About
87
Publications
18,948
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,421
Citations
Publications
Publications (87)
Autonomous and connected vehicles are rapidly evolving, integrating numerous technologies and software. This progress, however , has made them appealing targets for cybersecurity attacks. As the risk of cyber threats escalates with this advancement, the focus is shifting from solely preventing these attacks to also mitigating their impact. Current...
The pubsub model offers a communication scheme that is appropriate for a variety of mobile iot systems (e.g., autonomous vehicles). In most of these systems, ensuring the e2e security of exchanged information is a critical requirement. However, the pubsub scheme lacks appropriate mechanisms to ensure the e2e security, even when state-of-the-art sol...
It is often useful for a code component (e.g., a library) to be able to maintain information that is hidden from the rest of the program (e.g., private keys used for signing, or usage counters used for behavioral monitoring of the program). In this paper, we present an extension to a previously developed mechanism for controlling access to librarie...
The Publish/Subscribe (Pub/Sub) pattern is an attractive paradigm for supporting Vehicle to Cloud (V2C) communication. However, the security threats on confidentiality, integrity, and access control of the published data challenge the adoption of the Pub/Sub model. To address that, our paper proposes a secure policy-based Pub/Sub model for V2C comm...
Recently, significant developments were introduced within the vehicular domain, making the modern vehicle a network of a multitude of embedded systems communicating with each other, while adhering to safety-critical and secure systems specifications. Many technologies have been integrated within modern vehicles to give them the capability to intera...
The Internet of Vehicle (IoV) is an extension of Vehicle-to-Vehicle (V2V) communication that can improve vehicles’ fully autonomous driving capabilities. However, these communications are vulnerable to many attacks. Therefore, it is critical to provide run-time mechanisms to detect malware and stop the attackers before they manage to gain a foothol...
The ability to analyze software systems without access to the source code, offers many advantages including the detection of vulnerabilities so that they may be fixed before an adversary can exploit them in a zero day attack. This type of analysis also has an important role in education as it allows students to use their imagination and creativity...
In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems which depend on a set of sensors to interact with each other and with the surrounding environment. While these improvements have increased the safety and incontestability of the automotive system,...
Sensitive data (health, financial, telecom, etc.) must be continuously monitored for situational awareness and risk management. We aim to use this data to define normal behavior profiles for users, IoT devices, applications, and so forth. Later on, we will leverage these defined profiles to identify meaningful deviations from normal behavior, which...
The need for secure communications between IoT devices is paramount. However, due to computational constraints and the need for lightweight publish/subscribe type of communications, traditional mechanisms for secure communications such as TLS and IPsec cannot be used directly. In this paper we present a new model for secure exchange of information...
The ability to monitor when user code invokes a library function offers numerous advantages. For example, during black-box testing of code, high-level control-flow integrity (CFI) checking, run-time access-control policy enforcement and so on. However, for this technique to be useful it must be efficient and able to function even when the target ap...
Modern vehicles are increasingly equipped with highly automated control systems both for driving and for passenger comfort. An integral part of these systems are the communication channels that allow the on-board systems to interact with passenger devices (e.g. tablets), ITS systems (e.g. roadside units), and other vehicles. These advances have sig...
The FlexFS approach provides an effective credential-based access control mechanism while ensuring file access performance equivalent to that of the normal file system. This is achieved by decoupling the file system naming and access control layer from the block I/O layer. By intercepting and redefining file system API calls in libc (e.g. open(2)),...
ABSTRACT:
Vehicular Ad hoc Network (VANET) is a very promising approach that aims to improve vehicle and road safety, traffic efficiency, as well as comfortability to both drivers and passengers. Different types of applications were implemented to achieve these goals. Some of these applications require the exchanging of multiple and ordered message...
Vehicular Ad hoc Network (VANET) is a very promising approach that aims to improve vehicle and road safety, traffic efficiency, as well as comfortability to both drivers and
passengers. Different types of applications were implemented to achieve these goals. Some of these applications require the exchanging of multiple and ordered messages as well...
Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wireless- communication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually. Ther...
