2,579 research outputs found
How to design browser security and privacy alerts
Browser security and privacy alerts must be designed to ensure they are of value to the end-user, and communicate risks efficiently. We performed a systematic literature review, producing a list of guidelines from the research. Papers were analysed quantitatively and qualitatively to formulate a comprehensive set of guidelines. Our findings seek to provide developers and designers with guidance as to how to construct security and privacy alerts. We conclude by providing an alert template, highlighting its adherence to the derived guidelines
A Survey of Methods for Encrypted Traffic Classification and Analysis
With the widespread use of encrypted data transport network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted traffic. First, we describe the most widespread encryption protocols used throughout the Internet. We show that the initiation of an encrypted connection and the protocol structure give away a lot of information for encrypted traffic classification and analysis. Then, we survey payload and feature-based classification methods for encrypted traffic and categorize them using an established taxonomy. The advantage of some of described classification methods is the ability to recognize the encrypted application protocol in addition to the encryption protocol. Finally, we make a comprehensive comparison of the surveyed feature-based classification methods and present their weaknesses and strengths.Ĺ ifrovánĂ sĂĹĄovĂ©ho provozu se v dnešnĂ dobÄ› stalo standardem. To pĹ™inášà vysokĂ© nároky na monitorovánĂ sĂĹĄovĂ©ho provozu, zejmĂ©na pak na analĂ˝zu provozu a detekci anomáliĂ, kterĂ© jsou závislĂ© na znalosti typu sĂĹĄovĂ©ho provozu. V tomto ÄŤlánku pĹ™inášĂme pĹ™ehled existujĂcĂch zpĹŻsobĹŻ klasifikace a analĂ˝zy šifrovanĂ©ho provozu. Nejprve popisujeme nejrozšĂĹ™enÄ›jšà šifrovacĂ protokoly, a ukazujeme, jakĂ˝m zpĹŻsobem lze zĂskat informace pro analĂ˝zu a klasifikaci šifrovanĂ©ho provozu. NáslednÄ› se zabĂ˝váme klasifikaÄŤnĂmi metodami zaloĹľenĂ˝mi na obsahu paketĹŻ a vlastnostech sĂĹĄovĂ©ho provozu. Tyto metody klasifikujeme pomocĂ zavedenĂ© taxonomie. VĂ˝hodou nÄ›kterĂ˝ch popsanĂ˝ch klasifikaÄŤnĂch metod je schopnost rozeznat nejen šifrovacĂ protokol, ale takĂ© šifrovanĂ˝ aplikaÄŤnĂ protokol. Na závÄ›r porovnáváme silnĂ© a slabĂ© stránky všech popsanĂ˝ch klasifikaÄŤnĂch metod
Trusted Execution Environments in Protecting Machine Learning Models
The adaptation and application of machine learning (ML) has grown extensively in recent years, and has awakened concern about the safety of intellectual property (IP) related to the machine learning models. The training of machine learning models is a time-consuming and expensive task, that has increased the demand of better solutions to protect the intellectual property of the machine learning models. This thesis explores the promising potential of Trusted Execution Environments (TEE) like Intel's Software Guard Extensions (Intel SGX), in protecting intellectual property related to machine learning models. The concern of ML model safety arises especially when the software solution needs to be distributed to clients or machine learning operations needs to be done in an untrusted environment. The main focus of this thesis is on Intel's SGX, which is one of the most used TEE implementations. This thesis tries to answer to the questions on how TEEs can be used to protect IP of the ML models, what aspects need to be considered and what limitations may arise
SINGLE SIGN ON SYSTEM
This report is provided to explain regarding the Single Sign-On system. In this report, it
will give a thorough view on Single Sign-On focusing on the system purpose, scope of
study, methodology, results and conclusion. For the purpose point of view, this system is
a type of software authentication that enables a userto authenticate once and gainaccess
to the resources of multiple software systems. This is to make sure that the user
authentication process becomes easy as they don't have to enter multiple usernames and
passwords for multiple systems. In order to achieve this objective, the scope of the
system has to be analyzed first. For this system, it will only relate to the systemsthat are
web-based applications. In other words, we can call this system as Single Sign-On Web
Portal. For the methodology part, PHP language as well as Apache server will be used to
complete this project. It is one of the most demanding types of programming language
nowadays. This system will also be divided into 2 parts: user interface and administration
interface. For the results part, this report will shown the work progress as well as the
screenshot of the system interface. The discussions along the work progress will also
being included. Last but not, for the conclusion part, this report will conclude all the work
done and provide recommendation for system enhancement in the future. This report will
be guidance through out the system, from the first it being planned until the end product
comes out
- …