Abstract: InnoDB is a powerful open-source storage engine for MySQL that gained much popularity during the recent years. This paper proposes methods for forensic analysis of InnoDB databases by analyzing the redo logs, primarily used for crash recovery within the storage engine. This new method can be very useful in forensic investigations where the attacker got admin privileges, or was the admin himself. While such a powerful attacker could cover tracks by manipulating the log files intended for fraud detection, data cannot be changed easily in the redo logs. Based on a prototype implementation, we show methods for recovering Insert, Delete and Update statements issued against a database.

Abstract: Several privacy requirements engineering approaches exist, which differ in notions and terminology. We extended a conceptual framework originally designed to compare security requirements engineering approaches with concepts and notions used in privacy requirements engineering. Furthermore, we apply our conceptual framework to compare and evaluate current privacy requirements engineering approaches, e.g., the PriS and LINDDUN approaches. We discuss how these methods are related to the conceptual framework. We compare the terminology and notions of these methods with the clear-cut vocabulary of the conceptual framework.

Abstract: One of the most important threats for Android users is the collection of private data by malware put on the market. Most of the proposed approaches that help to guarantee the user's privacy rely on modified versions of the Android operating system. In this paper, we propose to automatically detect when an application accesses private data and to log this access in a third-party application. This detection should be performed without any modification to the operating system. The proposed methodology relies on the repackaging of a compiled application and the injection of a reporter at bytecode level. Thus, such a methodology enables the user to audit suspicious applications that ask permissions to access private data and to know if such an access has occurred. We show that the proposed methodology can also be implemented as an IPS, in order to prevent such accesses. Experimental results show the efficiency of the methodology on a set of 18 regular applications of the Android market that deal with contacts. Our prototype detected 66% of the accesses to the user's contacts. We also experimented the detection of privacy violations with 5 known malware that send premium-rate SMS.

Abstract: Federated Identity Management is considered a promising approach to facilitate secure resource sharing between collaborating partners. The adoption rate of identity federation technologies in the industrial domain, however, has not been as expected. A structured survey provides the basis for this paper, which reports on challenges related to Federated Identity Management. This paper presents a narrative of the main challenges that are reported in existing FIdM research, and provide a starting point to those who seek to learn more about these concepts.

Abstract: Attack graphs are used to compute potential attackpaths from a system configuration and known vulnerabilities of asystem Attack graphs can be used to eliminate knownvulnerability sequences that can be eliminated to make attacksdifficult and help forensic examiners in identifying manypotential attack paths After an attack happens, forensic analysis, including linking evidence with attacks, helps further understandand refine the attack scenario that was launched Given thatthere are anti-forensic tools that can obfuscate, minimize oreliminate attack footprints, forensic analysis becomes harder Asa solution, we propose to apply attack graph to forensic analysis We do so by including anti-forensic capabilities into attackgraphs, so that the missing evidence can be explained by usinglonger attack paths that erase potential evidence We show thiscapability in an explicit case study involving a database attack

Abstract: Scan-based Design-for-Test (DFT) is a widely deployed technique for testing hardware chips. Using this approach, all flip-flops in the design under test are connected to a scan chain where their states can be scanned out through this chain during the testing phase. Scan-based side channel attacks exploit the information obtained by analyzing the scanned data in order to retrieve secretinformation from cryptographic hardware devices that are designed with this testability feature. The NTRU encryption algorithm (NTRUEncrypt) is a parameterized family of lattice-based public key cryptosystems which has recently been accepted to the IEEE P1363 standards under the specifications for lattice-based public-key cryptography. In this paper, we present a scan-based side channel attack on NTRUEncrypthardware implementations that employ scan based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key.

Abstract: The number of phishing attacks against web serviceshas seen a steady increase causing, for example, a negative effecton the ability of banking and financial institutions to deliverreliable services on the Internet. This paper presents an automaticapproach detecting phishing attacks. Our approach combinesa personalized whitelisting approach with machine learningtechniques. The whitelist is used as filter that blocks phish webpages used to imitate innocuous user behavior. The phishingpages that are not blocked by the whitelist pass are furtherfiltered using a Support Vector Machine classifier designed andoptimized to classify these threats. Our experimental results showthat the proposed approach improves over the current state-ofthe-art methods.

Abstract: To better control IT security in software engineering and IT management, we need to assess security qualities in the different phases of a system's lifecycle. To this end, various security indicators, measures, and metrics have been proposed by scientists and practitioners, but few have gained general acceptance. We surveyed the current state of the art in qualita-tive and quantitative security measurement to characterize the available measurement strategies, their maturity, and the conceptual or technical obstacles preventing further progress in this field of research. We classified the proposed security indicators with respect to their characteristic properties and derived a classification tree delineating the different security assessment strategies and their derived security measures. Based on this overview, we analyzed the relative merits and deficiencies of current approaches, and we suggested future steps towards better security metrics. This paper summarizes the main results of our survey.

