Theorem proof based gate level information flow tracking for hardware security verification    

基于定理证明的硬件安全验证跟踪门级信息流  

Computers & Security, Volume 85, August 2019, Pages 225-239  

Maoyuan Qin, Wei Hu, Xinmu Wang, Dejun Mu, Baolei Mao  

摘要：Digital hardware lies in the heart of systems deployed in finance, medical care, basic infrastructure and national defense systems. However, due to the lack of effective security verification tools, hardware designs may contain security vulnerabilities resulting from performance optimizations, side channels, insecure debug ports and hardware Trojans, which provide attackers low level access to critical resources and effective attack surface to compromise a system. To address these security threats, we propose a theorem proof based gate level information flow tracking (GLIFT) method for formal verification of security properties and identifying security vulnerabilities that cause security property violations. Our method integrates a precise information flow tracking (IFT) model with the Coq theorem proof environment, inheriting the accuracy of GLIFT and the scalability of theorem proving based formal verification. We formalize semantic circuits and security theorems for proving security properties in order to detect security violations. The proposed method has been demonstrated on an OpenRISC development interface core and an RSA implementation both from OpenCores as well as several Trojan benchmarks from Trust-HUB. Experimental results show that the proposed method detects insecure debug port, timing channel and hardware Trojans that cause violation of important security properties such as confidentiality, integrity and isolation and also derives the trigger condition of hardware Trojans.  

An evaluation framework for network security visualizations    

网络安全可视化评估架构  

Computers & Security, Volume 84, July 2019, Pages 70-92  

Iman Sharafaldin, Arash Habibi Lashkari, Ali A. Ghorbani  

摘要：Visualization helps to comprehend and analyze large amounts of data, a fundamental necessity for network security due to the large volume of audits traces produced each day. In this paper, we dissect the majority of recent work conducted in network security visualization and offer a taxonomy that provides a basis for classifying recently published works using nine criteria. Moreover, a comprehensive evaluation framework for comparing and ranking network security visualization systems and techniques is developed and presented. Finally, we present a taxonomy of network attacks, which covers most of the existing network attacks and provides a framework for the categorization of recent network security visualization systems.  

CNN with spatio-temporal information for fast suspicious object detection and recognition in THz security images    

基于卷积神经网络及THz安全图像时空信息的可疑物品快速检测与识别  

Signal Processing, Volume 160, July 2019, Pages 202-214  

Xi Yang, Tan Wu, Lei Zhang, Dong Yang, Xinbo Gao  

摘要：Owing to low radiation required for human body, complete detection of hazardous materials, noncontact privacy protection, and fast pass capability, terahertz (THz) security screening cameras (TSSCs) are widely deployed in public places. However, the existing TSSCs only report about the rough locations of suspicious objects, while directing the complicated detailed recognition work to security inspectors, thus leading to low recognition efficiency. In this paper, we aim to introduce the artificial intelligence technique, called convolutional neural network (CNN), with the spatio-temporal information of THz security image sequences, to achieve automatic object detection and recognition. Our method is composed of rough detection and detailed recognition. In rough detection, benefiting from the inherent alignment of human parts, the sparse and low-rank decomposition (SLD) is used to excavate the spatio-temporal context information. Specifically, the low-rank part representing the static background is regarded as the human body, while the sparse part representing the displaced target is regarded as the suspicious object. Then, by considering the shape knowledge and performing morphological processing, noise interference was reduced and the rough locations of suspicious objects were determined. In detailed recognition, supervised training was first conducted based on Faster R-CNN model with large-scale object labels. The trained Faster R-CNN could extract high-level semantic features of each anchor, and thus predict the class attribute of each object. Notably, with the results of rough detection, only anchors in the candidate domain are computed. Compared with the conventional full domain computation, this narrow-band approach not only reduces the computational complexity but also decreases the false positives caused by anchors in the background. Extensive experiments were conducted on THz security images, and the results prove that our method achieves high performance with respect to both accuracy and efficiency.  

