Protótipo SISBLOQUE: técnica de filtragem e bloqueio de conteúdos web

Os sistemas de bloqueio e filtragem de conteúdos Web encontram-se maioritariamente associados a regimes políticos opressivos, cujo principal objectivo na sua utilização é a censura. Infelizmente, este tipo de aplicação não só limita os direitos dos utilizadores como revoga o princípio daquilo que é uma rede global de partilha de informação pública, a Internet. Não obstante a filtragem e bloqueio de conteúdos Web é uma área franca em proliferação, cuja a sua correcta utilização tem vindo a demonstrar-se extremamente benéfica em determinadas áreas como a detecção e bloqueio de conteúdos pedófilos. Neste artigo apresentamos o protótipo Sisbloque, um sistema de filtragem e bloqueio de conteúdos Web projectado para ser implementado sobretudo em ISPs (Internet Service Providers), grandes instituições ou companhias, que propõe não só um mecanismo de filtragem de conteúdos com novas técnicas aperfeiçoadas e inovadoras como a intersecção de conteúdos relativos bem como a garantia de execução transparente suportada por um mecanismo de manipulação de erros

Systemization of Pluggable Transports for Censorship Resistance

An increasing number of countries implement Internet censorship at different scales and for a variety of reasons. In particular, the link between the censored client and entry point to the uncensored network is a frequent target of censorship due to the ease with which a nation-state censor can control it. A number of censorship resistance systems have been developed thus far to help circumvent blocking on this link, which we refer to as link circumvention systems (LCs). The variety and profusion of attack vectors available to a censor has led to an arms race, leading to a dramatic speed of evolution of LCs. Despite their inherent complexity and the breadth of work in this area, there is no systematic way to evaluate link circumvention systems and compare them against each other. In this paper, we (i) sketch an attack model to comprehensively explore a censor's capabilities, (ii) present an abstract model of a LC, a system that helps a censored client communicate with a server over the Internet while resisting censorship, (iii) describe an evaluation stack that underscores a layered approach to evaluate LCs, and (iv) systemize and evaluate existing censorship resistance systems that provide link circumvention. We highlight open challenges in the evaluation and development of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK: Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg (DOI 10.1515/popets-2016-0028

Mapping Digital Media: Freedom of Expression Rights in the Digital Age

Assesses the Internet and the World Wide Web as a platform for freedom of expression, ways to address the jurisdictional vacuum, and new tools to promote freedom of expression as well as new threats. Calls for standards on how to protect it online

Security Applications of Formal Language Theory

We present an approach to improving the security of complex, composed systems based on formal language theory, and show how this approach leads to advances in input validation, security modeling, attack surface reduction, and ultimately, software design and programming methodology. We cite examples based on real-world security flaws in common protocols representing different classes of protocol complexity. We also introduce a formalization of an exploit development technique, the parse tree differential attack, made possible by our conception of the role of formal grammars in security. These insights make possible future advances in software auditing techniques applicable to static and dynamic binary analysis, fuzzing, and general reverse-engineering and exploit development. Our work provides a foundation for verifying critical implementation components with considerably less burden to developers than is offered by the current state of the art. It additionally offers a rich basis for further exploration in the areas of offensive analysis and, conversely, automated defense tools and techniques. This report is divided into two parts. In Part I we address the formalisms and their applications; in Part II we discuss the general implications and recommendations for protocol and software design that follow from our formal analysis

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

SoK: Making Sense of Censorship Resistance Systems

An increasing number of countries implement Internet censorship at different scales and for a variety of reasons. Several censorship resistance systems (CRSs) have emerged to help bypass such blocks. The diversity of the censor’s attack landscape has led to an arms race, leading to a dramatic speed of evolution of CRSs. The inherent complexity of CRSs and the breadth of work in this area makes it hard to contextualize the censor’s capabilities and censorship resistance strategies. To address these challenges, we conducted a comprehensive survey of CRSs-deployed tools as well as those discussed in academic literature-to systematize censorship resistance systems by their threat model and corresponding defenses. To this end, we first sketch a comprehensive attack model to set out the censor’s capabilities, coupled with discussion on the scope of censorship, and the dynamics that influence the censor’s decision. Next, we present an evaluation framework to systematize censorship resistance systems by their security, privacy, performance and deployability properties, and show how these systems map to the attack model. We do this for each of the functional phases that we identify for censorship resistance systems: communication establishment, which involves distribution and retrieval of information necessary for a client to join the censorship resistance system; and conversation, where actual exchange of information takes place. Our evaluation leads us to identify gaps in the literature, question the assumptions at play, and explore possible mitigations

Towards A Wider Scope For The Duty Of Care Of Host Internet Service Providers The Case Of Eva Glawischnig-Pies V Facebook Final Version

In the judgment of Glawischnig-Piesczek v Facebook (C-18/18), the ECJ deviates from the existing judicial approach and deploys a widerinterpretation of the scope of a duty of care; imposing a set of broader obligations to host ISPs. It isthis widerscope for a duty of care which might come in conflict with a cluster of EU provisions and EU case law. In this light, this article critically examines the problematic aspects of this decision and its implications for the business welfare of host ISPs, the fundamental rights of internet users and the personality rights of victims of defamatory comments