- Bodies.dissemination-committee

[SPARTA - bodies.dissemination-committee] Accepted paper

by Yuri Gil Dantas

Dear all, I am happy to announce that our journal paper "Automating Safety and Security Co-Design through Semantically-Rich Architecture Patterns" has been accepted at Transactions on Cyber-Physical Systems (TCPS) in the special issue on Automotive Safety and Security. Journal: Transactions on Cyber-Physical Systems (TCPS) in the special issue on Automotive Safety and Security Title: Automating Safety and Security Co-Design through Semantically-Rich Architecture Patterns Authors: Yuri Gil Dantas and Vivek Nigam Abstract: During the design of safety-critical systems, safety and security engineers make use of architecture patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety patterns has consequences on security, e.g., the deployment of a safety pattern may lead to new threats. The other way around may also be possible, i.e., the deployment of a security pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and trade-offs, in order to reach appropriate system designs. Currently, pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually, thus time-consuming and prone to human-error, especially given the high system complexity. We propose the use of semantically-rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architecture patterns can address failures or threats and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard. Cheers, Yuri Gil Dantas -- Yuri Gil Dantas Research assistant fortiss GmbH Landesforschungsinstitut des Freistaats Bayern für softwareintensive Systeme An-Institut Technische Universität München Guerickestraße 25, 80805 München, Germany T: +49 (89) 3603522 193 F: +49 (89) 3603522 50 dantas(a)fortiss.org www.fortiss.org Amtsgericht München: HRB: 176633 USt-IdNr.: DE263907002, Steuer-Nr.: 143/237/25900 Rechtsform: gemeinnützige GmbH Sitz der Gesellschaft: München Geschäftsführer: Dr. Harald Rueß, Thomas Vallon Vorsitzender des Aufsichtsrats: Dr. Manfred Wolter

3 years

2
1
0 0

[SPARTA - bodies.dissemination-committee] 2 new journal papers published (open access)

by mchoras＠itti.com.pl

Dear All, I am pleased to inform that 2 new Open Acces SPARTA papers are now published: 1. (interdisciplinary) https://link.springer.com/article/10.1007/s12652-022-04371-1 https://link.springer.com/content/pdf/10.1007/s12652-022-04371-1.pdf Pawlicka A., Tomaszewska R., Krause E., Jaroszewska-Choraś D., Pawlicki M., Choras Michal, Has the pandemic made us more digitally literate? Innovative association rule mining study of the relationships between shifts in digital skills and cybersecurity awareness occurring whilst working remotely during the COVID-19 pandemic , Journal of Ambient Intelligence and Humanized Computing, Online First, Springer, 2022. (IF=3,662). 2. (technical) Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JOWUA): http://isyou.info/jowua/papers/jowua-v13n2-5.pdf http://jowua.com/vol13no2.php This paper is in cooperation with SIMARGL project (simargl.eu) and Orange CERT from Poland, partner in SIMARGL. Kindest Regards, Prof. Michal Choras http://zst.utp.edu.pl/Pracownicy/michal.choras-publications.html https://dblp.org/pid/06/2936.html

3 years, 1 month

1
0
0 0

[SPARTA - bodies.dissemination-committee] new SPARTA (SAFAIR) paper in JOWUA

by mchoras＠itti.com.pl

Dear All, I am pleased to inform that our new Open Acces paper is now published in Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JOWUA): http://isyou.info/jowua/papers/jowua-v13n2-5.pdf http://jowua.com/vol13no2.php The paper is in cooperation with SIMARGL project (simargl.eu) and Orange CERT from Poland, partner in SIMARGL. Kindest Regards, Prof. Michal Choras http://zst.utp.edu.pl/Pracownicy/michal.choras-publications.html -------------------------- Wiadomość oryginalna -------------------------- Temat: new SPARTA (SAFAIR) paper in Neurocomputing Od: mchoras(a)itti.com.pl Data: 12 Czerwca 2022, 8:57 pm, N Do: bodies.dissemination-committee(a)internal.sparta.eu -------------------------------------------------------------------------- Dear All, I am pleased to inform that our new Open Acces paper is now published in prestigous journal 'Neurocomputing' by Elsevier (IF=5,719): (Journal Pre-proof online version) Available at: https://www.sciencedirect.com/science/article/pii/S0925231222007184 It results from work in SAFAIR on secure AI (in cooperation with project H2020 SIMARGL (simargl.eu) that I coordinated and that just ended with very positive review/evaluation). I hope you will find it interesting and nice reading. Kind Regards, Prof. Michal Choras PS. We have some other accepted papers in the pipeline that should be available soon.

