Catálogo de publicaciones - revistas

<jats:p>Cyber risk management largely reduces to a race for information between defenders of ICT systems and attackers. Defenders can gain advantage in this race by sharing cyber risk information with each other. Yet, they often exchange less information than is socially desirable, because sharing decisions are guided by selfish rather than altruistic reasons. A growing line of research studies these strategic aspects that drive defenders’ sharing decisions. The present survey systematizes these works in a novel framework. It provides a consolidated understanding of defenders’ strategies to privately or publicly share information and enables us to distill trends in the literature and identify future research directions. We reveal that many theoretical works assume cyber risk information sharing to be beneficial, while empirical validations are often missing.</jats:p>

<jats:p>JavaScript has become one of the most prevalent programming languages. Unfortunately, some of the unique properties that contribute to this popularity also make JavaScript programs prone to errors and difficult for program analyses to reason about. These properties include the highly dynamic nature of the language, a set of unusual language features, a lack of encapsulation mechanisms, and the “no crash” philosophy. This article surveys dynamic program analysis and test generation techniques for JavaScript targeted at improving the correctness, reliability, performance, security, and privacy of JavaScript-based software.</jats:p>

<jats:p>To program parallel systems efficiently and easily, a wide range of programming models have been proposed, each with different choices concerning synchronization and communication between parallel entities. Among them, the actor model is based on loosely coupled parallel entities that communicate by means of asynchronous messages and mailboxes. Some actor languages provide a strong integration with object-oriented concepts; these are often called active object languages. This article reviews four major actor and active object languages and compares them according to carefully chosen dimensions that cover central aspects of the programming paradigms and their implementation.</jats:p>

<jats:p>Automated Vehicle Classification (AVC) based on vision sensors has received active attention from researchers, due to heightened security concerns in Intelligent Transportation Systems. In this work, we propose a categorization of AVC studies based on the granularity of classification, namely Vehicle Type Recognition, Vehicle Make Recognition, and Vehicle Make and Model Recognition. For each category of AVC systems, we present a comprehensive review and comparison of features extraction, global representation, and classification techniques. We also present the accuracy and speed-related performance metrics and discuss how they can be used to compare and evaluate different AVC works. The various datasets proposed over the years for AVC are also compared in light of the real-world challenges they represent, and those they do not. The major challenges involved in each category of AVC systems are presented, highlighting open problems in this area of research. Finally, we conclude by providing future directions of research in this area, paving the way toward efficient large-scale AVC systems. This survey shall help researchers interested in the area to analyze works completed so far in each category of AVC, focusing on techniques proposed for each module, and to chalk out strategies to enhance state-of-the-art technology.</jats:p>

<jats:p> We survey foundational features underlying modern graph query languages. We first discuss two popular graph data models: <jats:italic>edge-labelled graphs</jats:italic> , where nodes are connected by directed, labelled edges, and <jats:italic>property graphs</jats:italic> , where nodes and edges can further have attributes. Next we discuss the two most fundamental graph querying functionalities: <jats:italic>graph patterns</jats:italic> and <jats:italic>navigational expressions</jats:italic> . We start with graph patterns, in which a graph-structured query is matched against the data. Thereafter, we discuss navigational expressions, in which patterns can be matched recursively against the graph to navigate paths of arbitrary length; we give an overview of what kinds of expressions have been proposed and how they can be combined with graph patterns. We also discuss several semantics under which queries using the previous features can be evaluated, what effects the selection of features and semantics has on complexity, and offer examples of such features in three modern languages that are used to query graphs: SPARQL, Cypher, and Gremlin. We conclude by discussing the importance of formalisation for graph query languages; a summary of what is known about SPARQL, Cypher, and Gremlin in terms of expressivity and complexity; and an outline of possible future directions for the area. </jats:p>

