About
|
Contact Us
|
Register
|
Login
Proceedings
Series
Journals
Search
EAI
ISSN:
2032-9393
Subscribe
Submit Article
Submission Instructions
Open Access Information
Ethics and Malpractice Statement
Most Recent Issue
2021
Issue 30
Issue 29
Issue 28
Issue 27
2020
Issue 24
Issue 26
Issue 25
Issue 23
2019
Issue 22
Issue 21
Issue 20
Issue 19
2018
Issue 18
Issue 17
Issue 16
Issue 15
2017
Issue 14
Issue 13
Issue 12
Issue 11
2016
Issue 10
Issue 9
Issue 8
Issue 7
2015
Issue 6
Issue 5
Issue 4
Issue 3
2011
Issue 2
Issue 1
Visit the new journal website to submit and consult our contents: https://publications.eai.eu/index.php/sesa/index
Editor(s)-in-Chief:
Sanjay Goel
Aims & Scope
Indexing
Editorial Board
Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require the security of da
...
ta handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication. Moreover, we need technology to enable network security monitoring and tracing and to assess the trustworthiness of infrastructures and services. It must ensure the protection of personal data and privacy and properly assign liability and risks, together with the appropriate governance models needed to do so. Furthermore, this is applied to the settings of Public Safety in general.
more >>
DOAJ DBLP CrossRef EBSCO Discovery Service OCLC Discovery Services Microsoft Academic EuroPub Publons MIAR UlrichsWEB Ingenta Connect Computing Database (ProQuest) Publicly Available Content Database
...
(ProQuest) ProQuest Central™ SciTech Premium Collection (ProQuest) ProQuest Central Student™ Google Scholar
more >>
Yao Liu (University of South Florida, USA) Kai Zeng (George Mason University, USA) Linhai Song (Penn State University, USA) Zhiguo Wan (Shangdong University, China) Issa Khalil (Qatar Computing Resear
...
ch Institute, Qatar) George Kesidis (Penn State University, USA) Amro Awad (University of Central Florida, USA) Eric Chan-Tin (Loyola University Chicago, USA) Karim Elish (Florida Polytechnic University, USA) Joongheon Kim (Korea University, Korea) Eugene Vasserman (Kansas State University, USA) An Wang (Case Western Reserve University, USA) Jiawei Yuan (Embry-Riddle Aeronautical University, USA) Mohammad Ashiqur Rahman (Florida International University, USA) Sachin Shetty (Old Dominion University, USA) Jeffrey Spaulding (Niagara University, USA) Zhongshu Gu (IBM, USA) Shujun Li (University of Kent, UK) Heng Zhang (Western Sydney University, Australia) Kaiqi Xiong (University of South Florida, USA) Mohamed Amine Ferrag (Guelma University, Algeria) Bo Luo (University of Kansas, USA) Zhen Huang (DePaul University, USA) Ziming Zhao, University at Buffalo, USA
more >>
Recently Published
Most Popular
How data-sharing nudges influence people's privacy preferences: A machine learning-based analysis
Appears in:
sesa 22(30): 3
Authors:
Yang Lu, Alex Freitas, Shujun Li, Athina Ioannou
Published:
16th Aug 2022
Abstract:
INTRODUCTION: Many online services use data-sharing nudges to solicit personal data from their customers for personalized services. OBJECTIVES: This study aims to study people’s privacy preferences in
...
