DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

Protection contre les attaques de déni de service par gestion dynamique de délai d'inactivité

Modélisation et protection contre le déni de service -- Modélisation et mesure de performance -- Mécanisme de protection -- Démarche du travail de recherche -- An Exhaustive of Queue Management as a DoS Counter-Measure -- Dynamic timeout strategies -- Mathematical model -- Model validation -- Perfomance evaluation

New Approaches to Software Security Metrics and Measurements

Meaningful metrics and methods for measuring software security would greatly improve the security of software ecosystems. Such means would make security an observable attribute, helping users make informed choices and allowing vendors to ‘charge’ for it—thus, providing strong incentives for more security investment. This dissertation presents three empirical measurement studies introducing new approaches to measuring aspects of software security, focusing on Free/Libre and Open Source Software (FLOSS). First, to revisit the fundamental question of whether software is maturing over time, we study the vulnerability rate of packages in stable releases of the Debian GNU/Linux software distribution. Measuring the vulnerability rate through the lens of Debian stable: (a) provides a natural time frame to test for maturing behavior, (b) reduces noise and bias in the data (only CVEs with a Debian Security Advisory), and (c) provides a best-case assessment of maturity (as the Debian release cycle is rather conservative). Overall, our results do not support the hypothesis that software in Debian is maturing over time, suggesting that vulnerability finding-and-fixing does not scale and more effort should be invested in significantly reducing the introduction rate of vulnerabilities, e.g. via ‘security by design’ approaches like memory-safe programming languages. Second, to gain insights beyond the number of reported vulnerabilities, we study how long vulnerabilities remain in the code of popular FLOSS projects (i.e. their lifetimes). We provide the first, to the best of our knowledge, method for automatically estimating the mean lifetime of a set of vulnerabilities based on information in vulnerability-fixing commits. Using this method, we study the lifetimes of ~6 000 CVEs in 11 popular FLOSS projects. Among a number of findings, we identify two quantities of particular interest for software security metrics: (a) the spread between mean vulnerability lifetime and mean code age at the time of fix, and (b) the rate of change of the aforementioned spread. Third, to gain insights into the important human aspect of the vulnerability finding process, we study the characteristics of vulnerability reporters for 4 popular FLOSS projects. We provide the first, to the best of our knowledge, method to create a large dataset of vulnerability reporters (>2 000 reporters for >4 500 CVEs) by combining information from a number of publicly available online sources. We proceed to analyze the dataset and identify a number of quantities that, suitably combined, can provide indications regarding the health of a project’s vulnerability finding ecosystem. Overall, we showed that measurement studies carefully designed to target crucial aspects of the software security ecosystem can provide valuable insights and indications regarding the ‘quality of security’ of software. However, the road to good security metrics is still long. New approaches covering other important aspects of the process are needed, while the approaches introduced in this dissertation should be further developed and improved

Fundamental Approaches to Software Engineering

This open access book constitutes the proceedings of the 24th International Conference on Fundamental Approaches to Software Engineering, FASE 2021, which took place during March 27–April 1, 2021, and was held as part of the Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg but changed to an online format due to the COVID-19 pandemic. The 16 full papers presented in this volume were carefully reviewed and selected from 52 submissions. The book also contains 4 Test-Comp contributions

