Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- abstractDecember 2024
MQTT-VET: Exploring MQTT Protocol Vulnerabilities
LADC '24: Proceedings of the 13th Latin-American Symposium on Dependable and Secure ComputingPages 111–113https://doi.org/10.1145/3697090.3699800The Message Queuing Telemetry Transport (MQTT) protocol is essential for IoT communications, enabling lightweight device messaging. However, its widespread use increases security vulnerabilities. This paper introduces the MQTT Vulnerability Exploration ...
- research-articleNovember 2024JUST ACCEPTED
When ChatGPT Meets Smart Contract Vulnerability Detection: How Far Are We?
- Chong Chen,
- Jianzhong Su,
- Jiachi Chen,
- Yanlin Wang,
- Tingting Bi,
- Jianxing Yu,
- Yanli Wang,
- Xingwei Lin,
- Ting Chen,
- Zibin Zheng
ACM Transactions on Software Engineering and Methodology (TOSEM), Just Accepted https://doi.org/10.1145/3702973With the development of blockchain technology, smart contracts have become an important component of blockchain applications. Despite their crucial role, the development of smart contracts may introduce vulnerabilities and potentially lead to severe ...
- research-articleOctober 2024
On NVD Users’ Attitudes, Experiences, Hopes, and Hurdles
Digital Threats: Research and Practice (DTRAP), Volume 5, Issue 3Article No.: 33, Pages 1–19https://doi.org/10.1145/3688806The National Vulnerability Database (NVD) is a major vulnerability database that is free to use for everyone. It provides information about vulnerabilities and further useful resources such as linked advisories and patches. The NVD is often considered as ...
- articleNovember 2024
Organizational Influence on Security Development in Open-Source Software Projects
International Journal of Systems and Software Security and Protection (IJSSSP), Volume 15, Issue 1Pages 1–20https://doi.org/10.4018/IJSSSP.356659Increasing technological complexity, intensified competition, and security requirements have driven open-source software (OSS) projects to become a crucial part of organizations' software development. This study focuses on the OSS project TensorFlow (TF) ...
- ArticleSeptember 2024
Semi-automated and Easily Interpretable Side-Channel Analysis for Modern JavaScript
AbstractOver the years, developers have become increasingly reliant on web technologies to build their applications, raising concerns about side-channel attacks, especially on cryptographic libraries. Despite the efforts of researchers to ensure constant-...
-
- research-articleOctober 2024
Mitigating adversarial threats in deep CT image diagnosis models via a dual-stage inference-time defense
AbstractArtificial intelligence (AI), particularly deep learning (DL) and machine learning (ML) have revolutionized disease diagnosis using complex medical images such as X-rays and CT scans, significantly improving accuracy in identifying various ...
Highlights- Developed a highly accurate COVID-19 diagnosis model using transfer learning from DenseNet-121, which achieved an impressive accuracy of 95.85 % for normal and COVID-19 classes.
- Uncovered and demonstrated the vulnerability of deep ...
- research-articleJuly 2024
Towards Trusted Smart Contracts: A Comprehensive Test Suite For Vulnerability Detection
Empirical Software Engineering (KLU-EMSE), Volume 29, Issue 5https://doi.org/10.1007/s10664-024-10509-wAbstractThe term smart contract was originally used to describe automated legal contracts. Nowadays, it refers to special programs that run on blockchain platforms and are popular in decentralized applications. In recent years, vulnerabilities in smart ...
- research-articleJune 2024
OpenSCV: an open hierarchical taxonomy for smart contract vulnerabilities
Empirical Software Engineering (KLU-EMSE), Volume 29, Issue 4https://doi.org/10.1007/s10664-024-10446-8AbstractSmart contracts are nowadays at the core of most blockchain systems. Like all computer programs, smart contracts are subject to the presence of residual faults, including severe security vulnerabilities. However, the key distinction lies in how ...
- articleJune 2024
Analysis of the Cybersecurity Threats in Botswana Using Publicly Available Data
International Journal of ICT Research in Africa and the Middle East (IJICTRAME), Volume 13, Issue 1Pages 1–13https://doi.org/10.4018/IJICTRAME.344837Online criminal and terrorist activities impact society at individual, organizational and national levels. This makes cybersecurity risk a society risk, one in which cyber-attacks affect the whole community. As such a government led cybersecurity ...
- research-articleJuly 2024
A systematic review of cybersecurity assessment methods for HTTPS
- Abdelhadi Zineddine,
- Oumaima Chakir,
- Yassine Sadqi,
- Yassine Maleh,
- Gurjot Singh Gaba,
- Andrei Gurtov,
- Kapal Dev
Computers and Electrical Engineering (CENG), Volume 115, Issue Chttps://doi.org/10.1016/j.compeleceng.2024.109137AbstractCybersecurity assessments are critical for ensuring that security measures in organizational infrastructures, systems, and applications meet necessary requirements. Given the significant HTTPS vulnerabilities exposed in recent years, assessing ...
