Gør som tusindvis af andre bogelskere
Tilmeld dig nyhedsbrevet og få gode tilbud og inspiration til din næste læsning.
Ved tilmelding accepterer du vores persondatapolitik.Du kan altid afmelde dig igen.
The LNCS volume 13269 constitutes the proceedings of the 20th International Conference on Applied Cryptography and Network Security, ACNS 2022, which will take place in a hybrid mode in Rome, Italy in June 2022. The 44 full papers together with 5 short papers presented in this proceeding were carefully reviewed and selected from a total of 185 submissions. They were organized in topical sections as follows: Encryption, Attacks, Cryptographic Protocols, System Security., Cryptographic Primitives, MPC, Blockchain, Block-Cyphers, and Post-Quantum Cryptography.
This book constitutes the refereed proceedings of the 36th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2021, held in Oslo, Norway, in June 2021.*The 28 full papers presented were carefully reviewed and selected from 112 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in topical sections on digital signatures; vulnerability management; covert channels and cryptography; application and system security; privacy; network security; machine learning for security; and security management.*The conference was held virtually.
Over the past decade, the National Geospatial-Intelligence Agency (NGA) has evolved its programming organization multiple times, along with the process it uses for managing its resource investments. Each of these iterations was done to address challenges and inefficiencies. NGA is now considering additional steps to improve its process and is seeking to improve its practices through internal improvements, such as gaining an understanding of how previous changes affected the overall effectiveness of its resource management process, and what can be learned from other organizations. NGA is now entering a fourth period of acquisition restructuring that is intended to improve on how the planning and programming phases are managed. NGA asked the RAND Corporation to review the programming phase of the Intelligence Planning, Programming, Budgeting, and Evaluation (IPPBE) process. The authors looked at three organizational eras (pre-2013, 2013-2018, and 2018 to the present) to determine the conditions, causes, and effects of performance and effectiveness generally and of previous changes to this phase of NGA IPPBE for each era. NGA is not alone in its ongoing effort to modernize its IPPBE structure to improve efficiency and effectiveness. Although NGA has conducted several previous internal studies to identify areas for IPPBE process improvement, this research is the first to synthesize findings between external literature and findings gleaned from structured subject-matter expert interviews to highlight crucial program-process issues for NGA leadership to absorb and address in any future IPPBE restructuring phase.
Studienarbeit aus dem Jahr 2018 im Fachbereich Informatik - Wirtschaftsinformatik, Note: 1,0, FOM Hochschule für Oekonomie und Management gemeinnützige GmbH, Hochschulstudienzentrum Hamburg, Veranstaltung: Interdisziplinäre Aspekte der Wirtschaftsinformatik, Sprache: Deutsch, Abstract: In dieser Seminararbeit werden ausgewählte, für die Betreiber von kritischen Infrastrukturen aktuelle und praxisrelevante, IT-Sicherheitsaspekte und die hieraus resultierenden organisatorischen Auswirkungen betrachtet. Zunächst erfolgt eine Einordnung der Begriffe "kritische Infrastruktur" und "IT-Sicherheit". Im Anschluss werden die betreiberspezifischen Anforderungen an die IT-Sicherheit durch das Zusammenwirken mit gängigen Bedrohungsarten und der Entwicklung neuer Trends am Beispiel von Smart Metering skizziert. Nachfolgend wird der rechtliche Rahmen, die hiervon abzuleitenden Maßnahmen und die Konsequenzen für die Beschaffungsprozesse beschrieben. Im Fazit werden exemplarisch hieraus entstehende Spannungsverhältnisse aufgezeigt, um die Herausforderungen zu verdeutlichen und mögliche Ansätze zur Beantwortung der Frage nach den Möglichkeiten einer vollständigen Umsetzung der internen und externen Anforderungen an die Betreiber zu geben. Gemäß der gesetzlichen Vorschriften im Bereich der IT-Sicherheit werden die kritischen Infrastrukturen in Deutschland schwerpunktartig betrachtet, die dem IT-Sicherheitsgesetz unterliegen. Insbesondere werden die Betreiber fokussiert, die den Branchen öffentliche Wasserversorgung und öffentliche Abwasserbeseitigungzugeordnet werden.
