Catálogo de publicaciones - revistas

<jats:p>Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It generates a large number of test cases and monitors the executions for defects. Fuzzing has detected thousands of bugs and vulnerabilities in various applications. Although effective, there lacks systematic analysis of gaps faced by fuzzing. As a technique of defect detection, fuzzing is required to narrow down the gaps between the entire input space and the defect space. Without limitation on the generated inputs, the input space is infinite. However, defects are sparse in an application, which indicates that the defect space is much smaller than the entire input space. Besides, because fuzzing generates numerous test cases to repeatedly examine targets, it requires fuzzing to perform in an automatic manner. Due to the complexity of applications and defects, it is challenging to automatize the execution of diverse applications. In this paper, we systematically review and analyze the gaps as well as their solutions, considering both breadth and depth. This survey can be a roadmap for both beginners and advanced developers to better understand fuzzing.</jats:p>

<jats:p>Hardware verification of modern electronic systems has been identified as a major bottleneck due to the increasing complexity and time-to-market constraints. One of the major objectives in hardware verification is to drastically reduce the validation and debug time without sacrificing the design quality. Assertion-based verification is a promising avenue for efficient hardware validation and debug. In this paper, we provide a comprehensive survey of recent progress in assertion-based hardware verification. Specifically, we outline how to define assertions using temporal logic to specify expected behaviors in different abstraction levels. Next, we describe state-of-the art approaches for automated generation of assertions. We also discuss test generation techniques for activating assertions to ensure that the generated assertions are valid. Finally, we present both pre-silicon and post-silicon assertion-based validation approaches that utilize simulation, formal methods as well as hybrid techniques. We conclude with a discussion on utilizing assertions for verifying both functional and non-functional requirements.</jats:p>

<jats:p>The standard measure for the quality of online algorithms is the competitive ratio. This measure is generally applicable, and for some problems it works well, but for others it fails to distinguish between algorithms that have very different performance. Thus, ever since its introduction, researchers have worked on improving the measure, defining variants, or defining measures based on other concepts to improve on the situation. Relative worst-order analysis (RWOA) is one of the most thoroughly tested such proposals. With RWOA, many separations of algorithms not obtainable with competitive analysis have been found.</jats:p> <jats:p>In RWOA, two algorithms are compared directly, rather than indirectly as is done in competitive analysis, where both algorithms are compared separately to an optimal offline algorithm. If, up to permutations of the request sequences, one algorithm is always at least as good and sometimes better than another, then the first algorithm is deemed the better algorithm by RWOA.</jats:p> <jats:p>We survey the most important results obtained with this technique and compare it with other quality measures. The survey includes a quite complete set of references.</jats:p>

<jats:p>The ocean is a huge saltwater body that is different from terrestrial environments in terms of deployment circumstance, weather conditions, and user distributions. Therefore, it is difficult to apply terrestrial networking technologies directly in oceans. The cost-effectiveness of satellites is still an issue to be addressed to increase their popularity due to their high cost in construction, launching, and maintenance and high deployment risks. Such situations stimulate many research efforts on networking technologies in the ocean space consisting of coastline, water surface, sky, and underwater. This article conducts a comprehensive survey on the related issues through reviewing the networking environments and communication networks already operating in the ocean space as well as ongoing R8D activities and results reported in the literature. These systems include coastal networks, water surface networks, sky networks, and underwater networks, which are reviewed and discussed along with summaries on the related topics and research issues necessary for further studies. This article, taking into account maritime communication networks and underwater networking together, aims to provide the reader with an overview on the state of the art and corresponding challenging issues for networking in the ocean space.</jats:p>

<jats:p>Wireless Body Area Networks (WBANs) constitute an emerging technology in the field of health care that makes health monitoring possible from one’s home itself. WBANs open many challenges by placing sensors on/inside human bodies for collecting various health-related information. Unlike traditional Wireless Sensor Networks (WSNs), communication in WBANs suffers from high channel fading and attenuation due to human body fat. Therefore, relay-based communication with data forwarding techniques is used to handle link failures and poor network connectivity. Accordingly, in this survey article, we present a comprehensive study of relay-based communication mechanisms in WBANs. We begin with a brief look at the multi-tiered architecture of WBANs, how direct communication works, and how relay-based communication is different. Subsequently, we present a detailed review of relay node selection approaches, which, in turn, also affects how a WBAN performs. In this context, we also look at the unique quality of service (QoS) demands of WBANs and how they can be assured.</jats:p>

