The amount of traffic data collected by automatic number plate reading systems constantly incrseases. It is therefore important, for law enforcement agencies, to find convenient techniques and tools to analyze such data. In this paper we propose a scalable and fully automated procedure leveraging the Apache Accumulo technology that allows an effective importing and processing of traffic data. We discuss preliminary results obtained by using our application for the analysis of a dataset containing real traffic data provided by the Italian National Police. We believe the results described here can pave the way to further interesting research on the matter.

This paper describes the efforts, pitfalls, and successes of applying unsupervised classification techniques to analyze the Trap-2017 dataset. Guided by the informative perspective on the nature of the dataset obtained through a set of specifically-written perl/bash scripts, we devised an automated clustering tool implemented in python upon openly-available scientific libraries. By applying our tool on the original raw data it is possibile to infer a set of trending behaviors for vehicles travelling over a route, yielding an instrument to classify both routes and plates. Our results show that addressing the main goal of the Trap-2017 initiative (``to identify itineraries that could imply a criminal intent'') is feasible even in the presence of an unlabelled and noisy dataset, provided that the unique characteristics of the problem are carefully considered. Albeit several optimizations for the tool are still under investigation, we believe that it may already pave the way to further research on the extraction of high-level travelling behaviors from gates transit records.

The exploration and analysis of Web graphs has flourished in the recent past, producing a large number of relevant and interesting research results. However, the unique characteristics of the Tor network limit the applicability of standard techniques and demand for specific algorithms to explore and analyze it. The attention of the research community has focused on assessing the security of the Tor infrastructure (i.e., its ability to actually provide the intended level of anonymity) and on discussing what Tor is currently being used for. Since there are no foolproof techniques for automatically discovering Tor hidden services, little or no information is available about the topology of the Tor Web graph. Even less is known on the relationship between content similarity and topological structure. The present article aims at addressing such lack of information. Among its contributions: A study on automatic Tor Web exploration/data collection approaches; the adoption of novel representative metrics for evaluating Tor data; a novel in-depth analysis of the hidden services graph; a rich correlation analysis of hidden services' semantics and topology. Finally, a broad interesting set of novel insights/considerations over the TorWeb organization and content are provided.

With black-box access to the cipher being its unique requirement, Dinur and Shamir's cube attack is a flexible cryptanalysis technique which can be applied to virtually any cipher. However, gaining a precise understanding of the characteristics that make a cipher vulnerable to the attack is still an open problem, and no implementation of the cube attack so far succeeded in breaking a real-world strong cipher. In this paper, we present a complete implementation of the cube attack on a GPU/CPU cluster able to improve state-of-the-art results against the Trivium cipher. In particular, our attack allows full key recovery up to 781 initialization rounds without brute-force, and yields the first ever maxterm after 800 initialization rounds. The proposed attack leverages a careful tuning of the available resources, based on an accurate analysis of the offline phase, that has been tailored to the characteristics of GPU computing. We discuss all design choices, detailing their respective advantages and drawbacks. Other than providing remarkable results, this paper shows how the cube attack can significantly benefit from accelerators like GPUs, paving the way for future work in the area.

As services steadily migrate to the Cloud, the availability of an overarching identity framework has become a stringent need. Moreover, such an identity framework is now critical in the Internet of Things. To address this problem, identification solutions have been proposed in the past leveraging software or hardware properties of devices. While those solutions proved feasible, their root of trust was based either within the device or in a remote server. In this paper, we overcome the above paradigm and star investigating novel perspectives offered by an overarching identity framework that is not based on client/server properties, but on the network latency of their communications. The core idea behind our approach is to leverage cloud client/server interactions' latency patterns over the network to derive unique and unpredictable identity factors. Such factors can be used to design and implement effective identification schemes especially suitable for cloud-based services. To the best of our knowledge, our approach is the first one ensuring unclonability and unpredictability properties, relying on neither trusted computing bases (TCBs) nor on classical pseudo-random number generators (PRNGs). The experimental tests presented in this paper, conducted on worst case conditions, show that the network latency (generated between two interacting devices) can produce random values with properties close to the ones generated by most of the well-known PRNGs, that are an ideal fit for providing unique identifiers. Peer-review under responsibility of the Conference Program Chairs.

