Risks and Security of Internet and Systems : 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers
معرفی کتاب «Risks and Security of Internet and Systems : 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers» نوشتهٔ Slim Kallel, Mohamed Jmaiel, Mohammad Zulkernine, Ahmed Hadj Kacem, Frédéric Cuppens, Nora Cuppens، منتشرشده توسط نشر SPRINGER INTERNATIONAL PU در سال 1385. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Preface Organization Contents Context Correlation for Automated Dynamic Android App Analysis to Improve Impact Rating of Privacy and Security Flaws 1 Introduction 2 Related Work 2.1 Contribution 3 Dynamic Analysis Environment 4 Context Correlation and Issue Generation 4.1 Privacy Sensitive Data Sources 4.2 Data Sinks 4.3 Graph Generation 4.4 Example Graph 4.5 Graph Analysis: Issue Creation 4.6 Issue Correlation Pass 5 Evaluation 5.1 Overview and Statistics 5.2 Deep Manual Issue Inspection 5.3 Damn Vulnerable App 6 Conclusion and Future Work References Errors in the CICIDS2017 Dataset and the Significant Differences in Detection Performances It Makes 1 Introduction 2 Related Works 2.1 Datasets 2.2 Machine Learning Use on CICDS2017 2.3 Previous Criticism on CICIDS2017 3 Errors in the CICIDS2017 Dataset and the CICFlowMeter Tool, and Their Fixes 3.1 CICFlowMeter Issue with Misordered Packets 3.2 Incoherent Timestamps 3.3 Dealing with Data Duplication 3.4 Attack Omission: Labelling Issues and Correction 4 Assessment of the Consequences on Intrusion Detection Models Performances 4.1 Experimental Evaluation Protocol 4.2 Experiments Results 5 Conclusion References A Comparative Study of Attribute Selection Algorithms on Intrusion Detection System in UAVs: A Case Study of UKM-IDS20 Dataset 1 Introduction 2 Literature Review 3 Dataset and Methods 3.1 Dataset 3.2 Attribute Selection Algorithms 3.3 Creating MLP Model 4 Modeling 5 Performance Evaluation 5.1 Scenario 1: 15 Feature 5.2 Scenario 2: 20 Feature 6 Conclusion References PRIAH: Private Alerts in Healthcare 1 Introduction 2 Background 2.1 Smart Hospital Ecosystem 2.2 Privacy-preserving Strategies 2.3 Alert Detection and Edge Computing Paradigm 2.4 Big Data and Streaming Processing 3 Related Work 3.1 Alert Identification and Dissemination 3.2 Privacy Preservation 3.3 Real-Time Processing of Alerts 4 PRIAH Approach 4.1 PRIAH Components at the Edge 4.2 PRIAH Components at the Server Side 4.3 System Administrator 4.4 End-Users 5 Implementation and Results 5.1 Implementation 5.2 Evaluation 6 Conclusion References Tool Paper - SEMA: Symbolic Execution Toolchain for Malware Analysis 1 Context 2 The SEMA Toolset in a Nutshell 3 The Architecture of SEMA 4 SEMA in Action 5 Conclusion References Blockchain Survey for Security and Privacy in the e-Health Ecosystem 1 Introduction 2 Research Strategy 3 State of the Art 4 Background 4.1 Blockchain Technology Overview 4.2 e-Health Applications 5 Security and Privacy Requirements for e-Health Applications 6 Blockchain Platforms and Their Security Solutions 6.1 Hyperledger Fabric 6.2 Hyperledger Besu 6.3 Quorum 6.4 Corda R3 6.5 Cosmos 7 A Security Framework for Blockchain-Based e-Health Applications 7.1 When Blockchain Can be Used in e-Health Applications ? 7.2 Which Blockchain Solution to Use? 8 Conclusions and Future Work References Towards a Dynamic Testing Approach for Checking the Correctness of Ethereum Smart Contracts 1 Introduction 2 Background Materials 2.1 Blockchain 2.2 Smart Contracts 2.3 Common Vulnerabilities 2.4 Blockchain Testing Techniques 3 Related Work 4 Proposed Approach 4.1 Modelling the Smart Contract and Its Blockchain Environment 4.2 Test Case Generation 4.3 Test Case Execution 4.4 Test Result Analysis and Test Report Generation 5 Illustration 5.1 Case Study Description 5.2 Modelling the E-voting System 5.3 Test Case Generation 5.4 Test Tool Implementation 6 Conclusion References Blockchain Olive Oil Supply Chain 1 Introduction 2 Related Work 3 Proposed Approach 4 Obtained Results 4.1 Implemented Blockchain on Raspberry Pi 4.2 Web Application 5 Conclusion References Impact of EIP-1559 on Transactions in the Ethereum Blockchain and Its Rollups 1 Introduction 2 Background 2.1 Layers 1 and 2 in Ethereum 2.2 Eip-1559 3 Testing Approach 3.1 Smart Contract 3.2 Interaction with the Smart Contract 4 Experimentation 4.1 Testing Results 4.2 Discussion 5 Conclusion