Web Caching Security 2022 - Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.

The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.

Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.

Science of Security 2022 - In order to overcome new business changes that bring new security threats and challenges to many Industrial Internet of Things (IIoT) fields such as smart grids, smart factories, and smart transportation, the paper proposed the architecture of the industrial Internet of Things system, and analyzed the security threats of the industrial Internet of Things system. Combining various attack methods, targeted security protection strategies for the perception layer, network layer, platform layer and application layer are designed. The results show that the security protection strategy can effectively meet the security protection requirements of IIoT systems.

Science of Security 2022 - To prevent all sorts of attacks, the technology of security service function chains (SFC) is proposed in recent years, it becomes an attractive research highlights. Dynamic orchestration algorithm can create SFC according to the resource usage of network security functions. The current research on creating SFC focuses on a single domain. However in reality the large and complex networks are divided into security domains according to different security levels and managed separately. Therefore, we propose a cross-security domain dynamic orchestration algorithm to create SFC for network security functions based on ant colony algorithm(ACO) and consider load balancing, shortest path and minimum delay as optimization objectives. We establish a network security architecture based on the proposed algorithm, which is suitable for the industrial vertical scenarios, solves the deployment problem of the dynamic orchestration algorithm. Simulation results verify that our algorithm achieves the goal of creating SFC across security domains and demonstrate its performance in creating service function chains to resolve abnormal traffic flows.

Science of Security 2022 - As a new industry integrated by computing, communication, networking, electronics, and automation technology, the Internet of Vehicles (IoV) has been widely concerned and highly valued at home and abroad. With the rapid growth of the number of intelligent connected vehicles, the data security risks of the IoV have become increasingly prominent, and various attacks on data security emerge in an endless stream. This paper firstly introduces the latest progress on the data security policies, regulations, standards, technical routes in major countries and regions, and international standardization organizations. Secondly, the characteristics of the IoV data are comprehensively analyzed in terms of quantity, standard, timeliness, type, and cross-border transmission. Based on the characteristics, this paper elaborates the security risks such as privacy data disclosure, inadequate access control, lack of identity authentication, transmission design defects, cross-border flow security risks, excessive collection and abuse, source identification, and blame determination. And finally, we put forward the measures and suggestions for the security development of IoV data in China.

Science of Security 2022 - Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29\% of students’ solutions do not seem suitable for real-world implementation, 76.9\% of the developed solutions showed a sufficient degree of creativity.

Science of Security 2022 - With the proposal of the major strategy of "network power" and the establishment of the first level discipline of "Cyberspace security", the training of Cyberspace security talents in China has entered a period of strategic development. Firstly, this paper defines the concept of postgraduate education quality, and analyzes the characteristics of postgraduate education and its quality guarantee of Cyberspace security specialty, especially expounds the difference with information security major. Then, on the basis of introducing the concept of comprehensive quality, this paper expounds the feasibility and necessity of establishing the quality guarantee system of Cyberspace security postgraduate education based on comprehensive view under the background of new engineering. Finally, the idea of total quality management is applied to the training process of postgraduate in Cyberspace security. Starting from the four aspects of establishing a standard system, optimizing the responsibility team, innovating the evaluation mechanism and creating a cultural environment, the framework of quality guarantee system for the training of postgraduate in Cyberspace security based on a comprehensive view is constructed.

Science of Security 2022 - This paper introduces the principle of public security electronic fence, analyzes the current situation and future demand of public security electronic fence application in policing, and points out the problems in equipment deployment. A public security electronic fence deployment method based on an improved artificial immunity algorithm is proposed for the above scenario, and specific solutions are given for model establishment, parameter settings, and other problems. Finally, an arithmetic analysis of the simulated scenario is carried out, and the results show that the results of using the improved immune algorithm to solve the public security electronic fence deployment problem are very reasonable and reliable, and have wide reference and promotion significance.

Science of Security 2022 - In this paper, the reader s attention is directed to the problem of inefficiency of the add-on information security tools, that are installed in operating systems, including virtualization systems. The paper shows the disadvantages, that significantly affect the maintenance of an adequate level of security in the operating system. The results allowing to control all areas hierarchical of protection of the specialized operating system are presented.