Abstract: Software security patterns can be the building blocks of secure software systems. They provide reliable solutions for recurring security problems. The rapid increase in the number of security patterns creates difficulty in the selection of appropriate security patterns for particular security problems. Researchers provide several classification schemes based on unique selection criteria for choosing appropriate security patterns. These schemes are very helpful for software designers to select security patterns for particular security problems. In this paper, we survey various security pattern classification schemes. Further, we compare and contrast these classification schemes using their classification objectives, attributes, dimensions, and quality metrics. The result is helpful for selecting a suitable classification scheme based on the desirable classification attributes and quality metrics. The right selection of classification improves the capability of software designers to select appropriate security patterns for recurring security problems in a specific security context.

Abstract: This paper presents a novel framework for proving specifications of security protocols in the computational model and generating runnable implementations from such proved specifications. We rely on the computationally-sound protocol verifier CryptoVerif for proving the specification, and we have implemented a compiler that translates a CryptoVerif specification into an implementation in OCaml. We have applied this compiler to the SSH Transport Layer protocol: we proved the authentication of the server and the secrecy of the session keys in this protocol and verified that the generated implementation successfully interacts with OpenSSH. The secrecy of messages sent over the SSH tunnel cannot be proved due to known weaknesses in SSH with CBC-mode encryption.

Abstract: For Infrastructure-as-a-Service, Cloud service providers, such as Amazon EC2 and Rackspace, allow users to lease their computing resources over the Internet, and invest their money into developing and maintaining the infrastructure. Hence, maximizing profit, right pricing, and rightsizing are vital elements to their business. To address these issues, we propose in this article an economic model for cloud service providers that can be used to maximize profit based on right pricing and rightsizing in the Cloud data centre. Total cost is a key element in the model and it is analyzed by considering the Total Cost of Ownership (TCO) of the Cloud.

Abstract: Smart card software has to implement software countermeasures to face attacks. Some of these attacks are physical disruptions of chip components that cause a misbehavior in the code execution. A successful functional attack may reveal a secret or grant an undesired authorization. In this paper, we propose to model fault attacks at source level and then simulate these attacks to find out which ones are harmful. After discussing the effects of physical attacks at assembly level and going back to their consequences at source code level, the paper focuses on control flow attacks. Such attacks are good candidates for the proposed model that can be used to exhaustively test the robustness of the attacked program. On the bzip2 software, the paper's results show that up to 21% of the assembly simulated control flow attacks are covered by the C model with 30 times less test cases.

Abstract: Malicious software (malware) represents a threatto the security and privacy of computer users. Traditionalsignature-based and heuristic-based methods are unsuccessfulin detecting some forms of malware. This paper presents amalware detection approach based on supervised learning. Themain contributions of the paper are an ensemble learningalgorithm, two pre-processing techniques, and an empiricalevaluation of the proposed algorithm. Sequences of operationalcodes are extracted as features from malware and benign files. These sequences are used to produce three different data setswith different configurations. A set of learning algorithms isevaluated on the data sets and the predictions are combinedby the ensemble algorithm. The predicted output is decided onthe basis of veto voting. The experimental results show that theapproach can accurately detect both novel and known malwareinstances with higher recall in comparison to majority voting.

Abstract: As cloud computing continues to gain traction, a great deal of effort is being expended in researching the most effective ways to build and manage secure and trustworthy clouds. Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to the multi-tenant and potentially multi-provider nature of Cloud Infrastructure. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation; (2) provisioning dynamic security services. Although the first task is a traditional task in security engineering, dynamic provisioning of managed security services in virtualized environment remains a problem and requires additional research. Entire frameworks have been proposed and demonstrated but although successful, there is a tendency to see such solutions as integrated 'all in one' infrastructures. This paper describes a light-weight mechanism and protocol for building trust between two machines that takes advantage of the Trusted Platform Module (TPM) to handle a key exchange and remote trusted deployment of a bootstrapping tool (referred to as the Bootstrapping Initiator (BI)). Once deployed, the BI can execute any arbitrary software required which could be (but is not limited to) solutions for advanced architecture management such as the Dynamic Access Control Infrastructure (DACI). The proposed solution provides a light-weight layer of trust backed by a TPM that additional systems can build upon as required by the individual use case without the requirement for a specific management or security infrastructure to be deployed along with it.

Abstract: In this paper, we present an approach to attackon the Xen hypervisor utilizing return-oriented programming(ROP). It modifies the data in the hypervisor that controlswhether a VM is privileged or not and thus can escalatethe privilege of an unprivileged domain (domU) at runtime. As ROP technique makes use of existed code to implementattack, not modifying or injecting any code, it canbypass the integrity protections that base on code measurement. By constructing such kind of attack at the virtualizationlayer, it can motivate further research work towardspreventing or detecting ROP attack on the hypervisor.

