The ISC International Journal of Information Security

Abstract Cloud computing created a revolution in the way IT organizations and IT teams manage their internal digital resources and workloads. One major drawback or limitation of cloud computing, among others, is security. Cloud computing is plagued by a plethora of threats and vulnerabilities, with new ones being identified from time to time. Year-by-year, minor to significant security incidents are reported across the globe. To the best of knowledge, there is no research artifact in the recent past that covers the recent advancements in cloud computing security. To address this issue, this paper provides an analysis of the literature in the past few years related to cloud computing security. Taxonomy related to cloud computing threats and vulnerabilities is provided by extending threats proposed by Cloud Security Alliance, which can educate cloud users and guide cloud providers to strengthen or audit their security policies and practices. Finally, state-of-the-art countermeasures and solutions to safeguard the cloud against different threats are also provided.

Abstract Stream ciphers are an important class of symmetric cryptographic algorithms. The eSTREAM project contributed significantly to the recent increase of activity in this field. In this paper, we present a survey of the eSTREAM project. We also review recent time/memory/data and time/memory/key trade-offs relevant for the generic attacks on stream ciphers.

Abstract Until recently, computer security was an obscure discipline that seemed to have little relevance to everyday life. With the rapid growth of the Internet, e-commerce, and the widespread use of computers, computer security touches almost all aspects of daily life and all parts of society. Even those who do not use computers have information about them stored on computers. This paper reviews some aspects of the past and current state of computer security, and speculates about what the future of the field will being.

Abstract This paper investigates digital data hiding schemes. The concept of information hiding will be explained at first, and its traits, requirements, and applications will be described subsequently. In order to design a digital data hiding system, one should first become familiar with the concepts and criteria of information hiding. Having knowledge about the host signal, which may be audio, image, or video and the final receiver, which is Human Auditory System (HAS) or Human Visual System (HVS), is also beneficial. For the speech/audio case, HAS will be briefly reviewed to find out how to make the most of its weaknesses for embedding as much data as possible. The same discussion also holds for the image watermarking. Although several audio and image data hiding schemes have been proposed so far, they can be divided into a few categories. Hence, conventional schemes along with their recently published extensions are introduced. Besides, a general comparison is made among these methods leading researchers/designers to choose the appropriate schemes based on their applications. Regarding the old scenario of the prisoner-warden and the evil intention of the warden to eavesdrop and/or destroy the data that Alice sends to Bob, there are both intentional and unintentional attacks to digital information hiding systems, which have the same effect based on our definition. These attacks can also be considered for testing the performance or benchmarking, of the watermarking algorithm. They are also known as steganalysis methods which will be discussed at the end of the paper.

Abstract This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a 'virtual organization'. The article argues that present authorization models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorization policies. The article outlines the motivation and requirement for a new flexible authorization model that addresses the needs of information sharing. It proposes that a flexible and scalable authorization model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-Based Access Control concept is presented.

Abstract This paper mirrors an invited talk to ISCISC 2011. It is not a conventional paper so much as an essay summarizing thoughts on a little-talked-about subject. My goal is to intermix some introspection about definitions with examples of them, these examples drawn mostly from cryptography. Underpinning our discussion are two themes. The first is that definitions are constructed. They are invented by man, not unearthed from the maws of scientific reality. The second theme is that definitions matter. They have been instrumental in changing the character of modern cryptography, and, I suspect, have the potential to change the character of other fields as well.

Abstract A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as techniques for their efficient estimation are proposed. In particular, the method can be used for detecting network traffic anomalies due to network failures and network attacks such as (distributed) denial of service attacks, scanning attacks, SPAM and SPIT attacks, and massive malicious software attacks.

Abstract Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this regard, Anomaly based Intrusion Detection Systems identify anomalous behavior of the network and consequently detect possible intrusion, unknown and stealth attacks. To this end, this paper analyses, evaluates and classifies anomaly detection approaches and systems specific to the Internet of Things. For this purpose, anomaly detection systems and approaches are analyzed in terms of engine architecture, application position, and detection method and in each point of view, approaches are investigated considering the associated classification.

