Electronic Communications of the EASST (European Association of Software Science and Technology)
Not a member yet
887 research outputs found
Sort by
MoleNet: An Underground Sensor Network for Soil Monitoring
Full text linkWith the increasing digitalization worldwide, the demand of information also increases in all areas. MoleNet is a low-power sensing platform which is easy to assemble and use. It offers several options to monitor, for example, the soil moisture and temperature and visualize the data. Several researchers from different countriesare currently working and improving MoleNet for different applications. This demoshows the main application of MoleNet: Monitoring soil conditions in a remote area,transmitting the data and visualizing the current status
Impact of radio channel characteristics on the longitudinal behaviour of truck platoons in critical car-following situations
Full text linkTruck platooning is an application of cooperative adaptive cruise control (CACC) which relies on vehicle-to-vehicle communications facilitated by vehicle ad-hoc networks. Communication uncertainties can affect the performance of a CACC controller. Previous research has not considered the full spectrum of possible car-following scenarios needed to understand how the longitudinal behaviour of truck platoons would be affected by changes in the communication network. In this paper, we investigate the impact of radio channel parameters on the string stability and collision avoidance capabilities of a CACC controller governing the longitudinal behaviour of truck platoons in a majority of critical car-following situations. We develop and use a novel, sophisticated and open-source VANET simulator OTS-Artery, which brings microscopic traffic simulation, network simulation, and psychological concepts in a single environment, for our investigations. Our results indicate that string stability and safety of truck platoons are mostly affected in car-following situations where truck platoons accelerate from the standstill to the maximum speed and decelerate from the maximum speed down to the standstill. The findings suggest that string stability can be improved by increasing transmission power and lowering receiver sensitivity. However, the safety of truck platoons seems to be sensitive to the choice of the path loos model
Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers
Full text linkQUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker to count the number of server instances behind a middlebox, e.g., a load balancer. We found 4/15 (~25%) implementations vulnerable to our enumeration attack. We then concretely describe how an attacker can count the number of instances behind a load balancer that either uses Round Robin or Hashing
Early Work: Path Selection in a Path-aware Network Architecture
Full text linkModern path-aware networking (PAN) architectures based on packet-carried forwarding state (PCFS) promise to support practical multipath communication with increased availability and redundancy, even for single-homed hosts. How exactly hosts can chose paths in a meaningful way while maintaining good network utilization as well as user satisfaction is the subject of this research. We demonstrate how overall network utilization is affected by the introduction of multipath communication and propose the term “Cost of Multipath” to reason about this observation. We also identify a collection of concrete practical techniques from networking research and engineering that can be adapted to allow hosts to make more informed path decisions. These tie into the practical implementation of an experimental path-selection engine with a high-level API that we aim to utilize to quantitatively investigate host-based approaches for traffic optimization in the existing path-aware SCION network architectur
CYBERWISER.eu: Innovative Cyber Range Platform for Cybersecurity Training in Industrial Systems
Full text linkInformation technologies are nowadays part of industrial systems. Employees in charge of managing these systems typically have little or very little knowledge of cybersecurity. In this work we initially explore the challenges related to cybersecurity training in industrial systems and then we propose an approach based on CYBERWISER.eu cyber range platform. A cyber range provides a multipurpose virtual environment in which organisations can test critical capabilities and reveal how effectively they integrate people, processes, and technology to protect their strategic information, services, and assets. By facilitating high-fidelity simulations, a cyber range can associate the cybersecurity training phase with a personalized security testing, together with a unit testing, on different kind of systems, including SCADA
Testing Interconnected Systems with Behavior Mining
Full text linkModern software applications rely not only on a complex stack of technologies, but are more and more dependent on and connected to third party interfaces, Internet of Things devices and Industry 4.0 machines. One approach to tackle this complexity is Model Driven Design with custom interactions. But it is then still necessary to test the whole system to ensure that all parts work together as intended. This paper looks at the possibility of using Active Automata Learning as a systematic way to test interconnected systems
Large Scale Monitoring of Web Application Software Distribution to Measure Threat Response Behavior
Full text linkWeb application software may be affected by vulnerabilities and a fast deployment of security updates is required to protect users from attacks. With daily scans of over 50 million websites we are able to measure the threat response behavior. Preliminary results indicate significant differences between the different observed web application softwares
Time- and Frequency-Domain Dynamic Spectrum Access: Learning Cyclic Medium Access Patterns in Partially Observable Environments
Full text linkUpcoming communication systems increasingly often tackle the spectrum scarcity problem through the coexistence with legacy systems in the same frequency band. Cognitive Radio presents popular methods for Dynamic Spectrum Access (DSA) that enable coexistence. Historically, DSA meant a separation solely in the frequency domain, while in recent years it has been extended through the dimension of time, by employing Machine Learning to learn semi-deterministic and cyclic medium access patterns of the legacy system that are observed through channel sensing. When this pattern is learnable, then a new system can utilize a neural network and predict future medium accesses, thus steering its own medium access. We investigate this novel and more fine-grained version of DSA, propose a predictor and show its capability of reliably predicting future medium accesses of a legacy system in an aeronautical coexistence scenario. We extend the predictor to the case of partial observability, where only a narrowband receiver is available, s.t. observations are limited to a single sensed channel per time slot. In particular, we propose a custom loss function that is tailored to partially observable environments. In the spirit of Open Science, all implementation files are released under an open license
Modular Platform for Detecting and Classifying Phishing Websites Using Cyber Threat Intelligence
Full text linkPhishing attacks are deceptive types of social engineering techniques that attackers use to imitate genuine websites in order to steal the login credentials and private data of the end-users. The continued success of these attacks is heavily attributed to the prolific adoption of online services and the lack of proper training to foster a security awareness mindset of online users. In addition to the financial and reputational damages caused by data breaches of individual users and businesses, cyber adversaries can further use the leaked data for various malicious purposes. In this work, a modular platform was introduced that facilitates accurate detection and automatic evaluation of websites visited by employees of a company or organization. The basis for this approach is a preceding website analysis, which is essential when hunting for potential threats from proxy logs. The platform contains three modules. Characterization of suspicious websites relies on a set of pre-defined features and a multi-stage threat intelligence technique, the functionality of which has been ascertained in initial tests on real data set
Parsing BDD Stories for Automated Verification of Software Artefacts
Full text linkThis position paper reports on our ongoing developments towards the automated verification of software artefacts by parsing sentences on Behaviour- Driven Development (BDD) stories. The solution we propose is based on different strategies for analysing the consistency of user requirements specified in BDD stories on task models, graphical user interfaces (GUIs), GUI prototypes, and domain models. We illustrate our solution through concrete examples and discuss its challenges and limitations