Visible to the public Biblio

Filters: Author is Zhang, Ping  [Clear All Filters]
Gu, Yanyang, Zhang, Ping, Chen, Zhifeng, Cao, Fei.  2020.  UEFI Trusted Computing Vulnerability Analysis Based on State Transition Graph. 2020 IEEE 6th International Conference on Computer and Communications (ICCC). :1043–1052.
In the face of increasingly serious firmware attacks, it is of great significance to analyze the vulnerability security of UEFI. This paper first introduces the commonly used trusted authentication mechanisms of UEFI. Then, aiming at the loopholes in the process of UEFI trust verification in the startup phase, combined with the state transition diagram, PageRank algorithm and Bayesian network theory, the analysis model of UEFI trust verification startup vulnerability is constructed. And according to the example to verify the analysis. Through the verification and analysis of the data obtained, the vulnerable attack paths and key vulnerable nodes are found. Finally, according to the analysis results, security enhancement measures for UEFI are proposed.
Fauser, Moritz, Zhang, Ping.  2020.  Resilience of Cyber-Physical Systems to Covert Attacks by Exploiting an Improved Encryption Scheme. 2020 59th IEEE Conference on Decision and Control (CDC). :5489—5494.
In recent years, the integration of encryption schemes into cyber-physical systems (CPS) has attracted much attention to improve the confidentiality of sensor signals and control input signals sent over the network. However, in principle an adversary can still modify the sensor signals and the control input signals, even though he does not know the concrete values of the signals. In this paper, we shall first show that a standard encryption scheme can not prevent some sophisticated attacks such as covert attacks, which remain invisible in the CPS with encrypted communication and a conventional diagnosis system. To cope with this problem, an improved encryption scheme is proposed to mask the communication and to cancel the influence of the attack signal out of the system. The basic idea is to swap the plaintext and the generated random value in the somewhat homomorphic encryption scheme to prevent a direct access of the adversary to the transmitted plaintext. It will be shown that the CPS with the improved encryption scheme is resilient to covert attacks. The proposed encryption scheme and the CPS structure are finally illustrated through the well-established quadruple-tank process.
Ruan, Yefeng, Zhang, Ping, Alfantoukh, Lina, Durresi, Arjan.  2017.  Measurement Theory-Based Trust Management Framework for Online Social Communities. ACM Trans. Internet Technol.. 17:16:1–16:24.
We propose a trust management framework based on measurement theory to infer indirect trust in online social communities using trust’s transitivity property. Inspired by the similarities between human trust and measurement, we propose a new trust metric, composed of impression and confidence, which captures both trust level and its certainty. Furthermore, based on error propagation theory, we propose a method to compute indirect confidence according to different trust transitivity and aggregation operators. We perform experiments on two real data sets, and Twitter, to validate our framework. Also, we show that inferring indirect trust can connect more pairs of users.