Analysis of Security Requirements for Session-Oriented Cross Play Using X-box
|
|
Kim, Dong-woo
(Center for Information Security Technologies(CIST), Korea University)
Kang, Soo-young (Center for Information Security Technologies(CIST), Korea University) Kim, Seung-joo (Center for Information Security Technologies(CIST), Korea University) |
| 1 | Aaqib Iqbal Wani, "A Survey of Security Issues and Attacks in Cloud and their Possible Defenses," IJETER Vol. 5, Issue 12, December 2017. |
| 2 | LuisRodero-Merino, "Building safe PaaS clouds: A survey on security in multi tenant software platforms," Computers & Security, Vol 31, pp. 96-108, February 2012. DOI |
| 3 | Jeff Yan and Brian Randell, "An Investigation of Cheating in Online Games," IEEE Security & Privacy, vol. 7, pp. 37-44, May. 2009. DOI |
| 4 | Stephen Mohr and Syed Shawon Rahman, "IT Security Issues Within the Video Game Industry," Cryptography and Security, pp. 16, Nov. 2011. |
| 5 | Prandini, "Splitting the HTTPS stream to attack secure web connections," IEEE Securiry & Privacy, vol. 8, pp. 80-84, Nov. 2010 DOI |
| 6 | Collin jackson, "ForceHTTPS: protecting high-security web sites from network attacks," 17th International Conference on WWW, pp. 525-534, April. 2008 |
| 7 | Marin silic, Jakov Krolo and goran Delac, "Security vulnerabilities in modern web browser architecture," IEEE, MIPRO, 2010 Proceedings of the 33rd Inter national Convention, May. 2010. |
| 8 | Michael McIntosh, "XML signature element wrapping attacks and countermeasures," 2005 workshop on Secure web services, pp. 20-27, Nov. 2005. |
| 9 | A. Kieyzun, P. J. Guo, K. Jayaraman, and M. D. Ernst. "Automatic creation of SQL injection and cross-site scripting attacks", IEEE, pp. 16-24, May. 2009. |
| 10 | Chonka, "Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks," vol. 34, pp. 1097-1107, July 2011. DOI |
| 11 | Thangavel, Nithya S and Sindhuja R, "DoS Attacks Over Cloud Environment: A Literature Survey," in Advancing Cloud Database Systems 2017, IGI Global. pp. 289-319 |
| 12 | Zhifeng Xiao and Yang Xiao "Security and privacy in cloud computing," IEEE Communications Surveys, vol. 15, pp. 843-859, July. 2012. DOI |
| 13 | Duncan, "An overview of insider attacks in cloud computing. Concurrency and Computation," CCPE, Experience, vol. 27, March. 2014 |
| 14 | Lee S, Kim Y, and Kim J, "Stealing web pages rendered on your browser by exploiting GPU vulnerabilities," In IEEE symposium on security and privacy, pp 19-33, May. 2014. |
| 15 | Zhou Z, Diao W, Liu X, Li Z, Zhang K, Liu R, "Vulnerable GPU memory management: towards recovering raw data from GPU," Proc Privacy Enhancing Technol, vol. 2017, pp. 57-73, Apr. 2017. |
| 16 | Nancy Arya, "Hypervisor Security - A Major Concern," International Journal of Information and Computation Technology," vol. 3 pp. 57-73, Nov. 2013. |
| 17 | G. Pek, L. Buttyan, and B. Bencsath, "A survey of security issues in hardware virtualization," ACM Computing Surveys, vol. 45, pp. 1-34, Nov. 2013. |
| 18 | Dorottya Papp, Zhendong Ma and Levente Buttyan, "Embedded systems security: Threats, vulnerabilities, and attack taxonomy," IEEE Conferences in PST, pp. 145-152, July. 2015. |
| 19 | Ang Cui, Michael Costello and Salvatore J. Stolfo, "When Firmware Modifications Attack: A Case Study of Embedded exploitation," Published 2013 in NDSS, May. 2016. |
| 20 | Kyung-Soo Lim and Sangjin Lee, "A Methodology for Forensic Analysis of Embedded Systems," 2008 Second International Conference on Future Generation Communication and Networking, vol. 2, pp. 283-286, Nov. 2008. |
| 21 | Daniel Fett, Ralf Kuesters and Guido Schmitz "A Comprehensive Formal Sec urity Analysis of OAuth 2.0," CCS '16 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Aug. 2016. |
| 22 | Marios Argyriou, "Security Flows in OAuth 2.0 Framework: A Case Study," SAFECOMP 2017: Computer Safety, Reliability, and Security, pp 396-406, Sep. 2017. |
| 23 | Joe Bialek, Microsoft OSR, "A Dive in to Hyper-V Architecture & Vulnerabilities.", Black Hat 2018. |
| 24 | Marlinspike, "M.: New tricks for defea ting SSL in practice," BlackHat-DC-09, Apr.2013 |
| 25 | Liu, H, "A new form of DoS attack in a cloud and its avoidance mechanism," ACM Workshop on Cloud Computing Security, pp. 65-76, October. 2010 |
| 26 | Wu H, Ding Y, Winer C and Yao, L, "Network security for virtual machine in cloud computing," IEEE 5th International Conference on Computer Sciences and Convergence Information Technology, pp. 18-21, February. 2010. |
| 27 | Jordan Rabet, Microsoft OSR, "Hardening Hyper-V through Offensive Security Research," Black Hat 2018. |
| 28 | Mark McGloin and Phil Hunt, "OAuth 2.0 Threat Model and Security Conside rations," RFC6819, January 2013. |