<jats:p>Since the boom in new proposals on techniques for efficient querying of XML data is now over and the research world has shifted its attention toward new types of data formats, we believe that it is crucial to review what has been done in the area to help users choose an appropriate strategy and scientists exploit the contributions in new areas of data processing. The aim of this work is to provide a comprehensive study of the state-of-the-art of approaches for the structural querying of XML data. In particular, we start with a description of labeling schemas to capture the structure of the data and the respective storage strategies. Then we deal with the key part of every XML query processing: a twig query join, XML query algebras, optimizations of query plans, and selectivity estimation of XML queries. To the best of our knowledge, this is the first work that provides such a detailed description of XML query processing techniques that are related to structural aspects and that contains information about their theoretical and practical features as well as about their mutual compatibility and general usability.</jats:p>

<jats:p> The aim of this article is to provide an understanding of social networks as a useful addition to the standard toolbox of techniques used by system designers. To this end, we give examples of how data about social links have been collected and used in different application contexts. We develop a broad taxonomy-based overview of common properties of social networks, review how they might be used in different applications, and point out potential pitfalls where appropriate. We propose a framework, distinguishing between two main types of social network-based user selection— <jats:italic>personalised</jats:italic> user selection, which identifies target users who may be relevant for a given source node, using the social network around the source as a context, and <jats:italic>generic</jats:italic> user selection or group delimitation, which filters for a set of users who satisfy a set of application requirements based on their social properties. Using this framework, we survey applications of social networks in three typical kinds of application scenarios: recommender systems, content-sharing systems (e.g., P2P or video streaming), and systems that defend against users who abuse the system (e.g., spam or sybil attacks). In each case, we discuss potential directions for future research that involve using social network properties. </jats:p>

<jats:p>A pivotal cause for the boom of Mobile Agent paradigm relies on the competence to ward off security attacks. This article surveys the prevalent attacks on the mobile agents and the agent platforms; the existing countermeasures and their curbs, catering threefold benefaction: First, to acquaint the researchers with numerous security requirements and the objectives. Second, to analyze the different detection and prevention mechanisms mitigating the security bottlenecks in Mobile Agents System. Third, to address the future security challenges. In a nutshell, this survey hands over a key to researchers who primarily target the security concerns of the mobile agent-based applications.</jats:p>

<jats:p>Modeling and predicting player behavior is of the utmost importance in developing games. Experience has proven that, while theory-driven approaches are able to comprehend and justify a model's choices, such models frequently fail to encompass necessary features because of a lack of insight of the model builders. In contrast, data-driven approaches rely much less on expertise, and thus offer certain potential advantages. Hence, this study conducts a systematic review of the extant research on data-driven approaches to game player modeling. To this end, we have assessed experimental studies of such approaches over a nine-year period, from 2008 to 2016; this survey yielded 46 research studies of significance. We found that these studies pertained to three main areas of focus concerning the uses of data-driven approaches in game player modeling. One research area involved the objectives of data-driven approaches in game player modeling: behavior modeling and goal recognition. Another concerned methods: classification, clustering, regression, and evolutionary algorithm. The third was comprised of the current challenges and promising research directions for data-driven approaches in game player modeling.</jats:p>

<jats:p>Authenticated encryption (AE) has been a vital operation in cryptography due to its ability to provide confidentiality, integrity, and authenticity at the same time. Its use has soared in parallel with widespread use of the internet and has led to several new schemes. There have been studies investigating software performance of various schemes. However, the same is yet to be done for hardware. We present a comprehensive survey of hardware (specifically ASIC) performance of the most commonly used AE schemes in the literature. These schemes include encrypt-then-MAC combination, block-cipher-based AE modes, and the recently introduced permutation-based AE scheme. For completeness, we implemented each scheme with various standardized block ciphers and/or hash algorithms, and their lightweight versions. Our evaluation targets minimizing the time-area product while maximizing the throughput on an ASIC platform. We used 45nm NANGATE Open Cell Library for syntheses. We present area, speed, time-area product, throughput, and power figures for both standard and lightweight versions of each scheme. We also provide an unbiased discussion on the impact of the structure and complexity of each scheme on hardware implementation. Our results reveal 13%--30% performance boost in permutation-based AE compared to conventional schemes, and they can be used as a benchmark in the ongoing AE competition CAESAR.</jats:p>