Visible to the public Biblio

Found 459 results

Filters: First Letter Of Last Name is D  [Clear All Filters]
A B C [D] E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
D
Dai, Ting, He, Jingzhu, Gu, Xiaohui, Lu, Shan, Wang, Peipei.  2018.  DScope: Detecting Real-World Data Corruption Hang Bugs in Cloud Server Systems. Proceedings of the ACM Symposium on Cloud Computing. :313-325.

Cloud server systems such as Hadoop and Cassandra have enabled many real-world data-intensive applications running inside computing clouds. However, those systems present many data-corruption and performance problems which are notoriously difficult to debug due to the lack of diagnosis information. In this paper, we present DScope, a tool that statically detects data-corruption related software hang bugs in cloud server systems. DScope statically analyzes I/O operations and loops in a software package, and identifies loops whose exit conditions can be affected by I/O operations through returned data, returned error code, or I/O exception handling. After identifying those loops which are prone to hang problems under data corruption, DScope conducts loop bound and loop stride analysis to prune out false positives. We have implemented DScope and evaluated it using 9 common cloud server systems. Our results show that DScope can detect 42 real software hang bugs including 29 newly discovered software hang bugs. In contrast, existing bug detection tools miss detecting most of those bugs.

Dai, W., Win, M. Z..  2017.  On Protecting Location Secrecy. 2017 International Symposium on Wireless Communication Systems (ISWCS). :31–36.

High-accuracy localization is a prerequisite for many wireless applications. To obtain accurate location information, it is often required to share users' positional knowledge and this brings the risk of leaking location information to adversaries during the localization process. This paper develops a theory and algorithms for protecting location secrecy. In particular, we first introduce a location secrecy metric (LSM) for a general measurement model of an eavesdropper. Compared to previous work, the measurement model accounts for parameters such as channel conditions and time offsets in addition to the positions of users. We determine the expression of the LSM for typical scenarios and show how the LSM depends on the capability of an eavesdropper and the quality of the eavesdropper's measurement. Based on the insights gained from the analysis, we consider a case study in wireless localization network and develop an algorithm that diminish the eavesdropper's capabilities by exploiting the reciprocity of channels. Numerical results show that the proposed algorithm can effectively increase the LSM and protect location secrecy.

Dai, Y. S., Xiang, Y. P., Pan, Y..  2014.  Bionic Autonomic Nervous Systems for Self-Defense Against DoS, Spyware, Malware, Virus, and Fishing. ACM Trans. Auton. Adapt. Syst.. 9:4:1–4:20.

Computing systems and networks become increasingly large and complex with a variety of compromises and vulnerabilities. The network security and privacy are of great concern today, where self-defense against different kinds of attacks in an autonomous and holistic manner is a challenging topic. To address this problem, we developed an innovative technology called Bionic Autonomic Nervous System (BANS). The BANS is analogous to biological nervous system, which consists of basic modules like cyber axon, cyber neuron, peripheral nerve and central nerve. We also presented an innovative self-defense mechanism which utilizes the Fuzzy Logic, Neural Networks, and Entropy Awareness, etc. Equipped with the BANS, computer and network systems can intelligently self-defend against both known and unknown compromises/attacks including denial of services (DoS), spyware, malware, and virus. BANS also enabled multiple computers to collaboratively fight against some distributed intelligent attacks like DDoS. We have implemented the BANS in practice. Some case studies and experimental results exhibited the effectiveness and efficiency of the BANS and the self-defense mechanism.

Dai, Z., Li, Z. Y..  2015.  Fuzzy Optimization of Automobile Supply Chain Network of Considering Risks. 2015 Seventh International Symposium on Parallel Architectures Algorithms and Programming (PAAP). :134–138.

In this paper, an optimization model of automobile supply chain network with risks under fuzzy price is put forward. The supply chain network is composed of component suppliers, plants, and distribution centers. The total costs of automobile supply chain consist of variable costs, fixed costs, and transportation costs. The objective of this study is to minimize the risks of total profits. In order to deal with this model, this paper puts forward an approximation method to transform a continuous fuzzy problem into discrete fuzzy problem. The model is solved using Cplex 12.6. The results show that Cplex 12.6 can perfectly solve this model, the expected value and lower semi-variance of total profits converge with the increasing number of discretization points, the structure of automobile supply chain network keeps unchanged with the increasing number of discretization points.

