Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.7
2.9
Journals
Electronics
Special Issues
Advances in Software Security
share announcement

Advances in Software Security

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: closed (15 July 2023) | Viewed by 13687

Special Issue Editor

Dr. Aravind Prakash

E-Mail Website
Guest Editor
Department of Computer Science, Binghamton University, New York, NY, USA
Interests: memory forensics; software security; virtualization-based security; binary reverse engineering

Special Issue Information

Dear Colleagues,

Software security has played a central role in securing systems worldwide. Deficiencies in recent hardware solutions (e.g., Intel SGX, Intel MPX) have not only prevented their widespread adoption in industry, but have prompted advancements in software security. The advent of machine learning, advancements in compiler and blockchain technologies, etc., have led to fresh perspectives on software security. There is a need for advanced software security solutions that address the needs of an ever-expanding community of cybersecurity.

In this Special Issue, we are gathering original contributions in the broad area of software security. Potential topics include, but are not limited to:

  • Detection and prevention of malware.
  • Machine-learning-based software security.
  • Cybercrime defense and forensics (e.g., anti-phishing, ransomware).
  • Attack prevention, diagnosis, and response.
  • Security and privacy for blockchains and cryptocurrencies.
  • Smart contracts.
  • Public key infrastructures, key management, certification, and revocation.
  • Security for cloud/edge computing.
  • Mobile security.
  • Security for emerging networks and systems (e.g., autonomous vehicles, IoT, industrial control systems).
  • Security for medical devices.
  • Security and privacy of systems based on machine learning and AI.
  • Case studies and systematization-of-knowledge papers on areas in software security.
  • Measurement of security, tradeoffs between security and usability, cost, and ethics.
  • Human-assisted security.
  • Hardware–software cohesive security.
  • Vulnerability detection and software instrumentation.
  • Design, implementation, and evaluation of program integrity models.

Dr. Aravind Prakash
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • advances in software security 
  • AI and cybersecurity 
  • software security measurement 
  • malware 
  • cyberattacks and defenses

Published Papers (5 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Other

17 pages, 1029 KiB  
Article
Toward a Comprehensive Framework for Ensuring Security and Privacy in Artificial Intelligence
by William Villegas-Ch and Joselin García-Ortiz
Electronics 2023, 12(18), 3786; https://doi.org/10.3390/electronics12183786 - 07 Sep 2023
Cited by 2 | Viewed by 3181
Abstract
The rapid expansion of artificial intelligence poses significant challenges in terms of data security and privacy. This article proposes a comprehensive approach to develop a framework to address these issues. First, previous research on security and privacy in artificial intelligence is reviewed, highlighting [...] Read more.
The rapid expansion of artificial intelligence poses significant challenges in terms of data security and privacy. This article proposes a comprehensive approach to develop a framework to address these issues. First, previous research on security and privacy in artificial intelligence is reviewed, highlighting the advances and existing limitations. Likewise, open research areas and gaps that require attention to improve current frameworks are identified. Regarding the development of the framework, data protection in artificial intelligence is addressed, explaining the importance of safeguarding the data used in artificial intelligence models and describing policies and practices to guarantee their security, as well as approaches to preserve the integrity of said data. In addition, the security of artificial intelligence is examined, analyzing the vulnerabilities and risks present in artificial intelligence systems and presenting examples of potential attacks and malicious manipulations, together with security frameworks to mitigate these risks. Similarly, the ethical and regulatory framework relevant to security and privacy in artificial intelligence is considered, offering an overview of existing regulations and guidelines. Full article
(This article belongs to the Special Issue Advances in Software Security)
Show Figures

Figure 1

21 pages, 7469 KiB  
Article
Research on Cyber ISR Visualization Method Based on BGP Archive Data through Hacking Case Analysis of North Korean Cyber-Attack Groups
by Jaepil Youn, Kookjin Kim, Daeyoung Kang, Jaeil Lee, Moosung Park and Dongkyoo Shin
Electronics 2022, 11(24), 4142; https://doi.org/10.3390/electronics11244142 - 12 Dec 2022
Cited by 4 | Viewed by 3693 | Correction
Abstract
North Korean cyber-attack groups such as Kimsuky, Lazarus, Andariel, and Venus 121 continue to attempt spear-phishing APT attacks that exploit social issues, including COVID-19. Thus, along with the worldwide pandemic of COVID-19, related threats also persist in cyberspace. In January 2022, a hacking [...] Read more.
North Korean cyber-attack groups such as Kimsuky, Lazarus, Andariel, and Venus 121 continue to attempt spear-phishing APT attacks that exploit social issues, including COVID-19. Thus, along with the worldwide pandemic of COVID-19, related threats also persist in cyberspace. In January 2022, a hacking attack, presumed to be Kimsuky, a North Korean cyber-attack group, intending to steal research data related to COVID-19. The problem is that the activities of cyber-attack groups are continuously increasing, and it is difficult to accurately identify cyber-attack groups and attack origins only with limited analysis information. To solve this problem, it is necessary to expand the scope of data analysis by using BGP archive data. It is necessary to combine infrastructure and network information to draw correlations and to be able to classify infrastructure by attack group very accurately. Network-based infrastructure analysis is required in the fragmentary host area, such as malware or system logs. This paper studied cyber ISR and BGP and a case study of cyber ISR visualization for situational awareness, hacking trends of North Korean cyber-attack groups, and cyber-attack tracking. Through related research, we estimated the origin of the attack by analyzing hacking cases through cyber intelligence-based profiling techniques and correlation analysis using BGP archive data. Based on the analysis results, we propose an implementation of the cyber ISR visualization method based on BGP archive data. Future research will include a connection with research on a cyber command-and-control system, a study on the cyber battlefield area, cyber ISR, and a traceback visualization model for the origin of the attack. The final R&D goal is to develop an AI-based cyber-attack group automatic identification and attack-origin tracking platform by analyzing cyber-attack behavior and infrastructure lifecycle. Full article
(This article belongs to the Special Issue Advances in Software Security)
Show Figures