3 years, 2 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] final version of the new SPARTA (SAFAIR) paper in Neurocomputing

by mchoras＠itti.com.pl

Dear All, A tiny quick correction - the final version is now available with issue and pages: https://doi.org/10.1016/j.neucom.2022.06.002 It can be also mentioned at SPARTA website :-). Regards, Michal Choras -------------------------- Wiadomość oryginalna -------------------------- Temat: new SPARTA (SAFAIR) paper in Neurocomputing Od: mchoras(a)itti.com.pl Data: 12 Czerwca 2022, 8:57 pm, N Do: bodies.dissemination-committee(a)internal.sparta.eu -------------------------------------------------------------------------- Dear All, I am pleased to inform that our new Open Acces paper is now published in prestigous journal 'Neurocomputing' by Elsevier (IF=5,719): (Journal Pre-proof online version) Available at: https://www.sciencedirect.com/science/article/pii/S0925231222007184 It results from work in SAFAIR on secure AI (in cooperation with project H2020 SIMARGL (simargl.eu) that I coordinated and that just ended with very positive review/evaluation). I hope you will find it interesting and nice reading. Kind Regards, Prof. Michal Choras PS. We have some other accepted papers in the pipeline that should be available soon.

3 years, 3 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] new SPARTA (SAFAIR) paper in Neurocomputing

by mchoras＠itti.com.pl

Dear All, I am pleased to inform that our new Open Acces paper is now published in prestigous journal 'Neurocomputing' by Elsevier (IF=5,719): (Journal Pre-proof online version) Available at: https://www.sciencedirect.com/science/article/pii/S0925231222007184 It results from work in SAFAIR on secure AI (in cooperation with project H2020 SIMARGL (simargl.eu) that I coordinated and that just ended with very positive review/evaluation). I hope you will find it interesting and nice reading. Kind Regards, Prof. Michal Choras PS. We have some other accepted papers in the pipeline that should be available soon.

3 years, 3 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] New paper at ECOOP22 Conference (core-A)

by Pedro Adao

Dear all, I would like to inform you that the following paper Concolic Execution for WebAssembly Filipe Marques, José Fragoso Santos, Nuno Santos, and Pedro Adão will be published in the conference (core-A ranking) ECOOP2022, Mon 6 - Fri 10 June 2022 Berlin, Germany https://2022.ecoop.org/ and will acknowledge SPARTA. I will make the paper available as soon as we have the camera ready version. Attach the current draft. Best regards, Pedro Abstract: WebAssembly (Wasm) is a new binary instruction format that allows targeted compiled code written in high-level languages to be executed by the browser's JavaScript engine with near-native speed. Despite its clear performance advantages, Wasm opens up the opportunity for bugs or security vulnerabilities to be introduced into Web programs, as pre-existing issues in programs written in unsafe languages can be transferred down to cross-compiled binaries. The source code of such binaries is frequently unavailable for static analysis, creating the demand for tools that can directly tackle Wasm code. Despite this potentially security-critical situation, there is still a noticeable lack of tool support for analysing Wasm binaries. We present WASP, a symbolic execution engine for testing Wasm modules, which works directly on Wasm code and was built on top of a standard-compliant Wasm reference implementation. WASP was thoroughly evaluated: it was used to symbolically test a generic data-structure library for C and the Amazon Encryption SDK for C, demonstrating that it can find bugs and generate high-coverage testing inputs for real-world C applications; and was further tested against the Test-Comp benchmark, obtaining results comparable to well-established symbolic execution and testing tools for C, such as KLEE and VeriFuzz.

