32,215 research outputs found
Authentication of Students and Students’ Work in E-Learning : Report for the Development Bid of Academic Year 2010/11
Global e-learning market is projected to reach $107.3 billion by 2015 according to a new report by The Global Industry Analyst (Analyst 2010). The popularity and growth of the online programmes within the School of Computer Science obviously is in line with this projection. However, also on the rise are students’ dishonesty and cheating in the open and virtual environment of e-learning courses (Shepherd 2008). Institutions offering e-learning programmes are facing the challenges of deterring and detecting these misbehaviours by introducing security mechanisms to the current e-learning platforms. In particular, authenticating that a registered student indeed takes an online assessment, e.g., an exam or a coursework, is essential for the institutions to give the credit to the correct candidate. Authenticating a student is to ensure that a student is indeed who he says he is. Authenticating a student’s work goes one step further to ensure that an authenticated student indeed does the submitted work himself. This report is to investigate and compare current possible techniques and solutions for authenticating distance learning student and/or their work remotely for the elearning programmes. The report also aims to recommend some solutions that fit with UH StudyNet platform.Submitted Versio
Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database
With the increasing importance of the internet in our day to day life, data
security in web application has become very crucial. Ever increasing on line
and real time transaction services have led to manifold rise in the problems
associated with the database security. Attacker uses illegal and unauthorized
approaches to hijack the confidential information like username, password and
other vital details. Hence the real time transaction requires security against
web based attacks. SQL injection and cross site scripting attack are the most
common application layer attack. The SQL injection attacker pass SQL statement
through a web applications input fields, URL or hidden parameters and get
access to the database or update it. The attacker take a benefit from user
provided data in such a way that the users input is handled as a SQL code.
Using this vulnerability an attacker can execute SQL commands directly on the
database. SQL injection attacks are most serious threats which take users input
and integrate it into SQL query. Reverse Proxy is a technique which is used to
sanitize the users inputs that may transform into a database attack. In this
technique a data redirector program redirects the users input to the proxy
server before it is sent to the application server. At the proxy server, data
cleaning algorithm is triggered using a sanitizing application. In this
framework we include detection and sanitization of the tainted information
being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference,
Mumba
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Device-Based Isolation for Securing Cryptographic Keys
In this work, we describe an eective device-based isolation
approach for achieving data security. Device-based isolation
leverages the proliferation of personal computing devices to
provide strong run-time guarantees for the condentiality of
secrets. To demonstrate our isolation approach, we show its
use in protecting the secrecy of highly sensitive data that
is crucial to security operations, such as cryptographic keys
used for decrypting ciphertext or signing digital signatures.
Private key is usually encrypted when not used, however,
when being used, the plaintext key is loaded into the memory
of the host for access. In our threat model, the host may
be compromised by attackers, and thus the condentiality of
the host memory cannot be preserved. We present a novel
and practical solution and its prototype called DataGuard to
protect the secrecy of the highly sensitive data through the
storage isolation and secure tunneling enabled by a mobile
handheld device. DataGuard can be deployed for the key
protection of individuals or organizations
FAST : a fault detection and identification software tool
The aim of this work is to improve the reliability and safety of complex critical control systems by contributing to the systematic application of fault diagnosis. In order to ease the utilization of fault detection and isolation (FDI) tools in the industry, a systematic approach is required to allow the process engineers to analyze a system from this perspective. In this way, it should be possible to analyze this system to find if it provides the required fault diagnosis and redundancy according to the process criticality. In addition, it should be possible to evaluate what-if scenarios by slightly modifying the process (f.i. adding sensors or changing their placement) and evaluating the impact in terms of the fault diagnosis and redundancy possibilities.
Hence, this work proposes an approach to analyze a process from the FDI perspective and for this purpose provides the tool FAST which covers from the analysis and design phase until the final FDI supervisor implementation in a real process. To synthesize the process information, a very simple format has been defined based on XML. This format provides the needed information to systematically perform the Structural Analysis of that process. Any process can be analyzed, the only restriction is that the models of the process components need to be available in the FAST tool. The processes are described in FAST in terms of process variables, components and relations and the tool performs the structural analysis of the process obtaining: (i) the structural matrix, (ii) the perfect matching, (iii) the analytical redundancy relations (if any) and (iv) the fault signature matrix.
To aid in the analysis process, FAST can operate stand alone in simulation mode allowing the process engineer to evaluate the faults, its detectability and implement changes in the process components and topology to improve the diagnosis and redundancy capabilities. On the other hand, FAST can operate on-line connected to the process plant through an OPC interface. The OPC interface enables the possibility to connect to almost any process which features a SCADA system for supervisory control. When running in on-line mode, the process is monitored by a software agent known as the Supervisor Agent.
