1,262 research outputs found
Advances in Information Security and Privacy
With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue
Data Exfiltration:A Review of External Attack Vectors and Countermeasures
AbstractContext One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in ‘in use’ state, therefore, future research needs to be directed towards securing data in ‘in rest’ and ‘in transit’ states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework
ICSEA 2021: the sixteenth international conference on software engineering advances
The Sixteenth International Conference on Software Engineering Advances (ICSEA 2021), held on October 3 - 7, 2021 in Barcelona, Spain, continued a series of events covering a broad spectrum of software-related topics.
The conference covered fundamentals on designing, implementing, testing, validating and maintaining various kinds of software. The tracks treated the topics from theory to practice, in terms of methodologies, design, implementation, testing, use cases, tools, and lessons learnt. The conference topics covered classical and advanced methodologies, open source, agile software, as well as software deployment and software economics and education.
The conference had the following tracks:
Advances in fundamentals for software development
Advanced mechanisms for software development
Advanced design tools for developing software
Software engineering for service computing (SOA and Cloud)
Advanced facilities for accessing software
Software performance
Software security, privacy, safeness
Advances in software testing
Specialized software advanced applications
Web Accessibility
Open source software
Agile and Lean approaches in software engineering
Software deployment and maintenance
Software engineering techniques, metrics, and formalisms
Software economics, adoption, and education
Business technology
Improving productivity in research on software engineering
Trends and achievements
Similar to the previous edition, this event continued to be very competitive in its selection process and very well perceived by the international software engineering community. As such, it is attracting excellent contributions and active participation from all over the world. We were very pleased to receive a large amount of top quality contributions.
We take here the opportunity to warmly thank all the members of the ICSEA 2021 technical program committee as well as the numerous reviewers. The creation of such a broad and high quality conference program would not have been possible without their involvement. We also kindly thank all the authors that dedicated much of their time and efforts to contribute to the ICSEA 2021. We truly believe that thanks to all these efforts, the final conference program consists of top quality contributions.
This event could also not have been a reality without the support of many individuals, organizations and sponsors. We also gratefully thank the members of the ICSEA 2021 organizing committee for their help in handling the logistics and for their work that is making this professional meeting a success.
We hope the ICSEA 2021 was a successful international forum for the exchange of ideas and results between academia and industry and to promote further progress in software engineering research
Smart Home Personal Assistants: A Security and Privacy Review
Smart Home Personal Assistants (SPA) are an emerging innovation that is
changing the way in which home users interact with the technology. However,
there are a number of elements that expose these systems to various risks: i)
the open nature of the voice channel they use, ii) the complexity of their
architecture, iii) the AI features they rely on, and iv) their use of a
wide-range of underlying technologies. This paper presents an in-depth review
of the security and privacy issues in SPA, categorizing the most important
attack vectors and their countermeasures. Based on this, we discuss open
research challenges that can help steer the community to tackle and address
current security and privacy issues in SPA. One of our key findings is that
even though the attack surface of SPA is conspicuously broad and there has been
a significant amount of recent research efforts in this area, research has so
far focused on a small part of the attack surface, particularly on issues
related to the interaction between the user and the SPA devices. We also point
out that further research is needed to tackle issues related to authorization,
speech recognition or profiling, to name a few. To the best of our knowledge,
this is the first article to conduct such a comprehensive review and
characterization of the security and privacy issues and countermeasures of SPA.Comment: Accepted for publication in ACM Computing Survey
The Survey, Taxonomy, and Future Directions of Trustworthy AI: A Meta Decision of Strategic Decisions
When making strategic decisions, we are often confronted with overwhelming
information to process. The situation can be further complicated when some
pieces of evidence are contradicted each other or paradoxical. The challenge
then becomes how to determine which information is useful and which ones should
be eliminated. This process is known as meta-decision. Likewise, when it comes
to using Artificial Intelligence (AI) systems for strategic decision-making,
placing trust in the AI itself becomes a meta-decision, given that many AI
systems are viewed as opaque "black boxes" that process large amounts of data.
Trusting an opaque system involves deciding on the level of Trustworthy AI
(TAI). We propose a new approach to address this issue by introducing a novel
taxonomy or framework of TAI, which encompasses three crucial domains:
articulate, authentic, and basic for different levels of trust. To underpin
these domains, we create ten dimensions to measure trust:
explainability/transparency, fairness/diversity, generalizability, privacy,
data governance, safety/robustness, accountability, reproducibility,
reliability, and sustainability. We aim to use this taxonomy to conduct a
comprehensive survey and explore different TAI approaches from a strategic
decision-making perspective
- …