Web Application Reinforcement via Efficient Systematic Analysis and Runtime Validation (ESARV)

Securing the data, a fundamental asset in an organization, against SQL Injection (SQLI), the most frequent attack in web applications, is vital. In SQLI, an attacker alters the structure of the actual query by injecting code via the input, and gaining access to the database. This paper proposes a new method for securing web applications against SQLI Attacks (SQLIAs). It contains two phases based on systematic analysis and runtime validation and uses our new technique for detection and prevention. At the static phase, our method removes user inputs from SQL queries and gathers as much information as possible, from static and dynamic queries in order to minimize the overhead at runtime. On the other hand, at the dynamic phase, the prepared information alongside our technique are used to check the validity of the runtime query. To facilitate the usage of our method and show our expectations in practice, ESARV was implemented. The empirical evaluations demonstrated in this paper, indicate that ESARV is efficient, accurate, effective, and also has no deployment requirements

User-Behavior Based Detection of Infection Onset

A major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim’s machine without the user’s permission, as in drive-by download (DBD) attacks. In this paper, we describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution. Our tool can be used to provide real time protection of a personal computer, as well as for diagnosing and evaluating untrusted websites for forensic purposes. Besides the concrete DBD detection solution, we also formally define causal relationships between user actions and system events on a host. Identifying and enforcing correct causal relationships have important applications in realizing advanced and secure operating systems. We perform extensive experimental evaluation, including a user study with 21 participants, thousands of legitimate websites (for testing false alarms), as well as 84 malicious websites in the wild. Our results show that DeWare is able to correctly distinguish legitimate download events from unauthorized system events with a low false positive rate (< 1%)

The Dilemmas and Solutions in the Application of Criminal Law to Property Crimes in the Age of Artificial Intelligence

With the rapid development of Artificial Intelligence (AI) technology, the forms and methods of property crimes have undergone significant changes. AI has not only enhanced the capabilities of criminals but also increased the concealment and complexity of criminal activities. These changes pose new challenges to the existing criminal law system. This paper explores the main characteristics of property crimes in the AI era, analyzes the dilemmas encountered in the application of criminal law, including legal lag, difficulties in evidence collection, and technological barriers. In response to these dilemmas, the paper proposes corresponding countermeasures, including improving the legal system, innovating legislation, enhancing technical support, and promoting international cooperation. By analyzing these issues and solutions, this paper aims to provide useful references and suggestions for the application of criminal law to property crimes in the age of AI

Quantitative approach for the risk assessment of African swine fever and Classical swine fever introduction into the United States through legal imports of pigs and swine products.

The US livestock safety strongly depends on its capacity to prevent the introduction of Transboundary Animal Diseases (TADs). Therefore, accurate and updated information on the location and origin of those potential TADs risks is essential, so preventive measures as market restrictions can be put on place. The objective of the present study was to evaluate the current risk of African swine fever (ASF) and Classical swine fever (CSF) introduction into the US through the legal importations of live pigs and swine products using a quantitative approach that could be later applied to other risks. Four quantitative stochastic risk assessment models were developed to estimate the monthly probabilities of ASF and CSF release into the US, and the exposure of susceptible populations (domestic and feral swine) to these introductions at state level. The results suggest a low annual probability of either ASF or CSF introduction into the US, by any of the analyzed pathways (5.5*10-3). Being the probability of introduction through legal imports of live pigs (1.8*10-3 for ASF, and 2.5*10-3 for CSF) higher than the risk of legally imported swine products (8.90*10-4 for ASF, and 1.56*10-3 for CSF). This could be caused due to the low probability of exposure associated with this type of commodity (products). The risk of feral pigs accessing to swine products discarded in landfills was slightly higher than the potential exposure of domestic pigs through swill feeding. The identification of the months at highest risk, the origin of the higher risk imports, and the location of the US states most vulnerable to those introductions (Iowa, Minnesota and Wisconsin for live swine and California, Florida and Texas for swine products), is valuable information that would help to design prevention, risk-mitigation and early-detection strategies that would help to minimize the catastrophic consequences of potential ASF/CSF introductions into the US