References Towards a Secure Cross-Blockchain Smart Contract Architecture 1 Introduction 2 Background and Related Work 3 Bifröst Extension Proposal 3.1 Smart Contracts Invocation 3.2 Fault Tolerance 3.3 Security 4 Discussion and Challenges 5 Conclusion and Future Work References Security Analysis: From Model to System Analysis 1 Introduction 2 Background 2.1 Previous MBSE Approach 2.2 Property Specification Patterns 2.3 OBP Model Checker 3 Motivating Example 3.1 System Presentation 3.2 General Approach 4 Detailed Approach 4.1 Environment Modeling 4.2 System State and Behavior 4.3 The OBP Model Checker 5 Security Property Modelling 5.1 Raising Abstraction Level of Formal Security Properties 5.2 From Attacker Interests to Formal Security Properties 6 Property Verification Results Analysis 6.1 Model Checking Embedded System Code 6.2 Security Property Verification 7 Related Works 8 Conclusion References Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications 1 Introduction 2 Background 2.1 Model-Driven Engineering 2.2 SysML 2.3 Event-B 2.4 ATO over ERTMS Case Study Excerpt 3 Related Work 4 The Proposed Approach 4.1 High-level Architecture Graphical Modeling 4.2 Model Transformation and Event-B Generation 4.3 Formal Verification 5 Conclusion References How IT Infrastructures Break: Better Modeling for Better Risk Management 1 Introduction 2 Related Work 2.1 Risk Analysis 2.2 Infrastructure Modeling 3 Guided Risk Management for IT Infrastructures 3.1 Side-Effect Analysis 3.2 Part Analysis 3.3 Assembly Analysis 4 Case Study: A Cloud Infrastructure 4.1 Requirements 4.2 Infrastructure Model 4.3 Constraints 4.4 Risk 4.5 Lessons Learned 5 Conclusion and Future Work References IoT Security Within Small and Medium-Sized Manufacturing Companies 1 Introduction 2 Research Methodology 3 Data and Findings 3.1 Screening 3.2 Experience 3.3 Awareness 3.4 Activities 3.5 Knowledge 4 Conclusion and Further Research References An Incentive Mechanism for Managing Obligation Delegation 1 Introduction 2 Background 2.1 The Beta Distribution 2.2 Defining Obligations 3 An Incentive Scheme for One Hop Delegation 3.1 Obligation Trust 3.2 Delegating Obligations 4 Incentivising Schemes 4.1 Updating Obligation Trust 4.2 Earning Reward Credits 4.3 Eligibility of Delegatees 5 Cascaded Delegation of Obligations 6 Evaluation 6.1 Experimental Setup 6.2 Results 7 Related Work 8 Concluding Remarks References Virtual Private Network Blockchain-based Dynamic Access Control Solution for Inter-organisational Large Scale IoT Networks 1 Introduction 2 Background 2.1 Blockchain 2.2 Virtual Private Networks (VPN) 3 Related Work 3.1 Basic Access Control Model in IoTs 3.2 Inter-organisational Access Control Solution Overview 4 VPNBDAC for Large Scale IoT Network 4.1 Actors 4.2 Smart Contract and Transactions 5 Implementation of the Prototype 6 Performance Evaluation 7 Conclusions References Pseudonym Swapping with Secure Accumulators and Double Diffie-Hellman Rounds in Cooperative Intelligent Transport Systems 1 Introduction 1.1 Pseudonyms in Cooperative Intelligent Transport Systems 1.2 Problem Statement 1.3 Contribution 2 Related Work 3 Preliminaries 4 System Model and Architecture 4.1 C-ITS Trust Model and Architecture 4.2 Threat Model 4.3 Pseudonym Swapping System Model 5 Pseudonym Swapping with Accumulator-Based Storage 5.1 Proposed Alignment to ETSI Standard 5.2 Proposed Security Architecture 5.3 Protocol Definition and Algorithms 6 Security Analysis 7 Proof of Concept Implementation 8 Conclusion References Benchmark Performance of the Multivariate Polynomial Public Key Encapsulation Mechanism 1 Introduction 2 Related Work 3 Summary of MPPK KEM 3.1 Key Generation 3.2 Encryption 3.3 Decryption 4 Benchmarking MPPK 4.1 NIST Level I 4.2 NIST Level III 4.3 NIST Level V 5 Conclusion References Author Index This book constitutes the proceedings of the 17 th International Conference on Risks and Security of Internet and Systems, CRiSIS 2022, which took place in Sousse, Tunesia, during December 7-9, 2022. The 14full papers and 4 short papers included in this volume were carefully reviewed and selected from 39 submissions. The papers detail security issues in internet-related applications, networks and systems.
دانلود کتاب Risks and Security of Internet and Systems : 17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers