Literature based Cyber Security Topics: Handbook

Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Cloud computing has emerged from the legacy data centres. Consequently, threats applicable in legacy system are equally applicable to cloud computing along with emerging new threats that plague only the cloud systems. Traditionally the data centres were hosted on-premises. Hence, control over the data was comparatively easier than handling a cloud system which is borderless and ubiquitous. Threats due to multi-tenancy, access from anywhere, control of cloud, etc. are some examples of why cloud security becomes important. Considering the significance of cloud security, this work is an attempt to understand the existing cloud service and deployment models, and the major threat factors to cloud security that may be critical in cloud environment. It also highlights various methods employed by the attackers to cause the damage. Cyber-attacks are highlighted as well. This work will be profoundly helpful to the industry and researchers in understanding the various cloud specific cyber-attack and enable them to evolve the strategy to counter them more effectively

CHORUS Deliverable 2.1: State of the Art on Multimedia Search Engines

Based on the information provided by European projects and national initiatives related to multimedia search as well as domains experts that participated in the CHORUS Think-thanks and workshops, this document reports on the state of the art related to multimedia content search from, a technical, and socio-economic perspective. The technical perspective includes an up to date view on content based indexing and retrieval technologies, multimedia search in the context of mobile devices and peer-to-peer networks, and an overview of current evaluation and benchmark inititiatives to measure the performance of multimedia search engines. From a socio-economic perspective we inventorize the impact and legal consequences of these technical advances and point out future directions of research

EU politics and the making of the General Data Protection Regulation: Consociationalism, policy networks and institutionalism in the process of balancing actor interests

This thesis analyses the policy process of adoption of the General Data Protection Regulation (GDPR), replacing the EU Directive 95/46/EC, the global “golden standard” setter in the field of privacy and data protection. The GDPR was proposed in January 2012 and was adopted in April 2016 following a highly politically charged process lobbied against to an unprecedented extent by certain commercial and political interests. The policy process is looked at through the lens of consociationalism, which draws attention to the importance of national governments, policy networks, which stress non-linear policy-making dynamics, and institutionalism, which highlights the significance of institutions. On the whole, the GDPR as approved strengthened the ICT users’ rights, although not to the degree originally envisaged. The study proposes that institutional factors were decisive in determining policy outcomes, either acting in coalition with different policy networks or reacting to external developments, notably the Snowden revelations in 2013. The institutional factors, amongst others, included strategic actor self-interest of preserving or even expanding their spheres of influence, sociological dimensions such as ideological adherence and diverse national and institutional cultures, and important earlier institutional and policy developments. As the thesis shows, the impact of institutional factors on the policy outcomes was particularly evident in the European Parliament’s position during the process. The EP’s influence demonstrates the strong political will of this institution and its overall defence of citizens’ rights against lobbying by the industry. At the same time, the reform process brought around many gains to the national Data Protection Authorities at the cost of the initially foreseen Commission’s remit. This thesis argues that the powers retained by these national supervisory authorities, alongside the numerous derogations following difficulties to reconcile diverse national positions, make the GDPR a tangible case of state-centrism. The Member States’ sovereign decision-making concerns posed breaks to the level of Europeanisation that the GDPR could potentially bring about in this issue-area. This work makes a significant contribution to knowledge by, amongst others, offering a political science perspective in on-line privacy and data protection research dominated by other disciplines, by applying the consociationalism theory – a less explored paradigm in the EU studies as compared to other approaches – and by providing a policy process analysis of the newly adopted data protection instrument with global rules-shaping significance

Conceptual metaphor in English popular technology and Greek translation

This research project studies the metaphorical conceptualisation of technology in English popular technology magazines and in translation in the respective Greek editions. The focus is on the cognitive linguistic view of metaphor initially presented by Lakoff and Johnson (1980), on the metaphor identification procedure (Pragglejaz Group 2007), and critical metaphor analysis (Charteris-Black 2004). The analysis of the English data identifies 14 main metaphors and 29 submetaphors which contribute to the structure of the target domain of technology. It distinguishes between conventional and novel metaphors, and common and original metaphorical expressions, motivated by correlations in experience between diverse source domains and by the widespread diffusion and impact of technology. The English data also provide insight into the functions of these metaphors in popular technology discourse and reveal evidence to thinking, values and attitudes about technology in the English language. The analysis of the Greek data examines similarities and differences in the conceptualisations between the English and Greek languages and cultures, and finds similarities in the categories of metaphors, frequency of and preference for metaphor use in the source and target languages, and in the majority of metaphorical expressions. Similarities are based on common experiences stemming from experiential co-occurrence or experiential similarity, and on translated experience. Differences are restricted to specific-level metaphors and expressions, motivated by alternative conceptualisations of terminology, cultural specificity and preferential conceptualisations. A set of translation strategies and a number of possible translation effects are also identified. These strategies and effects add to the possibilities of translation variations and the range of translation options, and are used to draw conclusions regarding the similarities and differences between the English and Greek languages and cultures. Consequently, through the identification and description of metaphors in technology magazines and in translation, the study attempts to highlight aspects of the culture of technology, which views technology as a cultural artefact and a producer of its own culture.EThOS - Electronic Theses Online ServiceGreek State Scholarship Foundation (IKY)GBUnited Kingdo

