![]() Chen, Xihui ![]() ![]() ![]() in Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (2013), 4(1), 55-75 Detailed reference viewed: 125 (13 UL)![]() Kordy, Barbara ![]() ![]() ![]() in Journal of Logic and Computation (2012) Attack-defense trees are a novel methodology for graphical security modeling and assessment. They extend the well known formalism of attack trees by allowing nodes that represent defensive measures to ... [more ▼] Attack-defense trees are a novel methodology for graphical security modeling and assessment. They extend the well known formalism of attack trees by allowing nodes that represent defensive measures to appear at any level of the tree. This enlarges the modeling capabilities of attack trees and makes the new formalism suitable for representing interactions between an attacker and a defender. Our formalization supports different semantical approaches for which we provide usage scenarios. We also formalize how to quantitatively analyze attack and defense scenarios using attributes. [less ▲] Detailed reference viewed: 192 (15 UL)![]() Chen, Xihui ![]() ![]() in Proc. 6th ESA Workshop on Satellite Navigation Technologies (2012) Existing Global Navigation Satellite Systems offer no authentication to the open service signals and so stand-alone receivers are vulnerable to meaconing and spoofing attacks. These attacks interfere with ... [more ▼] Existing Global Navigation Satellite Systems offer no authentication to the open service signals and so stand-alone receivers are vulnerable to meaconing and spoofing attacks. These attacks interfere with the integrity and authenticity of satellite signals: they can delay signals, or re-broadcast signals. Positioning is thus compromised and location-based services are at risk.This paper describes a solution to mitigate this risk. It is a trusted third-party Localisation Assurance service that informs location-based services providers up to which level a location claimed by client can be trusted. It runs several tests over the localisation data of client receivers and certifies the level of assurance of locations. An assurance level expresses the amount of trust the third-party has that a receiver's location is calculated from integral and authentic satellite signals. [less ▲] Detailed reference viewed: 213 (6 UL)![]() Sun, Yanjie ![]() ![]() ![]() in Journal of Computer Security (2012), 20(4), 437-459 Detailed reference viewed: 112 (6 UL)![]() ; ; et al in Decision Support Systems (2012), 53(3), 418-424 A majority of extant literature on recommender systems assume the input data as a given to generate recommendations. Both implicit and/or explicit data are used as input in these systems. The existence of ... [more ▼] A majority of extant literature on recommender systems assume the input data as a given to generate recommendations. Both implicit and/or explicit data are used as input in these systems. The existence of various challenges in using such input data including those associated with strategic source manipulations, sparse matrix, state data, among others, are sometimes acknowledged. While such input data are also known to be rife with various forms of bias, to our knowledge no explicit attempt is made to correct or compensate for them in recommender systems. We consider a specific type of bias that is introduced in online product reviews due to the sequence in which these reviews are written. We model several scenarios in this context and study their properties. [less ▲] Detailed reference viewed: 105 (0 UL)![]() Jonker, Hugo ![]() ![]() ![]() in Digital Enlightenment Yearbook 2012 (2012) Detailed reference viewed: 91 (5 UL)![]() Jamroga, Wojciech ![]() ![]() ![]() in Proceedings of STM 2011 (2012) Detailed reference viewed: 107 (2 UL)![]() Yuan, Qixia ![]() ![]() ![]() in Transactions on Computational Systems Biology (2012), XIV Detailed reference viewed: 166 (16 UL)![]() Chen, Xihui ![]() ![]() ![]() in Proc. 7th International Conference on Availability, Reliability and Security (2012) Detailed reference viewed: 158 (2 UL)![]() Li, Qian ![]() ![]() ![]() in Proc. 6th International Symposium on Theoretical Aspects of Software Engineering (2012) Detailed reference viewed: 135 (3 UL)![]() Zhang, Ying ![]() ![]() ![]() in Innovations in Systems and Software Engineering (2012), 8 Detailed reference viewed: 116 (3 UL)![]() ; Mauw, Sjouke ![]() Book published by Springer-Verlag (2012) Security protocols are widely used to ensure secure communications over insecure networks, such as the internet or airwaves. These protocols use strong cryptography to prevent intruders from reading or ... [more ▼] Security protocols are widely used to ensure secure communications over insecure networks, such as the internet or airwaves. These protocols use strong cryptography to prevent intruders from reading or modifying