- Bodies.dissemination-committee

[SPARTA - bodies.dissemination-committee] Accepted Papers

by Marc Ohm

Dear all, we would like to belatedly register two publications. SPARTA had been acknowledged in both. They have already been added to the Spreadsheet of publications. **Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks** Ohm, M., Plate, H., Sykosch, A., Meier, M. (2020, July) 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (p. 23). Springer. Abstract: A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the increasing use of open source during software development, which is facilitated by dependency managers that automatically resolve, download and install hundreds of open source packages throughout the software life cycle. Even though many approaches for detection and discovery of vulnerable packages exist, no prior work has focused on malicious packages. This paper presents a dataset as well as analysis of 174 malicious software packages that were used in real-world attacks on open source software supply chains and which were distributed via the popular package repositories npm, PyPI, and RubyGems. Those packages, dating from November 2015 to November 2019, were manually collected and analyzed. This work is meant to facilitate the future development of preventive and detective safeguards by open source and research communities. **Towards Detection of Software Supply Chain Attacks by Forensic Artifacts** Ohm, M., Sykosch, A., Meier, M. (2020, August) 15th International Conference on Availability, Reliability and Security. ACM. Abstract: Third-party dependencies may introduce security risks to the software supply chain and hence yield harm to their dependent software. There are many known cases of malicious open source packages posing risks to developers and end users. However, while efforts are made to detect vulnerable open source packages, malicious packages are not yet considered explicitly. In order to tackle this problem we perform an exploratory case study on previously occurred attacks on the software supply chain with respect to observable artifacts created. Based on gained insights, we propose Buildwatch, a framework for dynamic analysis of software and its third-party dependencies. We noticed that malicious packages introduce a significant amount of new artifacts during installation when compared to benign versions of the same package. The paper presents a first analysis of observable artifacts of malicious packages as well as a possible mitigation strategy that might lead to more insight in long term. Best regards, Marc Ohm -- -------------------------------------------------------------------- Marc-Philipp Ohm, M.Sc. | Tel. : +49 228 73-60531 Computer Science 4 | Email : ohm(a)cs.uni-bonn.de University of Bonn | Web : https://net.cs.uni-bonn.de Endenicher Allee 19a | Office: I.015 53115 Bonn, Germany | PGP ID: 0x9156D1B6

5 years, 1 month

1
0
0 0

[SPARTA - bodies.dissemination-committee] Request for SPARTA acknowledgement in accepted paper

by maryline Laurent

Dear all, We have submitted a research paper entitled "Privacy Enhancing Technologies for solving the Privacy-Personalization Paradox" that has been very recently accepted to the highly ranked Journal of Network and Computer Applications 2020. The file which is 1.5Mo is temporary available on: https://filesender.renater.fr/?s=download&token=efafad0d-72ac-420b-b466-e0e… <https://filesender.renater.fr/?s=download&token=efafad0d-72ac-420b-b466-e0e…> Abstract: Personal data are often collected and processed in a decen- tralized fashion, within different contexts. For instance, with the emer- gence of distributed applications, several providers are usually correlat- ing their records, and providing personalized services to their clients. Collected data include geographical and indoor positions of users, their movement patterns as well as sensor-acquired data that may reveal users’ physical conditions, habits and interests. Consequently, this may lead to undesired consequences such as unsolicited advertisement and even to discrimination and stalking. To protect users’ privacy, several tech- niques emerged, referred to as Privacy Enhancing Technologies, PETs for short, aiming at providing privacy preserving personalized ser- vices i.e., recommendation services, web-search systems and pervasive applications.This paper identifies a taxonomy classifying eight categories of PETs into three groups, and for better clarity it considers three categories of per- sonalized services. After presenting the main features of PETs with illustrative examples, the paper points out which PETs best fit each person- alized service category. Then, it discusses some of the inter-disciplinary privacy challenges that may slow down the adoption of these techniques, namely: technical, social, legal and economic concerns. Finally, it pro- vides recommendations and highlights several research directions. Please find the pre-final version of our paper attached to this email. If the dissemination committee raises no objections, we would like to acknowledge the SPARTA project. Best regards, Maryline Laurent — Professor, Télécom SudParis, Institut Polytechnique de Paris Director of RST department Cofounder of the chair Values and Policies of Personal Information 9 rue Charles Fourier, 91011 EVRY +33 (0)160764442

