Visible to the public Biblio

Found 485 results

Filters: First Letter Of Last Name is G  [Clear All Filters]
A B C D E F [G] H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
G
G. DAngelo, S. Rampone, F. Palmieri.  2015.  "An Artificial Intelligence-Based Trust Model for Pervasive Computing". 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC). :701-706.

Pervasive Computing is one of the latest and more advanced paradigms currently available in the computers arena. Its ability to provide the distribution of computational services within environments where people live, work or socialize leads to make issues such as privacy, trust and identity more challenging compared to traditional computing environments. In this work we review these general issues and propose a Pervasive Computing architecture based on a simple but effective trust model that is better able to cope with them. The proposed architecture combines some Artificial Intelligence techniques to achieve close resemblance with human-like decision making. Accordingly, Apriori algorithm is first used in order to extract the behavioral patterns adopted from the users during their network interactions. Naïve Bayes classifier is then used for final decision making expressed in term of probability of user trustworthiness. To validate our approach we applied it to some typical ubiquitous computing scenarios. The obtained results demonstrated the usefulness of such approach and the competitiveness against other existing ones.

G. G. Granadillo, J. Garcia-Alfaro, H. Debar, C. Ponchel, L. R. Martin.  2015.  "Considering technical and financial impact in the selection of security countermeasures against Advanced Persistent Threats (APTs)". 2015 7th International Conference on New Technologies, Mobility and Security (NTMS). :1-6.

This paper presents a model to evaluate and select security countermeasures from a pool of candidates. The model performs industrial evaluation and simulations of the financial and technical impact associated to security countermeasures. The financial impact approach uses the Return On Response Investment (RORI) index to compare the expected impact of the attack when no response is enacted against the impact after applying security countermeasures. The technical impact approach evaluates the protection level against a threat, in terms of confidentiality, integrity, and availability. We provide a use case on malware attacks that shows the applicability of our model in selecting the best countermeasure against an Advanced Persistent Threat.

G. Kejela, C. Rong.  2015.  "Cross-Device Consumer Identification". 2015 IEEE International Conference on Data Mining Workshop (ICDMW). :1687-1689.

Nowadays, a typical household owns multiple digital devices that can be connected to the Internet. Advertising companies always want to seamlessly reach consumers behind devices instead of the device itself. However, the identity of consumers becomes fragmented as they switch from one device to another. A naive attempt is to use deterministic features such as user name, telephone number and email address. However consumers might refrain from giving away their personal information because of privacy and security reasons. The challenge in ICDM2015 contest is to develop an accurate probabilistic model for predicting cross-device consumer identity without using the deterministic user information. In this paper we present an accurate and scalable cross-device solution using an ensemble of Gradient Boosting Decision Trees (GBDT) and Random Forest. Our final solution ranks 9th both on the public and private LB with F0.5 score of 0.855.

Gaber, C., Vilchez, J. S., Gür, G., Chopin, M., Perrot, N., Grimault, J.-L., Wary, J.-P..  2020.  Liability-Aware Security Management for 5G. 2020 IEEE 3rd 5G World Forum (5GWF). :133—138.

Multi-party and multi-layer nature of 5G networks implies the inherent distribution of management and orchestration decisions across multiple entities. Therefore, responsibility for management decisions concerning end-to-end services become blurred if no efficient liability and accountability mechanism is used. In this paper, we present the design, building blocks and challenges of a Liability-Aware Security Management (LASM) system for 5G. We describe how existing security concepts such as manifests and Security-by-Contract, root cause analysis, remote attestation, proof of transit, and trust and reputation models can be composed and enhanced to take risk and responsibilities into account for security and liability management.

Gadde, Phani Harsha, Brahma, Sukumar.  2019.  Realistic Microgrid Test Bed for Protection and Resiliency Studies. 2019 North American Power Symposium (NAPS). :1–6.

Momentum towards realization of smart grid will continue to result in high penetration of renewable fed Distributed Energy Resources (DERs) in the Electric Power System (EPS). The drive towards resiliency will enable a modular topology where several microgrids are tied to-gather, operating synchronously to form the future EPS. These microgrids may very well evolve to be fed by 100% Inverter Based Resources (IBRs), and required to operate reliably in both grid-connected and islanded modes. Since microgrids will evolve from existing distribution feeders, they will be unbalanced in terms of load, phases, and feeder-impedances. Protection and control of such microgrids, spanning over grid-connected mode, islanded mode, and transition mode need urgent attention. This paper focuses on the control aspect to facilitate stable operation and power sharing under these modes. A detailed EMTP model of a testbed using the IEEE 13-bus system is created in PSCAD, involving multiple inverters. Control strategy, modes, and implementation of inverter controls are described, and results showing stable operation and power sharing in all modes are presented.