Dainotti, A., King, A., Claffy, K., Papale, F., Pescape, A..  2015.  Analysis of a #x201c;/0 #x201d; Stealth Scan From a Botnet. Networking, IEEE/ACM Transactions on. 23:341-354.

Botnets are the most common vehicle of cyber-criminal activity. They are used for spamming, phishing, denial-of-service attacks, brute-force cracking, stealing private information, and cyber warfare. Botnets carry out network scans for several reasons, including searching for vulnerable machines to infect and recruit into the botnet, probing networks for enumeration or penetration, etc. We present the measurement and analysis of a horizontal scan of the entire IPv4 address space conducted by the Sality botnet in February 2011. This 12-day scan originated from approximately 3 million distinct IP addresses and used a heavily coordinated and unusually covert scanning strategy to try to discover and compromise VoIP-related (SIP server) infrastructure. We observed this event through the UCSD Network Telescope, a /8 darknet continuously receiving large amounts of unsolicited traffic, and we correlate this traffic data with other public sources of data to validate our inferences. Sality is one of the largest botnets ever identified by researchers. Its behavior represents ominous advances in the evolution of modern malware: the use of more sophisticated stealth scanning strategies by millions of coordinated bots, targeting critical voice communications infrastructure. This paper offers a detailed dissection of the botnet's scanning behavior, including general methods to correlate, visualize, and extrapolate botnet behavior across the global Internet.
 

Dali, L., Mivule, K., El-Sayed, H..  2017.  A heuristic attack detection approach using the \#x201C;least weighted \#x201D; attributes for cyber security data. 2017 Intelligent Systems Conference (IntelliSys). :1067–1073.

The continuous advance in recent cloud-based computer networks has generated a number of security challenges associated with intrusions in network systems. With the exponential increase in the volume of network traffic data, involvement of humans in such detection systems is time consuming and a non-trivial problem. Secondly, network traffic data tends to be highly dimensional, comprising of numerous features and attributes, making classification challenging and thus susceptible to the curse of dimensionality problem. Given such scenarios, the need arises for dimensional reduction, feature selection, combined with machine-learning techniques in the classification of such data. Therefore, as a contribution, this paper seeks to employ data mining techniques in a cloud-based environment, by selecting appropriate attributes and features with the least importance in terms of weight for the classification. Often the standard is to select features with better weights while ignoring those with least weights. In this study, we seek to find out if we can make prediction using those features with least weights. The motivation is that adversaries use stealth to hide their activities from the obvious. The question then is, can we predict any stealth activity of an adversary using the least observed attributes? In this particular study, we employ information gain to select attributes with the lowest weights and then apply machine learning to classify if a combination, in this case, of both source and destination ports are attacked or not. The motivation of this investigation is if attributes that are of least importance can be used to predict if an attack could occur. Our preliminary results show that even when the source and destination port attributes are used in combination with features with the least weights, it is possible to classify such network traffic data and predict if an attack will occur or not.

Dam, Khanh Huu The, Touili, Tayssir.  2018.  Learning Malware Using Generalized Graph Kernels. Proceedings of the 13th International Conference on Availability, Reliability and Security. :28:1–28:6.
Machine learning techniques were extensively applied to learn and detect malware. However, these techniques use often rough abstractions of programs. We propose in this work to use a more precise model for programs, namely extended API call graphs, where nodes correspond to API function calls, edges specify the execution order between the API functions, and edge labels indicate the dependence relation between API functions parameters. To learn such graphs, we propose to use Generalized Random Walk Graph Kernels (combined with Support Vector Machines). We implemented our techniques and obtained encouraging results for malware detection: 96.73% of detection rate with 0.73% of false alarms.
Damghani, H., Hosseinian, H., Damghani, L..  2019.  Investigating Attacks to Improve Security and Privacy in RFID Systems Using the Security Bit Method. 2019 5th Conference on Knowledge Based Engineering and Innovation (KBEI). :833–838.

The RFID technology is now widely used and combined with everyday life. RFID Tag is a wireless device used to identify individuals and objects, in fact, it is a combination of the chip and antenna that sends the necessary information to an RFID Reader. On the other hand, an RFID Reader converts received radio waves into digital information and then provides facilities such as sending data to the computer and processing them. Radio frequency identification is a comprehensive processing technology that has led to a revolution in industry and medicine as an alternative to commercial barcodes. RFID Tag is used to tracking commodities and personal assets in the chain stores and even the human body and medical science. However, security and privacy problems have not yet been solved satisfactorily. There are many technical and economic challenges in this direction. In this paper, some of the latest technical research on privacy and security problems has been investigated in radio-frequency identification and security bit method, and it has been shown that in order to achieve this level of individual security, multiple technologies of RFID security development should combine with each other. These solutions should be cheap, efficient, reliable, flexible and long-term.