| 29 | Common Vulnerabilities and Exposures, "CVE-2018-8491," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8491 |
| 30 | Roman Unuchek, "Leaking Ads-Is User Data Truly Secure?," RSA Conference, April. 2018. |
| 31 | Denis Verdon, "Risk Analysis in Software Design," IEEE Security&Privacy, vol. 2, No. 04, pp.79-84, July. 2004. |
| 32 | Newzoo, "Global_Game_Market_Report," [Internet], https://resources.newzoo.com/hubfs/Reports/Newzoo_Global_Games_Market_Report_2017. |
| 33 | Gameple, "Platform Border Game," [Internet], http://www.gameple.co.kr/news/articleView.html?idxno=142867. |
| 34 | Microsoft, "The STRIDE Threat Model," [Internet], https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v%3dcs.20) |
| 35 | Common Vulnerabilities and Exposures, "CVE-2018-8493," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8493 |
| 36 | Common Vulnerabilities and Exposures, "CVE-2018-8470," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8470 |
| 37 | Common Vulnerabilities and Exposures, "CVE-2018-8357," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8357 |
| 38 | Common Vulnerabilities and Exposures, "CVE-2018-5178," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178 |
| 39 | Common Vulnerabilities and Exposures, "CVE-2018-15121," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15121 |
| 40 | NIST, "Risk management guide for information technology systems," [Internet], http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf. |
| 41 | C.S.E.institute," OCTAVE," [Internet], http://www.cert.org/octave/ |
| 42 | UcedaVelez, "Real World Threat Modeling using the PASTA Methodology," in Proceedings of OWASP AppSec Research 2012. |
| 43 | Brenda Larcom, "Trike," [Internet], http://www.octotrike.org/ |
| 44 | LINDDUN "A privacy threat analysis framework," [Internet], https://linddun.org/ |
| 45 | Privacy Office, Office of Information Technology, "PRIVACY IMPACT ASSESSMENT (PIA) GUIDE",Revised January 2007. |
| 46 | NymityInc, [Internet], https://www.nymity.com/ |
| 47 | Johnny Chung lee, "Hacking the Nintendo Will Remote," IEEE Pervasive Computing, vol. 7, No. 3 pp:39-45, August 2008. DOI |
| 48 | Arunasalam Sambhanthan, "Microsoft's Kinect Technology: A Bust That Could Still Become a Boom," IEEE Consumer Electronics Magazine, Vol. 7, Issue 3, pp.99-101, April 2018. DOI |
| 49 | Jeff Yan and Brian Randell, "An Investigation of Cheating in Online Games," IEEE Security & Privacy, vol. 7, Issue: 3, pp.37-44, June 2009. DOI |
| 50 | Jason Moore, Ibrahim Baggili, Andrew Marrington and Armindo, "Preliminary Forensic Analysis Of The Xbox One", DIGITAL FORENSIC RESEARCH CONFERENCE, pp.57-65, August 2014. |
| 51 | Francois Mouton, Mercia M, Louise Leenen and H.S Venter, "Social Engineering Attack Framework," IEEE 2014 Information Security for South Africa, pp. 1-9, Nov. 2014. |
| 52 | Grobauer, B, "Understanding cloud computing vulnerabilities," IEEE Security & Privacy, pp. 50-57, June. 2010. DOI |
| 53 | Common Vulnerabilities and Exposures, "CVE-2018-8495," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8495 |
| 54 | Common Vulnerabilities and Exposures, "CVE-2018-0957," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0957 |
| 55 | Common Vulnerabilities and Exposures, "CVE-2018-8489," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8489 |
| 56 | Common Vulnerabilities and Exposures, "CVE-2018-8438," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8438 |
| 57 | Common Vulnerabilities and Exposures, "CVE-2018-8492," [Internet], https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8492 |
| 58 | hyp3rlinx, "Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service," Exploit Database, 2018-04-24 |
| 59 | Hanqian Wu, Yi Ding, Chuck Winer and Li Yao, "Network security for virtual machine in cloud computing," IEEE Conference on Computer Sciences and Convergence Information Technology, pp.18-21, Nov. 2010. |
| 60 | ChiragMod, Dhiren Patel and Bhavesh Borisaniya, "A survey of intrusion detection techniques in cloud," vol. 36, pp. 42-57, January 2013. DOI |
| 61 | Common Criteria Recognition Arrangement, "Common Criteria for Information Technology Security Evaluation Part 3 : Security assurance components," Ver3.1, CCMB-2017-04-003, 2017 |
| 62 | Common Criteria Recognition Arrangement, "Common Criteria for Information Technology Security Evaluation Part 1 : Introduction and general model," Ver3.1, CCMB-2017-04-001, 2017 |
| 63 | Common Criteria Recognition Arrangement, "Common Criteria for Information Technology Security Evaluation Part 2 : Security functional components," Ver3.1, CCMB-2017-04-002, 2017 |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