This book constitutes the refereed proceedings of the 15th IFIP WG 11.8 World Conference on Information Security Education, WISE 2022, held in Copenhagen, Denmark, in June 2021. The 8 papers presented were carefully reviewed and selected from 17 submissions. The papers are categorized into the following topical sub-headings: Securing the Fourth Industrial Revolution through Programming; Cybersecurity in the Fourth Industrial Revolution: Charting the Way Forward in Education; and Real-World Cybersecurity-Inspired Capacity Building.
This book explores the combination of Reinforcement Learning and Quantum Computing in the light of complex attacker-defender scenarios. Reinforcement Learning has proven its capabilities in different challenging optimization problems and is now an established method in Operations Research. However, complex attacker-defender scenarios have several characteristics that challenge Reinforcement Learning algorithms, requiring enormous computational power to obtain the optimal solution. The upcoming field of Quantum Computing is a promising path for solving computationally complex problems. Therefore, this work explores a hybrid quantum approach to policy gradient methods in Reinforcement Learning. It proposes a novel quantum REINFORCE algorithm that enhances its classical counterpart by Quantum Variational Circuits. The new algorithm is compared to classical algorithms regarding the convergence speed and memory usage on several attacker-defender scenarios with increasing complexity. In addition, to study its applicability on today's NISQ hardware, the algorithm is evaluated on IBM's quantum computers, which is accompanied by an in-depth analysis of the advantages of Quantum Reinforcement Learning.
This book deals with "e;crypto-biometrics"e;, a relatively new and multi-disciplinary area of research (started in 1998). Combining biometrics and cryptography provides multiple advantages, such as, revocability, template diversity, better verification accuracy, and generation of cryptographically usable keys that are strongly linked to the user identity. In this text, a thorough review of the subject is provided and then some of the main categories are illustrated with recently proposed systems by the authors. Beginning with the basics, this text deals with various aspects of crypto-biometrics, including review, cancelable biometrics, cryptographic key generation from biometrics, and crypto-biometric key sharing protocols. Because of the thorough treatment of the topic, this text will be highly beneficial to researchers and industry professionals in information security and privacy. Table of Contents: Introduction / Cancelable Biometric System / Cryptographic Key Regeneration Using Biometrics / Biometrics-Based Secure Authentication Protocols / Concluding Remarks
Anomaly detection has been a long-standing security approach with versatile applications, ranging from securing server programs in critical environments, to detecting insider threats in enterprises, to anti-abuse detection for online social networks. Despite the seemingly diverse application domains, anomaly detection solutions share similar technical challenges, such as how to accurately recognize various normal patterns, how to reduce false alarms, how to adapt to concept drifts, and how to minimize performance impact. They also share similar detection approaches and evaluation methods, such as feature extraction, dimension reduction, and experimental evaluation.The main purpose of this book is to help advance the real-world adoption and deployment anomaly detection technologies, by systematizing the body of existing knowledge on anomaly detection. This book is focused on data-driven anomaly detection for software, systems, and networks against advanced exploits and attacks, but also touches on a number of applications, including fraud detection and insider threats. We explain the key technical components in anomaly detection workflows, give in-depth description of the state-of-the-art data-driven anomaly-based security solutions, and more importantly, point out promising new research directions. This book emphasizes on the need and challenges for deploying service-oriented anomaly detection in practice, where clients can outsource the detection to dedicated security providers and enjoy the protection without tending to the intricate details.
This book focuses on the combined cyber and physical security issues in advanced electric smart grids. Existing standards are compared with classical results and the security and privacy principles of current practice are illustrated. The book paints a way for future development of advanced smart grids that operated in a peer-to-peer fashion, thus requiring a different security model. Future defenses are proposed that include information flow analysis and attestation systems that rely on fundamental physical properties of the smart grid system.
The social benefit derived from Online Social Networks (OSNs) can lure users to reveal unprecedented volumes of personal data to an online audience that is much less trustworthy than their offline social circle. Even if a user hides his personal data from some users and shares with others, privacy settings of OSNs may be bypassed, thus leading to various privacy harms such as identity theft, stalking, or discrimination. Therefore, users need to be assisted in understanding the privacy risks of their OSN profiles as well as managing their privacy settings so as to keep such risks in check, while still deriving the benefits of social network participation.This book presents to its readers how privacy risk analysis concepts such as privacy harms and risk sources can be used to develop mechanisms for privacy scoring of user profiles and for supporting users in privacy settings management in the context of OSNs. Privacy scoring helps detect and minimize the risks due to the dissemination and use of personal data. The book also discusses many open problems in this area to encourage further research.