FAST has also the capability of implementing distributed FDI using its multi-agent architecture. The tool is able to partition complex industrial processes into subsystems, identify which process variables need to be shared by each subsystem and instantiate a Supervision Agent for each of the partitioned subsystems. The Supervision Agents once instantiated will start diagnosing their local components and handle the requests to provide the variable values which FAST has identified as shared with other agents to support the distributed FDI process.Per tal de facilitar la utilitzaciĂł d'eines per la detecciĂł i identificaciĂł de fallades (FDI) en la indĂşstria, es requereix un enfocament sistemĂ tic per permetre als enginyers de processos analitzar un sistema des d'aquesta perspectiva. D'aquesta forma, hauria de ser possible analitzar aquest sistema per determinar si proporciona el diagnosi de fallades i la redundĂ ncia d'acord amb la seva criticitat. A mĂ©s, hauria de ser possible avaluar escenaris de casos modificant lleugerament el procĂ©s (per exemple afegint sensors o canviant la seva localitzaciĂł) i avaluant l'impacte en quant a les possibilitats de diagnosi de fallades i redundĂ ncia. Per tant, aquest projecte proposa un enfocament per analitzar un procĂ©s des de la perspectiva FDI i per tal d'implementar-ho proporciona l'eina FAST la qual cobreix des de la fase d'anĂ lisi i disseny fins a la implementaciĂł final d'un supervisor FDI en un procĂ©s real. Per sintetitzar la informaciĂł del procĂ©s s'ha definit un format simple basat en XML. Aquest format proporciona la informaciĂł necessĂ ria per realitzar de forma sistemĂ tica l'AnĂ lisi Estructural del procĂ©s. Qualsevol procĂ©s pot ser analitzat, nomĂ©s hi ha la restricciĂł de que els models dels components han d'estar disponibles en l'eina FAST. Els processos es descriuen en termes de variables de procĂ©s, components i relacions i l'eina realitza l'anĂ lisi estructural obtenint: (i) la matriu estructural, (ii) el Perfect Matching, (iii) les relacions de redundĂ ncia analĂtica, si n'hi ha, i (iv) la matriu signatura de fallades. Per ajudar durant el procĂ©s d'anĂ lisi, FAST pot operar aĂŻlladament en mode de simulaciĂł permetent a l'enginyer de procĂ©s avaluar fallades, la seva detectabilitat i implementar canvis en els components del procĂ©s i la topologia per tal de millorar les capacitats de diagnosi i redundĂ ncia. Per altra banda, FAST pot operar en lĂnia connectat al procĂ©s de la planta per mitjĂ d'una interfĂcie OPC. La interfĂcie OPC permet la possibilitat de connectar gairebĂ© a qualsevol procĂ©s que inclogui un sistema SCADA per la seva supervisiĂł. Quan funciona en mode en lĂnia, el procĂ©s estĂ monitoritzat per un agent software anomenat l'Agent Supervisor. Addicionalment, FAST tĂ© la capacitat d'implementar FDI de forma distribuĂŻda utilitzant la seva arquitectura multi-agent. L'eina permet dividir sistemes industrials complexes en subsistemes, identificar quines variables de procĂ©s han de ser compartides per cada subsistema i generar una instĂ ncia d'Agent Supervisor per cadascun dels subsistemes identificats. Els Agents Supervisor un cop activats, començaran diagnosticant els components locals i despatxant les peticions de valors per les variables que FAST ha identificat com compartides amb altres agents, per tal d'implementar el procĂ©s FDI de forma distribuĂŻda.Postprint (published version
A Real-Time Remote IDS Testbed for Connected Vehicles
Connected vehicles are becoming commonplace. A constant connection between
vehicles and a central server enables new features and services. This added
connectivity raises the likelihood of exposure to attackers and risks
unauthorized access. A possible countermeasure to this issue are intrusion
detection systems (IDS), which aim at detecting these intrusions during or
after their occurrence. The problem with IDS is the large variety of possible
approaches with no sensible option for comparing them. Our contribution to this
problem comprises the conceptualization and implementation of a testbed for an
automotive real-world scenario. That amounts to a server-side IDS detecting
intrusions into vehicles remotely. To verify the validity of our approach, we
evaluate the testbed from multiple perspectives, including its fitness for
purpose and the quality of the data it generates. Our evaluation shows that the
testbed makes the effective assessment of various IDS possible. It solves
multiple problems of existing approaches, including class imbalance.
Additionally, it enables reproducibility and generating data of varying
detection difficulties. This allows for comprehensive evaluation of real-time,
remote IDS.Comment: Peer-reviewed version accepted for publication in the proceedings of
the 34th ACM/SIGAPP Symposium On Applied Computing (SAC'19
MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
With the widespread use of machine learning (ML) techniques, ML as a service
has become increasingly popular. In this setting, an ML model resides on a
server and users can query it with their data via an API. However, if the
user's input is sensitive, sending it to the server is undesirable and
sometimes even legally not possible. Equally, the service provider does not
want to share the model by sending it to the client for protecting its
intellectual property and pay-per-query business model.
In this paper, we propose MLCapsule, a guarded offline deployment of machine
learning as a service. MLCapsule executes the model locally on the user's side
and therefore the data never leaves the client. Meanwhile, MLCapsule offers the
service provider the same level of control and security of its model as the
commonly used server-side execution. In addition, MLCapsule is applicable to
offline applications that require local execution. Beyond protecting against
direct model access, we couple the secure offline deployment with defenses
against advanced attacks on machine learning models such as model stealing,
reverse engineering, and membership inference
- …