5 years, 2 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] Request for SPARTA acknowledgement in accepted paper

by Luca Verderame

Dear all, we have submitted a research paper entitled "MobHide: App-level Runtime Data Anonymization on Mobile" that has been accepted in the 1st International Workshop on Security in Mobile Technologies (secMT) In Conjunction With ACNS 2020, Rome, Italy WISTP International Conference on Information Security Theory and Practice (https://spritz.math.unipd.it/events/2020/ACNS_Workshop/index.html <https://spritz.math.unipd.it/events/2020/ACNS_Workshop/index.html>). The paper presents a new automated methodology to anonymize all the data transmitted by mobile apps to the analytics services. Such a methodology, MobHide, allows a user-defined and per-app anonymization workflow. We also built a prototype implementation called HideDroid that we plan to release it to the Google Play Store before the end of the year. Please find the pre-final version of our paper attached to this email. If the dissemination committee raises no objections, we would like to acknowledge the SPARTA project. Best regards, Luca Verderame -- Luca Verderame ************************************************* Computer Security Lab DIBRIS - University of Genova Via Dodecaneso, 35, 16146, Genova, Italy. ************************************************** -- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

5 years, 2 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] paper submissions

by Miguel Correia

Dear All, we recently submitted the papers attached. SPARTA will be acknowledged if they are accepted. Best regards, Miguel Correia

5 years, 2 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] Workshop paper submission

by Giorgio Bernardinetti (CNIT)

Dear all, we have submitted a paper "The diverse and variegated reactions of different cellular devices to IMSI catching attacks“ for the Wintech 2020 workshop (more information about the workshop here: https://ece.northeastern.edu/wintech2020/). If it gets accepted we would like to acknowledge the SPARTA project. Best Giorgio Bernardinetti -- ====================================================== Giorgio Bernardinetti CNIT - National Inter-University Consortium for Telecommunications Electronic Engineering Department University of Rome "Tor Vergata" Via del Politecnico 1, 00133 Roma, Italy Email: giorgio.bernardinetti(a)cnit.it ======================================================

5 years, 2 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] Papers Accepted

by Vivek Nigam

Dear all, We got the information that two papers have been accepted last week: Less Manual Work for Safety Engineers: Towards an Automated Safety Reasoning with Safety Patterns (Application Paper) to ICLP 2020 and Towards Automating Safety and Security Co-Analysis with Patterns (Position Paper) to SafeCOMP 2020 We will acknowledge SPARTA. Best, Vivek Nigam -- fortiss · Landesforschungsinstitut des Freistaats Bayern An-Institut Technische Universität München Guerickestraße 25 80805 München Germany Tel.: +49 (89) 3603522 527 Fax: +49 (89) 3603522 50 E-Mail: nigam(a)fortiss.org http://www.fortiss.org Amtsgericht München: HRB: 176633 USt-IdNr.: DE263907002, Steuer-Nr.: 143/237/25900 Rechtsform: gemeinnützige GmbH Sitz der Gesellschaft: München Geschäftsführer: Dr. Harald Rueß, Thomas Vallon Vorsitzender des Aufsichtsrats: Dr. Manfred Wolter

