Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
15
result(s) for
"Roy, Shanto"
Sort by:
A Review of Emerging Technologies for IoT-Based Smart Cities
Smart cities can be complemented by fusing various components and incorporating recent emerging technologies. IoT communications are crucial to smart city operations, which are designed to support the concept of a “Smart City” by utilising the most cutting-edge communication technologies to enhance city administration and resident services. Smart cities have been outfitted with numerous IoT-based gadgets; the Internet of Things is a modular method to integrate various sensors with all ICT technologies. This paper provides an overview of smart cities’ concepts, characteristics, and applications. We thoroughly investigate smart city applications, challenges, and possibilities with solutions in recent technological trends and perspectives, such as machine learning and blockchain. We discuss cloud and fog IoT ecosystems in the in capacity of IoT devices, architectures, and machine learning approaches. In addition we integrate security and privacy aspects, including blockchain applications, towards more trustworthy and resilient smart cities. We also highlight the concepts, characteristics, and applications of smart cities and provide a conceptual model of the smart city mega-events framework. Finally, we outline the impact of recent emerging technologies’ implications on challenges, applications, and solutions for futuristic smart cities.
Journal Article
IoT Data Compression and Optimization Techniques in Cloud Storage: Current Prospects and Future Directions
This article presents a detailed survey on different data compression and storage optimization techniques in the cloud, their implications, and discussion over future directions. The development of the smart city or smart home systems lies in the development of the Internet of Things (IoT). With the increasing number of IoT devices, the tremendous volume of data is being generated every single day. Therefore, it is necessary to optimize the system's performance by managing, compressing and mining IoT data for smart decision support systems. In this article, the authors surveyed recent approaches with up-to-date outcomes and findings related to the management, mining, compression, and optimization of IoT data. The authors then discuss the scopes and limitations of present works and finally, this article presents the future perspectives of IoT data management on basis of cloud, fog, and mobile edge computing.
Journal Article
Towards Green Cloud Computing an Algorithmic Approach for Energy Minimization in Cloud Data Centers
The article presents an efficient energy optimization framework based on dynamic resource scheduling for VM migration in cloud data centers. This increasing number of cloud data centers all over the world are consuming a vast amount of power and thus, exhaling a huge amount of CO2 that has a strong negative impact on the environment. Therefore, implementing Green cloud computing by efficient power reduction is a momentous research area. Live Virtual Machine (VM) migration, and server consolidation technology along with appropriate resource allocation of users' tasks, is particularly useful for reducing power consumption in cloud data centers. In this article, the authors propose algorithms which mainly consider live VM migration techniques for power reduction named “Power_reduction” and “VM_migration.” Moreover, the authors implement dynamic scheduling of servers based on sequential search, random search, and a maximum fairness search for convenient allocation and higher utilization of resources. The authors perform simulation work using CloudSim and the Cloudera simulator to evaluate the performance of the proposed algorithms. Results show that the proposed approaches achieve around 30% energy savings than the existing algorithms.
Journal Article
Memory Under Siege: A Comprehensive Survey of Side-Channel Attacks on Memory
Side-channel attacks on memory (SCAM) exploit unintended data leaks from memory subsystems to infer sensitive information, posing significant threats to system security. These attacks exploit vulnerabilities in memory access patterns, cache behaviors, and other microarchitectural features to bypass traditional security measures. The purpose of this research is to examine SCAM, classify various attack techniques, and evaluate existing defense mechanisms. It guides researchers and industry professionals in improving memory security and mitigating emerging threats. We begin by identifying the major vulnerabilities in the memory system that are frequently exploited in SCAM, such as cache timing, speculative execution, Rowhammer, and other sophisticated approaches. Next, we outline a comprehensive taxonomy that systematically classifies these attacks based on their types, target systems, attack vectors, and adversarial capabilities required to execute them. In addition, we review the current landscape of mitigation strategies, emphasizing their strengths and limitations. This work aims to provide a comprehensive overview of memory-based side-channel attacks with the goal of providing significant insights for researchers and practitioners to better understand, detect, and mitigate SCAM risks.
