Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Purchase individual online access for 1 year to this journal.
Price: EUR 260.00Impact Factor 2024: 0.9
The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems. It also provides a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community.
The journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications. The journal welcomes contributions on all aspects of computer security: confidentiality, integrity, and assurance of service - that is, protection against unauthorized disclosure or modification of sensitive information, or denial of service. Of interest is a precise understanding of security policies through modelling, as well as the design and analysis of mechanisms for enforcing them, and the architectural principles of software and hardware systems implementing them.
Authors: Geigel, Arturo
Article Type: Research Article
Abstract: This paper presents a proof of concept of a neural network Trojan. The neural network Trojan consists of a neural network that has been trained with a compromised dataset and modified code. The Trojan implementation is carried out by insertion of a malicious payload encoded into the weights alongside with the data of the intended application. The neural Trojan is specifically designed so that when a specific entry is fed into the trained neural network, it triggers the interpretation of the data as payload. The paper presents a background on which this attack is based and provides the assumptions that …make the attack possible. Two embodiments of the attack are presented consisting of a basic backpropagation network and a Neural Network Trojan with Sequence Processing Connections (NNTSPC). The two alternatives are used depending on the underlying circumstances on which the compromise is launched. Experimental results are carried out with synthetic as well as a chosen existing binary payload. Practical issues of the attack are also discussed, as well as a discussion on detection techniques. Show more
Keywords: Neural network, Trojan, malware, artificial intelligence, machine learning
DOI: 10.3233/JCS-2012-0460
Citation: Journal of Computer Security, vol. 21, no. 2, pp. 191-232, 2013
Authors: Phatak, Dhananjay | Sherman, Alan T. | Joshi, Nikhil | Sonawane, Bhushan | Relan, Vivek G. | Dawalbhakta, Amol
Article Type: Research Article
Abstract: We present and experimentally evaluate Spread Identity (SI) – a new dynamic network address remapping mechanism that provides anonymity and DDoS defense capabilities for Internet communications. For each session between a source and destination host, the trusted source gateway dynamically and randomly assigns an IP address for the source host from the pool of all routable IP addresses allocated to the source organization. Similarly, in response to a name resolution query from the source gateway, the trusted authoritative DNS server for the destination organization dynamically assigns an IP address for the destination host from the pool of all routable IP …addresses allocated to the destination organization. These assignments depend upon the state of the server (including load, residual capacity, time of day) and policy. Different hosts can share the same IP address when communicating with distinct peers. Each gateway creates a NAT entry, valid for the communication session, based on the dynamic assignment by its organization. An eavesdropper listening to packets flowing through the Internet between the source and destination gateways learns only the source and destination domains; the eavesdropper cannot see the actual complete IP addresses of the source and destination hosts. In addition, SI enhances DDoS defense capabilities by enabling packet filtering based on destination addresses. With multiple IP addresses for the same destination, filtering based on destination addresses can block attackers without necessarily blocking legitimate users. Deploying SI requires changes to organizational gateways and, possibly, to the edge-routers that interface with organizational gateways; but network mechanisms farther upstream, including the core routers in the Internet, remain unchanged. Likewise, the installed base of operating systems running individual hosts in the internal network, together with the end-user application suites they support, remain untouched. SI mechanisms are backward compatible, incrementally deployable, and robustly scalable. A naïve implementation of SI can increase the DNS traffic; however, when SI is implemented at both the source and the destination ends, it is possible for SI to reduce DNS traffic. Ns-2 simulations and experiments on the DeterLab test bed corroborate the main hypotheses and demonstrate advantages of the SI paradigm. Ns-2 simulations demonstrate that file transfer success rates for our SI DDoS protection mechanism are similar to those of filter- and capability-based approaches, with lower file transfer times than for filter-based approaches. DeterLab trials demonstrate that SI consumes similar resources (connection establishment time, network address translation table size, packet forwarding rate and memory) to those of a typical single NAT system, though with higher name resolution times. Show more
Keywords: Address-hopping, address pooling, anonymity, applied cryptography, Distributed Denial of Service (DDoS) attacks, Domain Name Server (DNS), Internet Protocol (IP), Network Address Translation (NAT), network security, spread identity, statistical address multiplexing
DOI: 10.3233/JCS-2012-0463
Citation: Journal of Computer Security, vol. 21, no. 2, pp. 233-281, 2013
Authors: Kolesnikov, Vladimir | Sadeghi, Ahmad-Reza | Schneider, Thomas
Article Type: Research Article
Abstract: General two-party Secure Function Evaluation (SFE) allows mutually distrusting parties to correctly compute any function on their private input data, without revealing the inputs. Two-party SFE can benefit almost any client-server interaction where privacy is required, such as privacy-preserving credit checking, medical classification, or face recognition. Today, SFE is a subject of immense amount of research in a variety of directions and is not easy to navigate. In this article, we systematize the most practically important works of the vast research knowledge on general SFE. We argue that in many cases the most efficient SFE protocols are obtained by …combining several basic techniques, e.g., garbled circuits and (additively) homomorphic encryption. As a valuable methodological contribution, we present a framework in which today's most efficient techniques for general SFE can be viewed as building blocks with well-defined interfaces that can be easily combined into a complete efficient solution. Further, our approach naturally allows automated protocol generation (compilation) and has been implemented partially in the TASTY framework. In summary, we provide a comprehensive guide in state-of-the-art SFE, with the additional goal of extracting, systematizing and unifying the most relevant and promising general SFE techniques. Our target audience are graduate students wishing to enter the SFE field and advanced engineers seeking to develop SFE solutions. We hope our guide paints a high-level picture of the field, including most common approaches and their trade-offs and gives precise and numerous pointers to formal treatment of its specific aspects. Show more
Keywords: Framework, protocol design, privacy-preserving protocols, homomorphic encryption, garbled functions
DOI: 10.3233/JCS-130464
Citation: Journal of Computer Security, vol. 21, no. 2, pp. 283-315, 2013
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]