Abstract: Service Level Agreements (SLAs) have been used for decades to regulate aspects such as throughput, delay and response times of services in various outsourcing scenarios. However, security aspects have typically been neglected in SLAs. In this paper we argue that security SLAs will be necessary for future Internet services, and provide examples of how this will work in practice.

Abstract: Collaborating entities usually require the exchange of personal information for the achievement of a common goal, including enabling business transactions and the provisioning of critical services. A key issue affecting these interactions is the lack of control on how data is going to be used and processed by the entities that share it. To partially solve the issue, parties may have defined a set of data sharing policies regulating the exchange of data they own, or over which they have jurisdiction. However, distinct set of policies, defined by different authorities, may lead to conflicts once enacted, since, e.g., different subjects may have defined different permissions on the same data set. This paper focuses on policy analysis and offers a formal support for coming up with a conflict-free set of data sharing policies. We illustrate the methodology on the example of an emergency management.

Abstract: When you are in charge of building software from the ground up, software security can be encouraged through the use of secure software development methodologies. However, how can you measure the security of a given piece of software that you didn’t write yourself? In other words, when looking at two executables, what does “a is more secure than b” mean? This paper examines some approaches to measuring software security, and reccommends that more organisations should employ the Building Security In Maturity Model (BSIMM).

Abstract: Considering legal aspects during software development is a challenging problem, due to the cross-disciplinaryexpertise required. The problem is even more complex for cloudcomputing systems, because of the international distribution, huge amounts of processed data, and a large number ofstakeholders that own or process the data. Approaches existto deal with parts of the problem, but they are isolated fromeach other. We present an integrated method for elicitation of legalrequirements. A cloud computing online banking scenarioillustrates the application of our methods. The runningexample deals with the problem of storing personal informationin the cloud and based upon the BDSG (German Federal DataProtection Act). We describe the structure of the online bankingcloud system using an existing pattern-based approach. Theelicited information is further refined and processed into functional requirements for software development. Moreover, ourmethod covers the analysis of security-relevant concepts suchas assets and attackers particularly with regard to laws. Therequirements artifacts then serve as inputs for existing patternsfor the identification of laws relevant for the online bankingcloud system. Finally, our method helps to systematically derivefunctional as well as security requirements that realize thepreviously identified laws.

Abstract: In this work a distributed video surveillance system based on a Client-Server architecture is presented. The proposed system is accessible from portable devices such as tablets, smartphones, etc. In a typical real-world scenario, for example in homeland security, it is useful to have portable devices that can receive in real-time a frame or a sequence of frames coming from a selected camera to prevent or to detect attacks (i.e. terrorist attacks, etc.). In the proposed system, a portable device knows only the address of the server (repository), and the repository sends to the portable device the list of the clients (nodes) which are connected with one or more cameras. When the portable device obtains the list of the nodes, it connects directly to a specific node and requests the images of its connected cameras. The whole system provides secure communication channel between all its components. The security of both the node-repository and the repository-portable devices communications is guaranteed by using a secure connection. The security of the node-portable devices interconnection is provided by a digital invisible watermarking algorithm that affects each image before sending it from the node to the portable devices. Each portable device can extract the watermark and verify the identity of the node.

Abstract: This paper proposed a method to find annotations corresponding to given CNN news documents for detecting terrorism image or context information. Assigning keywords or annotation to image is one of the important tasks to let machine understand web data written by human. Many techniques have been suggested for automatic image annotation in the last few years. Many researches focused on the method to extract possible annotation using low-level image features. This was the basic and traditional approach but it has a limitation that it costs lots of time. To overcome this problem, we analyze images and theirs co-occurring text data to generate possible annotations. The text data in the news documents describe the core point of news stories according to the given images and titles. Because of this fact, this paper applied text data as a resource to assign image annotations using TF (Term Frequency) value and WUP values of WordNet. The proposed method shows that text analysis is another possible technique to annotate image automatically for detecting unintended web documents.

Abstract: Cloud Forensics refers to digital forensics investigations performed in Cloud Computing Environments. Nowadays digital investigators face various technical, legal, and organizational challenges to keep up with current developments in the field of Cloud Computing. But, due to its dynamic nature, Cloud Computing also offers several opportunities to improve digital investigations in Cloud Environments. Digital investigators may utilize Cloud Computing setups and process complex tasks in cloud infrastructures. Thus they can take advantage of the enormous computing power at hand in such environments.

