5,405 research outputs found
Lime: Data Lineage in the Malicious Environment
Intentional or unintentional leakage of confidential data is undoubtedly one
of the most severe security threats that organizations face in the digital era.
The threat now extends to our personal lives: a plethora of personal
information is available to social networks and smartphone providers and is
indirectly transferred to untrustworthy third party and fourth party
applications.
In this work, we present a generic data lineage framework LIME for data flow
across multiple entities that take two characteristic, principal roles (i.e.,
owner and consumer). We define the exact security guarantees required by such a
data lineage mechanism toward identification of a guilty entity, and identify
the simplifying non repudiation and honesty assumptions. We then develop and
analyze a novel accountable data transfer protocol between two entities within
a malicious environment by building upon oblivious transfer, robust
watermarking, and signature primitives. Finally, we perform an experimental
evaluation to demonstrate the practicality of our protocol
How to design browser security and privacy alerts
Browser security and privacy alerts must be designed to ensure they are of value to the end-user, and communicate risks efficiently. We performed a systematic literature review, producing a list of guidelines from the research. Papers were analysed quantitatively and qualitatively to formulate a comprehensive set of guidelines. Our findings seek to provide developers and designers with guidance as to how to construct security and privacy alerts. We conclude by providing an alert template, highlighting its adherence to the derived guidelines
Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
Computer networks are undergoing a phenomenal growth, driven by the rapidly
increasing number of nodes constituting the networks. At the same time, the
number of security threats on Internet and intranet networks is constantly
growing, and the testing and experimentation of cyber defense solutions
requires the availability of separate, test environments that best emulate the
complexity of a real system. Such environments support the deployment and
monitoring of complex mission-driven network scenarios, thus enabling the study
of cyber defense strategies under real and controllable traffic and attack
scenarios. In this paper, we propose a methodology that makes use of a
combination of techniques of network and security assessment, and the use of
cloud technologies to build an emulation environment with adjustable degree of
affinity with respect to actual reference networks or planned systems. As a
byproduct, starting from a specific study case, we collected a dataset
consisting of complete network traces comprising benign and malicious traffic,
which is feature-rich and publicly available
Family-Based Fingerprint Analysis: A Position Paper
Thousands of vulnerabilities are reported on a monthly basis to security
repositories, such as the National Vulnerability Database. Among these
vulnerabilities, software misconfiguration is one of the top 10 security risks
for web applications. With this large influx of vulnerability reports, software
fingerprinting has become a highly desired capability to discover distinctive
and efficient signatures and recognize reportedly vulnerable software
implementations. Due to the exponential worst-case complexity of fingerprint
matching, designing more efficient methods for fingerprinting becomes highly
desirable, especially for variability-intensive systems where optional features
add another exponential factor to its analysis. This position paper presents
our vision of a framework that lifts model learning and family-based analysis
principles to software fingerprinting. In this framework, we propose unifying
databases of signatures into a featured finite state machine and using presence
conditions to specify whether and in which circumstances a given input-output
trace is observed. We believe feature-based signatures can aid performance
improvements by reducing the size of fingerprints under analysis.Comment: Paper published in the Proceedings A Journey from Process Algebra via
Timed Automata to Model Learning: Essays Dedicated to Frits Vaandrager on the
Occasion of His 60th Birthday 202
- …