Secure IT Systems by Matulevičius, Raimundas; Kamm, Liina; Iqbal, Mubashar;

Hosszú leírás:

"

This book constitutes the refereed proceedings of the 30th Nordic Conference on Secure IT Systems, NordSec 2025, held in Tartu, Estonia, during November 12-13, 2025.

The 29 full papers included in this book were carefully reviewed and selected from 89 submissions. They were organized in topical sections as follows: Cryptography; Artificial Intelligence and Software Security; Network and Communication Security; System and Hardware Security; Threat Analysis; Access Control and Policy Management; Usable Security and Societal Resilience; and Obfuscation.

Tartalomjegyzék:

.- Cryptography.

.- DDH-Based Schemes for Multi-Party Function Secret Sharing.

.- Integrating PQC in OpenSSL via Shallow Providers for Cryptographic Agility.

.- Attacking an RSA-like Cryptosystem Using Continued Fractions and Lattices.

.- A Comparative Software Benchmark of Lightweight Hash Functions on 8-bit AVR Using ChipWhisperer.

.- A New Optimized Implementation of SMAUG-T for Lightweight Devices.

.- Exploiting Quantum Point-to-Point Protocol (Q3P) for Denial-of- Service (DoS) Attacks.

.- Artificial Intelligence and Software Security.

.- OHRA: Dynamic Multi-Protocol LLM-Based Cyber Deception.

.- Targeted AI-Based Password Guessing Leveraging Email-Derived User Attributes.

.- On the Security and Privacy of AI-based Mobile Health Chatbots.

.- Fairness Under Noise: How Di!erential Privacy A!ects Bias in GANs-Generated Data.

.- GadgetBuilder: An Overhaul of the Greatest Java Deserialization Exploitation Tool.

.- Software Supply Chain Security: Can We Beat the Kill-Chain? A Case Study on the XZ Backdoor.

.- Network and Communication Security.

.- MP-LFM: Breaking Subscriber Privacy (even more) by Exploiting Linkability in 5G AKA.

.- Mitigating Tra”c Analysis Attacks While Maintaining On-Path Network Observability.

.- Privacy and Security of DNS Resolvers used in the Nordics and Baltics.

.- System and Hardware Security.

.- WireTrust: A TrustZone-Based Non-Bypassable VPN Tunnel.

.- Timing Interference in Multi-Core RISC-V Systems: Security Risks and Mitigations.

.- A Walk Down Memory Lane: Timing Analysis of Load and Store Instructions on ARM Cortex-M3 Devices.

.- Threat Analysis.

.- An Empirical Evaluation of Intrusion Detection Systems Based on System Calls.

.- Dissecting Mirai: Spatio-Sequential Analysis and Restoration Strategies Using MITRE ATT&CK and D3FEND.

.- Graph Reduction to Attack Trees for (Unobservable) Target Analysis.

.- Access Control and Policy Management.

.- Threshold Trust Logic.

.- Mining Attribute-Based Access Control Policies via Categorisation.

.- Multi-entity Control-Based Risk Assessment: A European Digital Identity Wallet Use Case.

.- Usable Security and Societal Resilience.

.- From Perception to Protection: A Mental Model-Based Framework for Capturing Usable Security and Privacy Requirements.

.- Understanding APT Defense Through Expert Eyes: A Critical Exploration of Perceived Needs and Gaps.

.- Foreign Disinformation on Swedish Facebook: A Mixed-Methods Thematic Analysis of Manipulative Narratives and Societal Resilience.

.- Obfuscation.

.- Key-Gated Generative Obfuscation for Embedded Strings.

.- Bugfuscation.