Latest Articles from JUCS - Journal of Universal Computer Science Latest 28 Articles from JUCS - Journal of Universal Computer Science https://lib.jucs.org/ Fri, 29 Mar 2024 13:04:44 +0200 Pensoft FeedCreator https://lib.jucs.org/i/logo.jpg Latest Articles from JUCS - Journal of Universal Computer Science https://lib.jucs.org/ A Novel Data-Driven Attack Method on Machine Learning Models https://lib.jucs.org/article/108445/ JUCS - Journal of Universal Computer Science 30(3): 402-417

DOI: 10.3897/jucs.108445

Authors: Emre Sadıkoğlu, İrfan Kösesoy, Murat Gök

Abstract: With the increasing popularity and usage of artificial intelligence systems, it has become crucial to address their vulnerability to cyber-attacks. In this study, we propose a novel gradient descent-based method to generate fake data that can be accepted as positive by a targeted machine learning model. Our method is designed to generate a large number of positive samples with a minimal number of probes to the model, making it difficult to detect by security systems. Additionally, we develop an alternative model to the attacked model using a reverse engineering approach, trained on a dataset composed of the samples generated by our method. We evaluate the success of our proposed method and the alternative model through a series of experiments. We conducted experiments on six distinct datasets, each of which was trained using three separate machine-learning algorithms. This resulted in a total of eighteen unique models that were evaluated and compared in our analysis. In the evaluation of results, the most commonly used metrics in the literature, including effective attack rate (EAR), accuracy, precision, recall, and F1 score, were employed. Focusing particularly on EAR-oriented assessments, our method demonstrates its effectiveness with a notably high EAR of 97% in the combination of the kNN method and the Cancer dataset. According to the results of our experiments, the proposed method demonstrates high effectiveness as a data-driven attack method.

HTML

XML

PDF

]]>
Research Article Thu, 28 Mar 2024 16:00:07 +0200
Visualizing Portable Executable Headers for Ransomware Detection: A Deep Learning-Based Approach https://lib.jucs.org/article/104901/ JUCS - Journal of Universal Computer Science 30(2): 262-286

DOI: 10.3897/jucs.104901

Authors: Tien Quang Dam, Nghia Thinh Nguyen, Trung Viet Le, Tran Duc Le, Sylvestre Uwizeyemungu, Thang Le-Dinh

Abstract: In recent years, the rapid evolution of ransomware has led to the development of numerous techniques designed to evade traditional malware detection methods. To address this issue, a novel approach is proposed in this study, leveraging machine learning to encode critical information from Portable Executable (PE) headers into visual representations of ransomware samples. The proposed method selects highly impactful features for data sample classification and encodes them as images based on predefined color rules. A deep learning model named peIRCECon (PE Header-Image-based Ransomware Classification Ensemble with Concatenating) is also developed by integrating prominent architectures, such as VGG16 and ResNet50, and incorporating the concatenating method to enhance ransomware detection and classification performance. Experimental results using self-collected datasets demonstrate the efficacy of this approach, achieving high accuracy of 99.85% in distinguishing between ransomware and benign samples. This promising approach holds the potential to significantly improve the effectiveness of ransomware detection and classification, thereby contributing to more robust cybersecurity defense systems.

HTML

XML

PDF

]]>
Research Article Wed, 28 Feb 2024 16:00:07 +0200
A new lightweight decentralized mitigation solution against Version Number Attacks for IoT Networks  https://lib.jucs.org/article/85506/ JUCS - Journal of Universal Computer Science 29(2): 118-151

DOI: 10.3897/jucs.85506

Authors: Mehdi Rouissat, Mohammed Belkheir, Hicham Sid Ahmed Belkhira, Sofiane Boukli Hacene, Pascal Lorenz, Merahi Bouziani

Abstract: The present work describes a new technique to mitigate the version number attack (VNA), which is classified as one among the known denial of service (DDoS) damaging attacks targeting RPL-based (Routing Protocol for Low Power and Lossy Networks) IoTs networks. Through a VNA, the malicious behavior induces an increase in the control overhead and affects nodes’ ressources in terms of processing and memory, thereby the network availability is directly targeted. The lightweight proposed algorithm is run by each node where the main purpose is to halt the spread of a faked version number over the network and to recover victim nodes. The proposed solution has been implemented and simulated using Cooja under Contiki OS. Simulation results obviously show that our proposed technique promises significant improvements in various measured metrics while optimizing the node resources in terms of processing and memory usage. Compared to the network under attack, the control overhead has been shortened by 83% and the energy consumption has been reduced by 74%. In addition, the packet delivery ratio (PDR) has been improved to reach (99,6%), and the latency has been restored to attain the same value as in the normal case.