Highlights- A collection of reviews on cybersecurity and risk assessment methods was identified.
- 24 cybersecurity assessment methods for HTTPS deployment were carefully selected.
- 16 comparison metrics categorized into security and ...
- research-articleApril 2024
SHFuzz: Service handler-aware fuzzing for detecting multi-type vulnerabilities in embedded devices
AbstractEmbedded devices in IoT are of great convenience to our daily lives and industries, but they also introduce multi-type vulnerabilities. Most vulnerabilities reside in various handlers of service program. However, existing fuzzing methods existing ...
- research-articleFebruary 2024
Smart Homes App Vulnerabilities, Threats, and Solutions: A Systematic Literature Review
Journal of Network and Systems Management (JNSM), Volume 32, Issue 2https://doi.org/10.1007/s10922-024-09803-1AbstractThe smart home is one of the most significant applications of Internet of Things (IoT). Smart home is basically the combination of different components like devices, hub, cloud, and smart apps. These components may often be vulnerable, and most ...
- short-paperFebruary 2024
SecSEC: Securing Smart Ethereum Contracts
ISEC '24: Proceedings of the 17th Innovations in Software Engineering ConferenceArticle No.: 23, Pages 1–4https://doi.org/10.1145/3641399.3641441Smart contracts are a driving force for the Ethereum blockchain. A smart contract is a code that resides on blockchain and executes when certain predetermined conditions are satisfied. Ethereum smart contracts handle ether (a cryptocurrency) equivalent ...
- research-articleApril 2024
Cyber-physical systems security: A systematic review
Computers and Industrial Engineering (CINE), Volume 188, Issue Chttps://doi.org/10.1016/j.cie.2024.109891Highlights- A systematic literature review that addresses core issues in CPS security.
- Part of the focus is placed on the defence mechanisms.
- The framework devoted to risk/threat assessments has also been highlighted.
- The ethical and ...
In recent years, cyber-physical systems (CPS) have been to many vital areas, including medical devices, smart cars, industrial systems, energy grid, etc. As these systems increasingly rely on Internet, ensuring their security requirements, which ...
- research-articleApril 2024
Identifying vulnerabilities of industrial control systems using evolutionary multiobjective optimisation
AbstractIn this paper, we propose a novel methodology to assist in identifying vulnerabilities in real-world complex heterogeneous industrial control systems (ICS) using two Evolutionary Multiobjective Optimisation (EMO) algorithms, NSGA-II and SPEA2. ...
- research-articleJanuary 2024
A formal security analysis of the fast authentication procedure based on the security context in 5G networks
Soft Computing - A Fusion of Foundations, Methodologies and Applications (SOFC), Volume 28, Issue 3Pages 1865–1881https://doi.org/10.1007/s00500-023-09486-xAbstractThe security context, generally stored in the universal subscriber identity module card or the baseband chip, is the critical information applied by the subscriber to access the 5G network during the fast authentication procedure. Once exposed or ...
- research-articleJuly 2024
An Empirical Investigation of Docker Sockets for Privilege Escalation and Defensive Strategies
Procedia Computer Science (PROCS), Volume 233, Issue CPages 660–669https://doi.org/10.1016/j.procs.2024.03.255AbstractCloud-based infrastructures often leverage virtualization, but its implementation can be expensive. Traditional coding methods can lead to issues when transitioning code from one computing environment to another. In response, the container ...
- articleFebruary 2024
Denial of service attacks in edge computing layers: Taxonomy, vulnerabilities, threats and solutions
AbstractEdge computing has emerged as the dominant communication technology connecting IoT and cloud, offering reduced latency and harnessing the potential of edge devices. However, its widespread adoption has also introduced various security ...
- ArticleApril 2024
Analysis of Cryptographic CVEs: Lessons Learned and Perspectives
AbstractCryptographic vulnerabilities can have a particularly far-reaching impact due to the ubiquity of cryptographic software. In this paper, we describe 30 cryptographic vulnerabilities, classify them according to a taxonomy published in previous work, ...
- research-articleNovember 2023
On the coordination of vulnerability fixes: An empirical study of practices from 13 CVE numbering authorities
Empirical Software Engineering (KLU-EMSE), Volume 28, Issue 6https://doi.org/10.1007/s10664-023-10403-xAbstractThe Common Vulnerabilities and Exposures (CVE) program is dedicated to analyzing vulnerabilities, then to assigning a unique ID to them and disclosing the vulnerabilities to affected software vendors. A CVE Numbering Authority (CNA) is a key ...