34,821 research outputs found
AntibIoTic: Protecting IoT Devices Against DDoS Attacks
The 2016 is remembered as the year that showed to the world how dangerous
Distributed Denial of Service attacks can be. Gauge of the disruptiveness of
DDoS attacks is the number of bots involved: the bigger the botnet, the more
powerful the attack. This character, along with the increasing availability of
connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the
malware industry. In this paper we present the main idea behind AntibIoTic, a
palliative solution to prevent DDoS attacks perpetrated through IoT devices
Designing Web-enabled services to provide damage estimation maps caused by natural hazards
The availability of building stock inventory data and demographic information is an important requirement for risk assessment studies when attempting to predict and estimate losses due to natural hazards such as earthquakes, storms, floods or tsunamis. The better this information is provided, the more accurate are predictions on damage to structures and lifelines and the better can expected impacts on the population be estimated. When a disaster strikes, a map is often one of the first requirements for answering questions related to location, casualties and damage zones caused by the event. Maps of appropriate scale that represent relative and absolute damage distributions may be of great importance for rescuing lives and properties, and for providing relief. However, this type of maps is often difficult to obtain during the first hours or even days after the occurrence of a natural disaster. The Open Geospatial Consortium Web Services (OWS) Specifications enable access to datasets and services using shared, distributed and interoperable environments through web-enabled services. In this paper we propose the use of OWS in view of these advantages as a possible solution for issues related to suitable dataset acquisition for risk assessment studies. The design of web-enabled services was carried out using the municipality of Managua (Nicaragua) and the development of damage and loss estimation maps caused by earthquakes as a first case study. Four organizations located in different places are involved in this proposal and connected through web services, each one with a specific role
After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy
This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individualâs life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Thingsâand any of its unforeseen progenyâdevelop with an eye toward safeguarding individual privacy while allowing technological development
The Data Breach Dilemma: Proactive Solutions for Protecting Consumersâ Personal Information
Data breaches are an increasingly common part of consumersâ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumersâ personally identifiable information and the strong possibility of identity theft.
Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism.
This Note argues that proactive solutions are required. First, a national data security lawâsetting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commissionâis imperative to protect consumersâ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companiesâ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers
Coastal area management in South Asia: a comparative perspective (Background Paper prepared for South Asia Workshop on Fisheries and Coastal Area Management, 26 September-1 October 1996, Madras, India)
Most of the world's fisheries and fishing communities are supported by coastal areas. Consequently, the well-being and future of the fishery sector depend on the health of the coastal ecosystem. Not surprisingly, therefore, concern about coastal degradation and its impact on the fishery sector has long been expressed, notably at the first-ever conference of fishworkers and their supporters in Rome in 1984. Discussions then emphasized how the coastal environment is affected by activities within the fisheries sector as well as by other activities pursued in inland, inshore and offshore areas.
It was in this context that the International Collective in Support of Fishworkers (ICSF) organized a workshop and symposium on Fisheries and Coastal Area Management in South Asia, in Madras, India, in 1996. To aid participants focus on the major coastal resources management issues, a background paper was prepared by ICSF. This paper explores efforts on coastal area management, more specifically in the South Asian region, and the extent to which the perspectives of actors in the fishery sector have been incorporated. It also deals with legislation of direct relevance to Integrated Coastal Area Management (ICAM)
Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received
funding from the European Unionâs Horizon 2020 research
and innovation programme under grant agreement No 644429
and No 780351, MUSA project and ENACT project,
respectively. We would also like to acknowledge all the
members of the MUSA Consortium and ENACT Consortium
for their valuable help
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
Hosting providers play a key role in fighting web compromise, but their
ability to prevent abuse is constrained by the security practices of their own
customers. {\em Shared} hosting, offers a unique perspective since customers
operate under restricted privileges and providers retain more control over
configurations. We present the first empirical analysis of the distribution of
web security features and software patching practices in shared hosting
providers, the influence of providers on these security practices, and their
impact on web compromise rates. We construct provider-level features on the
global market for shared hosting -- containing 1,259 providers -- by gathering
indicators from 442,684 domains. Exploratory factor analysis of 15 indicators
identifies four main latent factors that capture security efforts: content
security, webmaster security, web infrastructure security and web application
security. We confirm, via a fixed-effect regression model, that providers exert
significant influence over the latter two factors, which are both related to
the software stack in their hosting environment. Finally, by means of GLM
regression analysis of these factors on phishing and malware abuse, we show
that the four security and software patching factors explain between 10\% and
19\% of the variance in abuse at providers, after controlling for size. For
web-application security for instance, we found that when a provider moves from
the bottom 10\% to the best-performing 10\%, it would experience 4 times fewer
phishing incidents. We show that providers have influence over patch
levels--even higher in the stack, where CMSes can run as client-side
software--and that this influence is tied to a substantial reduction in abuse
levels
- âŠ