Sharing of location data enables numerous exciting applications, such as location-based queries, location-based social recommendations, monitoring of traffic and air pollution levels, etc. Disclosing exact user locations raises serious privacy concerns, as locations may give away sensitive information about individuals' health status, alternative lifestyles, political and religious affiliations, etc. Preserving location privacy is an essential requirement towards the successful deployment of location-based applications. These lecture notes provide an overview of the state-of-the-art in location privacy protection. A diverse body of solutions is reviewed, including methods that use location generalization, cryptographic techniques or differential privacy. The most prominent results are discussed, and promising directions for future work are identified.
Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis.The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or system that processes personal data. However, if existing privacy impact assessment frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part, in particular on the actual risk assessment task. For privacy impact assessments to keep up their promises and really play a decisive role in enhancing privacy protection, they should be more precise with regard to these technical aspects.This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions of personal data, stakeholders, risk sources, feared events, and privacy harms all while showing how these notions are used in the risk analysis process. It includes a running smart grids example to illustrate all the notions discussed in the book.
Over the last decade, differential privacy (DP) has emerged as the de facto standard privacy notion for research in privacy-preserving data analysis and publishing. The DP notion offers strong privacy guarantee and has been applied to many data analysis tasks.This Synthesis Lecture is the first of two volumes on differential privacy. This lecture differs from the existing books and surveys on differential privacy in that we take an approach balancing theory and practice. We focus on empirical accuracy performances of algorithms rather than asymptotic accuracy guarantees. At the same time, we try to explain why these algorithms have those empirical accuracy performances. We also take a balanced approach regarding the semantic meanings of differential privacy, explaining both its strong guarantees and its limitations.We start by inspecting the definition and basic properties of DP, and the main primitives for achieving DP. Then, we give a detailed discussion on the the semantic privacy guarantee provided by DP and the caveats when applying DP. Next, we review the state of the art mechanisms for publishing histograms for low-dimensional datasets, mechanisms for conducting machine learning tasks such as classification, regression, and clustering, and mechanisms for publishing information to answer marginal queries for high-dimensional datasets. Finally, we explain the sparse vector technique, including the many errors that have been made in the literature using it.The planned Volume 2 will cover usage of DP in other settings, including high-dimensional datasets, graph datasets, local setting, location privacy, and so on. We will also discuss various relaxations of DP.
This book deals with Private Information Retrieval (PIR), a technique allowing a user to retrieve an element from a server in possession of a database without revealing to the server which element is retrieved. PIR has been widely applied to protect the privacy of the user in querying a service provider on the Internet. For example, by PIR, one can query a location-based service provider about the nearest car park without revealing his location to the server. The first PIR approach was introduced by Chor, Goldreich, Kushilevitz and Sudan in 1995 in a multi-server setting, where the user retrieves information from multiple database servers, each of which has a copy of the same database. To ensure user privacy in the multi-server setting, the servers must be trusted not to collude. In 1997, Kushilevitz and Ostrovsky constructed the first single-database PIR. Since then, many efficient PIR solutions have been discovered. Beginning with a thorough survey of single-database PIR techniques, this text focuses on the latest technologies and applications in the field of PIR. The main categories are illustrated with recently proposed PIR-based solutions by the authors. Because of the latest treatment of the topic, this text will be highly beneficial to researchers and industry professionals in information security and privacy.
Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.
Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrates commonly used security mechanisms and techniques in mobile devices and allows a systematic comparison of different platforms. We analyze several mobile platforms using the model. In addition, this book explains hardware-security mechanisms typically present in a mobile device. We also discuss enterprise security extensions for mobile platforms and survey recent research in the area of mobile platform security. The objective of this book is to provide a comprehensive overview of the current status of mobile platform security for students, researchers, and practitioners.
As a fast-evolving new area, RFID security and privacy has quickly grown from a hungry infant to an energetic teenager during recent years. Much of the exciting development in this area is summarized in this book with rigorous analyses and insightful comments. In particular, a systematic overview on RFID security and privacy is provided at both the physical and network level. At the physical level, RFID security means that RFID devices should be identified with assurance in the presence of attacks, while RFID privacy requires that RFID devices should be identified without disclosure of any valuable information about the devices. At the network level, RFID security means that RFID information should be shared with authorized parties only, while RFID privacy further requires that RFID information should be shared without disclosure of valuable RFID information to any honest-but-curious server which coordinates information sharing. Not only does this book summarize the past, but it also provides new research results, especially at the network level. Several future directions are envisioned to be promising for advancing the research in this area.