HTML

XML

PDF

]]>
Research Article Tue, 28 Feb 2023 10:00:03 +0200
Disassemble Byte Sequence Using Graph Attention Network https://lib.jucs.org/article/76528/ JUCS - Journal of Universal Computer Science 28(7): 758-775

DOI: 10.3897/jucs.76528

Authors: Jing Qiu, Feng Dong, Guanglu Sun

Abstract: Disassembly is the basis of static analysis of binary code and is used in malicious code detection, vulnerability mining, software optimization, etc. Disassembly of arbitrary suspicious code blocks (e.g., for suspicious traffic packets intercepted by the network) is a difficult task. Traditional disassembly methods require manual specification of the starting address and cannot automate the disassembly of arbitrary code blocks. In this paper, we propose a disassembly method based on code extension selection network by combining traditional linear sweep and recursive traversal methods. First, each byte of a code block is used as the disassembly start address, and all disassembly results (control flow graphs) are combined into a single flow graph. Then a graph attention network is trained to pick the correct subgraph (control flow graph) as the final result. In the experiment, the compiler-generated executable file, as well as the executable file generated by hand-written assembly code, the data file and the byte sequence intercepted by the code segment were tested, and the disassembly accuracy was 93%, which can effectively distinguish the code from the data.

HTML

XML

PDF

]]>
Research Article Thu, 28 Jul 2022 10:00:00 +0300
Big Data between Quality and Security: Dynamic Access Control for Collaborative Platforms https://lib.jucs.org/article/77046/ JUCS - Journal of Universal Computer Science 27(12): 1300-1324

DOI: 10.3897/jucs.77046

Authors: Mohamed Talha, Anas Abou El Kalam

Abstract: Big Data often refers to a set of technologies dedicated to deal with large volumes of data. Data Quality and Data Security are two essential aspects for any Big Data project. While Data Quality Management Systems are about putting in place a set of processes to assess and improve certain characteristics of data such as Accuracy, Consistency, Completeness, Timeliness, etc., Security Systems are designed to protect the Confidentiality, Integrity and Availability of data. In a Big Data environment, data quality processes can be blocked by data security mechanisms. Indeed, data is often collected from external sources that could impose their own security policies. In many research works, it has been recognized that merging and integrating access control policies are real challenges for Big Data projects. To address this issue, we suggest in this paper a framework to secure data collection in collaborative platforms. Our framework extends and combines two existing frameworks namely: PolyOrBAC and SLA- Framework. PolyOrBAC is a framework intended for the protection of collaborative environments. SLA-Framework, for its part, is an implementation of the WS-Agreement Specification, the standard for managing bilaterally negotiable SLAs (Service Level Agreements) in distributed systems; its integration into PolyOrBAC will automate the implementation and application of security rules. The resulting framework will then be incorporated into a data quality assessment system to create a secure and dynamic collaborative activity in the Big Data context.

HTML

XML

PDF

]]>
Research Article Tue, 28 Dec 2021 10:00:00 +0200
Spam Detection Based on Feature Evolution to Deal with Concept Drift https://lib.jucs.org/article/66284/ JUCS - Journal of Universal Computer Science 27(4): 364-386

DOI: 10.3897/jucs.66284

Authors: Marcia Henke, Eulanda Santos, Eduardo Souto, Altair O Santin

Abstract: Electronic messages are still considered the most significant tools in business and personal applications due to their low cost and easy access. However, e-mails have become a major problem owing to the high amount of junk mail, named spam, which fill the e-mail boxes of users. Several approaches have been proposed to detect spam, such as filters implemented in e-mail servers and user-based spam message classification mechanisms. A major problem with these approaches is spam detection in the presence of concept drift, especially as a result of changes in features over time. To overcome this problem, this work proposes a new spam detection system based on analyzing the evolution of features. The proposed method is divided into three steps: 1) spam classification model training; 2) concept drift detection; and 3) knowledge transfer learning. The first step generates classification models, as commonly conducted in machine learning. The second step introduces a new strategy to avoid concept drift: SFS (Similarity-based Features Se- lection) that analyzes the evolution of the features taking into account similarity obtained between the feature vectors extracted from training data and test data. Finally, the third step focuses on the following questions: what, how, and when to transfer acquired knowledge? The proposed method is evaluated using two public datasets. The results of the experiments show that it is possible to infer a threshold to detect changes (drift) in order to ensure that the spam classification model is updated through knowledge transfer. Moreover, our anomaly detection system is able to perform spam classification and concept drift detection as two parallel and independent tasks.

HTML

XML

PDF

]]>
Research Article Wed, 28 Apr 2021 19:30:00 +0300
Evaluating Case Study and Action Research Reports: Real-world Research in Cybersecurity https://lib.jucs.org/article/24089/ JUCS - Journal of Universal Computer Science 26(7): 827-853

DOI: 10.3897/jucs.2020.045

Authors: Simon Vrhovec, Damjan Fujs, Luka Jelovčan, Anže Mihelič

Abstract: There is a growing number of scientific papers reporting on case studies and action research published each year. Consequently, evaluating the quality of pilling up research reports is becoming increasingly challenging. Several approaches for evaluation of quality of the scientific outputs exist however they appear to be fairly time-consuming and/or adapted for other research designs. In this paper, we propose a reasonably light-weight structure-based approach for evaluating case study and action research reports (SAE-CSAR) based on eight key parts of a real-world research report: research question, case description, data collection, data analysis, ethical considerations, results, discussion and limitations. To evaluate the feasibility of the proposed approach, we conducted a systematic literature survey of papers reporting on real-world cybersecurity research. A total of N = 102 research papers were evaluated. Results suggest that SAE-CSAR is useful and relatively efficient, and may offer a thought-provoking insight into the studied field. Although there is a positive trend for the inclusion of data collection, data analysis and research questions in papers, there is still room for improvement suggesting that the field of real-world cybersecurity research did not mature yet. The presence of a discussion in a paper appears to affect most its citation count. However, it seems that it is not uniformly accepted what a discussion should include. This paper explores this and other issues related to paper structure and provides guidance on how to improve the quality of research reports.

