وبلاگ بلیان

Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, Revised Selected Papers (Security and Cryptology Book 11981)

معرفی کتاب «Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, Revised Selected Papers (Security and Cryptology Book 11981)» نوشتهٔ Apostolos P Fournaris; Manos Athanatos; Konstantinos Lampropoulos; Sotiris Ioannidis; George Hatzivasilis; Ernesto Damiani; Habtamu Abie; Silvio Ranise; Luca Verderame; Alberto Siena; Joaquin Garcia-Alfaro; SpringerLink (Online service)، منتشرشده توسط نشر Springer International Publishing : Imprint: Springer در سال 2020. این کتاب در 5 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the refereed post-conference proceedings of the Second International Workshop on Information & Operational Technology (IT & OT) security systems, IOSec 2019 , the First International Workshop on Model-driven Simulation and Training Environments, MSTEC 2019, and the First International Workshop on Security for Financial Critical Infrastructures and Services, FINSEC 2019, held in Luxembourg City, Luxembourg, in September 2019, in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019. The IOSec Workshop received 17 submissions from which 7 full papers were selected for presentation. They cover topics related to security architectures and frameworks for enterprises, SMEs, public administration or critical infrastructures, threat models for IT & OT systems and communication networks, cyber-threat detection, classification and pro ling, incident management, security training and awareness, risk assessment safety and security, hardware security, cryptographic engineering, secure software development, malicious code analysis as well as security testing platforms. From the MSTEC Workshop 7 full papers out of 15 submissions are included. The selected papers deal focus on the verification and validation (V&V) process, which provides the operational community with confidence in knowing that cyber models represent the real world, and discuss how defense training may benefit from cyber models. The FINSEC Workshop received 8 submissions from which 3 full papers and 1 short paper were accepted for publication. The papers reflect the objective to rethink cyber-security in the light of latest technology developments (e.g., FinTech, cloud computing, blockchain, BigData, AI, Internet-of-Things (IoT), mobile-first services, mobile payments). IOSec 2019 Preface IOSec 2019 Organization MSTEC 2019 Preface MSTEC 2019 Organization FINSEC 2019 Preface FINSEC 2019 Organization Contents IOSec Workshop A Comprehensive Technical Survey of Contemporary Cybersecurity Products and Solutions 1 Introduction 2 Identifying Imperative Cybersecurity Market Segments 2.1 Contemporary Security Market Segments and Related Products 2.2 Emerging Security Market Sectors and Key Players 3 Towards a Holistic Cybersecurity Framework for SMEs 4 Conclusions References CyberSure: A Framework for Liability Based Trust 1 Introduction 2 Related Work 2.1 Security Certification 2.2 Risk Assessment and Management 2.3 Insurance 3 Design 3.1 CyberSure's Internal Mechanisms and Tools 3.2 Monitoring and Pricing Components 4 Validation 4.1 Criteria 4.2 Applications 5 Conclusions References Deploying Fog-to-Cloud Towards a Security Architecture for Critical Infrastructure Scenarios 1 Introduction and Motivation 2 F2C System 3 Security Requirements for Combined CIs-F2C 4 Security Architecture for Combined CIs-F2C 5 Decoupled Security Architecture in CIs 6 Results Analysis 7 Conclusion References Event-Based Remote Attacks in HTML5-Based Mobile Apps 1 Introduction 2 Background 2.1 Middleware Framework 2.2 JavaScript Framework 3 Event-Based Remote Attacks 3.1 Threat Model 3.2 Triggering JavaScript Framework Events 3.3 Motivating Example 4 Approach 5 Evaluation 5.1 Performance 5.2 Soundness 6 Related Work 7 Conclusion and Future Work References Horizontal Attacks Against ECC: From Simulations to ASIC 1 Introduction 2 Background: Vertical and Horizontal Attacks 3 Investigated ECC Designs 3.1 Structure of the Implemented kP Designs 3.2 Field Multiplier 4 Performed Attack Using the Comparison to the Mean 5 Produced ASIC 6 Horizontal DPA/DEMA Attack Against the ASIC 7 Conclusions References Web Servers Protection Using Anomaly Detection for HTTP Requests 1 Introduction 2 Related Work 3 Common Attacks Against Web Servers 4 The Anomaly Detection System 4.1 Principle of Operation 4.2 Length Detection 4.3 n-grams Method 4.4 Suspicious Characters 4.5 Pages Method 4.6 Query String Method 4.7 Solution Structure 5 Experimental Results 6 Conclusions References You Shall Not Register! Detecting Privacy Leaks Across Registration Forms 1 Introduction 2 Related Work 2.1 Web Tracking 2.2 Leakage of Personal Information 3 Methodology 3.1 Crawler Configuration 3.2 Form Detection 3.3 Registration Form Completion 3.4 Analysis and PII Leakage Detection 4 PII Leakage Analysis 4.1 On Purpose PII Leakage 4.2 Email Notifications 5 Outcome and Future Directions References MSTEC Workshop A Model Driven Approach for Cyber Security Scenarios Deployment 1 Introduction 2 Background 2.1 Model Driven Development of Domain Specific Languages 2.2 Developing Steps of a DSL 2.3 OpenStack and Heat 3 Platform Architecture 4 CTL as Domain Specific Language 4.1 CTL Description 4.2 CTL Development 4.3 CTL Model Validation 4.4 From CTL Models to Heat Templates 5 Related Work 6 Conclusion and Future Work References Difficult XSS Code Patterns for Static Code Analysis Tools 1 Introduction 2 Related Work 3 Methodology 3.1 Background 3.2 Selected Static Code Analysis Tools and Data Set 3.3 Vulnerability Analysis 4 Static Code Analysis Results 5 Minimal Working Example Data Set 6 