Damis, H. A., Shehada, D., Fachkha, C., Gawanmeh, A., Al-Karaki, J. N..  2020.  A Microservices Architecture for ADS-B Data Security Using Blockchain. 2020 3rd International Conference on Signal Processing and Information Security (ICSPIS). :1—4.

The use of Automatic Dependent Surveillance - Broadcast (ADS-B) for aircraft tracking and flight management operations is widely used today. However, ADS-B is prone to several cyber-security threats due to the lack of data authentication and encryption. Recently, Blockchain has emerged as new paradigm that can provide promising solutions in decentralized systems. Furthermore, software containers and Microservices facilitate the scaling of Blockchain implementations within cloud computing environment. When fused together, these technologies could help improve Air Traffic Control (ATC) processing of ADS-B data. In this paper, a Blockchain implementation within a Microservices framework for ADS-B data verification is proposed. The aim of this work is to enable data feeds coming from third-party receivers to be processed and correlated with that of the ATC ground station receivers. The proposed framework could mitigate ADS- B security issues of message spoofing and anomalous traffic data. and hence minimize the cost of ATC infrastructure by throughout third-party support.

Damodaran, Suresh K., Mittal, Saurabh.  2017.  Controlled Environments for Cyber Risk Assessment of Cyber-physical Systems. Proceedings of the Summer Simulation Multi-Conference. :3:1–3:12.

Cyber risk assessment of a Cyber-Physical System (CPS) without damaging it and without contaminating it with malware is an important and hard problem. Previous work developed a solution to this problem using a control component for simulating cyber effects in a CPS model to mimic a cyber attack. This paper extends the previous work by presenting an algorithm for semi-automated insertion of control components into a CPS model based on Discrete Event Systems (DEVS) formalism. We also describe how to use this algorithm to insert a control component into Live, Virtual, Constructive (LVC) environments that may have non-DEVS models, thereby extending our solution to other systems in general.

Dan, Kenya, Kitagawa, Naoya, Sakuraba, Shuji, Yamai, Nariyoshi.  2019.  Spam Domain Detection Method Using Active DNS Data and E-Mail Reception Log. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:896–899.

E-mail is widespread and an essential communication technology in modern times. Since e-mail has problems with spam mails and spoofed e-mails, countermeasures are required. Although SPF, DKIM and DMARC have been proposed as sender domain authentication, these mechanisms cannot detect non-spoofing spam mails. To overcome this issue, this paper proposes a method to detect spam domains by supervised learning with features extracted from e-mail reception log and active DNS data, such as the result of Sender Authentication, the Sender IP address, the number of each DNS record, and so on. As a result of the experiment, our method can detect spam domains with 88.09% accuracy and 97.11% precision. We confirmed that our method can detect spam domains with detection accuracy 19.40% higher than the previous study by utilizing not only active DNS data but also e-mail reception log in combination.

Danaher, Brett, Smith, Michael D., Telang, Rahul.  2017.  Copyright Enforcement in the Digital Age: Empirical Evidence and Policy Implications. Commun. ACM. 60:68–75.
Government-sanctioned and market-based anti-piracy measures can both mitigate economic harm from piracy.
Danesh, W., Rahman, M..  2017.  Linear regression based multi-state logic decomposition approach for efficient hardware implementation. 2017 IEEE/ACM International Symposium on Nanoscale Architectures (NANOARCH). :153–154.

Multi-state logic presents a promising avenue for more-than-Moore scaling, since efficient implementation of multi-valued logic (MVL) can significantly reduce switching and interconnection requirements and result in significant benefits compared to binary CMOS. So far, traditional approaches lag behind binary CMOS due to: (a) reliance on logic decomposition approaches [4][5][6] that result in many multi-valued minterms [4], complex polynomials [5], and decision diagrams [6], which are difficult to implement, and (b) emulation of multi-valued computation and communication through binary switches and medium that require data conversion, and large circuits. In this paper, we propose a fundamentally different approach for MVL decomposition, merging concepts from data science and nanoelectronics to tackle the problems, (a) First, we do linear regression on all inputs and outputs of a multivalued function, and find an expression that fits most input and output combinations. For unmatched combinations, we do successive regressions to find linear expressions. Next, using our novel visual pattern matching technique, we find conditions based on input and output conditions to select each expression. These expressions along with associated selection criteria ensure that for all possible inputs of a specific function, correct output can be reached. Our selection of regression model to find linear expressions, coefficients and conditions allow efficient hardware implementation. We discuss an approach for solving problem (b) and show an example of quaternary sum circuit. Our estimates show 65.6% saving of switching components compared with a 4-bit CMOS adder.

