24,638 research outputs found
Security Assessment and Hardening of Fog Computing Systems
In recent years, there has been a shift in computing architectures, moving
away from centralized cloud computing towards decentralized edge and fog
computing. This shift is driven by factors such as the increasing volume of
data generated at the edge, the growing demand for real-time processing and
low-latency applications, and the need for improved privacy and data locality.
Although this new paradigm offers numerous advantages, it also introduces
significant security and reliability challenges. This paper aims to review the
architectures and technologies employed in fog computing and identify
opportunities for developing novel security assessment and security hardening
techniques. These techniques include secure configuration and debloating to
enhance the security of middleware, testing techniques to assess secure
communication mechanisms, and automated rehosting to speed up the security
testing of embedded firmware.Comment: 4 pages, Accepted for publication at The 34th IEEE International
Symposium on Software Reliability Engineering Workshops (ISSREW
Eclipsing Ethereum Peers with False Friends
Ethereum is a decentralized Blockchain system that supports the execution of
Turing-complete smart contracts. Although the security of the Ethereum
ecosystem has been studied in the past, the network layer has been mostly
neglected. We show that Go Ethereum (Geth), the most widely used Ethereum
implementation, is vulnerable to eclipse attacks, effectively circumventing
recently introduced (Geth v1.8.0) security enhancements. We responsibly
disclosed the vulnerability to core Ethereum developers; the corresponding
countermeasures to our attack where incorporated into the v1.9.0 release of
Geth. Our false friends attack exploits the Kademlia-inspired peer discovery
logic used by Geth and enables a low-resource eclipsing of long-running, remote
victim nodes. An adversary only needs two hosts in distinct /24 subnets to
launch the eclipse, which can then be leveraged to filter the victim's view of
the Blockchain. We discuss fundamental properties of Geth's node discovery
logic that enable the false friends attack, as well as proposed and implemented
countermeasures.Comment: Extended version of the original publication in: 2019 IEEE European
Symposium on Security and Privacy Workshops (EuroS&PW
A systematic literature review of cloud computing in eHealth
Cloud computing in eHealth is an emerging area for only few years. There
needs to identify the state of the art and pinpoint challenges and possible
directions for researchers and applications developers. Based on this need, we
have conducted a systematic review of cloud computing in eHealth. We searched
ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as
well as relevant open-access journals for relevant articles. A total of 237
studies were first searched, of which 44 papers met the Include Criteria. The
studies identified three types of studied areas about cloud computing in
eHealth, namely (1) cloud-based eHealth framework design (n=13); (2)
applications of cloud computing (n=17); and (3) security or privacy control
mechanisms of healthcare data in the cloud (n=14). Most of the studies in the
review were about designs and concept-proof. Only very few studies have
evaluated their research in the real world, which may indicate that the
application of cloud computing in eHealth is still very immature. However, our
presented review could pinpoint that a hybrid cloud platform with mixed access
control and security protection mechanisms will be a main research area for
developing citizen centred home-based healthcare applications
- …