sharing different types of personal data under different nudging conditions, how digital nudging can change their data sharing willingness, and if people’s data sharing preferences can be predicted using their responses to a questionnaire. METHODS: This paper reports a machine learning-based analysis on people’s privacy preference patterns under four different data-sharing nudging conditions (without nudging, monetary incentives, non-monetary incentives, and privacy assurance). The analysis is based on data collected from 685 UK residents who participated in a panel survey. Their self-reported willingness levels towards sharing 23 different types of personal data were analyzed by using both unsupervised (clustering) and supervised (classification) machine learning algorithms. RESULTS: The results led to a better understanding of people’s privacy preference patterns across different data-sharing nudging conditions, e.g., our participants’ preferences are distributed in a space of 48 possible profiles more sparsely than we expected, and the unexpected observation that all the three data-sharing nudging strategies led to an overall negative effect: they led to a reduced level of self-reported willingness for more participants, comparing with the case of no nudging at all. Our experiments with supervised machine learning models also showed that people’s privacy (data-sharing) preference profiles can be automatically predicted with a good accuracy, even when a small questionnaire with just seven questions is used. CONCLUSION: Our work revealed a more complicated structure of people’s privacy preference profiles, which have some dependencies on the type of data nudging and the type of personal data shared. Such complicated privacy preference profiles can be effectively analyzed using machine learning methods, including automatic prediction based on a small questionnaire. The negative results on the overall effect of different data-sharing nudges imply that service providers should consider if and how to use such mechanisms to incentivise their consumers to share personal data. We believe that more consumer-centric and transparent methods and tools should be used to help improve trust between consumers and service providers.
more >>
A Systemic Security and Privacy Review: Attacks and Prevention Mechanisms over IOT Layers
Appears in:
sesa 22(30): 5
Authors:
Muhammad Shoaib Akhtar, Tao Feng
Published:
5th Aug 2022
Abstract:
In this contemporary era internet of things are used in every realm of life. Recent software’s (e.g., vehicle networking, smart grid, and wearable) are established in result of its use: furthermore, a
...
s development, consolidation, and revolution of varied ancient areas (e.g., medical and automotive). The number of devices connected in conjunction with the ad-hoc nature of the system any exacerbates the case. Therefore, security and privacy has emerged as a big challenge for the IoT. This paper provides an outline of IoT security attacks on Three-Layer Architecture: Three-layer such as application layer, network layer, perception layer/physical layer and attacks that are associated with these layers will be discussed. Moreover, this paper will provide some possible solution mechanisms for such attacks. The aim is to produce a radical survey associated with the privacy and security challenges of the IoT. This paper addresses these challenges from the attitude of technologies and design used. The objective of this paper is to rendering possible solution for various attacks on different layers of IoT architecture. It also presents comparison based on reviewing multiple solutions and defines the best one solution for a specific attack on particular layer.
more >>
Mitigating Vulnerabilities in Closed Source Software
Appears in:
sesa 22(30): 4
Authors:
Zhen Huang, Xiaowei Yu, Gang Tan
Published:
4th Aug 2022
Abstract:
Many techniques have been proposed to harden programs with protection mechanisms to defend against vulnerability exploits. Unfortunately the vast majority of them cannot be applied to closed source so
...
ftware because they require access to program source code. This paper presents our work on automatically hardening binary code with security workarounds, a protection mechanism that prevents vulnerabilities from being triggered by disabling vulnerable code. By working solely with binary code, our approach is applicable to closed source software. To automatically synthesize security workarounds, we develop binary program analysis techniques to identify existing error handling code in binary code, synthesize security workarounds in the form of binary code, and instrument security workarounds into binary programs. We designed and implemented a prototype or our approach for Windows and Linux binary programs. Our evaluation shows that our approach can apply security workarounds to an average of 69.3% of program code and the security workarounds successfully prevents exploits to trigger real-world vulnerabilities.
more >>
Comparing Online Surveys for Cybersecurity: SONA and MTurk
Appears in:
sesa 22(30): 2
Authors:
Shelia Kennison, Anne Wagner, Anna Bakas, Eric Chan-Tin
Published:
8th Feb 2022
Abstract:
People have many accounts and usually need to create a password for each. They tend to create insecure passwords and re-use passwords, which can lead to compromised data. This research examines if the
...
