for Journals by Title or ISSN
for Articles by Keywords
help
Followed Journals
Journal you Follow: 0
 
Sign Up to follow journals, search in your chosen journals and, optionally, receive Email Alerts when new issues of your Followed Journals are published.
Already have an account? Sign In to see the journals you follow.
Similar Journals
Journal Cover
IEEE Transactions on Dependable and Secure Computing
Journal Prestige (SJR): 0.802
Citation Impact (citeScore): 4
Number of Followers: 13  
 
  Hybrid Journal Hybrid journal (It can contain Open Access articles)
ISSN (Print) 1545-5971
Published by IEEE Homepage  [191 journals]
  • A Markov Random Field Framework for Modeling Malware Propagation in
           Complex Communications Networks
    • Authors: Vasileios Karyotis;
      Pages: 551 - 564
      Abstract: The proliferation of complex communication networks (CCNs) and their importance for maintaining social coherency nowadays have urgently elevated the need for protecting networking infrastructures from malicious software attacks. In this paper, we propose a Markov Random Field (MRF) based spatio-stochastic framework for modeling the macroscopic behavior of a CCN under random attack, where malicious threats propagate through direct interactions and follow the Susceptible-Infected-Susceptible infection paradigm. We exploit the MRF framework for analytically studying the propagation dynamics in various types of CCNs, i.e., lattice, random, scale-free, small-world and multihop graphs, in a holistic manner. By combining Gibbs sampling with simulated annealing, we study the behavior of the above systems for various topological and malware related parameters with respect to the general random attacks considered. We demonstrate the effectiveness of the MRF framework in capturing the evolution of SIS malware propagation and use it to assess the robustness of synthetic and real CCNs with respect to the involved parameters. It is found that random networks are more robust, followed by scale-free, regular and small-world, while multihop emerge as the most vulnerable of all.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • A Scalable Approach to Joint Cyber Insurance and Security-as-a-Service
           Provisioning in Cloud Computing
    • Authors: Jonathan Chase;Dusit Niyato;Ping Wang;Sivadon Chaisiri;Ryan K. L. Ko;
      Pages: 565 - 579
      Abstract: As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-as-a-Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and even one successful attack can result in the loss of data and revenue worth millions of dollars. To guard against this eventuality, customers may also purchase cyber insurance to receive recompense in the case of loss. To achieve cost effectiveness, it is necessary to balance provisioning of security and insurance, even when future costs and risks are uncertain. To this end, we introduce a stochastic optimization model to optimally provision security and insurance services in the cloud. Since the model we design is a mixed integer problem, we also introduce a partial Lagrange multiplier algorithm that takes advantage of the total unimodularity property to find the solution in polynomial time. We also apply sensitivity analysis to find the exact tolerance of decision variables to parameter changes. We show the effectiveness of these techniques using numerical results based on real attack data to demonstrate a realistic testing environment, and find that security and insurance are interdependent.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • Anonymization of Sensitive Quasi-Identifiers for l-Diversity and
           t-Closeness
    • Authors: Yuichi Sei;Hiroshi Okumura;Takao Takenouchi;Akihiko Ohsuga;
      Pages: 580 - 593
      Abstract: A number of studies on privacy-preserving data mining have been proposed. Most of them assume that they can separate quasi-identifiers (QIDs) from sensitive attributes. For instance, they assume that address, job, and age are QIDs but are not sensitive attributes and that a disease name is a sensitive attribute but is not a QID. However, all of these attributes can have features that are both sensitive attributes and QIDs in practice. In this paper, we refer to these attributes as sensitive QIDs and we propose novel privacy models, namely, (l1, ..., lq)-diversity and (t1, ..., tq)-closeness, and a method that can treat sensitive QIDs. Our method is composed of two algorithms: An anonymization algorithm and a reconstruction algorithm. The anonymization algorithm, which is conducted by data holders, is simple but effective, whereas the reconstruction algorithm, which is conducted by data analyzers, can be conducted according to each data analyzer's objective. Our proposed method was experimentally evaluated using real data sets.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • De-SAG: On the De-Anonymization of Structure-Attribute Graph Data
    • Authors: Shouling Ji;Ting Wang;Jianhai Chen;Weiqing Li;Prateek Mittal;Raheem Beyah;
      Pages: 594 - 607