Gadient, P., Ghafari, M., Tarnutzer, M., Nierstrasz, O..  2020.  Web APIs in Android through the Lens of Security. 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER). :13—22.

Web communication has become an indispensable characteristic of mobile apps. However, it is not clear what data the apps transmit, to whom, and what consequences such transmissions have. We analyzed the web communications found in mobile apps from the perspective of security. We first manually studied 160 Android apps to identify the commonly-used communication libraries, and to understand how they are used in these apps. We then developed a tool to statically identify web API URLs used in the apps, and restore the JSON data schemas including the type and value of each parameter. We extracted 9714 distinct web API URLs that were used in 3 376 apps. We found that developers often use the java.net package for network communication, however, third-party libraries like OkHttp are also used in many apps. We discovered that insecure HTTP connections are seven times more prevalent in closed-source than in open-source apps, and that embedded SQL and JavaScript code is used in web communication in more than 500 different apps. This finding is devastating; it leaves billions of users and API service providers vulnerable to attack.

Gaebel, Ethan, Zhang, Ning, Lou, Wenjing, Hou, Y. Thomas.  2016.  Looks Good To Me: Authentication for Augmented Reality. Proceedings of the 6th International Workshop on Trustworthy Embedded Devices. :57–67.

Augmented reality is poised to become a dominant computing paradigm over the next decade. With promises of three-dimensional graphics and interactive interfaces, augmented reality experiences will rival the very best science fiction novels. This breakthrough also brings in unique challenges on how users can authenticate one another to share rich content between augmented reality headsets. Traditional authentication protocols fall short when there is no common central entity or when access to the central authentication server is not available or desirable. Looks Good To Me (LGTM) is an authentication protocol that leverages the unique hardware and context provided with augmented reality headsets to bring innate human trust mechanisms into the digital world to solve authentication in a usable and secure way. LGTM works over point to point wireless communication so users can authenticate one another in a variety of circumstances and is designed with usability at its core, requiring users to perform only two actions: one to initiate and one to confirm. Users intuitively authenticate one another, using seemingly only each other's faces, but under the hood LGTM uses a combination of facial recognition and wireless localization to bootstrap trust from a wireless signal, to a location, to a face, for secure and usable authentication.

Gafencu, L. P., Scripcariu, L., Bogdan, I..  2017.  An overview of security aspects and solutions in VANETs. 2017 International Symposium on Signals, Circuits and Systems (ISSCS). :1–4.

Because of the nature of vehicular communications, security is a crucial aspect, involving the continuous development and analysis of the existing security architectures and punctual theoretical and practical aspects that have been proposed and are in need of continuous updates and integrations with newer technologies. But before an update, a good knowledge of the current aspects is mandatory. Identifying weaknesses and anticipating possible risks of vehicular communication networks through a failure modes and effects analysis (FMEA) represent an important aspect of the security analysis process and a valuable step in finding efficient security solutions for all kind of problems that might occur in these systems.

Gaff, Brian M., Sussman, Heather Egan, Geetter, Jennifer.  2014.  Privacy and Big Data. Computer. 47:7-9.

Big data's explosive growth has prompted the US government to release new reports that address the issues--particularly related to privacy--resulting from this growth. The Web extra at http://youtu.be/j49eoe5g8-c is an audio recording from the Computing and the Law column, in which authors Brian M. Gaff, Heather Egan Sussman, and Jennifer Geetter discuss how big data's explosive growth has prompted the US government to release new reports that address the issues--particularly related to privacy--resulting from this growth.
 