On the Ethical Implications of Personal Health Monitoring

Recent years have seen an influx of medical technologies capable of remotely monitoring the health and behaviours of individuals to detect, manage and prevent health problems. Known collectively as personal health monitoring (PHM), these systems are intended to supplement medical care with health monitoring outside traditional care environments such as hospitals, ranging in complexity from mobile devices to complex networks of sensors measuring physiological parameters and behaviours. This research project assesses the potential ethical implications of PHM as an emerging medical technology, amenable to anticipatory action intended to prevent or mitigate problematic ethical issues in the future. PHM fundamentally changes how medical care can be delivered: patients can be monitored and consulted at a distance, eliminating opportunities for face-to-face actions and potentially undermining the importance of social, emotional and psychological aspects of medical care. The norms evident in this movement may clash with existing standards of ‘good’ medical practice from the perspective of patients, clinicians and institutions. By relating utilitarianism, virtue ethics and theories of surveillance to Habermas’ concept of colonisation of the lifeworld, a conceptual framework is created which can explain how PHM may be allowed to change medicine as a practice in an ethically problematic way. The framework relates the inhibition of virtuous behaviour among practitioners of medicine, understood as a moral practice, to the movement in medicine towards remote monitoring. To assess the explanatory power of the conceptual framework and expand its borders, a qualitative interview empirical study with potential users of PHM in England is carried out. Recognising that the inherent uncertainty of the future undermines the validity of empirical research, a novel epistemological framework based in Habermas’ discourse ethics is created to justify the empirical study. By developing Habermas’ concept of translation into a procedure for assessing the credibility of uncertain normative claims about the future, a novel methodology for empirical ethical assessment of emerging technologies is created and tested. Various methods of analysis are employed, including review of academic discourses, empirical and theoretical analyses of the moral potential of PHM. Recommendations are made concerning ethical issues in the deployment and design of PHM systems, analysis and application of PHM data, and the shortcomings of existing research and protection mechanisms in responding to potential ethical implications of the technology.he research described in this thesis was sponsored and funded by the Centre for Computing and Social Responsibility of De Montfort University, and was linked to the research carried out in FP7 research projects PHM-Ethics (GA 230602) and ETICA (Ethical Issues of Emerging ICT Applications, GA 230318)

Proceedings of the 8th International Conference EEMODS'2013 Energy Efficiency in Motor Driven Systems

This book contains the papers presented at the eighth international conference on Energy Efficiency in Motor Driven Systems EEMODS 2013 EEMODS 2013 was organised in Rio de Janeiro, Brasil from 28 to 30 October 2013. This major international conference, which was previously been staged in Lisbon (1996), London (1999), Treviso (2002), Heidelberg (2005), Beijing (2007), Nantes (2009) and Washington DC (2011) has been very successful in attracting an international and distinguished audience, representing a wide variety of stakeholders in policy implementation and development, manufacturing and promotion of energy-efficient motor systems, including key policy makers, equipment manufacturers, academia and end-users. Potential readers who may benefit from this book include researchers, engineers, policymakers, energy agencies, electric utilities, and all those who can influence the design, selection, application, and operation of electrical motor driven systems.JRC.F.7-Renewables and Energy Efficienc

Sustainable energy for a resilient future: proceedings of the 14th International Conference on Sustainable Energy Technologies

Volume I, 898 pages, ISBN 9780853583134 Energy Technologies & Renewables Session 1: Biofuels & Biomass Session 5: Building Energy Systems Session 9: Low-carbon/ Low-energy Technologies Session 13: Biomass Systems Session 16: Solar Energy Session 17: Biomass & Biofuels Session 20: Solar Energy Session 21: Solar Energy Session 22: Solar Energy Session 25: Building Energy Technologies Session 26: Solar Energy Session 29: Low-carbon/ Low-energy Technologies Session 32: Heat Pumps Session 33: Low-carbon/ Low-energy Technologies Session 36: Low-carbon/ Low-energy Technologies Poster Session A Poster Session B Poster Session C Poster Session E Volume II, 644 pages, ISBN 9780853583141 Energy Storage & Conversion Session 2: Heating and Cooling Systems Session 6: Heating and Cooling Systems Session 10: Ventilation and Air Conditioning Session 14: Smart and Responsive Buildings Session 18: Phase Change Materials Session 23: Smart and Responsive Buildings Session 30: Heating and Cooling System Session 34: Carbon Sequestration Poster Session A Poster Session C Poster Session D Policies & Management Session 4: Environmental Issues and the Public Session 8: Energy and Environment Security Session 12: Energy and Environment Policies Poster Session A Poster Session D Volume III, 642 pages, ISBN 9780853583158 Sustainable Cities & Environment Session 3: Sustainable and Resilient Cities Session 7: Energy Demand and Use Optimization Session 11: Energy Efficiency in Buildings Session 15: Green and Sustainable Buildings Session 19: Green Buildings and Materials Session 24: Energy Efficiency in Buildings Session 27: Energy Efficiency in Buildings Session 28: Energy Efficiency in Buildings Session 31: Energy Efficiency in Buildings Session 35: Energy Efficiency in Buildings Poster Session A Poster Session D Poster Session