Ensuring security in real-time and safety-critical systems is becoming extremely challenging, in particular due to the increasingly connectivity of these systems, such as in emerging autonomous vehicles that are subject to new and higher number of security attacks. The main characteristics of real-time systems is that they have strict timing constr...
Our system allows access control policies to be implemented at the library call level. Calls to libraries are monitored and their arguments examined to ensure that they comply with the security policy associated with the running program. Wrappers for libraries are automatically created, so that calls to external functions in the library are vectore...
this is the presentation of our work ”A Framework for Policy Based Secure Intra Vehicle Communication ”
Over the past two decades, significant developments were introduced within the vehicular domain, evolving the modern vehicle into a network of dozens of embedded systems each hosting one or more applications. Communications within this distributed environment while adhering to safety-critical and secure systems guidelines implies the formulation of...
We propose a system that allows policy to be implemented at the library call level. Under our scheme, calls to libraries are monitored and their arguments examined to ensure that they comply with the security policy associated with the running program. Our system automatically creates wrappers for libraries so that calls to external functions in th...
Combining Error-Correction Coding ECC and cryptography was proposed in the recent decade making use of bit-quality parameters to improve the error correction capability. Most of such techniques combine authentication crypto-functions jointly with ECC codes to improve system reliability, while fewer proposals involve ciphering functions with ECC to...
The Internet evolved from a collection of computers to today's agglomeration of all sort of devices (e.g. printers, phones, coffee makers, cameras and so on) a large part of which contain security vulnerabilities. The current wide scale attacks are, in most cases, simple replays of the original Morris Worm of the mid-80s. The effects of these attac...
Over the past few years, significant developmentswere introduced within the vehicular domain. The modernvehicle becomes a network of dozens of embedded systemswhich collaborate together. While these improvements haveincreased functionality of vehicle systems, they have introducednew potential risks. Threat modeling has gained a central role toident...
Microkernel-based architectures have gained an increasing interest and relevance for embedded systems. These can not only provide real-time guarantees but also offer strong security properties which become increasingly significant in certain application domains such as automotive systems. Nevertheless, the functionality of those complex systems oft...
The Horizon 2020 SHARCS project is a framework for designing, building and demonstrating secure-by-design applications and services, that achieve end-to-end security for their users. In this paper we present the basic elements of SHARCS that will provide a powerful foundation for designing and developing trustworthy, secure-by-design applications a...
Abstract—The rapid development of the embedded systems and the wide use of them in many sensitive fields require safeguarding their communications. Internet Protocol Security (IPsec) i s widely used t o solve network security problems by providing confidentiality and integrity for the communications in the network, but it introduces communication o...
Despite continuing reliability problems, complex systems are still being developed using ad-hoc development practices and unsafe languages. The response to excursions outside the nominal profile usually lead to the termination of the program. In many situations, however, such a course of action may not be satisfactory. For example, systems such as...
Despite the fact that numerous studies have indicated that vehicular networks are vulnerable to external and internal attacks, very little effort has been expended in safeguarding communications both between elements within the vehicle and between the vehicle and the outside world. In this paper we present a mechanism that allows communications pol...
We live in a connected world where mobile devices are used by humans as valuable tools. The use of mobile devices leaves traces that can be treasured assets for a forensic analyst. Our aim is to investigate methods and exercise techniques that will merge all these valuable information in a way that will be efficient for a forensic analyst, producin...
In the fight against tax evaders and other cheats, governments seek to gather more information about their citizens. In this paper we claim that this increased transparency, combined with ineptitude, or corruption, can lead to widespread violations of privacy, ultimately harming law-abiding individuals while helping those engaged in criminal activi...
We describe Instruction-Set Randomization (ISR), a general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoffs' principle to create OS process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key t...
The increasing demand for high-bandwidth applications such as video-on-demand and grid computing is reviving interest in bandwidth reservation schemes. Earlier attempts did not catch on for a number of reasons, notably lack of interest on the part of the bandwidth providers. This, in turn, was partially caused by the lack of an efficient way of cha...
Telephony as implemented today is not secure. We know that wiretaps (both legal and illegal) are widely used all over the world with ease and impunity. This is due to the fact that the vast majority of voice communications are in the clear. Yet the general public, along with both government and public organizations run their affairs over the teleph...