Stored Cross Site Scripting 7 Difficult Source Code Patterns 7.1 Sources 7.2 Stored XSS Sources 7.3 Data Flow 7.4 Failed Sanitization 7.5 Sink 7.6 Template 7.7 Sanitization Methods 7.8 Validation 8 Discussion 9 Conclusion References An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures 1 Introduction 2 Architecture, Design Choices, and Goals 2.1 Description and Design Choices 2.2 Goals 3 Teaching with the Laboratory 3.1 Introducing IT/OT 3.2 Scenarios 3.3 Attacks and Mitigations 4 ProM Camp: An Instance of the Laboratory 5 Conclusions and Future Work References PROTECT – An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks 1 Introduction 2 Background and Related Work 3 Methodology 3.1 New Implementation with Enhanced Configuration 3.2 Game Concept 4 PROTECT 4.1 Game Concepts and Game Mechanisms 4.2 Configuration Options 4.3 Implementation 5 Discussion 6 Conclusion References Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective 1 Introduction 2 Background and Related Work 3 Security Assurance Modelling 3.1 The Security Assurance Model 3.2 Cyber-Range Sub-model 4 Sample Scenario 4.1 Simple Phishing Scenario 5 Conclusions and Future Work References Towards the Insurance of Healthcare Systems 1 Introduction 2 Background Theory 3 The E-Health Pilot 3.1 ICS-M Architecture 3.2 Legislation 3.3 Certification 3.4 Potential Insurance Scenarios 4 Risk Analysis, Certification, and Insurance with CyberSure 5 Assessment of the ICS-M with CyberSure 5.1 Real Case Scenario – Database and Application Servers’ Up-Time 5.2 Risk Analysis and Evaluation 5.3 Insurance and CUMULUS Certification 5.4 Accomplishments 6 Conclusions References The THREAT-ARREST Cyber-Security Training Platform 1 Introduction 2 Related Work and Comparison 3 CTTP Modelling 3.1 Pilot System Modelling and Continuous Security Assurance 3.2 Motivating Example – Smart Energy Home 4 Platform Architecture 4.1 Assurance Tool 4.2 Hybrid Training 4.3 Gamification 4.4 Emulation 4.5 Simulation 4.6 Visualization Tool 5 Conclusions References FINSEC Workshop dAPTaset: A Comprehensive Mapping of APT-Related Data 1 Introduction 2 Dataset Structure 3 Data Collection 3.1 Data Acquisition 3.2 Report Parsing 3.3 Dataset Enrichment 3.4 Dataset Information 4 Conclusions and Future Improvements References Blockchain Based Sharing of Security Information for Critical Infrastructures of the Finance Sector 1 Introduction 1.1 Security Challenges in the Finance Sector 1.2 Related Work 1.3 Scope and Structure of the Paper 2 Information Sharing Architecture 2.1 FINSEC Platform Overview 2.2 Security Information Modelling 3 Collaborative Security System Design and Implementation 3.1 The Enabling Blockchain Infrastructure 3.2 Blockchain Infrastructure: Benefits, Drawbacks and Design Options 3.3 Collaborative Module Implementation Overview 3.4 Collaborative Risk Scoring and Assessment 4 Demonstration and Validation 4.1 Managing FINSTIX Objects 4.2 Collaborative Risk Calculations 5 Conclusions References Bunkers: Jail Application Level Firewall for the Mitigation and Identification of Service Takeover Attacks on HardenedBSD 1 Introduction 2 Objectives 3 Methodology 3.1 Bank E-Mail Antivirus Bunker 3.2 Bank Web Proxy Antivirus Bunker 3.3 Bit-Exact Execve() Web Service Firewall for Bank's Web Applications 4 Results 4.1 Bank E-Mail Antivirus Bunker 4.2 Bank Web Proxy Antivirus Bunker 4.3 Bit-Exact Execve() Web Service Firewall for Bank's Web Applications 5 Discussion 6 Conclusions References A Language-Based Approach to Prevent DDoS Attacks in Distributed Financial Agent Systems 1 Introduction 2 Overview 3 Related Work 4 Our Framework for Active Object Systems 5 Static Analysis to Prevent Attacks 6 Examples of Possible DoS/DDoS Attacks 6.1 Modification of the Static Detection to DDoS 7 Conclusion References Author Index This book constitutes the refereed post-conference proceedings of the Second International Workshop on Information & Operational Technology (IT & OT) security systems, IOSec 2019, the First International Workshop on Model-driven Simulation and Training Environments, MSTEC 2019, and the First International Workshop on Security for Financial Critical Infrastructures and Services, FINSEC 2019, held in Luxembourg City, Luxembourg, in September 2019, in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019. The IOSec Workshop received 17 submissions from which 7 full papers were selected for presentation. They cover topics related to security architectures and frameworks for enterprises, SMEs, public administration or critical infrastructures, threat models for IT & OT systems and communication networks, cyber-threat detection, classification and pro ling, incident management, security training and awareness, risk assessment safety and security, hardware security, cryptographic engineering, secure software development, malicious code analysis as well as security testing platforms. From the MSTEC Workshop 7 full papers out of 15 submissions are included. The selected papers deal focus on the verification and validation (V & V) process, which provides the operational community with confidence in knowing that cyber models represent the real world, and discuss how defense training may benefit from cyber models. The FINSEC Workshop received 8 submissions from which 3 full papers and 1 short paper were accepted for publication. The papers reflect the objective to rethink cyber-security in the light of latest technology developments (e.g., FinTech, cloud computing, blockchain, BigData, AI, Internet-of-Things (IoT), mobile-first services, mobile payments)
دانلود کتاب Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, Revised Selected Papers (Security and Cryptology Book 11981)