Paper
Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies
Internet of Things (IoT) devices and applications can have significant vulnerabilities, which may be exploited by adversaries to cause considerable harm. An important approach for mitigating this threat is remote attestation, which enables the defender to remotely verify the integrity of devices and their software. There are a number of approaches for remote attestation, and each has its unique advantages and disadvantages in terms of detection accuracy and computational cost. Further, an attestation method may be applied in multiple ways, such as various levels of software coverage. Therefore, to minimize both security risks and computational overhead, defenders need to decide strategically which attestation methods to apply and how to apply them, depending on the characteristic of the devices and the potential losses. To answer these questions, we first develop a testbed for remote attestation of IoT devices, which enables us to measure the detection accuracy and performance overhead of various attestation methods. Our testbed integrates two example IoT applications, memory-checksum based attestation, and a variety of software vulnerabilities that allow adversaries to inject arbitrary code into running applications. Second, we model the problem of finding an optimal strategy for applying remote attestation as a Stackelberg security game between a defender and an adversary. We characterize the defender's optimal attestation strategy in a variety of special cases. Finally, building on experimental results from our testbed, we evaluate our model and show that optimal strategic attestation can lead to significantly lower losses than naive baseline strategies.
Paper
Adversarial Reconnaissance Mitigation and Modeling
Adversarial reconnaissance is a crucial step in sophisticated cyber-attacks as it enables threat actors to find the weakest points of otherwise well-defended systems. To thwart reconnaissance, defenders can employ cyber deception techniques, such as deploying honeypots. In recent years, researchers have made great strides in developing game-theoretic models to find optimal deception strategies. However, most of these game-theoretic models build on relatively simple models of adversarial reconnaissance -- even though reconnaissance should be a focus point as the very purpose of deception is to thwart reconnaissance. In this paper, we first discuss effective cyber reconnaissance mitigation techniques including deception strategies and beyond. Then we provide a review of the literature on deception games from the perspective of modeling adversarial reconnaissance, highlighting key aspects of reconnaissance that have not been adequately captured in prior work. We then describe a probability-theory based model of the adversaries' belief formation and illustrate using numerical examples that this model can capture key aspects of adversarial reconnaissance. We believe that our review and belief model can serve as a stepping stone for developing more realistic and practical deception games.
Paper
SoK: The MITRE ATT&CK Framework in Research and Practice
The MITRE ATT&CK framework, a comprehensive knowledge base of adversary tactics and techniques, has been widely adopted by the cybersecurity industry as well as by academic researchers. Its broad range of industry applications include threat intelligence, threat detection, and incident response, some of which go beyond what it was originally designed for. Despite its popularity, there is a lack of a systematic review of the applications and the research on ATT&CK. This systematization of work aims to fill this gap. To this end, it introduces the first taxonomic systematization of the research literature on ATT&CK, studies its degree of usefulness in different applications, and identifies important gaps and discrepancies in the literature to identify key directions for future work. The results of this work provide valuable insights for academics and practitioners alike, highlighting the need for more research on the practical implementation and evaluation of ATT&CK.
Paper
Survey and Taxonomy of Adversarial Reconnaissance Techniques
Adversaries are often able to penetrate networks and compromise systems by exploiting vulnerabilities in people and systems. The key to the success of these attacks is information that adversaries collect throughout the phases of the cyber kill chain. We summarize and analyze the methods, tactics, and tools that adversaries use to conduct reconnaissance activities throughout the attack process. First, we discuss what types of information adversaries seek, and how and when they can obtain this information. Then, we provide a taxonomy and detailed overview of adversarial reconnaissance techniques. The taxonomy introduces a categorization of reconnaissance techniques based on the source as third-party, human-, and system-based information gathering. This paper provides a comprehensive view of adversarial reconnaissance that can help in understanding and modeling this complex but vital aspect of cyber attacks as well as insights that can improve defensive strategies, such as cyber deception.
Paper
Smart Contract Development from the Perspective of Developers: Topics and Issues Discussed on Social Media
Blockchain-based platforms are emerging as a transformative technology that can provide reliability, integrity, and auditability without trusted entities. One of the key features of these platforms is the trustworthy decentralized execution of general-purpose computation in the form of smart contracts, which are envisioned to have a wide range of applications. As a result, a rapidly growing and active community of smart-contract developers has emerged in recent years. A number of research efforts have investigated the technological challenges that these developers face, introducing a variety of tools, languages, and frameworks for smart-contract development, focusing on security. However, relatively little is known about the community itself, about the developers, and about the issues that they face and discuss. To address this gap, we study smart-contract developers and their discussions on two social media sites, Stack Exchange and Medium. We provide insight into the trends and key topics of these discussions, into the developers' interest in various security issues and security tools, and into the developers' technological background.
Paper