This Journal of Computer Virology and Hacking Techniques special issue covers works of Russian researchers on cybersecurity, fundamental and applied information security problems, tackling computer network security as well as development and analysis of hardware and software security tools.

Here we provide 12 selected papers on different topics within the above-described scope.

The paper “Covert Channel Limitation via Special Dummy Traffic Generating” studies covert memory leakage channels that occur due to differing network packets lengths. A method is proposed to mitigate such leakages. The main advantage of the method is controlled reduction of bandwidth usage while providing protection from leakages. The maximum covert channel bandwidth is estimated under the protection measures.

The paper “Security Intrusion Detection using Quantum Machine Learning Techniques” covers a new approach to intrusion detection in the big data setting. The authors analyze the efficiency of the quantum support vector machine (QSVM) and quantum convolution neural network (QCNN) against regular intrusion detection systems. A program solution to encode network traffic for quantum calculations is developed.

The authors of “Post-quantum Security of Messengers: Secure Group Chats and Continuous Key Distribution Protocols” analyze group chat protocols to find out post-quantum security issues. A new group chat and file exchange protocol is presented. This protocol, underpinned by a modification of a tree-based key exchange, is designed to be secure against quantum computer attacks. The authors provide the protocol description and prove its properties in terms of an extended security model.

The research work “On Improvements of Robustness of Obfuscated JavaScript Code Detection” dwells into the problem of obfuscated JavaScript code detection implementing machine learning techniques. The goal was to develop such models that are able to detect an obfuscator previously unknown to them. An approach to teaching models and preparing data for them is presented. This approach enhances the precision of obfuscator detection.

The paper “Counteraction the cybersecurity threats of the in-vehicle local network” provides a solution to cybersecurity threats mitigation in a transport local network. The issue is studied at the architectural, topology and communications levels. The authors pay special attention to the local network management blocks communication. Different types of attacks on transport are compared to each other, a threat model and an intruder model are developed. In addition, cluster analysis is performed using network topology mathematic modelling. Message integrity control and node authentication methods are proposed.

In the “Modeling advanced persistent threats using risk matrix methods” paper, the authors deal with a system security assessment methodology. This methodology enables security assessment against specified attacks and is based on criticality matrix hierarchy, so it can be applied to computer attack modelling. In addition, a method to define qualitative measures for denial of service probability estimation is provided as well as an example of criticality matrix hierarchy application to attack modelling.

The paper “Development of a method for targeted monitoring and processing of information security incidents of economic entities” proposes a method for decision making for real-time event monitoring. For efficiency of security event control, fuzz clustering is implemented, so the resulting method combines advantages of the fuzz logic with the precision of traditional clustering.

The paper “A practical approach to learning Linux vulnerabilities” provides a practice-oriented approach to studying various Linux kernel vulnerabilities. The goal is to achieve skills in searching for security flaws, analyzing and fixing them. The provided methodology enables a holistic approach to studying Linux kernel vulnerabilities.

The article “An Algorithm for Scheduling of Threads for System and Application Code Split Approach in Dynamic Malware Analysis” discusses the development of tools for dynamic malware analysis. The authors introduce a software complex (named ToolChain), which is based on system and application code split by using memory pages access control. ToolChain consists of a Control module, a Scheduling module and a Cloaking module. The previous work of the authors dealt with the Control module, while this article is focused mainly on the Scheduling module. Additionally, the article considers methods of cloaking of the presence of analytical tools and mitigation of the performance degradation of the operation system.

The article “Zero knowledge proof and ZK-SNARK for private blockchain” examines the applicability of zero-knowledge protocols in enterprise blockchain networks and analyzes currently existing transactional security solutions in terms of security, performance and scalability.

The article “Data protection in heterogeneous Big Data systems” is concerned with the big data processing problem. Data can undergo multiple fragmentation during the life cycle, which can compromise data integrity and accessibility. Common information security methods are inapplicable under such conditions. Authors examine the security of distributed big data processing with transaction verification based on zero-knowledge protocols.

We would like to make special mention of the article “Undocumented × 86 instructions to control the CPU at the microarchitecture level in modern Intel processors”, which introduces two undocumented × 86 architecture instructions which are intended to read and write Intel processors microcode data. Using the debugging mode called Red Unlock authors extracted Intel Atom CPUs microcode and then × 86 instructions implementation. It is assumed that these instructions were introduced to facilitate the debugging of processors at the microarchitecture level by Intel engineers. However, those instructions endanger security, because the working Proof-of-Concept code that executes Red Unlock mode activation for one of the currently relevant Intel platforms exists in public domain. The article presents the discovered instructions and explains the conditions under which they can be used on public-available platforms.

All articles presented were thoroughly peer-reviewed by three independent anonymous experts. The final decision on articles was made by Guest Editors and the Editor-in-Chief.

The Editorial Team would like to express the acknowledgements to:

  • the Authors—for submitting the scientific articles and for the efforts made to finalize them;

  • the Reviewers—for their thorough work on article materials;

  • the Springer Team—for prompt technical support and attention to the process.

We express our gratitude to Dmitry Zadorozhny and the management of Security Code for organizational support through articles compilation. We sincerely thank the Editor-in-Chief, Professor Eric Filiol, for the opportunity to present works of Russian researchers in the Journal of Computer Virology and Hacking Techniques.

We hope that the materials of this collection will attract the attention of a wide range of readers interested in information security and cryptography.

Alongside with enriching our experience, the collaboration with the French journal allows our joint work on the further issues of the journal. The editorial team is looking forward to all kinds of comments and suggestions from the readers and will take them into consideration in future.