HTML

XML

PDF

]]>
Research Article Tue, 28 Jul 2020 00:00:00 +0300
(De-)Constructing Attacker Categorisations: A Typology Iteration for the Case of Digital Banking https://lib.jucs.org/article/24087/ JUCS - Journal of Universal Computer Science 26(7): 783-804

DOI: 10.3897/jucs.2020.043

Authors: Caroline Moeckel

Abstract: In this extended and updated paper, the experimental construction of a new attacker typology grounded in real-life data is proposed, using grounded theory analysis and over 300 publicly available documents containing details of digital banking related cybercrime and involved attackers. Seven attacker profiles forming the typology specific to the case of digital banking are presented. An initial light-touch evaluation approach based on peer review feedback and basic heuristics is suggested. A short excursus on circumplex models is added to address this visualisation tool used across past categorisation efforts.

HTML

XML

PDF

]]>
Research Article Tue, 28 Jul 2020 00:00:00 +0300
Testing the Human Backdoor: Organizational Response to a Phishing Campaign https://lib.jucs.org/article/22672/ JUCS - Journal of Universal Computer Science 25(11): 1458-1477

DOI: 10.3217/jucs-025-11-1458

Authors: Anže Mihelič, Matej Jevšček, Simon Vrhovec, Igor Bernik

Abstract: To exploit the human as the "back door" to compromising well-protected information systems of organizations, phishing-type attacks are becoming increasingly sophisticated. There is however a significant lack of real-world studies of phishing campaigns in industrial settings even though it is a wide-spread way to hack information systems of organizations and many notorious cyberattacks started with some sort of a human exploitation. To fill this void, we conducted a case study in a large Central European manufacturing company Manco (fake company name) and observed the targeted employees' and IT department staff's response to a phishing campaign. Even though the IT department staff reacted very fast (their procedures started fifteen minutes after the first phishing e-mail was sent), results suggest significant data leakage and a high potential for successful malware installation. The observed click rate was 69.4 percent and real personal data submission rate was at least 49.0 percent. The average response time of targets (i.e., time between sending the phishing e-mail and visiting the phishing website) was 20 minutes, from 25 seconds to 203 minutes. The results suggest that a phishing campaign can be successful even if the targeted organization's response time is very short. Also, the phishing campaign may not be effective only due to the susceptibility of targets but also due to the investigative techniques of the first responders.

HTML

XML

PDF

]]>
Research Article Thu, 28 Nov 2019 00:00:00 +0200
Trust Based Cluster Head Election of Secure Message Transmission in MANET Using Multi Secure Protocol with TDES https://lib.jucs.org/article/22655/ JUCS - Journal of Universal Computer Science 25(10): 1221-1239

DOI: 10.3217/jucs-025-10-1221

Authors: K. Shankar, Mohamed Elhoseny

Abstract: In wireless communication, Mobile Ad Hoc Network (MANET) consists of a number of mobile nodes which are communicated with each other without any base station. One of the security attacks in MANETs is Packet forwarding misbehaviour attack; this makes MANETs weak by showing message loss behavior. For securing message transmission in MANET, the work proposes Energy Efficient Clustering Protocol (EECP) with Radial Basis Function (RBF) based CH is elected for formed Clusters. Moreover, here some Network measures are considered to detect the malicious nodes and CH model that is speed, mobility, trust and so on. The trust value of the node is computed from the neighbor node which helps in further location to find a malicious node in the network to avail message drop and energy consumption (EC). After detecting malicious nodes, Multi secure Protocols that is Secure Efficient Distance Vector Routing (SEDV) and Secure Link State Routing Protocol (SLSP) with encryption technique used for message security. If the" HELLO" message sending by the sender, its encrypted and decrypted triples in receiver end to get the plain message, this technique is Triple Data Encryption Standard (TDES). Finally, the implementation results are evaluated to analyze the message security level of the proposed system in MANET in terms, of Packet to Delivery Ratio (PDR, Network Life Time (NLT) and some other important Measures.

