760 research outputs found
Compartmentation policies for Android apps:A combinatorial optimization approach
Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this paper, we revisit the perils of app coexistence in the same platform and propose a risk mitigation mechanism based on segregating apps into isolated groups following classical security compartmentation principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each group of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentation as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentation solutions can be obtained for the problem sizes expected in current’s mobile environments
Adversarial Agents For Attacking Inaudible Voice Activated Devices
The paper applies reinforcement learning to novel Internet of Thing
configurations. Our analysis of inaudible attacks on voice-activated devices
confirms the alarming risk factor of 7.6 out of 10, underlining significant
security vulnerabilities scored independently by NIST National Vulnerability
Database (NVD). Our baseline network model showcases a scenario in which an
attacker uses inaudible voice commands to gain unauthorized access to
confidential information on a secured laptop. We simulated many attack
scenarios on this baseline network model, revealing the potential for mass
exploitation of interconnected devices to discover and own privileged
information through physical access without adding new hardware or amplifying
device skills. Using Microsoft's CyberBattleSim framework, we evaluated six
reinforcement learning algorithms and found that Deep-Q learning with
exploitation proved optimal, leading to rapid ownership of all nodes in fewer
steps. Our findings underscore the critical need for understanding
non-conventional networks and new cybersecurity measures in an ever-expanding
digital landscape, particularly those characterized by mobile devices, voice
activation, and non-linear microphones susceptible to malicious actors
operating stealth attacks in the near-ultrasound or inaudible ranges. By 2024,
this new attack surface might encompass more digital voice assistants than
people on the planet yet offer fewer remedies than conventional patching or
firmware fixes since the inaudible attacks arise inherently from the microphone
design and digital signal processing
The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach
Wireless sensor networks consist of a large number of distributed sensor
nodes so that potential risks are becoming more and more unpredictable. The new
entrants pose the potential risks when they move into the secure zone. To build
a door wall that provides safe and secured for the system, many recent research
works applied the initial authentication process. However, the majority of the
previous articles only focused on the Central Authority (CA) since this leads
to an increase in the computation cost and energy consumption for the specific
cases on the Internet of Things (IoT). Hence, in this article, we will lessen
the importance of these third parties through proposing an enhanced
authentication mechanism that includes key management and evaluation based on
the past interactions to assist the objects joining a secured area without any
nearby CA. We refer to a mobility dataset from CRAWDAD collected at the
University Politehnica of Bucharest and rebuild into a new random dataset
larger than the old one. The new one is an input for a simulated authenticating
algorithm to observe the communication cost and resource usage of devices. Our
proposal helps the authenticating flexible, being strict with unknown devices
into the secured zone. The threshold of maximum friends can modify based on the
optimization of the symmetric-key algorithm to diminish communication costs
(our experimental results compare to previous schemes less than 2000 bits) and
raise flexibility in resource-constrained environments.Comment: 27 page
Evolution, testing and configuration of variability intensive systems
Tesis descargada desde ResearchGateOne of the key characteristics of software is its ability to be adapted and configured to different scenarios. Recently, software variability has been studied as a first-class concept in different domains ranging from software product lines to pervasive systems. Variability is the ability of a software product to vary depending on different circumstances. Variability intensive systems are those software products where variability management is a core engineering activity. The varying parts of those systems are commonly modeled by us- ing different variability model flavors, being feature modeling one of the most common ones. Feature models were first introduced by Kang et al. back in 1990 and are a compact representation of a set of configurations in a variability intensive system.
The large number of configurations that a feature model can encode makes the manual analysis of feature models an error prone and costly task. Then, computer-aided mechanisms appeared as a solution to extract useful information from feature models. This process of extracting information from feature models is known as ¿Automated Analysis of Feature models¿ that has been one of the main areas of research in the last years where more than thirty analysis operations have been proposed.Premio Extraordinario de Doctorado U
- …