Social media greatly enables people to participate in online activities and shatters the barrier for online users to create and share information at any place at any time. However, the explosion of user-generated content poses novel challenges for online users to find relevant information, or, in other words, exacerbates the information overload problem. On the other hand, the quality of user-generated content can vary dramatically from excellence to abuse or spam, resulting in a problem of information credibility. The study and understanding of trust can lead to an effective approach to addressing both information overload and credibility problems. Trust refers to a relationship between a trustor (the subject that trusts a target entity) and a trustee (the entity that is trusted). In the context of social media, trust provides evidence about with whom we can trust to share information and from whom we can accept information without additional verification. With trust, we make the mental shortcut by directly seeking information from trustees or trusted entities, which serves a two-fold purpose: without being overwhelmed by excessive information (i.e., mitigated information overload) and with credible information due to the trust placed on the information provider (i.e., increased information credibility). Therefore, trust is crucial in helping social media users collect relevant and reliable information, and trust in social media is a research topic of increasing importance and of practical significance. This book takes a computational perspective to offer an overview of characteristics and elements of trust and illuminate a wide range of computational tasks of trust. It introduces basic concepts, deliberates challenges and opportunities, reviews state-of-the-art algorithms, and elaborates effective evaluation methods in the trust study. In particular, we illustrate properties and representation models of trust, elucidate trust prediction with representative algorithms, and demonstrate real-world applications where trust is explicitly used. As a new dimension of the trust study, we discuss the concept of distrust and its roles in trust computing.
Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "e;secure"e; operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to satisfy these requirements, we see that the complexity of software systems often results in implementation challenges that we are still exploring to this day. However, if a system design does not aim for achieving the secure operating system requirements, then its security features fail to protect the system in a myriad of ways. We also study systems that have been retrofit with secure operating system features after an initial deployment. In all cases, the conflict between function on one hand and security on the other leads to difficult choices and the potential for unwise compromises. From this book, we hope that systems designers and implementors will learn the requirements for operating systems that effectively enforce security and will better understand how to manage the balance between function and security. Table of Contents: Introduction / Access Control Fundamentals / Multics / Security in Ordinary Operating Systems / Verifiable Security Goals / Security Kernels / Securing Commercial Operating Systems / Case Study: Solaris Trusted Extensions / Case Study: Building a Secure Operating System for Linux / Secure Capability Systems / Secure Virtual Machine Systems / System Assurance
The new field of cryptographic currencies and consensus ledgers, commonly referred to as blockchains, is receiving increasing interest from various different communities. These communities are very diverse and amongst others include: technical enthusiasts, activist groups, researchers from various disciplines, start ups, large enterprises, public authorities, banks, financial regulators, business men, investors, and also criminals. The scientific community adapted relatively slowly to this emerging and fast-moving field of cryptographic currencies and consensus ledgers. This was one reason that, for quite a while, the only resources available have been the Bitcoin source code, blog and forum posts, mailing lists, and other online publications. Also the original Bitcoin paper which initiated the hype was published online without any prior peer review. Following the original publication spirit of the Bitcoin paper, a lot of innovation in this field has repeatedly come from the community itself in the form of online publications and online conversations instead of established peer-reviewed scientific publishing. On the one side, this spirit of fast free software development, combined with the business aspects of cryptographic currencies, as well as the interests of today's time-to-market focused industry, produced a flood of publications, whitepapers, and prototypes. On the other side, this has led to deficits in systematization and a gap between practice and the theoretical understanding of this new field. This book aims to further close this gap and presents a well-structured overview of this broad field from a technical viewpoint. The archetype for modern cryptographic currencies and consensus ledgers is Bitcoin and its underlying Nakamoto consensus. Therefore we describe the inner workings of this protocol in great detail and discuss its relations to other derived systems.