Gafurov, Davrondzhon, Hurum, Arne Erik, Markman, Martin.  2018.  Achieving Test Automation with Testers Without Coding Skills: An Industrial Report. Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. :749–756.
We present a process driven test automation solution which enables delegating (part of) automation tasks from test automation engineer (expensive resource) to test analyst (non-developer, less expensive). In our approach, a test automation engineer implements test steps (or actions) which are executed automatically. Such automated test steps represent user actions in the system under test and specified by a natural language which is understandable by a non-technical person. Then, a test analyst with a domain knowledge organizes automated steps combined with test input to create an automated test case. It should be emphasized that the test analyst does not need to possess programming skills to create, modify or execute automated test cases. We refine benchmark test automation architecture to be better suitable for an effective separation and sharing of responsibilities between the test automation engineer (with coding skills) and test analyst (with a domain knowledge). In addition, we propose a metric to empirically estimate cooperation between test automation engineer and test analyst's works. The proposed automation solution has been defined based on our experience in the development and maintenance of Helsenorg, the national electronic health services in Norway which has had over one million of visits per month past year, and we still use it to automate the execution of regression tests.
Gagliano, Allison, Krawec, Walter O., Iqbal, Hasan.  2019.  From Classical to Semi-Quantum Secure Communication. 2019 IEEE International Symposium on Information Theory (ISIT). :1707—1711.

In this work we introduce a novel QKD protocol capable of smoothly transitioning, via a user-tuneable parameter, from classical to semi-quantum in order to help understand the effect of quantum communication resources on secure key distribution. We perform an information theoretic security analysis of this protocol to determine what level of "quantumness" is sufficient to achieve security, and we discover some rather interesting properties of this protocol along the way.

Gai, K., Qiu, M..  2017.  An Optimal Fully Homomorphic Encryption Scheme. 2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids). :101–106.

The expeditious expansion of the networking technologies have remarkably driven the usage of the distributedcomputing as well as services, such as task offloading to the cloud. However, security and privacy concerns are restricting the implementations of cloud computing because of the threats from both outsiders and insiders. The primary alternative of protecting users' data is developing a Fully Homomorphic Encryption (FHE) scheme, which can cover both data protections and data processing in the cloud. Despite many previous attempts addressing this approach, none of the proposed work can simultaneously satisfy two requirements that include the non-noise accuracy and an efficiency execution. This paper focuses on the issue of FHE design and proposes a novel FHE scheme, which is called Optimal Fully Homomorphic Encryption (O-FHE). Our approach utilizes the properties of the Kronecker Product (KP) and designs a mechanism of achieving FHE, which consider both accuracy and efficiency. We have assessed our scheme in both theoretical proofing and experimental evaluations with the confirmed and exceptional results.

Gaikwad, V. S., Gandle, K. S..  2017.  Ideal complexity cryptosystem with high privacy data service for cloud databases. 2017 1st International Conference on Intelligent Systems and Information Management (ICISIM). :267–270.

Data storage in cloud should come along with high safety and confidentiality. It is accountability of cloud service provider to guarantee the availability and security of client data. There exist various alternatives for storage services but confidentiality and complexity solutions for database as a service are still not satisfactory. Proposed system gives alternative solution for database as a service that integrates benefits of different services along with advance encryption techniques. It yields possibility of applying concurrency on encrypted data. This alternative provides supporting facility to connect dispersed clients with elimination of intermediate proxy by which simplicity can acquired. Performance of proposed system evaluated on basis of theoretical analyses.

Gaio Rito, Cátia Sofia, Beatriz Piedade, Maria, Eugénio Lucas, Eugénio.  2019.  E-Government - Qualified Digital Signature Case Study. 2019 14th Iberian Conference on Information Systems and Technologies (CISTI). :1—6.

This paper presents a case study on the use and implementation of the Qualified Digital Signature. Problematics such as the degree of use, security and authenticity of Qualified Digital Signature and the publication and dissemination of documents signed in digital format are analyzed. In order to support the case study, a methodology was adopted that included interviews with municipalities that are part of the Intermunicipal Community of the region of Leiria and a computer application was developed that allowed to analyze the documents available in the institutional websites of the municipalities, the ones that were digitally signed. The results show that institutional websites are already providing documentation with Qualified Digital Signature and that the level of trust and authenticity regarding their use is considered to be mostly very positive.

Gajavelly, Raj Kumar, Baumgartner, Jason, Ivrii, Alexander, Kanzelman, Robert L., Ghosh, Shiladitya.  2019.  Input Elimination Transformations for Scalable Verification and Trace Reconstruction. 2019 Formal Methods in Computer Aided Design (FMCAD). :10–18.
We present two novel sound and complete netlist transformations, which substantially improve verification scalability while enabling very efficient trace reconstruction. First, we present a 2QBF variant of input reparameterization, capable of eliminating inputs without introducing new logic and without complete range computation. While weaker in reduction potential, it yields up to 4 orders of magnitude speedup to trace reconstruction when used as a fast-and-lossy preprocess to traditional reparameterization. Second, we present a novel scalable approach to leverage sequential unateness to merge selective inputs, in cases greatly reducing netlist size and verification complexity. Extensive benchmarking demonstrates the utility of these techniques. Connectivity verification particularly benefits from these reductions, up to 99.8%.
Gajjar, V., Khandhediya, Y., Gurnani, A..  2017.  Human Detection and Tracking for Video Surveillance: A Cognitive Science Approach. 2017 IEEE International Conference on Computer Vision Workshops (ICCVW). :2805–2809.