Abstract: As a code reuse technique, JIT spraying attack becomes popular on the JITed VM (Virtual Machine) (e.g., Javascript Engine, Flash Engine). Using a bug in web applications, an attacker can reuse the code generated by the JIT (Just-In-Time) compiler, which is used to optimize the performance of web applications. JIT spraying attacks can circumvent DEP and ASLR -- protection mechanisms of modern operating systems. Based on the observation that JIT spraying attack mostly uses the immediate operand of the arithmetic instruction to build a shellcode, we propose RIM, a technique that obfuscates the arithmetic operations in the JITed code and prevents attackers from reusing the native code to construct a malicious code. We implement a prototype on Tamarin flash engine and demonstrate the effectiveness of RIM. Experimental results show that RIM's overhead is very low (less than 1%). And RIM greatly improves the security functionality of JIT compilers.

Abstract: An ISO 27001 compliant information securitymanagement system is difficult to create, due to the the limitedsupport for system development and documentation providedin the standard. We present a structured analysis of the documentationand development requirements in the ISO 27001 standard. Moreover, we investigate to what extent existing securityrequirements engineering approaches fulfill these requirements. We developed relations between these approaches and theISO 27001 standard using a conceptual framework originallydeveloped for comparing security requirements engineeringmethods. The relations include comparisons of importantterms, techniques, and documentation artifacts. In addition, we show practical applications of our results.

Abstract: Following to Kaminsky's attack (2008), cachingresolvers were patched with defenses against poisoning. So far, the main improvements were non-cryptographic and easy todeploy (requiring changes only in resolvers). Some of theseimprovements are widely deployed, and it is believed thatthey suffice to prevent poisoning, at least by off-path, spoofingattackers. We perform a critical study of the prominent defensemechanisms against poisoning attacks by off-path adversaries. We present weaknesses and limitations, and suggest counter-measures. Our main message is that the DNS infrastructure shouldnot rely on short term, 'easy-to-deploy' defenses, and effortsshould be increased towards transition to DNSSEC.

Abstract: The goal of this paper is to create a hybrid recommendation system based on a Multi-Agent Architecture that will inform the trader about the future stock trend in order to improve the profitability of a short or medium time period investment.

Abstract: When mobile End Users are offloaded from aRadio Access Network (RAN) to a WLAN, current I-WLAN [1]offloaded architectures consider traffic converging to a commonSecurity Gateway. In this paper, we propose an alternativeEnd-to-End security (E2E) architecture based on the MOBIKE-X [2] protocol, which extends the MOBIKE [3] Mobility andMultihoming features to Multiple Interfaces and to the Transportmode of IPsec. The benefits of this E2E architecture are mostlyload reduction and a better End User experience. First, E2Eoffloads the ISP CORE and backhaul networks, then E2E usesIPsec Transport mode instead of Tunnel mode, which removesnetworking and security overhead. This reduces CPU load by20%, enhances Mobility and Multihoming operations by about15%, and makes the system 2.9 times more reactive for detectingmodifications of interfaces.

Abstract: In this paper, we report on our ongoing research on simulation-based information security risk assessment and multi-objective optimization of investment in security controls. We outline a methodological framework that accounts for characteristics of the organization, its information infrastructure, assets to be protected, the particular threat sources it faces, and the decision-makers' risk preferences. This framework comprises (i) ontological modeling of security knowledge, (ii) dynamic attack graph generation techniques, (iii) probabilistic simulation of attacks by goal-driven threat agents, (iv) meta-heuristic identification of efficient portfolios of information security controls, and (v) interactive decision support. These components facilitate novel techniques to infer possible routes of attacks and generate attack graphs based on attackers' motivation, objectives, capabilities, and available modes of entry and to use this inferred knowledge to simulate attacks on an organization's modeled infrastructure. The method supports decision makers evaluating potential security control investments in striking a balance between monetary and non-monetary criteria regarding risks, costs, and benefits. We are currently in the process of developing a prototypical implementation of the framework that will be used to evaluate the approach through application case studies.

Abstract: The identification of child pornographic files at crime scenes can take a pedophile to jail immediately. However, this type of live analysis is a difficult task, since a computer storage device can actually store millions of files. NuDetective Forensic Tool was developed for this purpose and provides satisfactory results in the identification of these files, especially images, through automatic nudity detection. However, this tool does not analyze video file content, which is a temporal media, requiring a more complex analysis. In literature, the main studies of automatic pornography detection in videos do not have the primary purpose of being quick, and are not focused in the detection of child pornography. This work presents a new strategy for automatic detection of child pornographic videos. The new approach uses nudity detection on extracted video frames and statistics to perform the automatic identification of these illegal videos. Experiments showed that our new approach is quick enough to be performed at crime scenes with detection rates around 85%, bringing new benefits for forensic examiners in the identification of child pornographic files.