28,625 research outputs found
Towards a Security Engineering Process Model for Electronic Business Processes
Business process management (BPM) and accompanying systems aim at enabling
enterprises to become adaptive. In spite of the dependency of enterprises on
secure business processes, BPM languages and techniques provide only little
support for security. Several complementary approaches have been proposed for
security in the domain of BPM. Nevertheless, support for a systematic procedure
for the development of secure electronic business processes is still missing.
In this paper, we pinpoint the need for a security engineering process model in
the domain of BPM and identify key requirements for such process model.Comment: Ninth European Dependable Computing Conference (EDCC 2012
Byzantine Fault Tolerance for Nondeterministic Applications
All practical applications contain some degree of nondeterminism. When such
applications are replicated to achieve Byzantine fault tolerance (BFT), their
nondeterministic operations must be controlled to ensure replica consistency.
To the best of our knowledge, only the most simplistic types of replica
nondeterminism have been dealt with. Furthermore, there lacks a systematic
approach to handling common types of nondeterminism. In this paper, we propose
a classification of common types of replica nondeterminism with respect to the
requirement of achieving Byzantine fault tolerance, and describe the design and
implementation of the core mechanisms necessary to handle such nondeterminism
within a Byzantine fault tolerance framework.Comment: To appear in the proceedings of the 3rd IEEE International Symposium
on Dependable, Autonomic and Secure Computing, 200
A Byzantine Fault Tolerant Distributed Commit Protocol
In this paper, we present a Byzantine fault tolerant distributed commit
protocol for transactions running over untrusted networks. The traditional
two-phase commit protocol is enhanced by replicating the coordinator and by
running a Byzantine agreement algorithm among the coordinator replicas. Our
protocol can tolerate Byzantine faults at the coordinator replicas and a subset
of malicious faults at the participants. A decision certificate, which includes
a set of registration records and a set of votes from participants, is used to
facilitate the coordinator replicas to reach a Byzantine agreement on the
outcome of each transaction. The certificate also limits the ways a faulty
replica can use towards non-atomic termination of transactions, or semantically
incorrect transaction outcomes.Comment: To appear in the proceedings of the 3rd IEEE International Symposium
on Dependable, Autonomic and Secure Computing, 200
Dependable Information Exchange for the Next Generation Mobile Cyber-Physical Systems
Mobile cyber-physical systems (M-CPSs) are envisaged as an integral part of our digital future. Dependability of M-CPSs is subject to timely, reliable, and secure information exchange among M-CPS entities. Information exchange provisioning in such systems is conventionally built with sole reliance on wireless connectivity. The conventional approaches, however, fail to efficiently exploit dynamism and heterogeneity, and to incorporate computing/cooperation as alternative system-wide tools for information exchange. To address these issues, we approach M-CPSs dependability from the information exchange perspective and define dependable-exchange-of-information (DeX) indicating collective M-CPS capability of information exchange provisioning. We then propose a cloud-based architecture for DeX provisioning as a service to facilitate versatile development of dependable M-CPSs
Cryptanalysis of ``FS-PEKS: Lattice-based Forward Secure Public-key Encryption with Keyword Search for Cloud-assisted Industrial Internet of Things\u27\u27
In this note, we review lattice-based public-key encryption with the keyword search against inside keyword guess attacks (IKGAs) proposed by Zhang \textit{et al}. in IEEE Transactions on Dependable and Secure Computing in 2021. We demonstrate that this scheme is insecure for IKGAs, although Zhang \textit{et al.} demonstrated a secure proof
Fault Injection Analytics: A Novel Approach to Discover Failure Modes in Cloud-Computing Systems
Cloud computing systems fail in complex and unexpected ways due to unexpected
combinations of events and interactions between hardware and software
components. Fault injection is an effective means to bring out these failures
in a controlled environment. However, fault injection experiments produce
massive amounts of data, and manually analyzing these data is inefficient and
error-prone, as the analyst can miss severe failure modes that are yet unknown.
