages may create an embarrassing situation. Initial evidence indicates that users adopt strategies to mitigate shoulder surfing based on their relationship to the observer. However, the social implications of such mitigation strategies remain largely unexplored. We present findings from an interview study with 12 participants to address this. We analyze experiences with shoulder surfers of different relationships to the user and collect feedback on eleven state-of-the-arts strategies for mitigating shoulder surfing. We show that the user-observer relationship impacts the choice of mitigation methods and that users often do not want observers to know they were caught. Based on our results, we conclude with implications for designing socially acceptable privacy protection mechanisms on mobile devices.
- KonferenzbeitragMethods to secure services in an untrusted environment(Software Engineering 2011 – Fachtagung des GI-Fachbereichs Softwaretechnik, 2011) Huber, Matthias; Müller-Quade, JörnSoftware services offer many opportunities like reduced cost for IT infrastructure. They also introduce new risks, for example the clients lose control over their data. While data can be secured against external threats using standard techniques, the service providers themselves have to be trusted to ensure privacy. In this paper, we examine methods that can increase the level of privacy a service offers without the need to fully trust the service provider.
- KonferenzbeitragOIDC-Agent: Managing OpenID Connect Tokens on the Command Line(SKILL 2018 - Studierendenkonferenz Informatik, 2018) Zachmann, GabrielOpenID Connect is widely used in Authentication and Authorization Infrastructures including the infrastructures of multiple EU projects like INDIGO -DataCloud, the Human Brain Project or the European Open Science Cloud. Due to their nature, OpenID Connect Access Tokens are currently not straightforward to use from the command line. They have a high character count and are short lived. Therefore, they de facto have to be copied from a source providing the access token, most likely a web service. Considering this insufficient usability from the command line, our goal was to overcome this by developing a tool to manage OpenID Connect tokens. We present the design of this tool named oidc-agent and possible usages. The design is oriented at the ssh-agent, providing the user a familiar way to handle OpenID Connect tokens. By splitting the whole service into multiple components we also ensure privilege separation. We implemented a daemon to manage OpenID Connect tokens (oidc-agent), a tool for generating agent account conĄgurations (oidc-gen) and a tool for loading and unloading these configurations from the agent (oidc-add). Additionally, we provide application programming interfaces for agent clients through C and UNIX domain sockets. We also provide an example agent client (oidc-token) that can be used to easily get an access token from oidc-agent using the command line. Therefore, users do not need to handle long, unhandy access tokens, but the application can obtain an access-token through oidc-agent when needed. All components can be freely used and are available on GitHub under the MIT license.
- «
- 1 (current)
- 2
- 3
- »