re is a link between personality type and password security among a variety of participants in two groups of participants: SONA and MTurk. Each participant in both surveys answered questions based on password security and their personality type. Our results show that participants in the MTurk survey were more likely to choose a strong password and to exhibit better security behaviors and knowledge than participants in the SONA survey. This is mostly attributed to the age difference. However, the distribution of the results was similar for both MTurk and SONA. In the second part of our study, we found that security behaviors actually went down – this could be due to the pandemic or indicative of a need for more regular messaging/training.
more >>
Dynamic Risk Assessment and Analysis Framework for Large-Scale Cyber-Physical Systems
Appears in:
sesa 22(30): 1
Authors:
Adeel A. Malik, Deepak K. Tosh
Published:
25th Jan 2022
Abstract:
Cyberspace is growing at full tilt creating an amalgamation of disparate systems. This heterogeneity leads to increased system complexity and security flaws. It is crucial to understand and identify t
...
hese flaws to prevent catastrophic events. However, the current state-of-the-art solutions are threat-specific and focus on either risk, vulnerabilities, or adversary emulation. In this work, we present a scalable Cyber-threats and Vulnerability Information Analyzer (CyVIA) framework. CyVIA analyzes cyber risks and abnormalities in real-time using multi-formatted knowledge bases derived from open-source vulnerability databases. CyVIA achieves the following goals: 1) assess the target network for risk and vulnerabilities, 2) map services and policies to network nodes, 3) classify nodes based on severity, and 4) provide consequences, mitigation, and relationships for the found vulnerabilities. We use CyVIA and other tools to examine a simulated network for threats and compare the results.
more >>
A Systemic Security and Privacy Review: Attacks and Prevention Mechanisms over IOT Layers
Appears in:
sesa 22(30): 5
Authors:
Tao Feng, Muhammad Shoaib Akhtar
Downloads:
1596
Abstract:
In this contemporary era internet of things are used in every realm of life. Recent software’s (e.g., vehicle networking, smart grid, and wearable) are established in result of its use: furthermore, a
...
s development, consolidation, and revolution of varied ancient areas (e.g., medical and automotive). The number of devices connected in conjunction with the ad-hoc nature of the system any exacerbates the case. Therefore, security and privacy has emerged as a big challenge for the IoT. This paper provides an outline of IoT security attacks on Three-Layer Architecture: Three-layer such as application layer, network layer, perception layer/physical layer and attacks that are associated with these layers will be discussed. Moreover, this paper will provide some possible solution mechanisms for such attacks. The aim is to produce a radical survey associated with the privacy and security challenges of the IoT. This paper addresses these challenges from the attitude of technologies and design used. The objective of this paper is to rendering possible solution for various attacks on different layers of IoT architecture. It also presents comparison based on reviewing multiple solutions and defines the best one solution for a specific attack on particular layer.
more >>
Mitigating Vulnerabilities in Closed Source Software
Appears in:
sesa 22(30): 4
Authors:
Gang Tan, Zhen Huang, Xiaowei Yu
Downloads:
1076
Abstract:
Many techniques have been proposed to harden programs with protection mechanisms to defend against vulnerability exploits. Unfortunately the vast majority of them cannot be applied to closed source so
...
ftware because they require access to program source code. This paper presents our work on automatically hardening binary code with security workarounds, a protection mechanism that prevents vulnerabilities from being triggered by disabling vulnerable code. By working solely with binary code, our approach is applicable to closed source software. To automatically synthesize security workarounds, we develop binary program analysis techniques to identify existing error handling code in binary code, synthesize security workarounds in the form of binary code, and instrument security workarounds into binary programs. We designed and implemented a prototype or our approach for Windows and Linux binary programs. Our evaluation shows that our approach can apply security workarounds to an average of 69.3% of program code and the security workarounds successfully prevents exploits to trigger real-world vulnerabilities.
more >>
Dynamic Risk Assessment and Analysis Framework for Large-Scale Cyber-Physical Systems
Appears in:
sesa 22(30): 1
Authors:
Adeel A. Malik, Deepak K. Tosh
Downloads:
1026
Abstract:
Cyberspace is growing at full tilt creating an amalgamation of disparate systems. This heterogeneity leads to increased system complexity and security flaws. It is crucial to understand and identify t
...
