170 research outputs found
Evaluation of Anonymized ONS Queries
Electronic Product Code (EPC) is the basis of a pervasive infrastructure for
the automatic identification of objects on supply chain applications (e.g.,
pharmaceutical or military applications). This infrastructure relies on the use
of the (1) Radio Frequency Identification (RFID) technology to tag objects in
motion and (2) distributed services providing information about objects via the
Internet. A lookup service, called the Object Name Service (ONS) and based on
the use of the Domain Name System (DNS), can be publicly accessed by EPC
applications looking for information associated with tagged objects. Privacy
issues may affect corporate infrastructures based on EPC technologies if their
lookup service is not properly protected. A possible solution to mitigate these
issues is the use of online anonymity. We present an evaluation experiment that
compares the of use of Tor (The second generation Onion Router) on a global
ONS/DNS setup, with respect to benefits, limitations, and latency.Comment: 14 page
A Quantum Algorithm for Shapley Value Estimation
The introduction of the European Union's (EU) set of comprehensive
regulations relating to technology, the General Data Protection Regulation,
grants EU citizens the right to explanations for automated decisions that have
significant effects on their life. This poses a substantial challenge, as many
of today's state-of-the-art algorithms are generally unexplainable black boxes.
Simultaneously, we have seen an emergence of the fields of quantum computation
and quantum AI. Due to the fickle nature of quantum information, the problem of
explainability is amplified, as measuring a quantum system destroys the
information. As a result, there is a need for post-hoc explanations for quantum
AI algorithms. In the classical context, the cooperative game theory concept of
the Shapley value has been adapted for post-hoc explanations. However, this
approach does not translate to use in quantum computing trivially and can be
exponentially difficult to implement if not handled with care. We propose a
novel algorithm which reduces the problem of accurately estimating the Shapley
values of a quantum algorithm into a far simpler problem of estimating the true
average of a binomial distribution in polynomial time.Comment: 29 pages, 8 figures, 21 references, baseline (preprint) QCE 2023
(IEEE International Conference on Quantum Computing and Engineering)
Technical Paper (Quantum Algorithms for Shapley Value Calculation
Aggregating and Deploying Network Access Control Policies
The existence of errors or inconsistencies in the configuration of security
components, such as filtering routers and/or firewalls, may lead to weak access
control policies -- potentially easy to be evaded by unauthorized parties. We
present in this paper a proposal to create, manage, and deploy consistent
policies in those components in an efficient way. To do so, we combine two main
approaches. The first approach is the use of an aggregation mechanism that
yields consistent configurations or signals inconsistencies. Through this
mechanism we can fold existing policies of a given system and create a
consistent and global set of access control rules -- easy to maintain and
manage by using a single syntax. The second approach is the use of a refinement
mechanism that guarantees the proper deployment of such a global set of rules
into the system, yet free of inconsistencies.Comment: 9 page
Misconfiguration Management of Network Security Components
Many companies and organizations use firewalls to control the access to their
network infrastructure. Firewalls are network security components which provide
means to filter traffic within corporate networks, as well as to police
incoming and outcoming interaction with the Internet. For this purpose, it is
necessary to configure firewalls with a set of filtering rules. Nevertheless,
the existence of errors in a set of filtering rules is very likely to degrade
the network security policy. The discovering and removal of these configuration
errors is a serious and complex problem to solve. In this paper, we present a
set of algorithms for such a management. Our approach is based on the analysis
of relationships between the set of filtering rules. Then, a subsequent
rewriting of rules will derive from an initial firewall setup -- potentially
misconfigured -- to an equivalent one completely free of errors. At the same
time, the algorithms will detect useless rules in the initial firewall
configuration.Comment: 9 pages, 4 figures, 10 references, 7th International Symposium on
System and Information Security (SSI), Sao Paulo, Brazi
Simulaciones software para el estudio de amenazas contra sistemas SCADA
El objetivo de las tecnologĂas SCADA (acrĂłnimo de Supervisory Control And Data Acquisition), es proporcionar control remoto para la supervisiĂłn de infraestructuras crĂticas. Ataques contra tales sistemas suponen un riesgo importante. Nuestro interĂ©s en la temática es poder investigar mejoras en la seguridad de los sistemas SCADA, usando abstracciones a nivel de software, herramientas de simulaciĂłn, dispositivos fĂsicos y trazas de datos a partir de sistemas reales. Este artĂculo presenta, de manera general, algunas construcciones básicas de lo que son las tecnologĂas SCADA y sus componentes. Introduce, tambiĂ©n, caracterĂsticas generales de algunos simuladores open source disponibles. Por Ăşltimo, detalla limitaciones y mejoras potenciales, orientadas a completar el estudio de tĂ©cnicas de detecciĂłn de anomalĂas a nivel de señales fĂsicas entre los componentes de sistemas SCADA
- …