HTML

XML

PDF

]]>
Research Article Mon, 28 Oct 2019 00:00:00 +0200
A Context-based Defense Model for Assessing Cyber Systems' Ability To Defend Against Known And Unknown Attack Scenarios https://lib.jucs.org/article/22646/ JUCS - Journal of Universal Computer Science 25(9): 1066-1088

DOI: 10.3217/jucs-025-09-1066

Authors: Yosra Lakhdhar, Slim Rekhis, Noureddine Boudriga

Abstract: Presently, attackers succeed to damage different cyber systems no matter whether cyber security solutions are implemented or not. This fact can be explained by the information insufficiency regarding the attack environment and the deployed solutions, in addition to the predominant use of pre-built cyber attack databases, making the supervised system incapable of defending itself against zero-day attacks. We present in this paper an enhanced cyber defense model to assess the effectiveness of the deployed security solutions to defend against potential generated attack scenarios under various contexts (the configuration of distributed security solutions, named observer agents, the type and location of reaction systems, and the type of data visible by the deployed solutions). Furthermore, we propose a model ensuring the generation of known and unknown attack scenarios starting from the formal description of system variables and their interactions. In addition, we develop the concept of observable executable scenario that ensures the step by step observation of attack scenarios execution, the assessment of observer agents' reactions, and the detection of attack occurrence in a distributed system. The results of the conducted simulations using real case studies are presented to exemplify the proposal.

HTML

XML

PDF

]]>
Research Article Sat, 28 Sep 2019 00:00:00 +0300
An Identity-Based Signcryption on Lattice without Trapdoor https://lib.jucs.org/article/22598/ JUCS - Journal of Universal Computer Science 25(3): 282-293

DOI: 10.3217/jucs-025-03-0282

Authors: Xianmin Wang, Yu Zhang, Brij Gupta, Hongfei Zhu, Dongxi Liu

Abstract: Identity-based signcryption schemes based on large integer factorization and discrete logarithm problems were considered to be insecure for the quantum computer attack. Thus, choosing a quantum-resist platform and constructing secure schemes based on new hard assumptions are challenges. In this paper, we propose an alternative scheme - an identity-based signcryption on lattice, which does not need to rely on a trapdoor. Meanwhile, our scheme achieves IND-CCA2 and sUF-CMA security, and it is also secure against the current quantum algorithm attacks based on LWE problem for lattice. Furthermore, we demonstrate that the newly proposed scheme has much shorter secret key size, and higher speeds in signcryption and unsigncryption stages, compared with some exiting identity-based signcryption schemes.

HTML

XML

PDF

]]>
Research Article Thu, 28 Mar 2019 00:00:00 +0200
Balanced Efficient Lifelong Learning (B-ELLA) for Cyber Attack Detection https://lib.jucs.org/article/22573/ JUCS - Journal of Universal Computer Science 25(1): 2-15

DOI: 10.3217/jucs-025-01-0002

Authors: Rafał Kozik, Michał Choraś, Jörg Keller

Abstract: This paper outlines and proposes a new approach to cyber attack detection on the basis of the practical application of the efficient lifelong learning cybersecurity system. One of the main difficulties in machine learning is to build intelligent systems that are capable of learning sequential tasks and then to transfer knowledge from a previously learnt foundation to learn new tasks. Such capability is termed as Lifelong Machine Learning (LML) or as Lifelong Learning Intelligent Systems (LLIS). This kind of solution would promptly address the current problems in the cybersecurity domain, where each new cyber attack can be considered as a new task. Our approach is an extension of the Efficient Lifelong Learning (ELLA) framework. Hereby, we propose the new B-ELLA (Balanced ELLA) framework to detect cyber attacks and to counter the problem of network data imbalance. Our proposition is evaluated on a malware benchmark dataset and we achieve promising results.

HTML

XML

PDF

]]>
Research Article Mon, 28 Jan 2019 00:00:00 +0200
Verifying Secure Authentication Protocol for Communication between IoT-based Medical Devices https://lib.jucs.org/article/23532/ JUCS - Journal of Universal Computer Science 24(9): 1258-1270

DOI: 10.3217/jucs-024-09-1258

Authors: Nipon Theera-Umpon, Kun-Hee Han, Woo-Sik Bae, Sanghyuk Lee, Van Pham

Abstract: The evolving Internet of Things (IoT) technology has driven the advancement of communication technology for implantable devices and relevant services. Still, concerns are raised over implantable medical devices (IMDs), because the wireless transmission section between patients and devices is liable to intrusions on privacy attributable to hacking attacks and resultant leakage of patients' personal information. Also, manipulating and altering patients' medical information may lead to serious leakage of personal information and thus adverse medical incidents. To address the foregoing challenges, the present paper proposes a security protocol that copes with a range of vulnerabilities in communication between IMDs and other devices. In addition, the proposed protocol encrypts the communication process and data to eliminate the likelihood of personal information being leaked. The verification highlights the safety and security of the proposed protocol in wireless communication.

