1,262 research outputs found
基于区块链的网络安全技术综述
随着移动互联网与物联网技术的发展,网络空间承载了海量数据,必须保证其安全性和隐私性。基于区块链的网络安全机制具有去中心化、不可篡改、可追溯、高可信和高可用的特性,有利于提升网络安全性。探讨了区块链在网络安全方面的应用方案,分析了基于区块链的网络安全机制的主要技术特点和方法以及未来研究方向。首先探讨了数据管理体系应用区块链进行数据管理的方法,利用区块链不可篡改的特性提高数据的真实性和可靠性。其次分析了物联网应用区块链进行设备管理的方案,通过区块链记录和执行设备控制指令,强化物联网设备权限和通信管理。最后研究了域名系统应用区块链的部署方案,利用区块链的去中心化结构抵抗针对中心节点的分布式拒绝服务攻击。国家自然科学基金资助项目(No.61671396);;东南大学移动通信国家重点实验室开放基金资助项目(No.2018D08);;佛山市科技创新项目(No.2015IT100095)~
Adversarial samples on android malware detection systems for IoT systems
Many IoT (Internet of Things) systems run Android systems or Android-like systems. With the continuous development of machine learning algorithms, the learning-based Android malware detection system for IoT devices has gradually increased. However, these learning-based detection models are often vulnerable to adversarial samples. An automated testing framework is needed to help these learning-based malware detection systems for IoT devices perform security analysis. The current methods of generating adversarial samples mostly require training parameters of models and most of the methods are aimed at image data. To solve this problem, we propose a testing framework for learning-based Android malware detection systems (TLAMD) for IoT Devices. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample without affecting the features of the application. By introducing genetic algorithms and some technical improvements, our test framework can generate adversarial samples for the IoT Android application with a success rate of nearly 100% and can perform black-box testing on the system.This research was funded by the National Natural Science Foundation of China under Grant No. 61672170, No. 61871313 and No. 61572115, in part by the National Key R&D Plan under Grant CNS 2016QY06X1205.Scopu
Transaction Propagation on Permissionless Blockchains: Incentive and Routing Mechanisms
Existing permissionless blockchain solutions rely on peer-to-peer propagation
mechanisms, where nodes in a network transfer transaction they received to
their neighbors. Unfortunately, there is no explicit incentive for such
transaction propagation. Therefore, existing propagation mechanisms will not be
sustainable in a fully decentralized blockchain with rational nodes. In this
work, we formally define the problem of incentivizing nodes for transaction
propagation. We propose an incentive mechanism where each node involved in the
propagation of a transaction receives a share of the transaction fee. We also
show that our proposal is Sybil-proof. Furthermore, we combine the incentive
mechanism with smart routing to reduce the communication and storage costs at
the same time. The proposed routing mechanism reduces the redundant transaction
propagation from the size of the network to a factor of average shortest path
length. The routing mechanism is built upon a specific type of consensus
protocol where the round leader who creates the transaction block is known in
advance. Note that our routing mechanism is a generic one and can be adopted
independently from the incentive mechanism.Comment: 2018 Crypto Valley Conference on Blockchain Technolog
Security Champions Without Support: Results from a Case Study with OWASP SAMM in a Large-Scale E-Commerce Enterprise
Developer-centered security research has identified a variety of reasons why software developers do not follow recommended security practices: lack of knowledge, outdated information sources, time pressure, and low usability of security mechanisms and tools. Contextual factors play an important role in security, but few studies have investigated security interventions with developers in organizational settings. In this case study, we track the impact of appointing security champions in a large e-commerce company with five software development teams, using the OWASP Security Assurance Maturity Model (OWASP SAMM) to measure the extent to which security practices were adopted. We also elicited the experiences of the security champions and developers in each team in 15 qualitative interviews. The results of the OWASP SAMM assessment show the adoption of secure practices varied widely between the different teams. Results from the interviews revealed different levels of security knowledge and commitment to the role between the security champions - but they agree in their perceived lack of support from company security experts and management. We conclude that secure software development requires more than appointing individuals such as security champions - to transform software development practices requires an organization-wide commitment, including access to resources and support
- …