hese flaws to prevent catastrophic events. However, the current state-of-the-art solutions are threat-specific and focus on either risk, vulnerabilities, or adversary emulation. In this work, we present a scalable Cyber-threats and Vulnerability Information Analyzer (CyVIA) framework. CyVIA analyzes cyber risks and abnormalities in real-time using multi-formatted knowledge bases derived from open-source vulnerability databases. CyVIA achieves the following goals: 1) assess the target network for risk and vulnerabilities, 2) map services and policies to network nodes, 3) classify nodes based on severity, and 4) provide consequences, mitigation, and relationships for the found vulnerabilities. We use CyVIA and other tools to examine a simulated network for threats and compare the results.
more >>
How data-sharing nudges influence people's privacy preferences: A machine learning-based analysis
Appears in:
sesa 22(30): 3
Authors:
Yang Lu, Alex Freitas, Shujun Li, Athina Ioannou
Downloads:
879
Abstract:
INTRODUCTION: Many online services use data-sharing nudges to solicit personal data from their customers for personalized services. OBJECTIVES: This study aims to study people’s privacy preferences in
...
sharing different types of personal data under different nudging conditions, how digital nudging can change their data sharing willingness, and if people’s data sharing preferences can be predicted using their responses to a questionnaire. METHODS: This paper reports a machine learning-based analysis on people’s privacy preference patterns under four different data-sharing nudging conditions (without nudging, monetary incentives, non-monetary incentives, and privacy assurance). The analysis is based on data collected from 685 UK residents who participated in a panel survey. Their self-reported willingness levels towards sharing 23 different types of personal data were analyzed by using both unsupervised (clustering) and supervised (classification) machine learning algorithms. RESULTS: The results led to a better understanding of people’s privacy preference patterns across different data-sharing nudging conditions, e.g., our participants’ preferences are distributed in a space of 48 possible profiles more sparsely than we expected, and the unexpected observation that all the three data-sharing nudging strategies led to an overall negative effect: they led to a reduced level of self-reported willingness for more participants, comparing with the case of no nudging at all. Our experiments with supervised machine learning models also showed that people’s privacy (data-sharing) preference profiles can be automatically predicted with a good accuracy, even when a small questionnaire with just seven questions is used. CONCLUSION: Our work revealed a more complicated structure of people’s privacy preference profiles, which have some dependencies on the type of data nudging and the type of personal data shared. Such complicated privacy preference profiles can be effectively analyzed using machine learning methods, including automatic prediction based on a small questionnaire. The negative results on the overall effect of different data-sharing nudges imply that service providers should consider if and how to use such mechanisms to incentivise their consumers to share personal data. We believe that more consumer-centric and transparent methods and tools should be used to help improve trust between consumers and service providers.
more >>
Comparing Online Surveys for Cybersecurity: SONA and MTurk
Appears in:
sesa 22(30): 2
Authors:
Shelia Kennison, Anne Wagner, Anna Bakas, Eric Chan-Tin
Downloads:
798
Abstract:
People have many accounts and usually need to create a password for each. They tend to create insecure passwords and re-use passwords, which can lead to compromised data. This research examines if the
...
re is a link between personality type and password security among a variety of participants in two groups of participants: SONA and MTurk. Each participant in both surveys answered questions based on password security and their personality type. Our results show that participants in the MTurk survey were more likely to choose a strong password and to exhibit better security behaviors and knowledge than participants in the SONA survey. This is mostly attributed to the age difference. However, the distribution of the results was similar for both MTurk and SONA. In the second part of our study, we found that security behaviors actually went down – this could be due to the pandemic or indicative of a need for more regular messaging/training.
more >>
Publisher
EAI
ISSN
2032-9393
Number of Volumes
8
Last Published
2022-08-05