What Measures Can Government Institutions in Germany Take Against Digital Disinformation? A Systematic Literature Review and Ethical-Legal Discussion

Disinformation campaigns spread rapidly through social media and can cause serious harm, especially in crisis situations, ranging from confusion about how to act to a loss of trust in government institutions. Therefore, the prevention of digital disinformation campaigns represents an important research topic. However, previous research in the field of information systems focused on the technical possibilities to detect and combat disinformation, while ethical and legal perspectives have been neglected so far. In this article, we synthesize previous information systems literature on disinformation prevention measures and discuss these measures from an ethical and legal perspective. We conclude by proposing questions for future research on the prevention of disinformation campaigns from an IS, ethical, and legal perspective. In doing so, we contribute to a balanced discussion on the prevention of digital disinformation campaigns that equally considers technical, ethical, and legal issues, and encourage increased interdisciplinary collaboration in future research

Governance of Digitalization in Europe A contribution to the Exploration Shaping Digital Policy - Towards a Fair Digital Society? BertelsmannStiftung Study

Digital policy is a unique policy area. As a cross-cutting policy issue, it has an impact not only on individual areas of regulation but on almost all other policy areas as well. Aspects of digital policy such as data regimes, cybersecurity and standardization issues are relevant not only to the the future of the internet or 5G mobile communications infrastructure, but to other areas of our lives to which they are closely linked, which range from automated driving to digital assistance systems in education and healthcare to the digitalization of sectors such as agriculture and construction. Nevertheless, regulation efforts have thus far been primarily sector-specific and national in their scope. With a few exceptions, such as the EU’s controversial General Data Protection Regulation, there are few digital policy frameworks in place for Europe that defines and integrates basic principles for broad application. Instead, we face a situation in which a variety of approaches stand side by side, at times complementing each other but also – all too often – competing with each other in ways that foster inconsistencies. The development of Europe’s 5G infrastructure is illustrative of this state of affairs. Despite the presence of what were originally uniform objectives across Europe, 28 nationally distinct tendering procedures with different requirements have since emerged. As a result, we must now find ways to manage the problems associated with having three or more networks per country, high costs, a difficult debate over security and the threat of dependency on non-EU providers

The Datafication of Hate : Expectations and Challenges in Automated Hate Speech Monitoring

Laaksonen, S-M.; Haapoja, J.; Kinnunen, T., Nelimarkka, M. & Pöyhtäri, R. (2020, accepted). . Frontiers in Big Data: Data Mining and Management / Critical Data and Algorithm Studies. doi:10.3389/fdata.2020.00003Hate speech has been identified as a pressing problem in society and several automated approaches have been designed to detect and prevent it. This paper reports and reflects upon an action research setting consisting of multi-organizational collaboration conducted during Finnish municipal elections in 2017, wherein a technical infrastructure was designed to automatically monitor candidates' social media updates for hate speech. The setting allowed us to engage in a 2-fold investigation. First, the collaboration offered a unique view for exploring how hate speech emerges as a technical problem. The project developed an adequately well-working algorithmic solution using supervised machine learning. We tested the performance of various feature extraction and machine learning methods and ended up using a combination of Bag-of-Words feature extraction with Support-Vector Machines. However, an automated approach required heavy simplification, such as using rudimentary scales for classifying hate speech and a reliance on word-based approaches, while in reality hate speech is a linguistic and social phenomenon with various tones and forms. Second, the action-research-oriented setting allowed us to observe affective responses, such as the hopes, dreams, and fears related to machine learning technology. Based on participatory observations, project artifacts and documents, interviews with project participants, and online reactions to the detection project, we identified participants' aspirations for effective automation as well as the level of neutrality and objectivity introduced by an algorithmic system. However, the participants expressed more critical views toward the system after the monitoring process. Our findings highlight how the powerful expectations related to technology can easily end up dominating a project dealing with a contested, topical social issue. We conclude by discussing the problematic aspects of datafying hate and suggesting some practical implications for hate speech recognition.Peer reviewe