Security of Visible Light Communication systems—A survey    

可见光通信系统安全综述  

Physical Communication, Volume 34, June 2019, Pages 246-260  

Grzegorz Blinowski  

摘要：This paper reviews the security of Visible Light Communication (VLC) methods, protocols and systems. In the introduction we briefly outline VLC technology as of today. We then identify the physical aspects of VLC which are relevant to security and present a systematic review of security threats and vulnerabilities with respect to the unique features of VLC systems. We summarize all security techniques proposed in the literature for VLC so far, including physical layer security addressed from the information-theoretic point of view, and the problems of availability and integrity (namely transmission jamming and possible data modification). We also address issues of secure localization, key generation, steganography, and the specific sub-topic of VLC in vehicular networks. In the summary section, we outline all security issues that should be addressed as VLC moves from the experimental to the implementation phase.  

Information security aspects of Industry 4.0    

工业4.0信息安全问题  

Procedia Manufacturing, Volume 32, 2019, Pages 848-855  

Miklos Kiss, Gabor Breda, Lajos Muha  

摘要：Today’s most advanced Industrial systems are built on a very solid information technology basis. To serve and to operate the extremely complex supply chain, the industry needs modern, interconnected infrastructure, where sensors, industrial and office devices are connected. Therefore, real-time demands could take immediate action in every step of the supply chain elements. The more complex the information infrastructure is, the more risk emerges in the field of cybersecurity. Cybersecurity threats are hands-on risks in the industrial sector. SCADA systems were just the first step to influence the operation of a factory, and that time governments have the privilege of this action (with enough financial and IT resources). Today, the game has changed, new players and methodologies have emerged, and revealing the correlation between motivation and capability (in the aspects of the industrial sector) is the key not just the continuous development but to survive either.  

An analysis on the dimensions of information security culture concept: A review    

信息安全文化概念维度分析综述  

Journal of Information Security and Applications, Volume 44, February 2019, Pages 12-22  

Akhyari Nasir, Ruzaini Abdullah Arshah, Mohd Rashid Ab Hamid, Syahrul Fahmy  

摘要：The cultivation of positive Information Security Culture (ISC) is an effective way to promote security behavior and practices among employees in the organization. However, there is yet a consensus on a standard set of dimensions for the ISC concept. ISC has been associated with many facets, with some overlapping dimensions found in the literature. There is little explanation, if any, as to why this happens or to what extent do variances of dimensions affects ISC concept and findings. This paper presents an analysis of the different dimensions in conceptualizing the ISC. Eight major databases including Web of Science, Scopus and Google Scholar were systematically exhausted using PRISMA and a total of 79 studies from 2000 to 2017 was selected for analysis. While different approaches such as adopted theories affect the dimensions of ISC, our analysis also covered other contributing factors such as the objective of the study, type of organization under study and the information security maturity level. In addition, we found no evidence of a set of widely accepted concepts and dimensions for ISC. This review provides substantial evidence on the numerous dimensions used in ISC and could be utilized by academicians as a reference in ISC-related studies.  

Information systems for supply chain management: uncertainties, risks and cyber security    

供应链管理信息系统：不确定性、风险及网络安全  

Procedia Computer Science, Volume 149, 2019, Pages 65-70  

Andrii Boiko, Vira Shendryk, Olha Boiko  

摘要：This research aims to investigate the current status and future direction of the use of information systems for supply chain management for companies with multicomponent production. Paper presents a qualitative research method for analyzing a supply chain processes and for identifying ways of its information support. Based on data collected from different enterprises, can be concluded that in order to identify the most effective strategies of information support of supply chain the attention should focus on the identification and management of the sources of uncertainties, risks and cyber security. To successfully integrate business processes between suppliers and customers, manufacturers must solve the complex problem of information security. The main practical results are: proposed a new approach to the identification and prediction of supply risk within uncertainties conditions; proposed a complex solution to secure data in information systems for supply chain management.