The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are intended for machines under common administrative control, and rely on maintaining a centralized databas...
While the adoption of the Internet by businesses suggests that there are clear economic implications in provisioning of not just connectivity but also customized network services, the economic considerations have not yet found a way of driving the changes to the current optical architectures. The limiting factor is the missing technology. We propos...
How some extremely smart hackers pulled off the most audacious cell-network break-in ever. On 9 march 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months. The next day...
We propose the concept of Overlay-linked IntServ (OLIntServ), a system architecture that combines network overlays with intra-domain QoS to provide assured communications over the Internet, while allowing ISPs to extend the reach of their currently under-utilized IntServ services. We describe our system prototype, and provide some preliminary exper...
Recently, a number of new research initiatives, most notably UCLPv2 and GENI, have promoted the dynamic partition of physical network resources (infrastructure) as the means to operate the network, and to implement new protocols and services. This has led to a number of open issues such as resource discovery, implementation of resource partitioning...
The predominance of short-lived connections in today’s Internet has created the perception that it is perfectly acceptable to change a host’s IP address with little regard about established connections. Indeed, the increased mobility offered by laptops with wireless network interfaces, and the aggressive use of short DHCP leases are leading the way...
The Internet enables global sharing of data across organizational boundaries. Traditional access control mechanisms are intended for one or a small number of machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizatio...
Having reliable security in systems is of the utmost importance. However, the existing framework of writing, distributing and linking against code in the form of libraries and/or modules does a very poor job of keeping track of who has access to what code and who can call what function. The status-quo is insufficient for a variety of reasons. As th...
New applications for the Internet such as video on demand, grid computing etc. depend on the availability of high bandwidth connections with acceptable quality of service (QoS). There appears to be, therefore, a requirement for a market where bandwidth-related transactions can take place. For this market to be effective, it must be efficient for bo...
If we wish to distribute audio in a large room, building, or even a campus, we need multiple speakers. These speakers must be jointly managed and synchronized. The Ethernet Speaker (ES) system presented in this pa- per can be thought of as a distributed audio amplifier and speakers, it does not "play" any particular format, but rather relies on off...
Abstract Software systems often share common,vulnerabilities that allow a single attack to compromise large numbers of machines (“write once, exploit everywhere”). Borrowing from biology, several researchers have proposed the introduction of artificial diversity in systems as a means for countering this phenomenon.,The introduced differences affect...
The authors have developed the “Ethernet Speaker” (ES), a network-enabled single board computer embedded into a conventional audio speaker. Audio streams are transmitted in the local area network using multicast packets, and the ES can select any one of them and play it back. A key requirement for the ES is that it must be capable of playing any ty...
Collaboration over the Internet depends on the ability of the members of a group to exchange data in a secure yet unobtrusive manner. WebDAVA is a system that allows users to define their own access-control policies to network resources that they control, enabling secure data sharing within an enterprise. Our design allows users to selectively give...
Software systems often share common vulnerabilities that allow a single attack to compromise large numbers of machines (write once, exploit everywhere). Borrowing from biology, several researchers have proposed the introduction of artificial diversity in systems as a means for countering this phenomenon. The introduced differences affect the way co...
We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff's principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm wi...
Software maintainers and auditors would benefit from a tool to help them focus their attention on functions that are likely to be the source of security vulnerabilities. However, the existence of such a tool is predicated on the ability to characterize a function's 'security vulnerability likelihood'. Our hypothesis is that functions near a source...
Collaboration over the Internet depends on the ability of the members of a group to exchange data in a secure yet unobtrusive manner. WebDAVA is a system that allows the users to define their own access-control policies to network resources that they control, enabling secure data sharing within the enterprise. Our design allows users to selectively...
This paper describes TAPI, an offline scheme intended for general Internet-based micropayments. TAPI, which extends and combines concepts from the KeyNote Microchecks and OTPCoins architectures, encodes risk management rules in bank-issued users' credentials which are in turn used to acquire small-valued payment tokens. The scheme has very low tran...
A software vulnerability is a fault in the specification, implementation, or configuration of a software system whose execution can violate an explicit or implicit security policy. Users typically focus on the functionality of software rather than its security posture. Hence, vulnerabilities often escape their attention until the software is exploi...