Science of Security 2022 - To improve the quality of network security service, the physical device service mode in traditional security service is improved, and the NFV network security service system is constructed by combining software defined networking (SDN) and network function virtualization technology (NFV). Where, network service is provided in the form of security service chain, and Web security scan service is taken as the task, finally the implementation and verification of the system are carried out. The test result shows that the security service system based on NFV can balance the load between the security network service devices in the Web security scan, which proves that the network security system based on software defined security and NFV technology can meet certain service requirements, and lays the research foundation for the improvement of the subsequent user network security service.

Science of Security 2022 - At present, production and daily life increasingly rely on the Internet of Things, and the network security problem of the Internet of Things is becoming increasingly prominent. Therefore, it is extremely important to ensure the network security of the Internet of Things through various technical means. The security of IoT terminal access behavior is an important part of IoT network security, so it is an important research object in the field of network security. In order to increase the security of IoT terminal access, a security evaluation model based on zero trust is proposed. After the simulation performance test of the model, it is found that the model shows excellent detection ability of malicious access behavior and system stability in different network environments. Under the premise that some network nodes are infected, the model proposed in the study still shows a significantly higher ratio of trusted nodes than other algorithms, The research results show that the model can improve the security level of the Internet of Things network to a certain extent.

Science of Security 2022 - Web application security testing is vital for preventing any security flaws in the design of web applications. A major challenge in web security testing is the continuous change and evolution of web design tools and modules. As such, most open source tools may not be up to date with catching up with recent technologies. In this paper, we reported our effort and experience testing our recently developed website (https://mysmartsa.com/). We utilized and reported vulnerabilities from several open-source security testing tools. We also reported efforts to debug and fix those security issues throughout the development process.

Quantum Computing Security 2022 - Emerging quantum algorithms that process data require that classical input data be represented as a quantum state. These data-processing algorithms often follow the gate model of quantum computing—which requires qubits to be initialized to a basis state, typically \textbar0 —and thus often employ state generation circuits to transform the initialized basis state to a data-representation state. There are many ways to encode classical data in a qubit, and the oft-applied approach of basis encoding does not allow optimization to the extent that other variants do. In this work, we thus consider automatic synthesis of addressable, quantum read-only memory (QROM) circuits, which act as data-encoding state-generation circuits. We investigate three data encoding approaches, one of which we introduce to provide improved dynamic range and precision. We present experimental results that compare these encoding methods for QROM synthesis to better understand the implications of and applications for each.

Quantum Computing Security 2022 - As the development of quantum computing hardware is on the rise, its potential application to various research areas has been investigated, including to machine learning. Recently, there have been several initiatives to expand the work to quantum federated learning (QFL). However, challenges arise due to the fact that quantum computation poses different characteristics from classical computation, giving an even more challenge for a federated setting. In this paper, we present a highlevel overview of the current state of research in QFL. Furthermore, we also describe in brief about quantum computation and discuss its present limitations in relation to QFL development. Additionally, possible approaches to deploy QFL are explored. Lastly, remarks and challenges of QFL are also presented.

Quantum Computing Security 2022 - Quantum kernels map data to higher dimensions for classification and have been shown to have an advantage over classical methods. In our work, we generalize recent results in binary quantum kernels to multivalued logic by using higher dimensional entanglement to create a qudit memory and show that the use of qudits offers advantages in terms of quantum memory representation as well as enhanced resolution in the outcome of the kernel calculation. Our method is not only capable of finding the kernel inner product of higher dimensional data but can also efficiently and concurrently compute multiple instances of quantum kernel computations in linear time. We discuss how this method increases efficiency and resolution for various distance-based classifiers that require large datasets when accomplished with higher-dimensioned quantum data encodings. We provide experimental results of our qudit kernel calculations with different data encoding methods through the use of a higher-dimensioned quantum computation simulator.

Quantum Computing Security 2022 - Recent advances in quantum computing have highlighted the vulnerabilities in contemporary RSA encryption. Shor’s approach for factoring numbers is becoming more tractable as quantum computing advances. This jeopardizes the security of any cryptographic system that is based on the complexity of factorisation. Many other crypto-systems based on theories like Elliptic Curve Cryptography are also vulnerable. To keep a cryptographic system safe against a quantum adversary, we must develop approaches based on a hard mathematical problem that is not vulnerable to quantum computer attacks, and we must develop Post Quantum Cryptography (PQC). One potential option is the use of lattices in a system called ring Learning with Errors (rLWE). Several techniques for postquantum encryption have been submitted to NIST. This paper studies the different speeds of different lattice-based protocols.