On the malware detection problem : challenges and novel approaches

Orientador: André Ricardo Abed GrégioCoorientador: Paulo Lício de GeusTese (doutorado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba,Inclui referênciasÁrea de concentração: Ciência da ComputaçãoResumo: Software Malicioso (malware) é uma das maiores ameaças aos sistemas computacionais atuais, causando danos à imagem de indivíduos e corporações, portanto requerendo o desenvolvimento de soluções de detecção para prevenir que exemplares de malware causem danos e para permitir o uso seguro dos sistemas. Diversas iniciativas e soluções foram propostas ao longo do tempo para detectar exemplares de malware, de Anti-Vírus (AVs) a sandboxes, mas a detecção de malware de forma efetiva e eficiente ainda se mantém como um problema em aberto. Portanto, neste trabalho, me proponho a investigar alguns desafios, falácias e consequências das pesquisas em detecção de malware de modo a contribuir para o aumento da capacidade de detecção das soluções de segurança. Mais especificamente, proponho uma nova abordagem para o desenvolvimento de experimentos com malware de modo prático mas ainda científico e utilizo-me desta abordagem para investigar quatro questões relacionadas a pesquisa em detecção de malware: (i) a necessidade de se entender o contexto das infecções para permitir a detecção de ameaças em diferentes cenários; (ii) a necessidade de se desenvolver melhores métricas para a avaliação de soluções antivírus; (iii) a viabilidade de soluções com colaboração entre hardware e software para a detecção de malware de forma mais eficiente; (iv) a necessidade de predizer a ocorrência de novas ameaças de modo a permitir a resposta à incidentes de segurança de forma mais rápida.Abstract: Malware is a major threat to most current computer systems, causing image damages and financial losses to individuals and corporations, thus requiring the development of detection solutions to prevent malware to cause harm and allow safe computers usage. Many initiatives and solutions to detect malware have been proposed over time, from AntiViruses (AVs) to sandboxes, but effective and efficient malware detection remains as a still open problem. Therefore, in this work, I propose taking a look on some malware detection challenges, pitfalls and consequences to contribute towards increasing malware detection system's capabilities. More specifically, I propose a new approach to tackle malware research experiments in a practical but still scientific manner and leverage this approach to investigate four issues: (i) the need for understanding context to allow proper detection of localized threats; (ii) the need for developing better metrics for AV solutions evaluation; (iii) the feasibility of leveraging hardware-software collaboration for efficient AV implementation; and (iv) the need for predicting future threats to allow faster incident responses

TOWARDS ENHANCING SECURITY IN CLOUD STORAGE ENVIRONMENTS

Although widely adopted, one of the biggest concerns with cloud computing is how to preserve the security and privacy of client data being processed and/or stored in a cloud computing environment. When it comes to cloud data protection, the methods employed can be very similar to protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing. Current research in cloud data protection primarily falls into three main categories: 1) Authentication & Access Control, 2) Encryption, and 3) Intrusion Detection. This thesis examines the various mechanisms that currently exist to protect data being stored in a public cloud computing environment. It also looks at the methods employed to detect intrusions targeting cloud data when and if data protection mechanisms fail. In response to these findings, we present three primary contributions that focus on enhancing the overall security of user data residing in a hosted environment such as the cloud. We first provide an analysis of Cloud Storage vendors that shows how data can be exposed when shared - even in the most `secure' environments. Secondly, we o er Pretty Good Privacy (PGP) as a method of securing data within this environment while enhancing PGP'sWeb of Trust validation mechanism using Bitcoin. Lastly, we provide a framework for protecting data exfiltration attempts in Software-as-a-Service (SaaS) Cloud Storage environments using Cyber Deception

Code: Version 2.0

Discusses the regulation of cyberspace via code, as well as possible trends to expect in this regulation. Additional topics discussed in this context include intellectual property, privacy, and free speech

Analysis of digital evidence in identity theft investigations

Identity Theft could be currently considered as a significant problem in the modern internet driven era. This type of computer crime can be achieved in a number of different ways; various statistical figures suggest it is on the increase. It intimidates individual privacy and self assurance, while efforts for increased security and protection measures appear inadequate to prevent it. A forensic analysis of the digital evidence should be able to provide precise findings after the investigation of Identity Theft incidents. At present, the investigation of Internet based Identity Theft is performed on an ad hoc and unstructured basis, in relation to the digital evidence. This research work aims to construct a formalised and structured approach to digital Identity Theft investigations that would improve the current computer forensic investigative practice. The research hypothesis is to create an analytical framework to facilitate the investigation of Internet Identity Theft cases and the processing of the related digital evidence. This research work makes two key contributions to the subject: a) proposing the approach of examining different computer crimes using a process specifically based on their nature and b) to differentiate the examination procedure between the victim’s and the fraudster’s side, depending on the ownership of the digital media. The background research on the existing investigation methods supports the need of moving towards an individual framework that supports Identity Theft investigations. The presented investigation framework is designed based on the structure of the existing computer forensic frameworks. It is a flexible, conceptual tool that will assist the investigator’s work and analyse incidents related to this type of crime. The research outcome has been presented in detail, with supporting relevant material for the investigator. The intention is to offer a coherent tool that could be used by computer forensics investigators. Therefore, the research outcome will not only be evaluated from a laboratory experiment, but also strengthened and improved based on an evaluation feedback by experts from law enforcement. While personal identities are increasingly being stored and shared on digital media, the threat of personal and private information that is used fraudulently cannot be eliminated. However, when such incidents are precisely examined, then the nature of the problem can be more clearly understood