Daneshgadeh, Salva, Ahmed, Tarem, Kemmerich, Thomas, Baykal, Nazife.  2019.  Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance. 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN). :222–229.
The growing number of internet based services and applications along with increasing adoption rate of connected wired and wireless devices presents opportunities as well as technical challenges and threads. Distributed Denial of Service (DDoS) attacks have huge devastating effects on internet enabled services. It can be implemented diversely with a variety of tools and codes. Therefore, it is almost impossible to define a single solution to prevent DDoS attacks. The available solutions try to protect internet services from DDoS attacks, but there is no accepted best-practice yet to this security breach. On the other hand, distinguishing DDoS attacks from analogous Flash Events (FEs) wherein huge number of legitimate users try to access a specific internet based services and applications is a tough challenge. Both DDoS attacks and FEs result in unavailability of service, but they should be treated with different countermeasures. Therefore, it is worthwhile to investigate novel methods which can detect well disguising DDoS attacks from similar FE traffic. This paper will contribute to this topic by proposing a hybrid DDoS and FE detection scheme; taking 3 isolated approaches including Kernel Online Anomaly Detection (KOAD), Shannon Entropy and Mahalanobis Distance. In this study, Shannon entropy is utilized with an online machine learning technique to detect abnormal traffic including DDoS attacks and FE traffic. Subsequently, the Mahalanobis distance metric is employed to differentiate DDoS and FE traffic. the purposed method is validated using simulated DDoS attacks, real normal and FE traffic. The results revealed that the Mahalanobis distance metric works well in combination with machine learning approach to detect and discriminate DDoS and FE traffic in terms of false alarms and detection rate.
Dang, Hung, Chong, Yun Long, Brun, Francois, Chang, Ee-Chien.  2016.  Practical and Scalable Sharing of Encrypted Data in Cloud Storage with Key Aggregation. Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security. :69–80.

We study a sensor network setting in which samples are encrypted individually using different keys and maintained on a cloud storage. For large systems, e.g. those that generate several millions of samples per day, fine-grained sharing of encrypted samples is challenging. Existing solutions, such as Attribute-Based Encryption (ABE) and Key Aggregation Cryptosystem (KAC), can be utilized to address the challenge, but only to a certain extent. They are often computationally expensive and thus unlikely to operate at scale. We propose an algorithmic enhancement and two heuristics to improve KAC's key reconstruction cost, while preserving its provable security. The improvement is particularly significant for range and down-sampling queries – accelerating the reconstruction cost from quadratic to linear running time. Experimental study shows that for queries of size 32k samples, the proposed fast reconstruction techniques speed-up the original KAC by at least 90 times on range and down-sampling queries, and by eight times on general (arbitrary) queries. It also shows that at the expense of splitting the query into 16 sub-queries and correspondingly issuing that number of different aggregated keys, reconstruction time can be reduced by 19 times. As such, the proposed techniques make KAC more applicable in practical scenarios such as sensor networks or the Internet of Things.

Dang, Hung, Chong, Yun Long, Brun, Francois, Chang, Ee-Chien.  2016.  Practical and Scalable Sharing of Encrypted Data in Cloud Storage with Key Aggregation. Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security. :69–80.

We study a sensor network setting in which samples are encrypted individually using different keys and maintained on a cloud storage. For large systems, e.g. those that generate several millions of samples per day, fine-grained sharing of encrypted samples is challenging. Existing solutions, such as Attribute-Based Encryption (ABE) and Key Aggregation Cryptosystem (KAC), can be utilized to address the challenge, but only to a certain extent. They are often computationally expensive and thus unlikely to operate at scale. We propose an algorithmic enhancement and two heuristics to improve KAC's key reconstruction cost, while preserving its provable security. The improvement is particularly significant for range and down-sampling queries – accelerating the reconstruction cost from quadratic to linear running time. Experimental study shows that for queries of size 32k samples, the proposed fast reconstruction techniques speed-up the original KAC by at least 90 times on range and down-sampling queries, and by eight times on general (arbitrary) queries. It also shows that at the expense of splitting the query into 16 sub-queries and correspondingly issuing that number of different aggregated keys, reconstruction time can be reduced by 19 times. As such, the proposed techniques make KAC more applicable in practical scenarios such as sensor networks or the Internet of Things.