Quantum Computing Security 2022 - Cloud computing has turned into an important technology of our time. It has drawn attention due to its, availability, dynamicity, elasticity and pay as per use pricing mechanism this made multiple organizations to shift onto the cloud platform. It leverages the cloud to reduce administrative and backup overhead. Cloud computing offers a lot of versatility. Quantum technology, on the other hand, advances at a breakneck pace. Experts anticipate a positive outcome and predict that within the next decade, powerful quantum computers will be available. This has and will have a substantial impact on various sciences streams such as cryptography, medical research, and much more. Sourcing applications for business and informational data to the cloud, presents privacy and security concerns, which have become crucial in cloud installation and services adoption. To address the current security weaknesses, researchers and impacted organizations have offered several security techniques in the literature. The literature also gives a thorough examination of cloud computing security and privacy concerns.

Quantum Computing Security 2022 - With the continuous development of Internet of Things (IoT) technology, information and communication technology is also progressing rapidly, among which quantum computer secrecy communication scheme is a new type of cryptographic lock system. It uses both traditional security software encryption algorithms and classical cryptographic systems to achieve a series of operations such as secret storage, transmission and restoration of data. This paper introduces the principle of quantum key distribution and its applications from the physical level; then analyses its security problems and the corresponding research status and proposes improvement methods and measures; finally, with the goal of "bit-based computing information security", a new type of secure communication scheme is designed.

Quantum Computing Security 2022 - Quantum computing is a swiftly blooming technology that straps up the process of quantum mechanics to solve problems too complex for conventional computers. Quantum Cryptography applies algorithms to encrypt messages that it is never read by anyone outside of the unauthorized recipient. Using Quantum mechanics, for secure communication, we have to follow either a superposition or entanglement algorithm. When compared to superposition, entanglement algorithms are providing more security. Why because it is difficult for intruders to identify how the qubits maintain the relationship. In the existing system, Quantum Key Distribution for short distances has already implemented its even commercially available using entanglement algorithm (Artur Ekert E91 Protocol). In the proposed system, quantum communication over very long distances. In this paper, using Quantum entanglement; the keys are exchanged securely and identify eavesdropping in the communication channel.

Quantum Computing Security 2022 - We propose a new paradigm for security of quantum protocols. Instead of making one, powerful, difficult to check assumption about the system, we make a few, which are easy to verify or otherwise justify. This enables us to combine very high security levels with relatively low hardware complexity. We present a self-testing quantum random number generator that demonstrates the usefulness of our paradigm. We describe this device, prove its security against active attacks, backdoors and malfunctions and analyze its efficiency.

Quantum Computing Security 2022 - At present, the mature application of computer network and digitized information are increasingly popular, people s ability to crack encryption algorithms, and the traditional key system cannot guarantee the absolute security of the information system. This paper, on the data encryption of big data, data integrity and data disaster backup technology and quantum communication security of quantum key distribution, direct communication and quantum secret security sharing technology, proposed a quantum security computing route model based on the management condition of data authentication center. Based on the route model, this paper studies the image encryption technology of the linear model of quantum security computing from different technical perspectives to ensure the security of image information.

Quantum Computing Security 2022 - Geospatial fog computing system offers various benefits as a platform for geospatial computing services closer to the end users, including very low latency, good mobility, precise position awareness, and widespread distribution. In recent years, it has grown quickly. Fog nodes’ security is susceptible to a number of assaults, including denial of service and resource abuse, because to their widespread distribution, complex network environments, and restricted resource availability. This paper proposes a Quantum Key Distribution (QKD)-based geospatial quantum fog computing environment that offers a symmetric secret key negotiation protocol that can preserve informationtheoretic security. In QKD, after being negotiated between any two fog nodes, the secret keys can be given to several users in various locations to maintain forward secrecy and long-term protection. The new geospatial quantum fog computing environment proposed in this work is able to successfully withstand a variety of fog computing assaults and enhances information security.

QR Codes 2022 - For any robot, animal, or social animal to learn, understand, and respond appropriately, visual perception is the most critical capacity. This paper presents an example of computer vision-based research written in the Python programming language which employs libraries like OpenCV and NumPy. To navigate a robot on its own USB 2.0 highdefinition camera mounted on robot captures the video stream in the operating area. Identification and decoding of QR code from the visible environment of camera using the image processing and QR code detection algorithm. Tracking of QR code is done using the Kalman filter. The robot will function according to the decision taken by program logic developed in minicomputer depending on data input from the camera.