Service-Oriented Computing (SOC) is a major trend in designing and implementing distributed computer-based applications. Dynamic late biding makes SOC a very promising way to realize pervasive ...computing, which promotes the integration of computerized artifacts into the fabric of our daily lives. However, pervasive computing raises new challenges which SOC has not addressed yet. Pervasive application relies on highly dynamic and heterogeneous entities. They also necessitate an important data collection to compute the context of users and process sensitive data. Such data collection and processing raise well-known concerns about data disclosure and use. They are a brake to the development of widely accepted pervasive applications. SOC already permits to impose constraints on the bindings of services. We propose to add a new range of constraints to allow data privatization, i.e. the restriction of their disclosure. We extend the traditional design and binding phases of a Service-Oriented Architecture with the expression and the enforcement of privatization constraints. We express and enforce these constraints according to a two phases model-driven approach. Our work is validated on real-world services.
Role-based access control is a standard mechanism in information systems. Based on the role a user has, certain information is kept from the user even if requested. For ontologies representing ...knowledge, deciding what can be told to a user without revealing secrets is more difficult as the user might be able to infer secret knowledge using logical reasoning. In this paper, we present two approaches to solving this problem: query rewriting vs. axiom filtering, and show that while both approaches prevent the unveiling of secret knowledge, axiom filtering is more complete in the sense that it does not suppress knowledge the user is allowed to see while this happens frequently in query rewriting. Axiom filtering requires that each axiom carries a label representing its access level. We present methods to find an optimal axiom labeling to enforce query-based access restrictions and report experiments on real world data showing that a significant number of results are retained using the axiom filtering method.
A method of continuous authentication by keyboard handwriting is proposed, where differences in preferences of alternative keys are revealed, and there is a constant comparison of the reference and ...observed empirical distribution functions of the holding intervals of the most common keys. In addition, we calculate the rank correlations between the sequences of these intervals in frequently encountered terms and identify differences in the mean and standard deviations of the intervals. The experimental verification showed the closeness of the relative error frequencies of both types with predetermined theoretical probabilities.
In this research we focus on how to prevent Double Spending Attack (also called 51 % hash rate attack), a particular security issue related to blockchain technology in the current cryptocurrency ...world. We describe the main idea of our proposed Block Access Restriction (BAR) mechanism, which controls the actual block requests and detects malicious behaviors while transactions have been recorded into a specific block, to protect general miner's privileges and provide fairness in the blockchain network environment. We propose an effective way to prevent this to happen (with detailed steps), discuss how to deploy BAR switch into blockchain networks and how the BAR switch can prevent DSA while the hacker bypasses it. We also present general idea of implementing BAR switch, and point out the importance of dealing with security threat at post-quantum computing era.
The paper discusses the security aspects of financial portal information, and proposes a mechanism for creating an information protection module in the information system in financial institutions ...based on artificial neural networks. An information protection system with adaptive features needs to be developed to ensure information security and rapid response. The paper presents an approach that can be used to assess the security level of the information system of financial portals. The security level is defined as the ratio of the risks of a protected system to the risks of a vulnerable system. The methodology is based on a systems risk assessment approach. The risk-based approach is implemented in many areas of information security, as it allows to describe information resources more accurately, based on their characteristic weaknesses, the value, risks and, consequently, the level of criticality for the organization's activities.Based on the approach, the security of the system is determined by the ability to use access control and management tools, as a result of which, the user registered in the system will have access to the information with the necessary restrictions ensuring their unconditional use.
Computer vision mainly focuses on the automatic extraction, analysis, and understanding of useful information from a single image or video. On the other hand, authenticity is emerging as one of the ...primary requirements in today's world by developing a system for computer vision complexity. Generally, two robust techniques such as age estimation and face recognition are required to maintain authenticity. In reality, fraud and scams are getting increased, so here this paper has proposed a new combined model for face recognition and age prediction. Face recognition has been implemented and presented in this paper by using a Deep Neural Network. The authenticity problem can be handled by using either facial recognition or age prediction alone; this study has presented a method that employs both of them together to enhance the system's robustness. So, first, this model detects the person's face, and then it predicts the person's age. If the individual is eligible to view the information or perform a task, their access will be limited; otherwise, their access will be restricted. So it helps to solve two difficulties in this case: the person's identification cannot be faked, and their age is also confirmed by the system. (CNN for the face, and mention technique for the age.)
Freight trucks provide an essential service to industrialized societies by transporting foods, raw materials and finished goods over land, typically to and from manufacturing plants, retail and ...distribution centers. It constitutes a major enabling factor for most economic and social activities taking place in urban areas. Although freight transportation is a major source of good distribution in the city yet most of the big cities don't have adequate techniques to deal with the resulting congestion and traffic management problem. Some cities do not allow freight trucks to enter the city during the day times causing substantial social and economical losses whereas some cities with no limit on freight trucks during day times cause huge congestion on city streets due to lack of proper management approaches. This paper proposes an iterative bidding framework for better traffic management and socioeconomic benefit while dealing with the decentralized urban freight management problem. It has several advantages for freight transport access management in cities that require implementing periodic access limits on certain city highway entrances. The uniqueness of the proposed approach is that it integrates the exploration of freight truck's access deadline flexibility and support city's entrance access limit restriction decisions within an iterative bidding framework, which has the potential to coordinate the behaviors of self-interested parties in decentralized supply chain environments.
There is limited data to guide policy makers as to whether youth tobacco access restriction is an effective strategy. Analysis of the limited data on youth access restriction suggests that (a) ...scalable models for access restriction are lacking, (b) enforcement of access restriction would be cost prohibitive, (c) the leaky commercial supply of cigarettes combined with the capacity of youth to tap into a "social supply" of cigarettes would hamper all but the most rigorously enforced efforts to restrict access to tobacco, and (d) access restriction may paradoxically increase allure of cigarettes for some youth. Although youth tobacco access restriction does not face strong political or industry opposition, the authors' analysis reveals that youth tobacco access restriction is likely to remain a failed strategy to control tobacco use in the United States.
De-Randomizing the Code Segment with Timing Function Attack Zhang, Tianning; Cai, Miao; Zhang, Diming ...
2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Conference Proceeding
Recently, many effective defensive methods (e.g., ASLR, execute-only-memory) have been proposed to defeat the code reuse attack in the software system. These approaches provide strong system ...protection through address randomization or memory access restriction. However, this paper identifies a new weak point in these approaches, i.e., missing time protection. We propose a new attack method called timing function attack, which can initiate a code reuse attack even against the state-of-the-art defense techniques. Previous solutions utilize various techniques to hide the spatial information. However, we still can obtain critical security information through the time channel. Specifically, we leverage the function execution time to conduct a side-channel attack. Further, we de-randomize the code segment layout with the timing-channel attack result. Finally, we perform a code-reuse attack with gadgets gathered in previous steps, compromising the whole system. To validate our timing function attack in the real world, we conduct two attacks on two JavaScript engines, i.e., ChakraCore and Chrome v8. Evaluation results show that our attack can successfully bypass the existing defense techniques, such as function-granularity ASLR and XOM, and escalate the privilege. Besides, we also discuss some solutions to prevent and defend our proposed timing function attack.