A System Perspective to Privacy, Security and Resilience in Mobile Applications

Mobile applications have changed our life so much, but they also create problems related to privacy which is one of basic human rights. Protection (or security) of privacy is an important issue in mobile applications owing to the high likelihood of privacy violation nowadays. This thesis is devoted to a fundamental study on the privacy issue in mobile applications. The overall objective of the thesis is to advance our understanding of privacy and its relevant concepts in the context of mobile applications. There are three specific objectives with this thesis. Objective 1 is to have a more comprehensive understanding of the concepts of privacy, security and resilience (PSR for short) along with their relationship in the context of mobile applications. Objective 2 is to develop the principles of design of a mobile application system with a satisfactory PSR. Objective 3 is to develop a demonstration system (PSR demo for short) to illustrate how the principles of design can be applied. A salient approach was taken in this thesis, that is based on a general knowledge architecture called FCBPSS (F: function, C: context, B: behavior, P: principle. SS: state and structure). An analysis of literature was conducted first, resulting in a classification of various privacies against the FCPBSS architecture, followed by developing a theory of privacy, protection of privacy (security), and resilience of the system that performs protection of privacy, PSR theory for short. The principles of design of a mobile application system based on the PSR theory were then developed, which are expected to guide the practice of developing a mobile application for satisfactory privacy protection. Finally, a demonstration system, regarding the doctor booking for minimum waiting time and energy consumption, was developed to issue how the PSR theory and design principles work. The main contribution of this thesis is the development of the concept of PSR, especially the relationship among privacy (P), security (S), and resilience (R), and a set of design rules to develop a mobile application based on the PSR theory

Harnessing Human Potential for Security Analytics

Humans are often considered the weakest link in cybersecurity. As a result, their potential has been continuously neglected. However, in recent years there is a contrasting development recognizing that humans can benefit the area of security analytics, especially in the case of security incidents that leave no technical traces. Therefore, the demand becomes apparent to see humans not only as a problem but also as part of the solution. In line with this shift in the perception of humans, the present dissertation pursues the research vision to evolve from a human-as-a-problem to a human-as-a-solution view in cybersecurity. A step in this direction is taken by exploring the research question of how humans can be integrated into security analytics to contribute to the improvement of the overall security posture. In addition to laying foundations in the field of security analytics, this question is approached from two directions. On the one hand, an approach in the context of the human-as-a-security-sensor paradigm is developed which harnesses the potential of security novices to detect security incidents while maintaining high data quality of human-provided information. On the other hand, contributions are made to better leverage the potential of security experts within a SOC. Besides elaborating the current state in research, a tool for determining the target state of a SOC in the form of a maturity model is developed. Based on this, the integration of security experts was improved by the innovative application of digital twins within SOCs. Accordingly, a framework is created that improves manual security analyses by simulating attacks within a digital twin. Furthermore, a cyber range was created, which offers a realistic training environment for security experts based on this digital twin