Effectively protecting the WindowsTM OS is a challenging task, since most implementation details are not publicly known. Windows OS has always been the main target of malware that have exploited numerous bugs and vulnerabilities exposed by its implementations. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and rootkits. The HyBIS architecture is motivated and detailed, while targeted experimental results show its effectiveness. Comparison with related work highlights main HyBIS advantages such as: effective semantic introspection, support for 64-bit architectures and for recent Windows versions ( >=>= win 7), and advanced malware disabling capabilities. We believe the research effort reported here will pave the way to further advances in the security of WindowsTM OSes.

Graphics processing units (GPUs) are increasingly common on desktops, servers, and embedded platforms. In this article, we report on new security issues related to CUDA, which is the most widespread platform for GPU computing. In particular, details and proofs-of-concept are provided about novel vulnerabilities to which CUDA architectures are subject. We show how such vulnerabilities can be exploited to cause severe information leakage. As a case study, we experimentally show how to exploit one of these vulnerabilities on a GPU implementation of the AES encryption algorithm. Finally, we also suggest software patches and alternative approaches to tackle the presented vulnerabilities.

Offloading computing to distributed and possibly mobile nodes is increas- ingly popular thanks to the convenience and availability of cloud resources. How- ever, trusted mobile computing is not presently viable due to a number of issues in both the mobile platform architectures and in the cloud service implementations. The complexity of such systems potentially exposes them to malicious and/or self- ish behavior. This chapter describes the state-of-the-art research on theoretical ad- vancements and practical implementations of trusted computing on a mobile cloud. Further, mobile distributed cloud computing security and reliability issues are intro- duced. Discussed solutions feature different levels of resiliency against malicious and misbehaving nodes.

A malicious alteration of system-provided timeline can negatively affect the reliability of computer forensics. Indeed, detecting such changes and possibly reconstructing the correct timeline of events is of paramount importance for court admissibility and logical coherence of collected evidence. However, reconstructing the correct timeline for a set of network nodes can be difficult since an adversary has a wealth of opportunities to disrupt the timeline and to generate a fake one. This aspect is exacerbated in cloud computing, where host and guest machine-time can be manipulated in various ways by an adversary. Therefore, it is important to guarantee the integrity of the timeline of events for cloud host and guest nodes, or at least to ensure that timeline alterations do not go undetected. This paper provides several contributions. First, we survey the issues related to cloud machine-time reliability. Then, we introduce a novel architecture (CURE) aimed at providing timeline resilience to cloud nodes. Further, we implement the proposed framework and extensively test it on both a simulated environment and on a real cloud. We evaluate and discuss collected results showing the effectiveness of our proposal. (C) 2016 Elsevier B.V. All rights reserved.

this chapter discussed advanced technologies that can help provide trust in the cloud

this chapter discusses secure management of virtualized resources in a Cloud

this Chapter discusses secure assessment and authorization for private Clouds

Credit and debit card data theft is one of the earliest forms of cybercrime. Still, it is one of the most common nowadays. Attackers often aim at stealing such customer data by targeting the Point of Sale (for short, PoS) system, i.e. the point at which a retailer first acquires customer data. Modern PoS systems are powerful computers equipped with a card reader and running specialized software. Increasingly often, user devices are leveraged as input to the PoS. In these scenarios, malware that can steal card data as soon as they are read by the device has flourished. As such, in cases where customer and vendor are persistently or intermittently disconnected from the network, no secure on-line payment is possible. This paper describes FRoDO, a secure off-line micro-payment solution that is resilient to PoS data breaches. Our solution improves over up to date approaches in terms of flexibility and security. To the best of our knowledge, FRoDO is the first solution that can provide secure fully off-line payments while being resilient to all currently known PoS breaches. In particular, we detail FRoDO architecture, components, and protocols. Further, a thorough analysis of FRoDO functional and security properties is provided, showing its effectiveness and viability.

This comprehensive resource presents a highly informative overview of cloud computing security issues. This book focuses on relevant approaches aimed at monitoring and protecting computation and data hosted on heterogeneous computing resources. The most critical security aspects are thoroughly discussed, highlighting the importance of reliable secure computation over remote heterogeneous cloud nodes. This book shows that present cloud computing is inherently insecure therefore advanced execution models have to be developed to prevent unauthorized users from accessing or affecting others' data and computation. The cloud approach enables on-demand scalable services that allow performing large computations without the costs and maintenance/management issues of costly server farms (thus enabling a novel kind of outsourced computing). Essential reading for software and computer engineers as well as data architects and IT professionals to better understand the complexity and heterogeneity of modern cloud- based scenarios.