Figure 1

25 pages, 7900 KiB  
Article
An Extendable Software Architecture for Mitigating ARP Spoofing-Based Attacks in SDN Data Plane Layer
by Sorin Buzura, Mihaiela Lehene, Bogdan Iancu and Vasile Dadarlat
Electronics 2022, 11(13), 1965; https://doi.org/10.3390/electronics11131965 - 23 Jun 2022
Cited by 4 | Viewed by 2451
Abstract
Software-defined networking (SDN) is an emerging network architecture that brings benefits in network function virtualization, performance, and scalability. However, the scalability feature also increases the number of possible vulnerabilities through multiple entry points in the network. Address Resolution Protocol (ARP) spoofing-based attacks are [...] Read more.
Software-defined networking (SDN) is an emerging network architecture that brings benefits in network function virtualization, performance, and scalability. However, the scalability feature also increases the number of possible vulnerabilities through multiple entry points in the network. Address Resolution Protocol (ARP) spoofing-based attacks are widely encountered and allow an attacker to assume the identity of a different computer, facilitating other attacks, such as Man in the Middle (MitM). In the SDN context, most solutions employ a controller to detect and mitigate attacks. However, interacting with the control plane involves asynchronous network communication, which causes delayed responses to an attack. The current work avoids these delays by being implemented solely in the data plane through extendable and customizable software architecture. Therefore, faster response times improve network reliability by automatically blocking attackers. As attacks can be generated with a variety of tools and in networks experiencing different traffic patterns, the current solution is created to allow flexibility and extensibility, which can be adapted depending on the running environment. Experiments were run performing ARP spoofing-based attacks using KaliLinux, Mininet, and OpenVSwitch. The presented results are based on traffic pattern analysis offering greater customization capabilities and insight compared to similar work in this area. Full article
(This article belongs to the Special Issue Advances in Software Security)
Show Figures

Figure 1

Other

Jump to: Research

1 pages, 158 KiB  
Correction
Correction: Youn et al. Research on Cyber ISR Visualization Method Based on BGP Archive Data through Hacking Case Analysis of North Korean Cyber-Attack Groups. Electronics 2022, 11, 4142
by Jaepil Youn, Kookjin Kim, Daeyoung Kang, Jaeil Lee, Moosung Park and Dongkyoo Shin
Electronics 2023, 12(24), 4975; https://doi.org/10.3390/electronics12244975 - 12 Dec 2023
Viewed by 394
Abstract
There was an error in the original publication [...] Full article
(This article belongs to the Special Issue Advances in Software Security)
19 pages, 1091 KiB  
Systematic Review
Holding on to Compliance While Adopting DevSecOps: An SLR
by Xhesika Ramaj, Mary Sánchez-Gordón, Vasileios Gkioulos, Sabarathinam Chockalingam and Ricardo Colomo-Palacios
Electronics 2022, 11(22), 3707; https://doi.org/10.3390/electronics11223707 - 12 Nov 2022
Cited by 3 | Viewed by 2864
Abstract
The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims [...] Read more.
The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims to provide an overview of compliance aspects in the context of DevSecOps and explore how compliance is ensured. Furthermore, this study reveals the trends of compliance according to the extant literature and identifies potential directions for further research in this context. Therefore, we carried out a systematic literature review on the integration of compliance aspects in DevSecOps, which rigorously followed the guidelines proposed by Kitchenham and Charters. We found 934 articles related to the topic by searching five bibliographic databases (163) and Google Scholar (771). Through a rigorous selection process, we selected 15 papers as primary studies. Then, we identified the compliance aspects of DevSecOps and grouped them into three main categories: compliance initiation, compliance management, and compliance technicalities. We observed a low number of studies; therefore, we encourage further efforts into the exploration of compliance aspects, their automated integration, and the development of metrics to evaluate such a process in the context of DevSecOps. Full article
(This article belongs to the Special Issue Advances in Software Security)
Show Figures

Graphical abstract

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-5
Back to TopTop