Dang, Hung, Huang, Yue, Chang, Ee-Chien.  2017.  Evading Classifiers by Morphing in the Dark. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :119–133.
Learning-based systems have been shown to be vulnerable to evasion through adversarial data manipulation. These attacks have been studied under assumptions that the adversary has certain knowledge of either the target model internals, its training dataset or at least classification scores it assigns to input samples. In this paper, we investigate a much more constrained and realistic attack scenario wherein the target classifier is minimally exposed to the adversary, revealing only its final classification decision (e.g., reject or accept an input sample). Moreover, the adversary can only manipulate malicious samples using a blackbox morpher. That is, the adversary has to evade the targeted classifier by morphing malicious samples "in the dark". We present a scoring mechanism that can assign a real-value score which reflects evasion progress to each sample based on the limited information available. Leveraging on such scoring mechanism, we propose an evasion method – EvadeHC? and evaluate it against two PDF malware detectors, namely PDFRate and Hidost. The experimental evaluation demonstrates that the proposed evasion attacks are effective, attaining 100% evasion rate on the evaluation dataset. Interestingly, EvadeHC outperforms the known classifier evasion techniques that operate based on classification scores output by the classifiers. Although our evaluations are conducted on PDF malware classifiers, the proposed approaches are domain agnostic and are of wider application to other learning-based systems.
Dang, Hung, Chong, Yun Long, Brun, Francois, Chang, Ee-Chien.  2016.  Practical and Scalable Sharing of Encrypted Data in Cloud Storage with Key Aggregation. Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security. :69–80.

We study a sensor network setting in which samples are encrypted individually using different keys and maintained on a cloud storage. For large systems, e.g. those that generate several millions of samples per day, fine-grained sharing of encrypted samples is challenging. Existing solutions, such as Attribute-Based Encryption (ABE) and Key Aggregation Cryptosystem (KAC), can be utilized to address the challenge, but only to a certain extent. They are often computationally expensive and thus unlikely to operate at scale. We propose an algorithmic enhancement and two heuristics to improve KAC's key reconstruction cost, while preserving its provable security. The improvement is particularly significant for range and down-sampling queries – accelerating the reconstruction cost from quadratic to linear running time. Experimental study shows that for queries of size 32k samples, the proposed fast reconstruction techniques speed-up the original KAC by at least 90 times on range and down-sampling queries, and by eight times on general (arbitrary) queries. It also shows that at the expense of splitting the query into 16 sub-queries and correspondingly issuing that number of different aggregated keys, reconstruction time can be reduced by 19 times. As such, the proposed techniques make KAC more applicable in practical scenarios such as sensor networks or the Internet of Things.

Dang, T. D., Hoang, D..  2017.  A data protection model for fog computing. 2017 Second International Conference on Fog and Mobile Edge Computing (FMEC). :32–38.

Cloud computing has established itself as an alternative IT infrastructure and service model. However, as with all logically centralized resource and service provisioning infrastructures, cloud does not handle well local issues involving a large number of networked elements (IoTs) and it is not responsive enough for many applications that require immediate attention of a local controller. Fog computing preserves many benefits of cloud computing and it is also in a good position to address these local and performance issues because its resources and specific services are virtualized and located at the edge of the customer premise. However, data security is a critical challenge in fog computing especially when fog nodes and their data move frequently in its environment. This paper addresses the data protection and the performance issues by 1) proposing a Region-Based Trust-Aware (RBTA) model for trust translation among fog nodes of regions, 2) introducing a Fog-based Privacy-aware Role Based Access Control (FPRBAC) for access control at fog nodes, and 3) developing a mobility management service to handle changes of users and fog devices' locations. The implementation results demonstrate the feasibility and the efficiency of our proposed framework.

Dangal, P., Bloom, G..  2020.  Towards Industrial Security Through Real-time Analytics. 2020 IEEE 23rd International Symposium on Real-Time Distributed Computing (ISORC). :156–157.

Industrial control system (ICS) denotes a system consisting of actuators, control stations, and network that manages processes and functions in an industrial setting. The ICS community faces two major problems to keep pace with the broader trends of Industry 4.0: (1) a data rich, information poor (DRIP) syndrome, and (2) risk of financial and safety harms due to security breaches. In this paper, we propose a private cloud in the loop ICS architecture for real-time analytics that can bridge the gap between low data utilization and security hardening.

