| 11. |
- Arshad, Hamed, 1987, et al.
(author)
-
Attribute-based encryption with enforceable obligations
- 2023
-
In: Journal of Cryptographic Engineering. - Heidelberg : Springer. - 2190-8508 .- 2190-8516. ; 13, s. 343-371
-
Journal article (peer-reviewed)abstract
- Attribute-based encryption (ABE) is a cryptographic mechanism that provides fine-grained access control to encrypted data, which can thus be stored in, e.g., public clouds. However, ABE schemes lack the notion of obligations, which is common in attribute-based access control systems such as eXtensible Access Control Markup Language and Usage Control. Obligations are used to define and enforce extra constraints that happen before approving or denying an access request. In this paper, we propose OB-ABE, a system for extending any classical ABE with enforceable obligations. Our system architecture has as core component trusted hardware enclaves, implemented with SGX, used for enforcing obligations. We employ ProVerif to formally model OB-ABE and verify its main property called "enforceable obligations," i.e., if a message is encrypted along with an obligation, then the message can be decrypted only after enforcing the attached obligation. OB-ABE has two more properties: (i) OB-ABE is a "conservative extension" of the underlying ABE scheme, preserving its security properties; (ii) OB-ABE is "backward compatible" in the sense that any ciphertext produced by an ABE scheme can be decrypted by its extended OB-ABE version, and moreover, a ciphertext produced by an OB-ABE scheme can be decrypted by its underlying ABE scheme provided that the ciphertext does not have obligations attached. We also implement in C using Intel SGX a prototype of an OB-ABE extending the well-known ciphertext-policy ABE.
|
|
| 12. |
- Butun, Ismail, 1981, et al.
(author)
-
A Review of Distributed Access Control for Blockchain Systems towards Securing the Internet of Things
- 2021
-
In: IEEE Access. - 2169-3536 .- 2169-3536. ; 9, s. 5428-5441
-
Research review (peer-reviewed)abstract
- As the Internet of Things (IoT) paradigm gets more attention from academia and industry, implementation tools of IoT will be explored more and more. One example is the applicability of blockchain systems to provide security and privacy of IoT networks, which is the topic of this article. Blockchain systems are on the rise, as crypto-currency payment systems (such as Bitcoin, Litecoin, etc.) boomed in the last few years due to their attractive de-centralized and anonymous features. As in every transaction, access of the users to IoT systems needs to be controlled. However, these systems are peer-to-peer systems and do not have centralized control, which means that traditional access control techniques will not be optimal. As a result, distributed access control schemes are needed and this paper aims at providing the state of the art in the literature. Thereby, we introduce and discuss the details and applicability of centralized (rolebased) and distributed (threshold-signature, reputation, trusted-computing, identity, capability, ACL, groupsignature, and hybrid) access control schemes to blockchain systems under the IoT ecosystems. Moreover, permissioned vs. permissionless blockchain systems are also discussed. Finally, challenges and research directions related to the application of all those presented blockchain systems to IoT are discussed.
|
|
| 13. |
- Ciric, Rastko, et al.
(author)
-
TemplateFlow: FAIR-sharing of multi-scale, multi-species brain models.
- 2022
-
In: Nature methods. - : Springer Science and Business Media LLC. - 1548-7105 .- 1548-7091. ; 19:12, s. 1568-1571
-
Journal article (peer-reviewed)abstract
- Reference anatomies of the brain ('templates') and corresponding atlases are the foundation for reporting standardized neuroimaging results. Currently, there is no registry of templates and atlases; therefore, the redistribution of these resources occurs either bundled within existing software or in ad hoc ways such as downloads from institutional sites and general-purpose data repositories. We introduce TemplateFlow as a publicly available framework for human and non-human brain models. The framework combines an open database with software for access, management, and vetting, allowing scientists to share their resources under FAIR-findable, accessible, interoperable, and reusable-principles. TemplateFlow enables multifaceted insights into brains across species, and supports multiverse analyses testing whether results generalize across standard references, scales, and in the long term, species.
|
|
| 14. |
- Linnusson, Henrik, et al.
(author)
-
Efficient conformal predictor ensembles
- 2020
-
In: Neurocomputing. - : Elsevier BV. - 0925-2312 .- 1872-8286. ; 397, s. 266-278
-
Journal article (peer-reviewed)abstract
- In this paper, we study a generalization of a recently developed strategy for generating conformal predictor ensembles: out-of-bag calibration. The ensemble strategy is evaluated, both theoretically and empirically, against a commonly used alternative ensemble strategy, bootstrap conformal prediction, as well as common non-ensemble strategies. A thorough analysis is provided of out-of-bag calibration, with respect to theoretical validity, empirical validity (error rate), efficiency (prediction region size) and p-value stability (the degree of variance observed over multiple predictions for the same object). Empirical results show that out-of-bag calibration displays favorable characteristics with regard to these criteria, and we propose that out-of-bag calibration be adopted as a standard method for constructing conformal predictor ensembles.
|
|
| 15. |
- Nazari, N., et al.
