Privacy-Aware Access Protocols for MEC Applications in 5G

Multi-access edge computing (MEC) is one of the emerging key technologies in fifth generation (5G) mobile networks, providing reduced end-to-end latency for applications and reduced load in the transport network. This paper proposes mechanisms to enhance user privacy in MEC within 5G. We consider a basic MEC usage scenario, where the user accesses an application hosted in the MEC platform via the radio access network of the mobile network operator (MNO). First, we create a system model based on this scenario. Second, we define the adversary model and give the list of privacy requirements for this system model. We also analyze the impact on user privacy when some of the parties in our model share information that is not strictly needed for providing the service. Third, we introduce a privacy-aware access protocol for the system model and analyze this protocol against the privacy requirements

Compromising emanations: overview and system analysis

Рассмотрена задача побочных электромагнитных излучений опасных сигналов в ближней, промежуточной и дальней зонах. Проанализированы экспериментальные данные побочных электромагнитных излучений различных технических средств. Предложен системный анализ для нахождения и изучения побочных электромагнитных излучений. Целью данного подхода является создание корректной теоретической базы в области технической защиты информации. Рассмотрен метод векторных нестационарных потенциалов для нахождения компонент электромагнитного поля опасных сигналов в ближней, промежуточной и дальней зонах излучения. Применение нового метода позволяет исследовать побочные электромагнитные излучения технических средств во временной и в частотной области

Review of Contemporary Literature on Machine Learning based Malware Analysis and Detection Strategies

Abstract: malicious software also known as malware are the critical security threat experienced by the current ear of internet and computer system users. The malwares can morph to access or control the system level operations in multiple dimensions. The traditional malware detection strategies detects by signatures, which are not capable to notify the unknown malwares. The machine learning models learns from the behavioral patterns of the existing malwares and attempts to notify the malwares with similar behavioral patterns, hence these strategies often succeeds to notify even about unknown malwares. This manuscript explored the detailed review of machine learning based malware detection strategies found in contemporary literature

Making Linux protection mechanisms egalitarian with UserFS

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2011.Cataloged from PDF version of thesis.Includes bibliographical references (p. 46-51).UserFS provides egalitarian OS protection mechanisms in Linux. UserFS allows any user-not just the system administrator-to allocate Unix user IDs, to use chroot, and to set up firewall rules in order to confine untrusted code. One key idea in UserFS is representing user IDs as files in a /proc-like file system, thus allowing applications to manage user IDs like any other files, by setting permissions and passing file descriptors over Unix domain sockets. UserFS addresses several challenges in making user IDs egalitarian, including accountability, resource allocation, persistence, and UID reuse. We have ported several applications to take advantage of UserFS; by changing just tens to hundreds of lines of code, we prevented attackers from exploiting application-level vulnerabilities, such as code injection or missing ACL checks in a PHP-based wiki application. Implementing UserFS requires minimal changes to the Linux kernel-a single 3,000-line kernel module-and incurs no performance overhead for most operations, making it practical to deploy on real systems.by Taesoo Kim.S.M

Making Linux Protection Mechanisms Egalitarian with UserFS

URL to paper on conference site: http://www.usenix.org/events/sec10/tech/UserFS provides egalitarian OS protection mechanisms in Linux. UserFS allows any user—not just the system administrator—to allocate Unix user IDs, to use chroot, and to set up firewall rules in order to confine untrusted code. One key idea in UserFS is representing user IDs as files in a /proc-like file system, thus allowing applications to manage user IDs like any other files, by setting permissions and passing file descriptors over Unix domain sockets. UserFS addresses several challenges in making user IDs egalitarian, including accountability, resource allocation, persistence, and UID reuse. We have ported several applications to take advantage of UserFS; by changing just tens to hundreds of lines of code, we prevented attackers from exploiting application-level vulnerabilities, such as code injection or missing ACL checks in a PHP-based wiki application. Implementing UserFS requires minimal changes to the Linux kernel—a single 3,000-line kernel module—and incurs no performance overhead for most operations, making it practical to deploy on real systems.Quanta Computer (Firm)Samsung Scholarship Foundatio