Software maintainers and auditors would benefit from a tool to help them focus their attention on functions that are likely to be the source of security vulnerabilities. However, the existence of such a tool is predicated on the ability to characterize a function's `security vulnerability likelihood.' Our hypothesis is that functions near a source...
Sharing of files is a major application of computer networks, with examples ranging from LAN-based network file systems to wide-area applications such as use of version control systems in distributed software development. Identification, authentication and access control are much more challenging in this complex large-scale distributed environment....
Proposes the use of a special purpose drop-in firewall/VPN gateway called Sieve, that can be inserted between the mobile workstation and the network to provide individualized security services for that particular station. Sieve is meant to be used like an external modem: the user only needs to plug it in. Its existence is transparent to the user, r...
The widespread use of mobile computing and telecommuting has increased the need for effective protection of computing platforms. Traditional schemes that involve strengthening the security of individual systems, or the use of firewalls at network entry points have difficulty accommodating the special requirements of remote and mobile users. We prop...
Technology trends in recent years have resulted in the rapid and wide-scale deployment of embedded systems as critical components of larger systems such as home appli-ances, airplanes, ships, and motor-vehicles. Furthermore, traditional desktops and workstations themselves are be-coming a federation of embedded systems such as ex-ternal storage dev...
FILETELLER is a credential-based network file storage system with provisions for paying for file storage and getting paid when others access files. Users get access to arbitrary amounts of storage anywhere in the network, and use a micropayments system to pay for both the initial creation of the file and any subsequent accesses. Wide-scale informat...
FILETELLER is a credential-based network file storage system with provi sions for paying for file storage and getting paid when others access files. Users get a ccess to arbitrary amounts of storage anywhere in the network, and use a micropayments system to pay for both the initial creation of the file and any subsequent accesses. Wide-scale inform...
Users frequently have to choose between functionality and security. When running popular Web browsers or email clients, they frequently find themselves turning off features such as JavaScript, only to switch them back on in order to view a certain site or read a particular message. Users of Unix (or similar) systems can construct a sandbox where su...
The proliferation of computers has spurred the creation of large networks even in small organisations. These networks comprise great numbers of elements such as routers, switches, servers etc. located in multiple locations. The administration of these elements has to be carried out usually from a central location over the existing network infrastru...
The use of the World Wide Web as a medium for the dissemination of course textbooks has proved to be effective both pedagogically and in terms of cost. However, there are some limitations inherent in this approach. In this paper we discuss the issues involved in the production of network accessible textbooks and present a framework which attempts t...
The wide availability of public domain IPsec implementations allows the creation of VPNs based on low-cost platforms. However, setting up a VPN node involves a lot of work such as the creation of IPsec Security Associations and associated tunnels, including the necessary management of keys. Moreover, routing and firewall facilities must be provided...
The trend towards ever-larger WWW sites with hundreds of thousands of pages maintained by teams of developers has made apparent the need for tools to manage such large-scale efforts. In this paper we present a mechanism for organising and manipulating groups of nodes and links in WWW sites. These constructs are used to create dynamic views of the d...
The wide use of data networks encourages the exchange of
electronic documents. However, this practice often has unwanted
side-effects such as unauthorised copying, redistribution or
modification of these documents. Moreover, the recipient usually has no
convenient means of confirming the authenticity of the document, while
the sender has no proof o...
This paper examines the issues surrounding the charging for the use of electronic documents. While traditional systems charge for the release of the document, we have adopted the approach of distributing intelligent documents (agents) that can initiate the billing procedure when the user wishes to view the document. We first present the requirement...
The wide use of the World Wide Web has accentuated the problems that are in- herent in the existing design. Such problems include difficulties in locating infor- mation, extensive waste in network bandwidth, lack for authoring support tools, etc. In this paper we will present a representational model and framework for hy- pertext networks in genera...
Using graph-like structures to store and organise ideas, concepts and programs in a Software Development Environment is not new. This approach, however, has two drawbacks: the rigidity and large size of the resulting graph. Users have difficulty managing change in the network and as the information piles up, they have trouble finding their way in t...
Thèse sc. informat. Genève. Literaturverz.