The current social and economic context increasingly demands open data to improve scientific research and decision making. However, when published data refer to individual respondents, disclosure risk limitation techniques must be implemented to anonymize the data and guarantee by design the fundamental right to privacy of the subjects the data refer to. Disclosure risk limitation has a long record in the statistical and computer science research communities, who have developed a variety of privacy-preserving solutions for data releases. This Synthesis Lecture provides a comprehensive overview of the fundamentals of privacy in data releases focusing on the computer science perspective. Specifically, we detail the privacy models, anonymization methods, and utility and risk metrics that have been proposed so far in the literature. Besides, as a more advanced topic, we identify and discuss in detail connections between several privacy models (i.e., how to accumulate the privacy guarantees they offer to achieve more robust protection and when such guarantees are equivalent or complementary); we also explore the links between anonymization methods and privacy models (how anonymization methods can be used to enforce privacy models and thereby offer ex ante privacy guarantees). These latter topics are relevant to researchers and advanced practitioners, who will gain a deeper understanding on the available data anonymization solutions and the privacy guarantees they can offer.
Today, embedded systems are used in many security-critical applications, from access control, electronic tickets, sensors, and smart devices (e.g., wearables) to automotive applications and critical infrastructures. These systems are increasingly used to produce and process both security-critical and privacy-sensitive data, which bear many security and privacy risks. Establishing trust in the underlying devices and making them resistant to software and hardware attacks is a fundamental requirement in many applications and a challenging, yet unsolved, task. Solutions solely based on software can never ensure their own integrity and trustworthiness while resource-constraints and economic factors often prevent the integration of sophisticated security hardware and cryptographic co-processors. In this context, Physically Unclonable Functions (PUFs) are an emerging and promising technology to establish trust in embedded systems with minimal hardware requirements. This book explores the design of trusted embedded systems based on PUFs. Specifically, it focuses on the integration of PUFs into secure and efficient cryptographic protocols that are suitable for a variety of embedded systems. It exemplarily discusses how PUFs can be integrated into lightweight device authentication and attestation schemes, which are popular and highly relevant applications of PUFs in practice. For the integration of PUFs into secure cryptographic systems, it is essential to have a clear view of their properties. This book gives an overview of different approaches to evaluate the properties of PUF implementations and presents the results of a large scale security analysis of different PUF types implemented in application-specific integrated circuits (ASICs). To analyze the security of PUF-based schemes as is common in modern cryptography, it is necessary to have a security framework for PUFs and PUF-based systems. In this book, we give a flavor of the formal modeling of PUFs that is in its beginning and that is still undergoing further refinement in current research. The objective of this book is to provide a comprehensive overview of the current state of secure PUF-based cryptographic system design and the related challenges and limitations. Table of Contents: Preface / Introduction / Basics of Physically Unclonable Functions / Attacks on PUFs and PUF-based Systems / Advanced PUF Concepts / PUF Implementations and Evaluation / PUF-based Cryptographic Protocols / Security Model for PUF-based Systems / Conclusion / Terms and Abbreviations / Bibliography / Authors' Biographies
Increasingly our critical infrastructures are reliant on computers. We see examples of such infrastructures in several domains, including medical, power, telecommunications, and finance. Although automation has advantages, increased reliance on computers exposes our critical infrastructures to a wider variety and higher likelihood of accidental failures and malicious attacks. Disruption of services caused by such undesired events can have catastrophic effects, such as disruption of essential services and huge financial losses. The increased reliance of critical services on our cyberinfrastructure and the dire consequences of security breaches have highlighted the importance of information security. Authorization, security protocols, and software security are three central areas in security in which there have been significant advances in developing systematic foundations and analysis methods that work for practical systems. This book provides an introduction to this work, covering representative approaches, illustrated by examples, and providing pointers to additional work in the area. Table of Contents: Introduction / Foundations / Detecting Buffer Overruns Using Static Analysis / Analyzing Security Policies / Analyzing Security Protocols
This book constitutes the refereed proceedings of the 6th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2022, held in Be'er Sheva, Israel, in June - July 2022.The 24 full and 11 short papers presented together with a keynote paper in this volume were carefully reviewed and selected from 53 submissions. They deal with the theory, design, analysis, implementation, or application of cyber security, cryptography and machine learning systems and networks, and conceptually innovative topics in these research areas.
Tilmeld dig nyhedsbrevet og få gode tilbud og inspiration til din næste læsning.
Ved tilmelding accepterer du vores persondatapolitik.