With crimes on the rise all around the world, video surveillance is becoming more important day by day. Due to the lack of human resources to monitor this increasing number of cameras manually, new computer vision algorithms to perform lower and higher level tasks are being developed. We have developed a new method incorporating the most acclaimed Histograms of Oriented Gradients, the theory of Visual Saliency and the saliency prediction model Deep Multi-Level Network to detect human beings in video sequences. Furthermore, we implemented the k - Means algorithm to cluster the HOG feature vectors of the positively detected windows and determined the path followed by a person in the video. We achieved a detection precision of 83.11% and a recall of 41.27%. We obtained these results 76.866 times faster than classification on normal images.

Gallagher, Kevin, Patil, Sameer, Dolan-Gavitt, Brendan, McCoy, Damon, Memon, Nasir.  2018.  Peeling the Onion's User Experience Layer: Examining Naturalistic Use of the Tor Browser. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1290–1305.

The strength of an anonymity system depends on the number of users. Therefore, User eXperience (UX) and usability of these systems is of critical importance for boosting adoption and use. To this end, we carried out a study with 19 non-expert participants to investigate how users experience routine Web browsing via the Tor Browser, focusing particularly on encountered problems and frustrations. Using a mixed-methods quantitative and qualitative approach to study one week of naturalistic use of the Tor Browser, we uncovered a variety of UX issues, such as broken Web sites, latency, lack of common browsing conveniences, differential treatment of Tor traffic, incorrect geolocation, operational opacity, etc. We applied this insight to suggest a number of UX improvements that could mitigate the issues and reduce user frustration when using the Tor Browser.

Gallo, Pierluigi, Pongnumkul, Suporn, Quoc Nguyen, Uy.  2018.  BlockSee: Blockchain for IoT Video Surveillance in Smart Cities. 2018 IEEE International Conference on Environment and Electrical Engineering and 2018 IEEE Industrial and Commercial Power Systems Europe (EEEIC / I CPS Europe). :1–6.
The growing demand for safety in urban environments is supported by monitoring using video surveillance. The need to analyze multiple video-flows from different cameras deployed around the city by heterogeneous owners introduces vulnerabilities and privacy issues. Video frames, timestamps, and camera settings can be digitally manipulated by malicious users; the positions of cameras, their orientation and their mechanical settings can be physically manipulated. Digital and physical manipulations may have several effects, including the change of the observed scene and the potential violation of neighbors' privacy. To face these risks, we introduce BlockSee, a blockchain-based video surveillance system that jointly provides validation and immutability to camera settings and surveillance videos, making them readily available to authorized users in case of events. The encouraging results obtained with BlockSee pave the way to new distributed city-wide monitoring systems.
Galuppo, Raúl Ignacio, Luna, Carlos, Betarte, Gustavo.  2018.  Security in iOS and Android: A Comparative Analysis. 2018 37th International Conference of the Chilean Computer Science Society (SCCC). :1–8.
This paper presents a detailed analysis of some relevant security features of iOS and Android -the two most popular operating systems for mobile devices- from the perspective of user privacy. In particular, permissions that can be modified at run time on these platforms are analyzed. Additionally, a framework is introduced for permission analysis, a hybrid mobile application that can run on both iOS and Android. The framework, which can be extended, places special emphasis on the relationship between the user's privacy and the permission system.
Gamachchi, A., Boztas, S..  2017.  Insider Threat Detection Through Attributed Graph Clustering. 2017 IEEE Trustcom/BigDataSE/ICESS. :112–119.