<jats:p>Brain-Computer Interfaces (BCIs) have significantly improved the patients’ quality of life by restoring damaged hearing, sight, and movement capabilities. After evolving their application scenarios, the current trend of BCI is to enable new innovative brain-to-brain and brain-to-the-Internet communication paradigms. This technological advancement generates opportunities for attackers, since users’ personal information and physical integrity could be under tremendous risk. This work presents the existing versions of the BCI life-cycle and homogenizes them in a new approach that overcomes current limitations. After that, we offer a qualitative characterization of the security attacks affecting each phase of the BCI cycle to analyze their impacts and countermeasures documented in the literature. Finally, we reflect on lessons learned, highlighting research trends and future challenges concerning security on BCIs.</jats:p>

<jats:p>System emulation and firmware re-hosting have become popular techniques to answer various security and performance related questions, such as determining whether a firmware contain security vulnerabilities or meet timing requirements when run on a specific hardware platform. While this motivation for emulation and binary analysis has previously been explored and reported, starting to either work or research in the field is difficult. To this end, we provide a comprehensive guide for the practitioner or system emulation researcher. We layout common challenges faced during firmware re-hosting, explaining successive steps and surveying common tools used to overcome these challenges. We provide classification techniques on five different axes, including emulator methods, system type, fidelity, emulator purpose, and control. These classifications and comparison criteria enable the practitioner to determine the appropriate tool for emulation. We use our classifications to categorize popular works in the field and present 28 common challenges faced when creating, emulating, and analyzing a system from obtaining firmwares to post emulation analysis.</jats:p>

<jats:p>Location-based services (LBSs) provide enhanced functionality and convenience of ubiquitous computing, but they open up new vulnerabilities that can be utilized to violate the users’ privacy. The leakage of private location data in the LBS context has drawn significant attention from academics and industry due to its importance, leading to numerous research efforts aiming to confront the related challenges. However, to the best of our knowledge, none of relevant studies have performed a qualitative and quantitative comparison and analysis of the complex topic of designing countermeasures and discussed the viability of their use with different kinds of services and the potential elements that could be deployed to meet new challenges. Accordingly, the purpose of this survey is to examine the privacy-preserving techniques in LBSs. We categorize and provide an inside-out review of the existing techniques. Performing a retrospective analysis of several typical studies in each category, we summarize their basic principles and recent advances. Additionally, we highlight the use of privacy-preserving techniques in LBSs for enabling new research opportunities. Providing an up-to-date and comprehensive overview of existing studies, this survey may further stimulate new research efforts into this promising field.</jats:p>

<jats:p>In recent years, mobile devices have gained increasing development with stronger computation capability and larger storage space. Some of the computation-intensive machine learning tasks can now be run on mobile devices. To exploit the resources available on mobile devices and preserve personal privacy, the concept of client-based machine learning has been proposed. It leverages the users’ local hardware and local data to solve machine learning sub-problems on mobile devices and only uploads computation results rather than the original data for the optimization of the global model. Such an architecture can not only relieve computation and storage burdens on servers but also protect the users’ sensitive information. Another benefit is the bandwidth reduction because various kinds of local data can be involved in the training process without being uploaded. In this article, we provide a literature review on the progressive development of machine learning from server based to client based. We revisit a number of widely used server-based and client-based machine learning methods and applications. We also extensively discuss the challenges and future directions in this area. We believe that this survey will give a clear overview of client-based machine learning and provide guidelines on applying client-based machine learning to practice.</jats:p>

<jats:p>Key generation is a promising technique to bootstrap secure communications for the Internet of Things devices that have no prior knowledge between each other. In the past few years, a variety of key generation protocols and systems have been proposed. In this survey, we review and categorise recent key generation systems based on a novel taxonomy. Then, we provide both quantitative and qualitative comparisons of existing approaches. We also discuss the security vulnerabilities of key generation schemes and possible countermeasures. Finally, we discuss the current challenges and point out several potential research directions.</jats:p>