HTML

XML

PDF

]]>
Research Article Fri, 28 Sep 2018 00:00:00 +0300
Identifying Encryption Algorithms in ECB and CBC Modes Using Computational Intelligence https://lib.jucs.org/article/22921/ JUCS - Journal of Universal Computer Science 24(1): 25-42

DOI: 10.3217/jucs-024-01-0025

Authors: Flavio De Mello, José A. M. Xexéo

Abstract: This paper analyzes the use of machine learning techniques for the identification of encryption algorithms, from ciphertexts only. The experiment involved corpora of plain texts in seven different languages; seven encryption algorithms, each one in ECB and CBC modes; and six data mining algorithms for classification. The plain text files were encrypted with each cryptographic algorithm under both cipher modes. After that, the ciphertexts were processed to produce metadata, which were then used by the classification algorithms. The overall experiment involved not only a high quantity of ciphertexts, but also time consuming procedures for metadata creation as well as for identification. Therefore, a high performance computer and customized memory management were employed. As expected, the results for ECB mode encryption algorithm identification were significantly high, and also reached full recognition. On the other hand, algorithm identification under CBC is supposed to be marginal, but successful identification was up to six times higher than the probabilistic bid.

HTML

XML

PDF

]]>
Research Article Sun, 28 Jan 2018 00:00:00 +0200
On the Analysis and Detection of Mobile Botnet Applications https://lib.jucs.org/article/23128/ JUCS - Journal of Universal Computer Science 22(4): 567-588

DOI: 10.3217/jucs-022-04-0567

Authors: Ahmad Karim, Muhammad Khan, Aisha Siddiqa, Kim-Kwang Choo

Abstract: Mobile botnet phenomenon is gaining popularity among malware writers in order to exploit vulnerabilities in smartphones. In particular, mobile botnets enable illegal access to a victim's smartphone, can compromise critical user data and launch a DDoS attack through Command and Control (C&C). In this article, we propose a static analysis approach, DeDroid, to investigate botnet-specific properties that can be used to detect mobile applications with botnet intensions. Initially, we identify critical features by observing code behavior of the few known malware binaries having C&C features. Then, we compare the identified features with the malicious and benign applications of Drebin dataset. The results show against the comparative analysis that, Drebin dataset has 35% malicious applications which qualify as botnets. Upon closer examination, 90% of the potential botnets are confirmed as botnets. Similarly, for comparative analysis against benign applications having C&C features, DeDroid has achieved adequate detection accuracy. In addition, DeDroid has achieved high accuracy with negligible false positive rate while making decision for state-of-the-art malicious applications.

HTML

XML

PDF

]]>
Research Article Fri, 1 Apr 2016 00:00:00 +0300
An Anonymization Algorithm for (α, β, γ, δ)-Social Network Privacy Considering Data Utility https://lib.jucs.org/article/22962/ JUCS - Journal of Universal Computer Science 21(2): 268-305

DOI: 10.3217/jucs-021-02-0268

Authors: Mehri Rajaei, Mostafa Haghjoo, Eynollah Miyaneh

Abstract: A well-known privacy-preserving network data publication problem focuses on how to publish social network data while protecting privacy and permitting useful analysis. Designing algorithms that safely transform network data is an active area of research. The process of applying these transformations is called anonymization operation. The authors recently proposed the (?,?,?,?)-SNP (Social Network Privacy) model and its an anonymization technique. The present paper introduces a novel anonymization algorithm for the (?,?,?,?)-SNP model. The desirability metric between two individuals of social network is defined to show the desirability of locating them in one group keeping in mind privacy and data utility considerations. Next, individuals are grouped using a greedy algorithm based on the values of this metric. This algorithm tries to generate small-sized groups by maximizing the sum of desirability values between members of each group. The proposed algorithm was tested using two real datasets and one synthetic dataset. Experimental results show satisfactory data utility for topological, spectrum and aggregate queries on anonymized data. The results of the proposed algorithm were compared in the topological properties with results of two recently proposed anonymization schemes: Subgraph-wise Perturbation (SP) and Neighborhood Randomization (NR). The results show that the proposed method is better than or similar to SP and NR for preservation of all structural and spectrum properties, except for the clustering coefficient.

HTML

XML

PDF

]]>
Research Article Sun, 1 Feb 2015 00:00:00 +0200
Some Aspects of the Reliability of Information on the Web https://lib.jucs.org/article/23488/ JUCS - Journal of Universal Computer Science 20(9): 1284-1303

DOI: 10.3217/jucs-020-09-1284

Authors: Narayanan Kulathuramaiyer, Hermann Maurer, Rizwan Mehmood

Abstract: When we look up information in the WWW we hope to find information that is correct, fitting in quantity for our purposes and written at a level that we can understand. Unfortunately, very often one of the above criteria will not be met. A young person looking for information on some aspect of physics may well be frustrated when finding a complex formula whose understanding requires higher mathematics. In other cases, information may be much too voluminous or too short. This seems to indicate that what we need is presentation of material at various levels of detail and complexity. But most important of all, and this is what we are going to discuss in this paper is: how do we know that what we read is actually true? We will analyse this problem in the introductory section. We will show that it is impossible to expect "too much". We will argue that some improvements can be made, particularly if the domain is restricted. We will then examine certain types of geographical information. Detailed research shows that some quantitative measurements like the area of a country or the highest mountains of a country, even if different sources disagree, can be verified by explaining why the discrepancies occur and by trusting numbers if they are identical in very different databases.

