Catálogo de publicaciones - revistas

<jats:p>Information flow tracking was proposed more than 40 years ago to address the limitations of access control mechanisms to guarantee the confidentiality and integrity of information flowing within a system, but has not yet been widely applied in practice for security solutions. Here, we survey and systematize literature on dynamic information flow tracking (DIFT) to discover challenges and opportunities to make it practical and effective for security solutions. We focus on common knowledge in the literature and lingering research gaps from two dimensions— (i) the layer of abstraction where DIFT is implemented (software, software/hardware, or hardware) and (ii) the security goal (confidentiality and/or integrity). We observe that two major limitations hinder the practical application of DIFT for on-the-fly security applications: (i) high implementation overhead and (ii) incomplete information flow tracking (low accuracy). We posit, after review of the literature, that addressing these major impedances via hardware parallelism can potentially unleash DIFT’s great potential for systems security, as it can allow security policies to be implemented in a built-in and standardized fashion. Furthermore, we provide recommendations for the next generation of practical and efficient DIFT systems with an eye towards hardware-supported implementations.</jats:p>

<jats:p>With the proliferation of social sensing, large amounts of observation are contributed by people or devices. However, these observations contain disinformation. Disinformation can propagate across online social networks at a relatively low cost, but result in a series of major problems in our society. In this survey, we provide a comprehensive overview of disinformation and truth discovery in social sensing under a unified perspective, including basic concepts and the taxonomy of existing methodologies. Furthermore, we summarize the mechanism of disinformation from four different perspectives (i.e., text only, text with image/multi-modal, text with propagation, and fusion models). In addition, we review existing solutions based on these requirements and compare their pros and cons and give a sort of guide to usage based on a detailed lesson learned. To facilitate future studies in this field, we summarize related publicly accessible real-world data sets and open source codes. Last but the most important, we emphasize potential future research topics and challenges in this domain through a deep analysis of most recent methods.</jats:p>

<jats:p>Understanding and optimizing memory usage of software applications is a difficult task, usually involving the analysis of large amounts of memory-related complex data. Over the years, numerous software visualizations have been proposed to help developers analyze the memory usage information of their programs.</jats:p> <jats:p>This article reports a systematic literature review of published works centered on software visualizations for analyzing the memory consumption of programs. We have systematically selected 46 articles and categorized them based on the tasks supported, data collected, visualization techniques, evaluations conducted, and prototype availability. As a result, we introduce a taxonomy based on these five dimensions to identify the main challenges of visualizing memory consumption and opportunities for improvement. Despite the effort to evaluate visualizations, we also find that most articles lack evidence regarding how these visualizations perform in practice. We also highlight that few articles are available for developers willing to adopt a visualization for memory consumption analysis. Additionally, we describe a number of research areas that are worth exploring.</jats:p>

<jats:p>Image representation is an important topic in computer vision and pattern recognition. It plays a fundamental role in a range of applications toward understanding visual contents. Moment-based image representation has been reported to be effective in satisfying the core conditions of semantic description due to its beneficial mathematical properties, especially geometric invariance and independence. This article presents a comprehensive survey of the orthogonal moments for image representation, covering recent advances in fast/accurate calculation, robustness/invariance optimization, definition extension, and application. We also create a software package for a variety of widely used orthogonal moments and evaluate such methods in a same base. The presented theory analysis, software implementation, and evaluation results can support the community, particularly in developing novel techniques and promoting real-world applications.</jats:p>

<jats:p>We study the fact-checking problem, which aims to identify the veracity of a given claim. Specifically, we focus on the task of Fact Extraction and VERification (FEVER) and its accompanied dataset. The task consists of the subtasks of retrieving the relevant documents (and sentences) from Wikipedia and validating whether the information in the documents supports or refutes a given claim. This task is essential and can be the building block of applications such as fake news detection and medical claim verification. In this article, we aim at a better understanding of the challenges of the task by presenting the literature in a structured and comprehensive way. We describe the proposed methods by analyzing the technical perspectives of the different approaches and discussing the performance results on the FEVER dataset, which is the most well-studied and formally structured dataset on the fact extraction and verification task. We also conduct the largest experimental study to date on identifying beneficial loss functions for the sentence retrieval component. Our analysis indicates that sampling negative sentences is important for improving the performance and decreasing the computational complexity. Finally, we describe open issues and future challenges, and we motivate future research in the task.</jats:p>

