Topic
Vulnerability (computing)
About: Vulnerability (computing) is a research topic. Over the lifetime, 8531 publications have been published within this topic receiving 116697 citations. The topic is also known as: vuln & security vulnerability.
Papers published on a yearly basis
Papers
More filters
15 Jul 2014
TL;DR: The threat of hardware Trojan attacks is analyzed; attack models, types, and scenarios are presented; different forms of protection approaches are discussed; and emerging attack modes, defenses, and future research pathways are described.
Abstract: Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.
588 citations
TL;DR: An optimization model is proposed to characterize the behavior of one type of FDI attack that compromises the limited number of state measurements of the power system for electricity theft and achieves high accuracy.
Abstract: Application of computing and communications intelligence effectively improves the quality of monitoring and control of smart grids However, the dependence on information technology also increases vulnerability to malicious attacks False data injection (FDI), that attack on the integrity of data, is emerging as a severe threat to the supervisory control and data acquisition system In this paper, we exploit deep learning techniques to recognize the behavior features of FDI attacks with the historical measurement data and employ the captured features to detect the FDI attacks in real-time By doing so, our proposed detection mechanism effectively relaxes the assumptions on the potential attack scenarios and achieves high accuracy Furthermore, we propose an optimization model to characterize the behavior of one type of FDI attack that compromises the limited number of state measurements of the power system for electricity theft We illustrate the performance of the proposed strategy through the simulation by using IEEE 118-bus test system We also evaluate the scalability of our proposed detection mechanism by using IEEE 300-bus test system
574 citations
TL;DR: This article provides the first comprehensive review of tracing apps' key attributes, including system architecture, data management, privacy, security, proximity estimation, and attack vulnerability, and presents an overview of many proposed tracing app examples.
Abstract: The recent outbreak of COVID-19 has taken the world by surprise, forcing lockdowns and straining public health care systems COVID-19 is known to be a highly infectious virus, and infected individuals do not initially exhibit symptoms, while some remain asymptomatic Thus, a non-negligible fraction of the population can, at any given time, be a hidden source of transmissions In response, many governments have shown great interest in smartphone contact tracing apps that help automate the difficult task of tracing all recent contacts of newly identified infected individuals However, tracing apps have generated much discussion around their key attributes, including system architecture, data management, privacy, security, proximity estimation, and attack vulnerability In this article, we provide the first comprehensive review of these much-discussed tracing app attributes We also present an overview of many proposed tracing app examples, some of which have been deployed countrywide, and discuss the concerns users have reported regarding their usage We close by outlining potential research directions for next-generation app design, which would facilitate improved tracing and security performance, as well as wide adoption by the population at large
510 citations
03 Jun 2012
TL;DR: This work demonstrates that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output, and develops techniques to fix this vulnerability and make obfuscation truly exponential in thenumber of inserted keys.
Abstract: Due to globalization of Integrated Circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware trojans. EPIC [1] obfuscates the design by randomly inserting additional gates; only a correct key makes the design to produce correct outputs. We demonstrate that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output. We then develop techniques to fix this vulnerability and make obfuscation truly exponential in the number of inserted keys.
489 citations
TL;DR: In this article, a distributed denial-of-service attack demonstrated the high vulnerability of Internet of Things (IoT) systems and devices and addressed this challenge will require scalable security solutions optimized for the IoT ecosystem.
Abstract: Recent distributed denial-of-service attacks demonstrate the high vulnerability of Internet of Things (IoT) systems and devices. Addressing this challenge will require scalable security solutions optimized for the IoT ecosystem.
470 citations