(author)
-
Multi-level Binarized LSTM in EEG Classification for Wearable Devices
- 2020
-
In: Proceedings - 2020 28th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP 2020. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728165820 ; , s. 175-181
-
Conference paper (peer-reviewed)abstract
- Long Short-Term Memory (LSTM) is widely used in various sequential applications. Complex LSTMs could be hardly deployed on wearable and resourced-limited devices due to the huge amount of computations and memory requirements. Binary LSTMs are introduced to cope with this problem, however, they lead to significant accuracy loss in some applications such as EEG classification which is essential to be deployed in wearable devices. In this paper, we propose an efficient multi-level binarized LSTM which has significantly reduced computations whereas ensuring an accuracy pretty close to full precision LSTM. By deploying 5-level binarized weights and inputs, our method reduces area and delay of MAC operation about 31× and 27× in 65nm technology, respectively with less than 0.01% accuracy loss. In contrast to many compute-intensive deep-learning approaches, the proposed algorithm is lightweight, and therefore, brings performance efficiency with accurate LSTM-based EEG classification to realtime wearable devices.
|
|
| 16. |
-
Reliable Smart Contracts
- 2020
-
Editorial proceedings (other academic/artistic)abstract
- The rise of smart contracts executed on blockchain and other distributed ledger technologies enabled trustless yet decentralised computation. Various applications take advantage of this computational model, including enforced financial contracts, self-sovereign identity and voting. But smart contracts are nothing but software running on a blockchain, with risks of malfunction due to bugs in the code. Compared to traditional systems, there is an additional risk in that erroneous computation or transactions triggered by a smart contract cannot be easily rolled back due to the immutability of the underlying execution model. This ISoLA track brings together a number of experts in the field of smart contract reliability and verification to discuss the state-of-the-art in smart contract dependability and discuss research challenges and future directions.
|
|
| 17. |
- Briand, Lionel, et al.
(author)
-
JF Welcome: ICSE 2021
- 2021
-
In: Proceedings - International Conference on Software Engineering. - : IEEE Computer Society. - 0270-5257. ; May 2021, s. xxxiii-
-
Conference paper (other academic/artistic)
|
|
| 18. |
- Fritzson, Peter, 1952-, et al.
(author)
-
The OpenModelica Integrated Environment for Modeling, Simulation, and Model-Based Development
- 2020
-
In: Modeling, Identification and Control. - Kristiansand, Norway : Norsk Forening for Automatisering. - 0332-7353 .- 1890-1328. ; 41:4, s. 241-295
-
Journal article (peer-reviewed)abstract
- OpenModelica is a unique large-scale integrated open-source Modelica- and FMI-based modeling, simulation, optimization, model-based analysis and development environment. Moreover, the OpenModelica environment provides a number of facilities such as debugging; optimization; visualization and 3D animation; web-based model editing and simulation; scripting from Modelica, Python, Julia, and Matlab; efficient simulation and co-simulation of FMI-based models; compilation for embedded systems; Modelica-UML integration; requirement verification; and generation of parallel code for multi-core architectures. The environment is based on the equation-based object-oriented Modelica language and currently uses the MetaModelica extended version of Modelica for its model compiler implementation. This overview paper gives an up-to-date description of the capabilities of the system, short overviews of used open source symbolic and numeric algorithms with pointers to published literature, tool integration aspects, some lessons learned, and the main vision behind its development.
|
|
| 19. |
- Hagberg, Rasmus, et al.
(author)
-
Using Program Analysis to Identify the Use of Vulnerable Functions
- 2021
-
In: 18th International Conference on Security and Cryptography, SECRYPT 2021. - : SCITEPRESS - Science and Technology Publications. - 9789897585241 ; , s. 520-530
-
Conference paper (peer-reviewed)abstract
- Open-Source Software (OSS) is increasingly used by software applications. It allows for code reuse, but also comes with the problem of potentially being affected by the vulnerabilities that are found in the OSS libraries. With large numbers of OSS components and a large number of published vulnerabilities, it becomes challenging to identify and analyze which OSS components need to be patched and updated. In addition to matching vulnerable libraries to those used in software products, it is also necessary to analyze if the vulnerable functionality is actually used by the software. This process is both time-consuming and error-prone. Automating this process presents several challenges, but has the potential to significantly decrease vulnerability exposure time. In this paper, we propose a modular framework for analyzing if software code is using the vulnerable part of a library, by analyzing and matching the call graphs of the software with changes resulting from security patches. Further, we provide an implementation of the framework targeting Java and the Maven dependency management system. This allows us to identify 20% of the dependencies in our sample projects as false positives. We also identify and discuss challenges and limitations in our approach
|
|
| 20. |
|
|