3 years, 4 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] Accepted paper

by Friedewald, Michael

Hi, we also have received an acceptance notice for a paper submitted to the IEEE Transactions on Software Engineering: F. Ebbers, "A Large-Scale Analysis of IoT Firmware Version Distribution in the Wild," in IEEE Transactions on Software Engineering, doi: 10.1109/TSE.2022.3163969. Abstract: This paper examines the up-to-dateness of installed firmware versions of Internet of Things devices accessible via public Internet. It takes a novel approach to identify versions based on the source code of their web interfaces. It analyzes data sets of 1.06m devices collected using the IoT search engine Censys and then maps the results against the latest version each manufacturer offers. A fully scalable and adaptive approach is developed by applying the SEMMA data mining process. This approach relies on three data artifacts: raw data from Censys, a mapping table with firmware versions, and a keyword search list. The results confirm the heterogeneity of connected IoT devices and show that only 2.45 percent of the IoT devices in the wild run the latest available firmware. Installed versions are 19.2 months old on average. This real-world evidence suggests that the updating processes and methods used by engineers so far are not sufficient to keep IoT devices up-to-date. This paper identifies and quantifies influencing factors and captures the global and diverse distribution of IoT devices. It finds manufacturer and device type influence the up-to-dateness of firmware, whereas the country in which the device is deployed is less significant. Best Michael --- Dr. Michael Friedewald Fraunhofer-Institut für System- und Innovationsforschung ISI Competence Center Emerging Technologies Coordinator ICT Research Breslauer Straße 48 | 76139 Karlsruhe fon: +49 721 6809-146 (-166, ass.) michael.friedewald(a)isi.fraunhofer.de http://www.isi.fraunhofer.de Neue Veröffentlichungen: Friedewald M., Schiffner S., Krenn S. (Eds.) (2021): Privacy and Identity Management. 15th IFIP WG 9.2 9.6/11.7 11.6/SIG 9.2.2 International Summer School Maribor Slovenia September 20-23 2020 Revised Selected Papers. Cham: Springer International (IFIP Advances in Information and Communication Technology, 619). Stapf, I.; Ammicht Quinn, R.; Friedewald, M.; Heesen, J.; Krämer, N. C. (Hrsg.) (2021): Aufwachsen in überwachten Umgebungen: Interdisziplinäre Positionen zu Privatheit und Datenschutz in Kindheit und Jugend. Baden-Baden: Nomos (Kommunikations- und Medienethik, 14). Open access: https://www.nomos-elibrary.de/10.5771/9783748921639.pdf Martin, N.; Friedewald, M.; Schiering, I. et al. (2020): Die Datenschutz-Folgenabschätzung nach Art. 35 DSGVO: Ein Handbuch für die Praxis. Stuttgart: Fraunhofer Verlag. Open access: http://publica.fraunhofer.de/documents/N-586394.html

3 years, 5 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] Accepted papers

by Xabier Etxeberria Barrio

Hello, We are glad to inform you that the submitted paper titled “Optimized Parameter Search Approach For Weight Modification Attack Targeting Deep Learning Models” has been accepted in the Applied Sciences journal. Please see its abstract below. Moreover, the paper submitted to Neural Computing and Applications journal has been accepted. It was titled “Understanding Deep Learning Defenses Against Adversarial Examples Through Visualizations for Dynamic Risk Assessment”. Please see its abstract below. Best wishes, Xabi Title: Optimized Parameter Search Approach For Weight Modification Attack Targeting Deep Learning Models Authors: Xabier Echeberria-Barrio, Amaia Gil-Lerchundi, Raul Orduna-Urrutia, Iñigo Mendialdua Abstract. Deep Neural Network models have been developed in different fields bringing many advances in several tasks. However, they have also started to be incorporated into tasks with critical risk. That worries researchers who have been interested in studying possible attacks on these models, discovering a long list of threats from which every model should be defended. The weights modification attack is presented and discussed among researchers who have presented several versions and analyses about such a threat. It focuses on detecting the vulnerable weight to modify them, misclassifying the desired input data. Therefore, analyzing the different approaches of this attack can help to understand more precisely how to defend such vulnerabilities. In this work, a new version of the weight modification attack is presented. That approach is based on three processes: input data clusterization, weight selection, and the modification of the weights. The data clusterization allows attacking the model more precisely. The weight selection uses the gradient given by the input data to know the desired parameters. The modification is incorporated little by little via reduced noise. Title: Understanding Deep Learning defenses Against Adversarial Examples Through Visualizations for Dynamic Risk Assessment Authors: Xabier Echeberria-Barrio, Amaia Gil-Lerchundi, Jon Egaña-Zubia, Raul Orduna-Urrutia Abstract. In recent years, Deep Neural Network models have been developed in different fields, where they have brought many advances. However, they have also started to be used in tasks where risk is critical. A misdiagnosis of these models can lead to serious accidents or even death. This concern has led to an interest among researchers to study possible attacks on these models, discovering a long list of vulnerabilities, from which every model should be defended. The adversarial example attack is a widely known attack among researchers, who have developed several defenses to avoid such a threat. However, these defenses are as opaque as a deep neural network model, how they work is still unknown. This is why visualizing how they change the behavior of the target model is interesting in order to understand more precisely how the performance of the defended model is being modified. For this work, some defenses, against adversarial example attack, have been selected in order to visualize the behavior modification of each of them in the defended model. Adversarial training, dimensionality reduction and prediction similarity were the selected defenses, which have been developed using a model composed by convolution neural network layers and dense neural network layers. In each defense, the behavior of the original model has been compared with the behavior of the defended model, representing the target model by a graph in a visualization. -- <https://www.vicomtech.org/> Xabier Etxeberria Barrio Researcher | Investigador xetxeberria(a)vicomtech.org +[34] 943 30 92 30 Digital Security | Seguridad digital <https://www.linkedin.com/company/vicomtech> <https://www.youtube.com/user/VICOMTech> <https://twitter.com/@Vicomtech> member of: <https://graphicsvision.ai/> La información que contiene este mensaje y sus adjuntos son confidenciales y están dirigidos exclusivamente a sus destinatarios. Si recibe este mensaje por error, se ruega nos lo comunique y proceda a su borrado. The information contained in this electronic message is intended only for the personal and confidential use of the recipients designated in the original message. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.

