Titlebook: Engineering Secure Software and Systems; 7th International Sy Frank Piessens,Juan Caballero,Nataliia Bielova Conference proceedings 2015 Sp

瘙痒

The Heavy Tails of Vulnerability Exploitation. Our analysis comprises 374 exploited vulnerabilities for a total of 75.7 Million recorded attacks spanning three years (2009-2012). We find that for some software as little as 5% of exploited vulnerabilities is responsible for about 95% of the attacks against that platform. This strongly skewed di

d-limonene

Idea: Benchmarking Indistinguishability Obfuscation – A Candidate Implementationl. [1]. We show how different parameters of the input circuits impact the performance and the size of the obfuscated programs. On the negative side, our benchmarks show that for the time being the algorithm is far away from being practical. On the positive side, there is still much room for improvem

TAG

A Security Ontology for Security Requirements Elicitationtation. Early analysis of security makes it possible to predict threats and their impacts and define adequate security requirements before the system is in place. Security requirements are difficult to elicit, analyze, and manage. The fact that analysts’ knowledge about security is often tacit makes

补充

Producing Hook Placements to Enforce Expected Access Control Policiestions on those resources. Manual hook placements by programmers are often incomplete or incorrect, leading to insecure programs. We advocate an approach that automatically identifies the set of locations to place authorization hooks that mediates all security-sensitive operations in order to enforce

Arteriography

宣誓书

BLA

Idea: State-Continuous Transfer of State in Protected-Module Architecturesle exists that executes without interruption when it is transferred from one machine to another. In practice however an attacker may (i) crash the system at any point in time (i.e., a crash attack), (ii) present the system with a stale state (i.e., a rollback attack), or (iii) trick both machines to

规章

OMEN: Faster Password Guessing Using an Ordered Markov Enumerator the Ripper, which implements the password indexing function by Narayanan and Shmatikov. OMEN guesses more than 40% of passwords correctly with the first 90 million guesses, while JtR-Markov (for . = 1 billion) needs at least eight times as many guesses to reach the same goal, and OMEN guesses more

V切开

The Heavy Tails of Vulnerability Exploitationr data collection from the security community may be needed. Finally, we present and discuss the . as a possible explanation for the heavy-tailed distributions we find in the data, and present examples of its effects for Apple Quicktime and Microsoft Internet Explorer vulnerabilities.

OPINE

A Security Ontology for Security Requirements Elicitationts have been proposed in the literature. None of them stands out as complete. This paper presents a core and generic security ontology for security requirements engineering. Its core and generic status is attained thanks to its coverage of wide and high-level security concepts and relationships. We