HTML

XML

PDF

]]>
Research Article Mon, 1 Sep 2014 00:00:00 +0300
Showing the Benefits of Applying a Model Driven Architecture for Developing Secure OLAP Applications https://lib.jucs.org/article/22941/ JUCS - Journal of Universal Computer Science 20(2): 79-106

DOI: 10.3217/jucs-020-02-0079

Authors: Carlos Blanco, Ignacio De Guzmán, Eduardo Fernández-Medina, Juan Trujillo

Abstract: Data Warehouses (DW) manage enterprise information that is queried for decision making purposes by using On-Line Analytical Processing (OLAP) tools. The establishment of security constraints in all development stages and operations of the DW is highly important since otherwise, unauthorized users may discover vital business information. The final users of OLAP tools access and analyze the information from the corporate DW by using specific views or cubes based on the multidimensional modelling containing the facts and dimensions (with the corresponding classification hierarchies) that a decision maker or group of decision makers are interested in. Thus, it is important that security constraints will be also established over this metadata layer that connects the DW's repository with the decision makers, that is, directly over the multidimensional structures that final users manage. In doing so, we will not have to define specific security constraints for every particular user, thereby reducing the developing time and costs for secure OLAP applications. In order to achieve this goal, a model driven architecture to automatically develop secure OLAP applications from models has been defined. This paper shows the benefits of this architecture by applying it to a case study in which an OLAP application for an airport DW is automatically developed from models. The architecture is composed of: (1) the secure conceptual modelling by using a UML profile; (2) the secure logical modelling for OLAP applications by using an extension of CWM; (3) the secure implementation into a specific OLAP tool, SQL Server Analysis Services (SSAS); and (4) the transformations needed to automatically generate logical models from conceptual models and the final secure implementation.

HTML

XML

PDF

]]>
Research Article Sat, 1 Feb 2014 00:00:00 +0200
Engineering Security into Distributed Systems: A Survey of Methodologies https://lib.jucs.org/article/23985/ JUCS - Journal of Universal Computer Science 18(20): 2920-3006

DOI: 10.3217/jucs-018-20-2920

Authors: Anton Uzunov, Eduardo Fernandez, Katrina Falkner

Abstract: Rapid technological advances in recent years have precipitated a general shift towards software distribution as a central computing paradigm. This has been accompanied by a corresponding increase in the dangers of security breaches, often causing security attributes to become an inhibiting factor for use and adoption. Despite the acknowledged importance of security, especially in the context of open and collaborative environments, there is a growing gap in the survey literature relating to systematic approaches (methodologies) for engineering secure distributed systems. In this paper, we attempt to fill the aforementioned gap by surveying and critically analyzing the state-of-the-art in security methodologies based on some form of abstract modeling (i.e. model-based methodologies) for, or applicable to, distributed systems. Our detailed reviews can be seen as a step towards increasing awareness and appreciation of a range of methodologies, allowing researchers and industry stakeholders to gain a comprehensive view of the field and make informed decisions. Following the comprehensive survey we propose a number of criteria reflecting the characteristics security methodologies should possess to be adopted in real-life industry scenarios, and evaluate each methodology accordingly. Our results highlight a number of areas for improvement, help to qualify adoption risks, and indicate future research directions.

HTML

XML

PDF

]]>
Research Article Sat, 1 Dec 2012 00:00:00 +0200
HC+: Towards a Framework for Improving Processes in Health Organizations by Means of Security and Data Quality Management https://lib.jucs.org/article/23719/ JUCS - Journal of Universal Computer Science 18(12): 1703-1720

DOI: 10.3217/jucs-018-12-1703

Authors: Ismael Caballero, Luis Sánchez, Alberto Freitas, Eduardo Fernández-Medina

Abstract: There is currently a need to optimize the levels of perceived quality in most public services. Some of the most critical services are those related to Health, since health and welfare are fundamental to the population as a whole. Both public and private Health organizations are therefore interested in quantifying how good their services are, and to what extent the population is satisfied with their usage. These services can be classified into two main groups: health management and clinical. The performance of both kinds of processes is being assessed through the development of certain indicators. However, as these processes are intended to be supported by Health Management Information Systems (HMIS), some legal and technical concerns must be addressed when an HMIS is developed. These HMIS commonly manage personal data which is highly sensitive, and some mechanisms to ensure both security and data quality should therefore be also implemented. But the assurance of security and data quality goes beyond the HMIS, to the overall processes. This paper introduces a framework, HC+, whose objective is to assess and improve the level of perceived quality for services by paying special attention to the way in which the processes manage the levels of security and data quality. This will be achieved by studying the dependence of indicators that are able to describe the levels of perceived quality from the levels of security and data quality. HC+ is composed of three main components: a common Information Model with which to better represent the elements of the processes involved in the study, a set of selected Indicators to measure the levels of quality, and a Methodology to assess and improve the processes so that they can obtain better values for the chosen indicators. In addition, all the changes and decisions made should be consistent with the Quality Management System (e.g. ISO 9000) of the Organization.

HTML

XML

PDF

]]>
Research Article Thu, 28 Jun 2012 00:00:00 +0300
Cost-Sensitive Spam Detection Using Parameters Optimization and Feature Selection https://lib.jucs.org/article/29947/ JUCS - Journal of Universal Computer Science 17(6): 944-960

DOI: 10.3217/jucs-017-06-0944

Authors: Sang Lee, Dong Kim, Jong Park

Abstract: E-mail spam is no more garbage but risk since it recently includes virus attachments and spyware agents which make the recipients' system ruined, therefore, there is an emerging need for spam detection. Many spam detection techniques based on machine learning techniques have been proposed. As the amount of spam has been increased tremendously using bulk mailing tools, spam detection techniques should counteract with it. To cope with this, parameters optimization and feature selection have been used to reduce processing overheads while guaranteeing high detection rates. However, previous approaches have not taken into account feature variable importance and optimal number of features. Moreover, to the best of our knowledge, there is no approach which uses both parameters optimization and feature selection together for spam detection. In this paper, we propose a spam detection model enabling both parameters optimization and optimal feature selection; we optimize two parameters of detection models using Random Forests (RF) so as to maximize the detection rates. We provide the variable importance of each feature so that it is easy to eliminate the irrelevant features. Furthermore, we decide an optimal number of selected features using two methods; (i) only one parameters optimization during overall feature selection and (ii) parameters optimization in every feature elimination phase. Finally, we evaluate our spam detection model with cost-sensitive measures to avoid misclassification of legitimate messages, since the cost of classifying a legitimate message as a spam far outweighs the cost of classifying a spam as a legitimate message. We perform experiments on Spambase dataset and show the feasibility of our approaches.

HTML

XML

PDF

]]>
Research Article Mon, 28 Mar 2011 00:00:00 +0300
Developing a Secure Mobile Grid System through a UML Extension https://lib.jucs.org/article/29776/ JUCS - Journal of Universal Computer Science 16(17): 2333-2352

DOI: 10.3217/jucs-016-17-2333

Authors: David G. Rosado, Eduardo Fernández-Medina, Javier López, Mario Piattini

Abstract: The idea of developing software through systematic development processes to improve software quality is not new. Nevertheless, there are still many information systems such as those of Grid Computing which are not developed through methodologies that are adapted to their most differentiating features. A systematic development process for Grid systems that supports the participation of mobile nodes and incorporates security aspects into the entire software lifecycle will thus play a significant role in the development of systems based on Grid computing. We are creating a development process for the construction of information systems based on Grid Computing, which is highly dependent on mobile devices, in which security plays a highly important role. One of the activities in this process is that of analysis which is focused on ensuring that the system's security and functional requirements are elicited, specified and modelled. In our approach, this activity is driven by use cases and supported by the reusable repository. This obtains, builds, defines and refines the use cases of the secure Mobile Grid systems which represent the functional and non-functional requirements of this kind of systems. In this paper, we present the proposed development process through which we introduce the main aspects of the UML profile defined for building use case diagrams in the mobile Grid context through which it is possible to represent specific mobile Grid features and security aspects, showing in detail how to build use case diagrams for a real mobile Grid application by using our UML profile, denominated as GridUCSec-Profile.

HTML

XML

PDF

]]>
Research Article Wed, 1 Sep 2010 00:00:00 +0300
Performance Optimizations for DAA Signatures on Java enabled Platforms https://lib.jucs.org/article/29612/ JUCS - Journal of Universal Computer Science 16(4): 519-530

DOI: 10.3217/jucs-016-04-0519

Authors: Kurt Dietrich, Franz Röck

Abstract: With the spreading of embedded and mobile devices, public-key cryptography hasbecome an important feature for securing communication and protecting personal data. However, the computational requirements of public-key cryptosystems are often beyond the constraints em-bedded processors are bound to. This is especially true for cryptosystems that make heavy use of modular exponentiation like the Direct Anonymous Attestation scheme. The most popular al-gorithm for modular exponentiation is the Montgomery exponentiation based on sliding window technology. This technology offers several configuration options in order to get the best trade-offbetween the amount of precomputations and multiplications that are required for different exponentiation operands. Consequently, the optimum configuration and best parameters for receivingthe highest performance gain are of interest. In this paper, we analyse different approaches for improving the performance of modular exponentiations with respect to the DAA scheme on Javaenabled platforms. In particular, we analyse the optimal parameter setting for the Montgomery exponentiation and investigate how natively executed modular multiplications and modular re-ductions, with respect to a minimum of native code involved, can be integrated to improve the performance of mobile Java applications. Our experimental results show that the optimal setupof the Montgomery algorithm for a single modular exponentiation differs from the optimal setup used for the combination of all operations and operands used in the Direct Anonymous Attesta-tion scheme. We also show that it is possible to get an immense performance gain by executing small parts of critical arithmetic operations natively on the platform thereby, not reducing theflexibility of mobile Java code.

HTML

XML

PDF

]]>
Research Article Sun, 28 Feb 2010 00:00:00 +0200
On Reliable Platform Configuration Change Reporting Mechanisms for Trusted Computing Enabled Platforms https://lib.jucs.org/article/29611/ JUCS - Journal of Universal Computer Science 16(4): 507-518

DOI: 10.3217/jucs-016-04-0507

Authors: Kurt Dietrich

Abstract: One of the most important use-cases of Trusted Computing is Remote Attestation. Itallows platforms to get a trustworthy proof of the loaded software and current configuration of certain remote platforms, thereby enabling them to make decisions about the remote platforms'trust status. Common concepts like Internet Protocol security or Transport Layer Security make these decisions based on shared secrets or certificates issued by third parties. Unlike remote at-testation, these concepts do not take the current configuration or currently loaded software of the platforms into account. Consequently, combining remote attestation and existing secure channelconcepts can solve the long lasting problem of secure channels that have to rely on insecure channel endpoints. Although this gap can now be closed by Trusted Computing, one important prob-lem remains unsolved: A platform's configuration changes everytime new software is loaded. Consequently, a reliable and in-time method to provide a proof for this configuration change -especially on multiprocess machines - is required to signal the platforms involved in the communication that a configuration change of the respectively other platform has taken place. Ourresearch results show that a simple reporting mechanism can be integrated into current Trusted Platform Modules and Transport Layer Security implementations with a few additional TrustedPlatform Modules commands and a few extensions to the TLS protocol.

HTML

XML

PDF

]]>
Research Article Sun, 28 Feb 2010 00:00:00 +0200
Managing Security and its Maturity in Small and Medium-sized Enterprises https://lib.jucs.org/article/29535/ JUCS - Journal of Universal Computer Science 15(15): 3038-3058

DOI: 10.3217/jucs-015-15-3038

Authors: Luis Sánchez, Antonio Parra, David G. Rosado, Mario Piattini

Abstract: Due to the growing dependence of information society on Information and Communication Technologies, the need to protect information is getting more and more important for enterprises. In this context, Information Security Management Systems (ISMSs), have arisen for supporting the processes and systems for effectively managing information security. The fact of having these systems available has become more and more vital for the evolution of Small and Medium-Sized Enterprises (SMEs), but however, this type of enterprises have special characteristics which make it difficult for them the correct deployment of ISMSs. In this article, we show the methodology that we have created for the development, implementation and maintenance of ISMSs, adapted for the needs and resources available for SMEs. This approach is being directly applied to real case studies and thus, we are obtaining a constant improvement in its application.

HTML

XML

PDF

]]>
Research Article Tue, 1 Sep 2009 00:00:00 +0300
Security Analysis of the Full-Round CHESS-64 Cipher Suitable for Pervasive Computing Environments https://lib.jucs.org/article/29360/ JUCS - Journal of Universal Computer Science 15(5): 1007-1022

DOI: 10.3217/jucs-015-05-1007

Authors: Changhoon Lee, Jongsung Kim, Seokhie Hong, Yang-Sun Lee

Abstract: Wireless networks, telecommunications, and information technologies connected de-vices in pervasive computing environments require a high speed encryption for providing a high security and a privacy. The CHESS-64 based on various controlled operations is designed forsuch applications. In this paper, however, we show that CHESS-64 doesn't have a high security level, more precisely, we present two related-key differential attacks on CHESS-64. The first at-tack requires about 244 data and 244 time complexities (recovering 20 bits of the master key)while the second attack needs about 239 data and 239 time complexities (recovering 6 bits of themaster key). These works are the first known cryptanalytic results on CHESS-64 so far.

HTML

XML

PDF

]]>
Research Article Sun, 1 Mar 2009 00:00:00 +0200
DS RBAC - Dynamic Sessions in Role Based Access Control https://lib.jucs.org/article/29323/ JUCS - Journal of Universal Computer Science 15(3): 538-554

DOI: 10.3217/jucs-015-03-0538

Authors: Joerg Muehlbacher, Christian Praher

Abstract: Besides the well established access control models, Discretionary Access Control (DAC) and Mandatory Access Control (MAC), the policy neutral Role Based Access Control (RBAC) is gaining increasingly momentum. An important step towards a wide acceptance of RBAC has been achieved by the standardization of RBAC through the American National Standards Institute (ANSI) in 2004. While the concept of sessions specified in the ANSI RBAC standard allows for differentiated role selections according to tasks that have to be performed by users, it is very likely that more roles will be activated in a session than are effectively needed to perform the intended activity. Dynamic Sessions in RBAC (DS RBAC) is an extension to the existing RBAC ANSI standard that dynamically deactivates roles in a session if they are not exercised for a certain period of time. This allows for the selection of an outer-shell of possibly needed permissions at the initation of a session through a user, while adhering to the principle of least privilege by automatically reducing the effective permission space to those roles really exercised in the session. Analogous to the working set model known from virtual memory, only the minimal roles containing permissions recently exercised by the user are left in a session in the DS RBAC model. If the user tries to access a role that has aged out due to inactivity, a role fault occurs. A role fault can be resolved by the role fault handler that is responsible for re-activating the expired role. As will be presented in this paper, role re-activation may be subject to constraints that have to be fulfilled by the user in order to re-access the aged role.

HTML

XML

PDF

]]>
Research Article Sun, 1 Feb 2009 00:00:00 +0200