<jats:p>In the era of Industry 4.0, the Internet-of-Things (IoT) performs the driving position analogous to the initial industrial metamorphosis. IoT affords the potential to couple machine-to-machine intercommunication and real-time information-gathering within the industry domain. Hence, the enactment of IoT in the industry magnifies effective optimization, authority, and data-driven judgment. However, this field undergoes several interoperable issues, including large numbers of heterogeneous IoT gadgets, tools, software, sensing, and processing components, joining through the Internet, despite the deficiency of communication protocols and standards. Recently, various interoperable protocols, platforms, standards, and technologies are enhanced and altered according to the specifications of the applicability in industrial applications. However, there are no recent survey papers that primarily examine various interoperability issues that Industrial IoT (IIoT) faces. In this review, we investigate the conventional and recent developments of relevant state-of-the-art IIoT technologies, frameworks, and solutions for facilitating interoperability between different IIoT components. We also discuss several interoperable IIoT standards, protocols, and models for digitizing the industrial revolution. Finally, we conclude this survey with an inherent discussion of open challenges and directions for future research.</jats:p>

<jats:p>Malicious software (malware) is a major cyber threat that has to be tackled with Machine Learning (ML) techniques because millions of new malware examples are injected into cyberspace on a daily basis. However, ML is vulnerable to attacks known as adversarial examples. In this article, we survey and systematize the field of Adversarial Malware Detection (AMD) through the lens of a unified conceptual framework of assumptions, attacks, defenses, and security properties. This not only leads us to map attacks and defenses to partial order structures, but also allows us to clearly describe the attack-defense arms race in the AMD context. We draw a number of insights, including: knowing the defender’s feature set is critical to the success of transfer attacks; the effectiveness of practical evasion attacks largely depends on the attacker’s freedom in conducting manipulations in the problem space; knowing the attacker’s manipulation set is critical to the defender’s success; and the effectiveness of adversarial training depends on the defender’s capability in identifying the most powerful attack. We also discuss a number of future research directions.</jats:p>

<jats:p>Unmanned Aerial Vehicles (UAVs) are becoming one of the main technological supports for commercial applications, embracing many domains ranging from human safety to the medical field, agriculture and environment, multimedia production, and even commercial delivery. This rise in popularity, however, is causing an increasing interest from criminals, making UAVs the target of new attacks. To fully characterize the current UAV cybersecurity landscape, we perform a complete literature review, digging into drone security historic facts and scientific studies on the matter, reviewing specialized articles and scientific papers focusing on cybersecurity threats and gaps in the context of small UAVs in commercial applications. Being a recent research and development area, most of the articles have been published between 2016 and 2020 as a direct consequence of the increase of security concerns and interest in the drone field. Papers in this review deal with UAV cyberthreats and related vulnerabilities, identifying flaws experimented in a lab or describing incidents detected in the field. Communication, sensors, and system misconfigurations are among the most important threat vectors, while sensor spoofing/jamming and malware DoS/control are among the most cited threats. Threat vectors permit depicting a complete overview of the topic and potential countermeasures known to date, with related gap analysis, also accounting for the recent Unmanned Aircraft System evolution toward ad hoc or cloud-based UAV networks. Countermeasures include the adoption of traditional communication encryption and standard protocols, GPS spoofing/jamming mitigation, encryption and privacy-aware implementations, and counter-malware techniques, to name the most adopted. It also emerges that often attacks are simply ported or adapted from other attacks in similar domains, while peculiar attacks still remain such as targeted physical attacks, specific UAV malware, and GPS spoofing/jamming.</jats:p>

<jats:p> Many proximity-based tracing (PCT) protocols have been proposed and deployed to combat the spreading of COVID-19. In this article, we take a systematic approach to analyze PCT protocols. We identify a list of desired properties of a contact tracing design from the four aspects of Privacy, Utility, Resiliency, and Efficiency (PURE). We also identify two main design choices for PCT protocols: <jats:italic>what information patients report</jats:italic> to the server and <jats:italic>which party performs the matching</jats:italic> . These two choices determine most of the PURE properties and enable us to conduct a comprehensive analysis and comparison of the existing protocols. </jats:p>

<jats:p> As a subfield of machine learning, <jats:italic>reinforcement learning</jats:italic> (RL) aims at optimizing decision making by using interaction samples of an agent with its environment and the potentially delayed feedbacks. In contrast to traditional supervised learning that typically relies on one-shot, exhaustive, and supervised reward signals, RL tackles sequential decision-making problems with sampled, evaluative, and delayed feedbacks simultaneously. Such a distinctive feature makes RL techniques a suitable candidate for developing powerful solutions in various healthcare domains, where diagnosing decisions or treatment regimes are usually characterized by a prolonged period with delayed feedbacks. By first briefly examining theoretical foundations and key methods in RL research, this survey provides an extensive overview of RL applications in a variety of healthcare domains, ranging from dynamic treatment regimes in chronic diseases and critical care, automated medical diagnosis, and many other control or scheduling problems that have infiltrated every aspect of the healthcare system. In addition, we discuss the challenges and open issues in the current research and highlight some potential solutions and directions for future research. </jats:p>