物件導向軟體之架構(Object-Oriented Software Construction)探討

National Institute of Standards and Technology における超伝導研究及び生活

https://research.ece.ncsu.edu/netwis/papers/13wl-comnet.pdf

Survey Cyber security in the Smart Grid: Survey and challenges

Survey Paper: A survey on the communication architectures in smart grid

Will Tracz, our esteemed editor and Used-Program salesman, has written an entertaining, non-technical book dealing with the practice (and lack of) of software reuse. Its a collection of essays, mostly rehashed (reused?) and updated from various columns and papers published over the years.. Its a short (a bit over 200 pages) easy reading and enjoyable book (I read most of it in one sitting). Some of the essays discuss what was printed in the past and a discussion of the current status of the points.

Safeware: System Safety and Computers

Transfer learning provides an effective solution for feasibly and fast customize accurate Student models, by transferring the learned knowledge of pre-trained Teacher models over large datasets via fine-tuning. Many pre-trained Teacher models used in transfer learning are publicly available and maintained by public platforms, increasing their vulnerability to backdoor attacks. In this paper, we demonstrate a backdoor threat to transfer learning tasks on both image and time-series data leveraging the knowledge of publicly accessible Teacher models, aimed at defeating three commonly-adopted defenses: pruning-based, retraining-based and input pre-processing-based defenses. Specifically, (A) ranking-based selection mechanism to speed up the backdoor trigger generation and perturbation process while defeating pruning/retraining-based defenses. (B) autoencoder-powered trigger generation is proposed to produce a robust trigger that can defeat the input pre-processing-based defense. (C) defense-aware retraining to generate the manipulated model. We launch effective misclassification attacks on Student models over real-world images, brain MRI and ECG data. Experiments reveal that our attack can maintain the 98.4% and 97.2% classification accuracy as the genuine model on clean image and time series inputs respectively while improving 27.9%-100% and 27.1% -56.1% attack success rate on trojaned image and time series inputs respectively in the presence of pruning-based and/or retraining-based defenses.

Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models

The Trusted Platform Module TPM is a basic but nevertheless very complex security component that can provide the foundations and the root of security for a variety of applications. In contrast to the TPM, other basic security mechanisms like cryptographic algorithms or security protocols have frequently been subject to thorough security analysis and formal verification. This paper presents a first methodic security analysis of a large part of the TPM specification. A formal automata model based on asynchronous product automata APA and a finite state verification tool SHVT are used to emulate a TPM within an executable model. On this basis four different generic scenarios were analysed with respect to security and practicability: secure boot, secure storage, remote attestation and data migration. A variety of security problems and inconsistencies was found. Subsequently, the TPM specification was adapted to overcome the problems identified. In this paper, the analysis of the remote attestation scenario and some of the problems found are explained in more detail.

/pdf/security-evaluation-of-scenarios-based-on-the-tcg-s-tpm-1zg0befjej.pdf

Security evaluation of scenarios based on the TCG's TPM specification

Direct anonymous attestation (DAA) is a practical and efficient protocol for authenticated attestation with satisfaction of strong privacy requirements. This recently developed protocol is already adopted by the Trusted Computing Group and included in the standardized trusted platform module TPM. This paper shows that the main privacy goal of DAA can be violated by the inclusion of covert identity information. This problem is very relevant, as the privacy attack is both efficient and very difficult to detect.

/pdf/covert-identity-information-in-direct-anonymous-attestation-29ttasg346.pdf

Covert Identity Information in Direct Anonymous Attestation (DAA)

http://sit.sit.fraunhofer.de/smv/publications/download/CSI-2004.pdf

On a formal framework for security properties

With the increasing advancement of Internet of Things (IoT) enabled systems, smart medical devices open numerous opportunities for the healthcare sector. The success of using such devices in the healthcare industry depends strongly on secured and reliable medical data transmission. Physicians diagnose that data and prescribe medicines and/or give guidelines/instructions/treatment plans for the patients. Therefore, a physician is always concerned about the medical data trustworthiness, because if it is not guaranteed, a savior can become an involuntary foe! This paper analyses two different scenarios to understand the real-life consequences in IoT-based healthcare (IoT-Health) application. Appropriate sequence diagrams for both scenarios show data movement as a basis for determining necessary security requirements in each layer of IoT-Health. We analyse the individual entities of the overall system and develop a system-wide view of trust in IoT-Health. The security analysis pinpoints the research gap in end-to-end trust and indicates the necessity to treat the whole IoT-Health system as an integrated entity. This study highlights the importance of integrated cross-layer security solutions that can deal with the heterogeneous security architectures of IoT healthcare system and finally identifies a possible solution for the open question raised in the security analysis with appropriate future research directions.

Carsten Rudolph

Papers

Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models

Security evaluation of scenarios based on the TCG's TPM specification

Covert Identity Information in Direct Anonymous Attestation (DAA)

On a formal framework for security properties

Can I Trust the Data I See?: A Physician's Concern on Medical Data in IoT Health Architectures