      Abstract: In this paper, we study the impacts of non-Personal Identifiable Information (non-PII) on the privacy of graph data with attribute information (e.g., social networks data with users' profiles (attributes)), namely Structure-Attribute Graph (SAG) data, both theoretically and empirically. Our main contributions are two-fold: (i) we conduct the first attribute-based anonymity analysis for SAG data under both preliminary and general models. By careful quantification, we obtain the explicit correlation between the graph anonymity and the attribute information. We also validate our analysis through numerical and real world data-based evaluations and the results indicate that the non-PII can also lead to significant anonymity loss; and (ii) according to our theoretical analysis, we propose a new de-anonymization framework for SAG data, namely De-SAG, which takes into account both the graph structure and the attribute information to the best of our knowledge. By extensive experiments, we demonstrate that De-SAG can significantly improve the performance of state-of-the-art graph de-anonymization attacks. Our attribute-based anonymity analysis and de-anonymization framework are expected to provide data owners and researchers a more complete understanding on the privacy vulnerability of graph data, and thus shed light on future graph anonymization and de-anonymization research.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • Efficient Delegated Private Set Intersection on Outsourced Private
           Datasets
    • Authors: Aydin Abadi;Sotirios Terzis;Roberto Metere;Changyu Dong;
      Pages: 608 - 624
      Abstract: Private set intersection (PSI) is an essential cryptographic protocol that has many real world applications. As cloud computing power and popularity have been swiftly growing, it is now desirable to leverage the cloud to store private datasets and delegate PSI computation to it. Although a set of efficient PSI protocols have been designed, none support outsourcing of the datasets and the computation. In this paper, we propose two protocols for delegated PSI computation on outsourced private datasets. Our protocols have a unique combination of properties that make them particularly appealing for a cloud computing setting. Our first protocol, O-PSI, satisfies these properties by using additive homomorphic encryption and point-value polynomial representation of a set. Our second protocol, EO-PSI, is mainly based on a hash table and point-value polynomial representation and it does not require public key encryption; meanwhile, it retains all the desirable properties and is much more efficient than the first one. We also provide a formal security analysis of the two protocols in the semi-honest model and we analyze their performance utilizing prototype implementations we have developed. Our performance analysis shows that EO-PSI scales well and is also more efficient than similar state-of-the-art protocols for large set sizes.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • Efficient Multi-Factor Authenticated Key Exchange Scheme for Mobile
           Communications
    • Authors: Rui Zhang;Yuting Xiao;Shuzhou Sun;Hui Ma;
      Pages: 625 - 634
      Abstract: Authenticated key exchange (AKE) is one of the most important applications in applied cryptography, where a user interacts with a server to set up a session key where pre-registered information (aka. authentication factor), such as a password or biometrics, of the user is stored. While single-factor AKE is widely used in practice, higher security concerns call for multi-factor AKE (MFAKE) schemes, e.g., combining both passwords and biometrics simultaneously. However, in some casually designed schemes, security is even weakened in the sense that leakage of one authentication factor will defeat the whole MFAKE protocol. Furthermore, an inevitable by-product arise that the usability of the protocol often drop greatly. To summarize, the existing multi-factor protocols did not provide enough security and efficiency simultaneously. In this paper, we make one step ahead by proposing a very efficient MFAKE protocol. We define the security model and give the according security analysis. We also implement our protocol on a smartphone and a cloud server. The theoretic comparisons and the experimental results show that our scheme achieves both security and usability.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • RACOON++: A Semi-Automatic Framework for the Selfishness-Aware Design of
           Cooperative Systems
    • Authors: Guido Lena Cota;Sonia Ben Mokhtar;Gabriele Gianini;Ernesto Damiani;Julia Lawall;Gilles Muller;Lionel Brunie;
      Pages: 635 - 650
