Information Leakage Detection in Distributed Systems using Software Agents

Covert channel attacks utilize shared resources to indirectly transmit sensitive information to unauthorized parties. Current security mechanisms such as SELinux rely on tagging the filesystem with access control properties. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux [20], an extension to SELinux, utilizes watermarking algorithms to “color” the contents of each file with their respective security classification to enhance resistance to information laundering attacks. In this paper, we propose a mobile agent-based approach to automate the process of detecting and coloring receptive hosts’ filesystems and monitoring the colored filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach

The insider on the outside: a novel system for the detection of information leakers in social networks

Confidential information is all too easily leaked by naive users posting comments. In this paper we introduce DUIL, a system for Detecting Unintentional Information Leakers. The value of DUIL is in its ability to detect those responsible for information leakage that occurs through comments posted on news articles in a public environment, when those articles have withheld material non-public information. DUIL is comprised of several artefacts, each designed to analyse a different aspect of this challenge: the information, the user(s) who posted the information, and the user(s) who may be involved in the dissemination of information. We present a design science analysis of DUIL as an information system artefact comprised of social, information, and technology artefacts. We demonstrate the performance of DUIL on real data crawled from several Facebook news pages spanning two years of news articles

Capital markets and e-fraud: policy note and concept paper for future study

The technological dependency of securities exchanges on internet-based (IP) platforms has dramatically increased the industry's exposure to reputation, market, and operational risks. In addition, the convergence of several innovations in the market are adding stress to these systems. These innovations affect everything from software to system design and architecture. These include the use of XML (extensible markup language) as the industry IP language, STP or straight through processing of data, pervasive or diffuse computing and grid computing, as well as the increased use of Internet and wireless. The fraud is not new, rather, the magnitude and speed by which fraud can be committed has grown exponentially due to the convergence of once private networks on-line. It is imperative that senior management of securities markets and brokerage houses be properly informed of the negative externalities associated with e-brokerage and the possible critical points of failure that exist in today's digitized financial sector as they grow into tomorrow's exchanges. The overwhelming issue regarding e-finance is to determine the true level of understanding that senior management has about on-line platforms, including the inherent risks and the depth of the need to use it wisely. Kellermann and McNevin attempt to highlight the various risks that have been magnified by the increasing digitalization of processes within the brokerage arena and explain the need for concerted research and analysis of these as well as the profound consequences that may entail without proper planning. An effective legal, regulatory, and enforcement framework is essential for creating the right incentive structure for market participants. The legal and regulatory framework should focus on the improvement of internal monitoring of risks and vulnerabilities, greater information sharing about these risks and vulnerabilities, education and training on the care and use of these technologies, and better reporting of risks and responses. Public/private partnerships and collaborations also are needed to create an electronic commerce (e-commerce) environment that is safe and sound.Environmental Economics&Policies,Insurance&Risk Mitigation,Financial Intermediation,ICT Policy and Strategies,Banks&Banking Reform

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

QAnon Conspiracy Theory: Examining its Evolution and Mechanisms of Radicalization

This report demonstrates the overarching need for additional exploration and intervention of conspiracy-based radicalization as the QAnon conspiracy theory continues to grow. Strong pillars of belief among the QAnon movement, coupled with the spread of disinformation online, has exacerbated the familiarity and willingness to accept the rhetoric within mainstream media and culture. This report examines the evolution, ideologies, and paradigms associated with supporters of QAnon to better understand the most influential mechanisms of modern conspiracy-based radicalization. Utilizing a France-based digital disinformation platform known as Storyzy, the authors hypothesize that disinformation campaigns, coupled with the Internet and social media, has greatly enabled the unprecedented global effect of QAnon. The authors explored the potential of several survey methods to seek insights from QAnon followers on Gab and Telegram. Additionally, the authors discerned various implications of QAnon in regard to the limitations placed upon P/CVE efforts. Editoral Note:After critique against this article has been voiced publicly, an editorial review together with the authors was conducted. No factual errors were found. However, some need for clarifications of potentially misleading sentence formulations was identified and minor post-publication revisions were conducted, which are detailed in the supporting material file

A review of cyber threats and defence approaches in emergency management

Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency management. Accidental failures have been extensively documented in the past and significant effort has been put into the development and introduction of more resilient technologies. At the same time researchers have been raising concerns about the potential of cyber attacks to cause physical disasters or to maximise the impact of one by intentionally impeding the work of the emergency services. Here, we provide a review of current research on the cyber threats to communication, sensing, information management and vehicular technologies used in emergency management. We emphasise on open issues for research, which are the cyber threats that have the potential to affect emergency management severely and for which solutions have not yet been proposed in the literature

Efficient Generation of Social Network Data from Computer-Mediated Communication Logs

The insider threat poses a significant risk to any network or information system. A general definition of the insider threat is an authorized user performing unauthorized actions, a broad definition with no specifications on severity or action. While limited research has been able to classify and detect insider threats, it is generally understood that insider attacks are planned, and that there is a time period in which the organization\u27s leadership can intervene and prevent the attack. Previous studies have shown that the person\u27s behavior will generally change, and it is possible that social network analysis could be used to observe those changes. Unfortunately, generation of social network data can be a time consuming and manually intensive process. This research discusses the automatic generation of such data from computer-mediated communication records. Using the tools developed in this research, raw social network data can be gathered from communication logs quickly and cheaply. Ideas on further analysis of this data for insider threat mitigation are then presented