5 years, 2 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] CyberCert 2020 publication

by LOTZ, Volkmar

Dear all, I'd like to announce that the paper "Cybersecurity Certification for Agile and Dynamic Software Systems - a Process-Based Approach" by Volkmar Lotz has been accepted for publication at CyberCert 2020, co-located with Euro S&P. CyberCert 2020 is organized with the support of SPARTA WP11 and chaired by Philippe Massonet. Abstract: In this extended abstract, we outline an approach for security certification of products or services for modern commercial systems that are characterized by agile development, the integration of development and operations, and high dynamics of system features and structures. The proposed scheme rather evaluates the processes applied in development and operations than investigates into the validity of the product properties itself. We argue that the resulting claims are still suitable to increase the confidence in the security of products and services resulting from such processes. Best, Volkmar Volkmar Lotz Research Strategy Lead SAP Security Research SAP Labs France 805 Avenue du Dr. Maurice Donat, BP1216 F-06254 Mougins Cedex T +33/492286444 M +33/621730474 mailto:volkmar.lotz@sap.com http://www.sap.com<http://www.sap.com/>

5 years, 3 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] Request for SPARTA acknowledgment in accepted paper

by Gabriele Costa

Dear Dissemination Committee, we have about to publish a paper for which we would like to acknowledge the SPARTA project. Please, find the version that we plan to submit in attachment and a brief description of the content, the venue and the relation with the activities of WP6 below. Please let us know if you have any objections or comments. Best regards Gabriele Costa === Title: WAF-A-MoLE: Evading Web Application Firewalls through Adversarial Machine Learning Venue: ACM Symposium on Applied Computing Relationship with SPARTA: The paper presents a a technique to evade machine learning-based web application firewalls (WAFs). This work shows that ML WAFs are not reliable in discriminating between attack payloads and harmless traffic. The activity is related to the identification and evaluation of the state-of-the-art technologies adopted in the IIs.

5 years, 4 months

1
1
0 0

[SPARTA - bodies.dissemination-committee] (Accepted paper related to WP5) Request for SPARTA acknowledgement in accepted paper

by Jacques KLEIN

Dear all, If the dissemination committee raises no objections, we would like to acknowledge the SPARTA project on the attached paper (not yet the camera ready version). This paper has been recently accepted at ESEC/FSE conference (https://2020.esec-fse.org/). This paper is related to our research activities performed in WP5 Cape. Jun Gao, Li Li, Pingfan Kong, Tegawendé F. Bissyandé and Jacques Klein, Borrowing Your Enemy’s Arrows: the Case of Code Reuse in Android via Direct Inter-app Code Invocation, 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020), Nov. 2020, To appear, Sacramento, CA, United States -- Prof. Jacques Klein Chief Scientist University of Luxembourg - SnT 00352 46 66 44 56 00 / Gsm: 0033 6 06 47 62 54 https://jacquesklein2302.github.io/

5 years, 4 months

1
0
0 0

[SPARTA - bodies.dissemination-committee] SAFAIR publication.

by CHIHANI Zakaria

Dear all, I would like to announce the submission and acceptance to ECAI2020 of our paper. It falls in the topics of SAFAIR: the idea is that one of the main obstacles to the usage of formal methods in verification and validation of NN is the absence of formal specification against which to verify. Our paper proposes a framework for NN that are trained on simulated data (a prevalent process in certain areas where not enough "real" data is available -- automotive for example), whereby the simulation process itself could be considered as a spec. I will send you a link to the proceedings when they will be available online. @inproceedings{girardsatabin2020, TITLE = {{CAMUS: A Framework to Build Formal Specifications for Deep Perception Systems Using Simulators}}, AUTHOR = {Girard-Satabin, Julien and Charpiat, Guillaume and Chihani, Zakaria and Schoenauer, Marc}, URL = {https://hal.inria.fr/hal-02440520}, BOOKTITLE = {{ECAI 2020 - 24th European Conference on Artificial Intelligence}}, ADDRESS = {Santiago de Compostela, Spain}, YEAR = {2020}, MONTH = Jun, HAL_ID = {hal-02440520}, HAL_VERSION = {v1}, } Best wishes, stay safe. Zak _____________________________

5 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

Bodies.dissemination-committee