      Abstract: A challenge in designing cooperative distributed systems is to develop feasible and cost-effective mechanisms to foster cooperation among selfish nodes, i.e., nodes that strategically deviate from the intended specification to increase their individual utility. Finding a satisfactory solution to this challenge may be complicated by the intrinsic characteristics of each system, as well as by the particular objectives set by the system designer. Our previous work addressed this challenge by proposing RACOON, a general and semi-automatic framework for designing selfishness-resilient cooperative systems. RACOON relies on classical game theory and a custom built simulator to predict the impact of a fixed set of selfish behaviours on the designer's objectives. In this paper, we present RACOON++, which extends the previous framework with a declarative model for defining the utility function and the static behaviour of selfish nodes, along with a new model for reasoning on the dynamic interactions of nodes, based on evolutionary game theory. We illustrate the benefits of using RACOON++ by designing three cooperative systems: a peer-to-peer live streaming system, a load balancing protocol, and an anonymous communication system. Extensive experimental results using the state-of-the-art PeerSim simulator verify that the systems designed using RACOON++ achieve both selfishness-resilience and high performance.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • RAW-Tag: Replicating in Altered Cache Ways for Correcting Multiple-Bit
           Errors in Tag Array
    • Authors: Hamed Farbeh;Fereshte Mozafari;Masoume Zabihi;Seyed Ghassem Miremadi;
      Pages: 651 - 664
      Abstract: Tag array in on-chip caches is one of the most vulnerable components to radiation-induced soft errors. Protecting the tag array in some processors is limited to error detection using the parity check, since the overheads of error correcting codes are not affordable in this component. State-of-the-art tag protection schemes combine the parity check with replication to provide error correction capability. Classifying these replication-based schemes into partial-replication and full-replication, the former offers a low overhead protection in which a large fraction of detectable errors remain uncorrectable, whereas the latter imposes a significant overhead to correct all of the errors. This paper proposes a low overhead full-replication scheme, so called Replicating in Altered Ways of Tag (RAW-Tag), to correct all detectable errors. RAW-Tag manipulates the cache replacement algorithm and keeps track of the incoming/evicting cache lines to not only provide a replica for all tags, but also eliminate the simultaneous susceptibility of both a tag and its replica to a single Multiple-Bit Upset (MBU). The simulation results show that RAW-Tag imposes no performance overhead and increases the energy consumption of L1 and L2 caches by only 6.6 and 0.3 percent, respectively, as compared with the baseline.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • Reducing Timing Side-Channel Information Leakage Using 3D Integration
    • Authors: Chongxi Bao;Ankur Srivastava;
      Pages: 665 - 678
      Abstract: Recently, following the work pioneered by Kocher [1] , using cache behavior as a timing side-channel to leak critical system information has received lots of attentions because of its easy-to-implement nature and amazingly good results. Recent attacks have been demonstrated to successfully leak the full key from many commonly used encryption algorithms including RSA, AES, etc. These attacks pose great threats to applications that depend on these encryption methods such as banking systems, military systems, etc. To mitigate the increasing threat, numerous countermeasures, mostly software patches, have been proposed. Hardware mitigations, however, have been less pursued. 3D integration, which stacks multiple dies vertically, offers shorter wire-length and improves system performance. It may be used to offset the performance overhead these countermeasures incur. In this paper, we investigate several possible ways in which the availability of 3D integration can be exploited to mitigate timing side-channel attacks while still obtaining superior performance over a baseline 2D system. Simulation results using Gem5 simulator show that our techniques can significantly reduce timing information leakage while still achieving 20.43 percent performance gain over a 2D baseline system.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • Social Network De-Anonymization and Privacy Inference with Knowledge Graph
           Model
    • Authors: Jianwei Qian;Xiang-Yang Li;Chunhong Zhang;Linlin Chen;Taeho Jung;Junze Han;
      Pages: 679 - 692