3 years, 5 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] WP6.2 Submission (CINI, Italy)

by Gianluca Roascio

Dear All, As CINI (Italy) WP6.2 members, we have been accepted with a paper at 27th IEEE European Test Symposium (ETS22). Title, authors and abstract of the paper are below. We would like to have your consent to acknowledge SPARTA in the published version of the paper. Title: Real-Time Control-Flow Integrity for Multicore Mixed-Criticality IoT Systems Authors: Vahid EFTEKHARI MOGHADAM, Paolo PRINETTO, Gianluca ROASCIO Abstract: The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safety-critical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS). Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform. This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties. All the best, Gianluca Roascio -- *Gianluca ROASCIO* *CINI* - Laboratorio Nazionale Cybersecurity Sede di Torino c/o LINKS - Leading Innovation & Knowledge for Society Via Pier Carlo Boggio 61, I-10138 Torino TO - Italy Tel: +39 334 3762427 gianluca.roascio(a)consorzio-cini.it Skype: gianluca.roascio www.cybersecnatlab.it <http://www.consorzio-cini.it/>

3 years, 6 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] Submission

by Xabier Etxeberria Barrio

Hello, We have submitted a paper on “Optimized Parameter Search Approach For Weight Modification Attack Targeting Deep Learning Models” to Applied Sciences journal. If it is accepted we will acknowledge the SPARTA project. Please see its abstract below. Best wishes, Xabi Title: Optimized Parameter Search Approach For Weight Modification Attack Targeting Deep Learning Models Authors: Xabier Echeberria-Barrio, Amaia Gil-Lerchundi, Raul Orduna-Urrutia, Iñigo Mendialdua Abstract. Deep Neural Network models have been developed in different fields bringing many advances in several tasks. However, they have also started to be incorporated into tasks with critical risk. That worries researchers who have been interested in studying possible attacks on these models, discovering a long list of threats from which every model should be defended. The weights modification attack is presented and discussed among researchers who have presented several versions and analyses about such a threat. It focuses on detecting the vulnerable weight to modify them, misclassifying the desired input data. Therefore, analyzing the different approaches of this attack can help to understand more precisely how to defend such vulnerabilities. In this work, a new version of the weight modification attack is presented. That approach is based on three processes: input data clusterization, weight selection, and the modification of the weights. The data clusterization allows attacking the model more precisely. The weight selection uses the gradient given by the input data to know the desired parameters. The modification is incorporated little by little via reduced noise. -- <https://www.vicomtech.org/> Xabier Etxeberria Barrio Researcher | Investigador xetxeberria(a)vicomtech.org +[34] 943 30 92 30 Digital Security | Seguridad digital <https://www.linkedin.com/company/vicomtech> <https://www.youtube.com/user/VICOMTech> <https://twitter.com/@Vicomtech> member of: <https://graphicsvision.ai/> La información que contiene este mensaje y sus adjuntos son confidenciales y están dirigidos exclusivamente a sus destinatarios. Si recibe este mensaje por error, se ruega nos lo comunique y proceda a su borrado. The information contained in this electronic message is intended only for the personal and confidential use of the recipients designated in the original message. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.

3 years, 6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

Bodies.dissemination-committee