While most organizations continue to invest in traditional network defences, a formidable security challenge has been brewing within their own boundaries. Malicious insiders with privileged access in the guise of a trusted source have carried out many attacks causing far reaching damage to financial stability, national security and brand reputation for both public and private sector organizations. Growing exposure and impact of the whistleblower community and concerns about job security with changing organizational dynamics has further aggravated this situation. The unpredictability of malicious attackers, as well as the complexity of malicious actions, necessitates the careful analysis of network, system and user parameters correlated with insider threat problem. Thus it creates a high dimensional, heterogeneous data analysis problem in isolating suspicious users. This research work proposes an insider threat detection framework, which utilizes the attributed graph clustering techniques and outlier ranking mechanism for enterprise users. Empirical results also confirm the effectiveness of the method by achieving the best area under curve value of 0.7648 for the receiver operating characteristic curve.

Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N..  2020.  An Analysis of Pre-installed Android Software. 2020 IEEE Symposium on Security and Privacy (SP). :1039—1055.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

Gamba, Matteo, Azizpour, Hossein, Carlsson, Stefan, Björkman, Mårten.  2019.  On the Geometry of Rectifier Convolutional Neural Networks. 2019 IEEE/CVF International Conference on Computer Vision Workshop (ICCVW). :793—797.

While recent studies have shed light on the expressivity, complexity and compositionality of convolutional networks, the real inductive bias of the family of functions reachable by gradient descent on natural data is still unknown. By exploiting symmetries in the preactivation space of convolutional layers, we present preliminary empirical evidence of regularities in the preimage of trained rectifier networks, in terms of arrangements of polytopes, and relate it to the nonlinear transformations applied by the network to its input.

Gambino, Andrew, Kim, Jinyoung, Sundar, S. Shyam, Ge, Jun, Rosson, Mary Beth.  2016.  User Disbelief in Privacy Paradox: Heuristics That Determine Disclosure. Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems. :2837–2843.
We conducted a series of in-depth focus groups wherein users provided rationales for their own online privacy behaviors. Our data suggest that individuals often take action with little thought or evaluation, even showing surprise when confronted with their own behaviors. Our analysis yielded a battery of cognitive heuristics, i.e., mental shortcuts / rules of thumb, that users seem to employ when they disclose or withhold information at the spur of the moment. A total of 4 positive heuristics (promoting disclosure) and 4 negative heuristics (inhibiting disclosure) were discovered. An understanding of these heuristics can be valuable for designing interfaces that promote secure and trustworthy computing.
Gan, Jiarui, An, Bo, Vorobeychik, Yevgeniy.  2015.  Security Games with Protection Externalities. Proceedings of the Twenty-Ninth AAAI Conference on Artificial Intelligence. :914–920.

Stackelberg security games have been widely deployed in recent years to schedule security resources. An assumption in most existing security game models is that one security resource assigned to a target only protects that target. However, in many important real-world security scenarios, when a resource is assigned to a target, it exhibits protection externalities: that is, it also protects other "neighbouring" targets. We investigate such Security Games with Protection Externalities (SPEs). First, we demonstrate that computing a strong Stackelberg equilibrium for an SPE is NP-hard, in contrast with traditional Stackelberg security games which can be solved in polynomial time. On the positive side, we propose a novel column generation based approach—CLASPE—to solve SPEs. CLASPE features the following novelties: 1) a novel mixed-integer linear programming formulation for the slave problem; 2) an extended greedy approach with a constant-factor approximation ratio to speed up the slave problem; and 3) a linear-scale linear programming that efficiently calculates the upper bounds of target-defined subproblems for pruning. Our experimental evaluation demonstrates that CLASPE enable us to scale to realistic-sized SPE problem instances.

Gandhi, A., Jain, S..  2020.  Adversarial Perturbations Fool Deepfake Detectors. 2020 International Joint Conference on Neural Networks (IJCNN). :1—8.
This work uses adversarial perturbations to enhance deepfake images and fool common deepfake detectors. We created adversarial perturbations using the Fast Gradient Sign Method and the Carlini and Wagner L2 norm attack in both blackbox and whitebox settings. Detectors achieved over 95% accuracy on unperturbed deepfakes, but less than 27% accuracy on perturbed deepfakes. We also explore two improvements to deep-fake detectors: (i) Lipschitz regularization, and (ii) Deep Image Prior (DIP). Lipschitz regularization constrains the gradient of the detector with respect to the input in order to increase robustness to input perturbations. The DIP defense removes perturbations using generative convolutional neural networks in an unsupervised manner. Regularization improved the detection of perturbed deepfakes on average, including a 10% accuracy boost in the blackbox case. The DIP defense achieved 95% accuracy on perturbed deepfakes that fooled the original detector while retaining 98% accuracy in other cases on a 100 image subsample.