This time is different : Facebook’s Libra can improve both financial inclusion and global financial stability as a viable alternative currency to the U.S. Dollar

Purpose: The aim of this study is to determine the relationship between the propagation of high-magnitude crises since the late 1990s and emergence of cryptocurrencies in the aftermath of the global financial crisis of 2008. Design and Methodology: The study was based on a literature review of the interaction between financial crises and evolution of money in the digital age. A high-level technical overview of Libra and blockchain is provided. The broad analysis of Libra coin looks at various models and categories of implementation approaches. The study discusses the components of blockchain technology and provides illustrative visuals when possible. We also compare consensus models used in the Libra and Bitcoin blockchain networks. The analysis also touches on the use of blockchain technology in applications such as smart contracts. Findings: The study shows that cryptocurrencies are not only a natural but an inevitable transformation in the evolution of money. As with any new technology, Facebook’s Libra is going to cause a great deal of disruption in the existing ecosystem of cryptocurrencies that has taken a decade to form. On the other hand, Libra’s financial inclusion and global stability as a public good promises to revolutionize the cryptocurrency world. Practical Implications: If Facebook’s Libra doesn’t sputter out, it will spur central banks to introduce their own cryptocurrency projects. Libra’s vast scale will make access to intermediation by banks easier, faster, and cheaper. Unlike Bitcoin, Libra will be backed by a basket of stable currencies as well as low-risk government bonds and central bank reserve assets. Originality/Value: This study presents a clear picture of both advantages and potential risks of Libra which is considered to be a new invention eventhough Bitcoin has been around more than a decade. The study warns regulators and law makers along with central banks who are running headlong into backlash to Libra can harm consumers more than protect them. Punishing Facebook with a troubled past for violation of privacy and exploitation of users’ data could adversely affect innovation and discourage developments of cryptocurrencies.peer-reviewe

Mal-Netminer: Malware Classification Approach based on Social Network Analysis of System Call Graph

As the security landscape evolves over time, where thousands of species of malicious codes are seen every day, antivirus vendors strive to detect and classify malware families for efficient and effective responses against malware campaigns. To enrich this effort, and by capitalizing on ideas from the social network analysis domain, we build a tool that can help classify malware families using features driven from the graph structure of their system calls. To achieve that, we first construct a system call graph that consists of system calls found in the execution of the individual malware families. To explore distinguishing features of various malware species, we study social network properties as applied to the call graph, including the degree distribution, degree centrality, average distance, clustering coefficient, network density, and component ratio. We utilize features driven from those properties to build a classifier for malware families. Our experimental results show that influence-based graph metrics such as the degree centrality are effective for classifying malware, whereas the general structural metrics of malware are less effective for classifying malware. Our experiments demonstrate that the proposed system performs well in detecting and classifying malware families within each malware class with accuracy greater than 96%.Comment: Mathematical Problems in Engineering, Vol 201

Malware Finances and Operations: a Data-Driven Study of the Value Chain for Infections and Compromised Access

We investigate the criminal market dynamics of infostealer malware and publish three evidence datasets on malware infections and trade. We justify the value chain between illicit enterprises using the datasets, compare the prices and added value, and use the value chain to identify the most effective countermeasures. We begin by examining infostealer malware victim logs shared by actors on hacking forums, and extract victim information and mask sensitive data to protect privacy. We find access to these same victims for sale at Genesis Market. This technically sophisticated marketplace provides its own browser to access victim's online accounts. We collect a second dataset and discover that 91% of prices fall between 1--20 US dollars, with a median of 5 US dollars. Database Market sells access to compromised online accounts. We produce yet another dataset, finding 91% of prices fall between 1--30 US dollars, with a median of 7 US dollars.Comment: In The 18th International Conference on Availability, Reliability and Security (ARES 2023), August 29 -- September 1, 2023, Benevento, Ital