      Abstract: Social network data is widely shared, transferred and published for research purposes and business interests, but it has raised much concern on users' privacy. Even though users' identity information is always removed, attackers can still de-anonymize users with the help of auxiliary information. To protect against de-anonymization attack, various privacy protection techniques for social networks have been proposed. However, most existing approaches assume specific and restrict network structure as background knowledge and ignore semantic level prior belief of attackers, which are not always realistic in practice and do not apply to arbitrary privacy scenarios. Moreover, the privacy inference attack in the presence of semantic background knowledge is barely investigated. To address these shortcomings, in this work, we introduce knowledge graphs to explicitly express arbitrary prior belief of the attacker for any individual user. The processes of de-anonymization and privacy inference are accordingly formulated based on knowledge graphs. Our experiment on data of real social networks shows that knowledge graphs can power de-anonymization and inference attacks, and thus increase the risk of privacy disclosure. This suggests the validity of knowledge graphs as a general effective model of attackers' background knowledge for social network attack and privacy preservation.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • Wormhole: The Hidden Virus Propagation Power of the Search Engine in
           Social Networks
    • Authors: Cai Fu;Xiao-Yang Liu;Jia Yang;Laurence T. Yang;Shui Yu;Tianqing Zhu;
      Pages: 693 - 710
      Abstract: Today search engines are tightly coupled with social networks, and present users with a double-edged sword: they are able to acquire information interesting to users but are also capable of spreading viruses introduced by hackers. It is challenging to characterize how a search engine spreads viruses, since the search engine serves as a virtual virus pool and creates propagation paths over the underlying network structure. In this paper, we quantitatively analyze virus propagation effects and the stability of the virus propagation process in the presence of a search engine. First, although social networks have a community structure that impedes virus propagation, we find that a search engine generates a propagation wormhole. Second, we propose an epidemic feedback model and quantitatively analyze propagation effects based on a model employing four metrics: infection density, the propagation wormhole effect, the epidemic threshold, and the basic reproduction number. Third, we verify our analyses on four real-world data sets and two simulated data sets. Moreover, we prove that the proposed model has the property of partial stability. Evaluation results show that, compared the cases without a search engine, virus propagation with the search engine has a higher infection density, shorter network diameter, greater propagation velocity, lower epidemic threshold, and larger basic reproduction number.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware
           Detection
    • Authors: Ambra Demontis;Marco Melis;Battista Biggio;Davide Maiorca;Daniel Arp;Konrad Rieck;Igino Corona;Giorgio Giacinto;Fabio Roli;
      Pages: 711 - 724
      Abstract: To cope with the increasing variability and sophistication of modern attacks, machine learning has been widely adopted as a statistically-sound tool for malware detection. However, its security against well-crafted attacks has not only been recently questioned, but it has been shown that machine learning exhibits inherent vulnerabilities that can be exploited to evade detection at test time. In other words, machine learning itself can be the weakest link in a security system. In this paper, we rely upon a previously-proposed attack framework to categorize potential attack scenarios against learning-based malware detection tools, by modeling attackers with different skills and capabilities. We then define and implement a set of corresponding evasion attacks to thoroughly assess the security of Drebin, an Android malware detector. The main contribution of this work is the proposal of a simple and scalable secure-learning paradigm that mitigates the impact of evasion attacks, while only slightly worsening the detection rate in the absence of attack. We finally argue that our secure-learning approach can also be readily applied to other malware detection tasks.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
  • On the Security of a Variant of ElGamal Encryption Scheme
    • Authors: Fang-Yu Rao;
      Pages: 725 - 728
      Abstract: Recently, based on the Paillier cryptosystem [1] , Yi et al. outline a distributed ElGamal cryptosystem which allows for both a much simpler distributed key generation procedure and a more efficient distributed decryption of messages from a large plaintext domain [2] . In this paper, we analyze the security of their proposed variant of ElGamal encryption scheme and demonstrate that their proposed variant is not secure as claimed. Thus, whether an additively homomorphic cryptosytem satisfying the desired properties exists remains an open question.
      PubDate: July-Aug. 1 2019
      Issue No: Vol. 16, No. 4 (2019)
       
 
 
JournalTOCs
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Email: journaltocs@hw.ac.uk
Tel: +00 44 (0)131 4513762
Fax: +00 44 (0)131 4513327
 
Home (Search)
Subjects A-Z
Publishers A-Z
Customise
APIs
Your IP address: 35.173.48.224
 
About JournalTOCs
API
Help
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-