This paper introduces a new paradigm (fault injection analytics) that applies
unsupervised machine learning on execution traces of the injected system, to
ease the discovery and interpretation of failure modes. We evaluated the
proposed approach in the context of fault injection experiments on the
OpenStack cloud computing platform, where we show that the approach can
accurately identify failure modes with a low computational cost.Comment: IEEE Transactions on Dependable and Secure Computing; 16 pages. arXiv
admin note: text overlap with arXiv:1908.1164
SECURE DEPENDABLE SELECTIVE STORAGE SERVICES AND SUPPORT FOR DYNAMIC DATA OPERATIONS IN CLOUD COMPUTING
Cloud computing has been envisioned as the next generation architecture of IT enterprise. It moves the application software and databases to the centralized large data centers where management of data and services may not be fully trustworthy. This unique paradigm brings out many new security challenges like, maintaining correctness and integrity of data in cloud. Integrity of cloud data may be lost due to unauthorized access, modification or deletion of data. Lacking of availability of data may be due to the cloud service providers (CSP), in order to increase their margin of profit by reducing the cost, CSP may discard rarely accessed data without detecting in timely fashion. To overcome above issues, flexible distributed storage, token utilizing, signature creations used to ensure integrity of data, auditing mechanism used assists in maintaining the correctness of data and also locating, identifying of server where exactly the data has been corrupted and also dependability and availability of data achieved through distributed storage of data in cloud. Further in order to ensure authorized access to cloud data a admin module has been proposed in our previous conference paper, which prevents unauthorized users from accessing data and also selective storage scheme based on different parameters of cloud servers proposed in previous paper, in order to provide efficient storage of data in the cloud. In order to provide more efficiency in this paper dynamic data operations are supported such as updating, deletion and addition of data
Stochastic model checking for predicting component failures and service availability
When a component fails in a critical communications service, how urgent is a repair? If we repair within 1 hour, 2 hours, or
n hours, how does this affect the likelihood of service failure? Can a formal model support assessing the impact, prioritisation, and
scheduling of repairs in the event of component failures, and forecasting of maintenance costs? These are some of the questions
posed to us by a large organisation and here we report on our experience of developing a stochastic framework based on a discrete
space model and temporal logic to answer them. We define and explore both standard steady-state and transient temporal logic
properties concerning the likelihood of service failure within certain time bounds, forecasting maintenance costs, and we introduce a
new concept of envelopes of behaviour that quantify the effect of the status of lower level components on service availability. The
resulting model is highly parameterised and user interaction for experimentation is supported by a lightweight, web-based interface
Privacy-Preserving Secret Shared Computations using MapReduce
Data outsourcing allows data owners to keep their data at \emph{untrusted}
clouds that do not ensure the privacy of data and/or computations. One useful
framework for fault-tolerant data processing in a distributed fashion is
MapReduce, which was developed for \emph{trusted} private clouds. This paper
presents algorithms for data outsourcing based on Shamir's secret-sharing
scheme and for executing privacy-preserving SQL queries such as count,
selection including range selection, projection, and join while using MapReduce
as an underlying programming model. Our proposed algorithms prevent an
adversary from knowing the database or the query while also preventing
output-size and access-pattern attacks. Interestingly, our algorithms do not
involve the database owner, which only creates and distributes secret-shares
once, in answering any query, and hence, the database owner also cannot learn
the query. Logically and experimentally, we evaluate the efficiency of the
algorithms on the following parameters: (\textit{i}) the number of
communication rounds (between a user and a server), (\textit{ii}) the total
amount of bit flow (between a user and a server), and (\textit{iii}) the
computational load at the user and the server.\BComment: IEEE Transactions on Dependable and Secure Computing, Accepted 01
Aug. 201
Social Fingerprinting: detection of spambot groups through DNA-inspired behavioral modeling
Spambot detection in online social networks is a long-lasting challenge
involving the study and design of detection techniques capable of efficiently
identifying ever-evolving spammers. Recently, a new wave of social spambots has
emerged, with advanced human-like characteristics that allow them to go
undetected even by current state-of-the-art algorithms. In this paper, we show
that efficient spambots detection can be achieved via an in-depth analysis of
their collective behaviors exploiting the digital DNA technique for modeling
the behaviors of social network users. Inspired by its biological counterpart,
in the digital DNA representation the behavioral lifetime of a digital account
is encoded in a sequence of characters. Then, we define a similarity measure
for such digital DNA sequences. We build upon digital DNA and the similarity
between groups of users to characterize both genuine accounts and spambots.
Leveraging such characterization, we design the Social Fingerprinting
technique, which is able to discriminate among spambots and genuine accounts in
both a supervised and an unsupervised fashion. We finally evaluate the
effectiveness of Social Fingerprinting and we compare it with three
state-of-the-art detection algorithms. Among the peculiarities of our approach
is the possibility to apply off-the-shelf DNA analysis techniques to study
online users behaviors and to efficiently rely on a limited number of
lightweight account characteristics
- …