the messages. However, using cryptography is not enough to ensure their correctness. Combined with their typical small size, which suggests that one could easily assess their correctness, this often results in incorrectly designed protocols. The authors present a methodology for formally describing security protocols and their environment. This methodology includes a model for describing protocols, their execution model, and the intruder model. The models are extended with a number of well-defined security properties, which capture the notions of correct protocols, and secrecy of data. The methodology can be used to prove that protocols satisfy these properties. Based on the model they have developed a tool set called Scyther that can automatically find attacks on security protocols or prove their correctness. In case studies they show the application of the methodology as well as the effectiveness of the analysis tool. The methodology’s strong mathematical basis, the strong separation of concerns in the model, and the accompanying tool set make it ideally suited both for researchers and graduate students of information security or formal methods and for advanced professionals designing critical security protocols. [less ▲] Detailed reference viewed: 119 (3 UL)![]() ; Mauw, Sjouke ![]() in European Navigation Conference (ENC 2012) (2012) Existing Global Navigation Satellite Systems offer no authentication of their satellite signals towards their civilian users. As a consequence, several types of GNSS-related attacks, including meaconing ... [more ▼] Existing Global Navigation Satellite Systems offer no authentication of their satellite signals towards their civilian users. As a consequence, several types of GNSS-related attacks, including meaconing, may be performed and remain undetected. In the scope of the project “Developing a prototype of Localisation Assurance Service Provider”, which is funded by ESA and realised by the company itrust consulting and the University of Luxembourg, a methodology to visualise the beginnings and the ends of meaconing attacks by monitoring the clock bias of an attacked receiver over time was developed. This paper presents an algorithm that is based on this attack visualisation technique and is capable of detecting meaconing attacks automatically. Experiments in a controlled environment confirmed that the chosen methodology works properly. In one of these tests, for example, six meaconing attacks were simulated by using a GNSS signal repeater. The algorithm was able to detect the beginnings and the ends of all six attacks, while resulting in no more than two false positives, even though the average delay introduced by the meaconing stations (repeater) was just 80 nanoseconds. [less ▲] Detailed reference viewed: 183 (1 UL)![]() Kordy, Barbara ![]() ![]() ![]() Report (2012) Detailed reference viewed: 101 (1 UL)![]() Kordy, Barbara ![]() ![]() ![]() in Information Security and Cryptology - ICISC 2012 - 15th International Conference, Seoul, Korea, November 28-30, 2012, Revised Selected Papers (2012) Attack-defense trees are a novel methodology for graphical security modeling and assessment. The methodology includes intuitive and formal components that can be used for quantitative analysis of attack ... [more ▼] Attack-defense trees are a novel methodology for graphical security modeling and assessment. The methodology includes intuitive and formal components that can be used for quantitative analysis of attack-defense scenarios. In practice, we use intuitive questions to ask about aspects of scenarios we are interested in. Formally, a computational procedure, using a bottom-up algorithm, is applied to derive the corresponding numerical values. This paper bridges the gap between the intuitive and the formal way of quantitatively assessing attack-defense scenarios. We discuss how to properly specify a question, so that it can be answered unambiguously. Given a well-specified question, we then show how to derive an appropriate attribute domain which constitutes the corresponding formal model. [less ▲] Detailed reference viewed: 118 (3 UL)![]() Lenzini, Gabriele ![]() ![]() ![]() in Proc. 19th International Workshop on Security Protocols (2011) Detailed reference viewed: 171 (7 UL)![]() van Deursen, Ton ![]() ![]() ![]() in Abstract book of 20th USENIX Security Symposium (2011) Detailed reference viewed: 35 (1 UL)![]() Mauw, Sjouke ![]() in Proceedings of 19th Security Protocols Workshop (2011), 7114 Detailed reference viewed: 98 (1 UL)![]() Yuan, Qixia ![]() ![]() ![]() in Proceedings of the 3rd Workshop on Computational Models for Cell Processes (2011), EPTCS 67 Detailed reference viewed: 159 (13 UL)![]() Sun, Yanjie ![]() ![]() ![]() in Proc. 6th International Workshop on Security and Trust Management (2011) Detailed reference viewed: 132 (1 UL) |
||