Danger, Jean-Luc, Fribourg, Laurent, Kühne, Ulrich, Naceur, Maha.  2019.  LAOCOÖN: A Run-Time Monitoring and Verification Approach for Hardware Trojan Detection. 2019 22nd Euromicro Conference on Digital System Design (DSD). :269–276.

Hardware Trojan Horses and active fault attacks are a threat to the safety and security of electronic systems. By such manipulations, an attacker can extract sensitive information or disturb the functionality of a device. Therefore, several protections against malicious inclusions have been devised in recent years. A prominent technique to detect abnormal behavior in the field is run-time verification. It relies on dedicated monitoring circuits and on verification rules generated from a set of temporal properties. An important question when dealing with such protections is the effectiveness of the protection against unknown attacks. In this paper, we present a methodology based on automatic generation of monitoring and formal verification techniques that can be used to validate and analyze the quality of a set of temporal properties when used as protection against generic attackers of variable strengths.

Dangiwa, Bello Ahmed, Kumar, Smitha S.  2018.  A Business Card Reader Application for iOS devices based on Tesseract. 2018 International Conference on Signal Processing and Information Security (ICSPIS). :1–4.
As the accessibility of high-resolution smartphone camera has increased and an improved computational speed, it is now convenient to build Business Card Readers on mobile phones. The project aims to design and develop a Business Card Reader (BCR) Application for iOS devices, using an open-source OCR Engine - Tesseract. The system accuracy was tested and evaluated using a dataset of 55 digital business cards obtained from an online repository. The accuracy result of the system was up to 74% in terms of both text recognition and data detection. A comparative analysis was carried out against a commercial business card reader application and our application performed vastly reasonable.
Dangra, B. S., Rajput, D., Bedekar, M. V., Panicker, S. S..  2015.  Profiling of automobile drivers using car games. 2015 International Conference on Pervasive Computing (ICPC). :1–5.

In this paper we use car games as a simulator for real automobiles, and generate driving logs that contain the vehicle data. This includes values for parameters like gear used, speed, left turns taken, right turns taken, accelerator, braking and so on. From these parameters we have derived some more additional parameters and analyzed them. As the input from automobile driver is only routine driving, no explicit feedback is required; hence there are more chances of being able to accurately profile the driver. Experimentation and analysis from this logged data shows possibility that driver profiling can be done from vehicle data. Since the profiles are unique, these can be further used for a wide range of applications and can successfully exhibit typical driving characteristics of each user.

Daniel Albu, Răzvan, Gordan, Cornelia Emilia.  2019.  Authentication and Recognition, Guarantor for on-Line Security. 2019 15th International Conference on Engineering of Modern Electric Systems (EMES). :9—12.

ARGOS is a web service we implemented to offer face recognition Authentication Services (AaaS) to mobile and desktop (via the web browser) end users. The Authentication Services may be used by 3rd party service organizations to enhance their service offering to their customers. ARGOS implements a secure face recognition-based authentication service aiming to provide simple and intuitive tools for 3rd party service providers (like PayPal, banks, e-commerce etc) to replace passwords with face biometrics. It supports authentication from any device with 2D or 3D frontal facing camera (mobile phones, laptops, tablets etc.) and almost any operating systems (iOS, Android, Windows and Linux Ubuntu).

Daniels, Wilfried, Hughes, Danny, Ammar, Mahmoud, Crispo, Bruno, Matthys, Nelson, Joosen, Wouter.  2017.  SΜV - the Security Microvisor: A Virtualisation-based Security Middleware for the Internet of Things. Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference: Industrial Track. :36–42.
The Internet of Things (IoT) creates value by connecting digital processes to the physical world using embedded sensors, actuators and wireless networks. The IoT is increasingly intertwined with critical industrial processes, yet contemporary IoT devices offer limited security features, creating a large new attack surface and inhibiting the adoption of IoT technologies. Hardware security modules address this problem, however, their use increases the cost of embedded IoT devices. Furthermore, millions of IoT devices are already deployed without hardware security support. This paper addresses this problem by introducing a Security MicroVisor (SμV) middleware, which provides memory isolation and custom security operations using software virtualisation and assembly-level code verification. We showcase SμV by implementing a key security feature: remote attestation. Evaluation shows extremely low overhead in terms of memory, performance and battery lifetime for a representative IoT device.