The increasing need for performing expensive computations has motivated outsourced computing, as in crowdsourced applications leveraging worker cloud nodes. However, these outsourced computing nodes can potentially misbehave or fail. Exploiting the redundancy of nodes can help guaranteeing correctness and availability of results. This entails that reliable distributed computing can be achieved at the expense of convenience. In this paper, we provide a solution for a generic class of problems that distribute a parallel computation over a set of nodes where trustworthiness of the outsourced computation is important. In particular, we discuss AntiCheetah, an approach modeling the assignment of input elements to cloud nodes as a multi-round system. AntiCheetah is resilient to node cheating, even in scenarios where smart cheaters return the same fake values. To this end, cost-efficient redundancy is used to detect and correct anomalies. Furthermore, we discuss the benefits and pitfalls of the proposed approach over different scenarios, especially with respect to cheaters' behavior. Extensive experimental results are analyzed, showing the effectiveness and viability of our approach.

Malware for smartphones has rocketed over the last years. Market operators face the challenge of keeping their stores free from malicious apps, a task that has become increasingly complex as malware developers are progressively using advanced techniques to defeat malware detection tools. One such technique commonly observed in recent malware samples consists of hiding and obfuscating modules containing malicious functionality in places that static analysis tools overlook (e.g., within data objects). In this paper, we describe ALTERDROID, a dynamic analysis approach for detecting such hidden or obfuscated malware components distributed as parts of an app package. The key idea in ALTERDROID consists of analyzing the behavioral differences between the original app and a number of automatically generated versions of it, where a number of modifications (faults) have been carefully injected. Observable differences in terms of activities that appear or vanish in the modified app are recorded, and the resulting differential signature is analyzed through a pattern-matching process driven by rules that relate different types of hidden functionalities with patterns found in the signature. A thorough justification and a description of the proposed model are provided. The extensive experimental results obtained by testing ALTERDROID over relevant apps and malware samples support the quality and viability of our proposal.

Detecting malware in mobile applications has become increasingly complex as malware developers turn to advanced techniques to hide or obfuscate malicious components. Alterdroid is a dynamic-analysis tool that compares the behavioral differences between an original app and numerous automatically generated versions of it containing carefully injected modifications.

Cloud computing offers unprecedented ways to split and offload the workload of parallel algorithms to remote computing nodes. However, such remote parties can potentially misbehave, for instance by providing fake computation results in order to save resources. In turn, these erroneous partial results can affect the timeliness and correctness of the overall outcome of the algorithm. The widely successful cloud approach increases the economic feasibility of leveraging computational redundancy to enforce some degree of assurance about the results. However, naïve solutions that dumbly replicate the same computation over several sets of nodes are not cost-efficient. In this paper, we provide several contributions as for the distribution of workload over (heterogeneous) cloud nodes. In particular, we first formalize the problem of computing a parallel function over a set of nodes; later, we introduce CheR (for Cheating Resilience), a novel approach based upon modelling the assignment of input elements to cloud nodes as a linear integer programming problem aimed at minimizing cost while being resilient against misbehaving nodes. Further, we describe the CheR approach in different scenarios and highlight the novelty with respect to other state-of-the-art solutions. Finally, we present and discuss some experimental results showing the viability and quality of our proposal. © 2014 Springer International Publishing Switzerland.

In this paper, we analyze the above issues and provide a solution for a specific problem that, nevertheless, is quite representative for a generic class of problems in the above setting: computing a vectorial function over a set of nodes. In particular, we introduce AntiCheetah, a novel autonomic multi-round approach performing the assignment of input elements to cloud nodes as an autonomic, self-configuring and self-optimizing cloud system. AntiCheetah is resilient against misbehaving nodes, and it is effective even in worst-case scenarios and against smart cheaters that behave according to complex strategies. Further, we discuss benefits and pitfalls of the AntiCheetah approach in different scenarios. Preliminary experimental results over a custom-built, scalable, and flexible simulator (SofA) show the quality and viability of our solution. Outsourced computing is increasingly popular thanks to the effectiveness and convenience of cloud computing *-as-a-Service offerings. However, cloud nodes can potentially misbehave in order to save resources. As such, some guarantee over the correctness and availability of results is needed. Exploiting the redundancy of cloud nodes can be of help, even though smart cheating strategies render the detection and correction of fake results much harder to achieve in practice.