Abstract Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification of "typical" threats and attack vectors. Also, the dynamic, multi-party nature of cloud-based processes makes severity assessment very dependent on the particular set of stakeholders involved in each process execution. In this paper, we tackle these problems by presenting a novel, process-oriented quantitative risk assessment methodology aimed at disclosure risks on cloud computing platforms. Key advantages of our methodology include (i) a fully quantitative and iterative approach, which enables stakeholders to compare alternative versions of cloud-based processes (e.g., with and without security controls) (ii) non-frequency-based probability estimates, which allow analyzing threats for which a detailed history is not available (iii) support for quick visual comparisons of risk profiles of alternative processes even when impact cannot be exactly quantified.

Abstract As deep learning models are increasingly deployed in critical sectors such as healthcare, finance, and security, ensuring their protection against emerging threats has become crucial. Among these threats, side-channel attacks (SCAs) represent a particular challenge since they can extract sensitive information such as model architectures, parameters, and even user inputs without requiring direct access to the model. By leveraging the physical and micro-architectural properties of the hardware, attackers can compromise systems. This survey begins by classifying leakage sources and attacker objectives, then analyzes representative studies that demonstrate practical side-channel exploits against deep-learning hardware. It also reviews existing defenses aimed at mitigating these vulnerabilities and concludes by outlining key open research challenges and potential future directions.

Abstract With the increasing prevalence of online services, big data systems, and Internet of Things (IoT) devices, detecting anomalies in large system logs has become a significant concern. This study presents a systematic literature review of automated log analysis for anomaly detection from January 2017 to October 2024. The study classifies existing approaches into five types: hybrid, supervised, unsupervised, semi-supervised, and self-supervised. Each technique is analysed based on its assumptions, benefits, limitations, computational complexity, and performance in practical applications. Additionally, it addresses the challenges and concerns associated with developing anomaly detection systems for real-life applications using deep neural networks. The survey's objective is not to perform a statistical analysis of the published methodologies but to classify them, highlight the key features of various deployed architectures, and focus on unresolved issues that require further investigation in this domain. The study offers valuable direction for researchers, emphasising the need for scalable, robust, and interpretable anomaly detection systems. This survey advances the understanding of current capabilities and highlights future directions for enhancing the reliability of complex systems.

Abstract Secret sharing (SS) schemes allow the sharing of a secret among a set of trustees in such a way that only some qualified subsets of them can recover the secret. Ordinary SS schemes assume that the trust to each trustee is fixed over time. However, this is not the case in many real scenarios. Social secret sharing (SSS) is a recently introduced type of SS that addresses this issue. It allows the sharing of a secret among a set of trustees such that the amount of trust to each participant could be changed over time. There exist only a few SSS schemes in the literature; most of them can share only one secret during each execution. Hence, these schemes lack the required efficiency in situations where multiple secrets need to be shared. According to the literature, there exists only one social multi-secret sharing (SMSS) scheme in which, all the secrets are reconstructed at one stage. However, in many applications, the secrets should be recovered in multiple stages and even according to some specified order. To address these problems, this paper employs Birkhoff interpolation method and Chinese remainder theorem and proposes a new SMSS scheme. In the proposed scheme, the shareholders can recover the secrets in different stages and according to the specified order by the dealer. The security analysis of the proposed scheme shows that it provides all the needed security requirements. In addition, the performance analysis of the proposed scheme indicates its overall superiority over the related schemes.

Abstract The rapid advancement of quantum computing poses a direct threat to classical public-key cryptographic systems at the core of Internet security protocols. Post-quantum cryptography (PQC) has therefore become central to ongoing standardisation and early deployment efforts. This paper presents a comparative analysis of PQC integration into TLS, SSH, and IPsec, examining cross-cutting challenges, protocol-specific trade-offs, and deployment considerations. Our findings show that PQC adoption introduces markedly uneven overheads across protocols: handshake latency may increase by up to 600% in TLS, by 29% in SSH, and by up to 300% in IPsec, while memory requirements in hybrid configurations can exceed 300 KB in resource-constrained environments. We further demonstrate that message fragmentation, certificate chain expansion, and cumulative rekeying costs emerge as protocol-dependent bottlenecks, underscoring that migration strategies must be tailored to the architecture and operational context of each protocol. Beyond performance, we identify interoperability gaps, downgrade vulnerabilities, and side-channel risks as critical obstacles to secure deployment. By combining empirical performance evidence with a structured review of challenges and deployment strategies, our study provides actionable insights for practitioners, informs ongoing standards development, and highlights research priorities essential to building a resilient, quantum-resistant Internet infrastructure.