The Internet of Hackable Things

The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order to tackle this issue, we need to address a new challenge in security: education

Enforcing reputation constraints on business process workflows

The problem of trust in determining the flow of execution of business processes has been in the centre of research interst in the last decade as business processes become a de facto model of Internet-based commerce, particularly with the increasing popularity in Cloud computing. One of the main mea-sures of trust is reputation, where the quality of services as provided to their clients can be used as the main factor in calculating service and service provider reputation values. The work presented here contributes to the solving of this problem by defining a model for the calculation of service reputa-tion levels in a BPEL-based business workflow. These levels of reputation are then used to control the execution of the workflow based on service-level agreement constraints provided by the users of the workflow. The main contribution of the paper is to first present a formal meaning for BPEL processes, which is constrained by reputation requirements from the users, and then we demonstrate that these requirements can be enforced using a reference architecture with a case scenario from the domain of distributed map processing. Finally, the paper discusses the possible threats that can be launched on such an architecture

Television: Peer-To-Peer’s Next Challenger

The entertainment industry has obsessed over the threat of peer-to-peer file sharing since the introduction of Napster in 1999. The sharing of television content may present a compelling case for fair use under the long-standing Betamax decision. Some argue that television sharing is fundamentally different than the distribution of music or movies since television is often distributed for free over public airwaves. However, a determination of fair use is unlikely because of the fundamental differences between recording a program and downloading it, recent regulation to suppress unauthorized content distribution and shifts in the television market brought on by new technology

Voter Information in the Digital Age: Grading State Election Websites

Voter Information in the Digital Age: Grading State Election Websites examines the extent to which state election websites provide voters with sufficient information to make informed choices. The report assesses the quantity and quality of candidate and ballot measure information offered by the 50 state and District of Columbia election websites and ranks them from one to 51. It recommends a number of best practices currently used by some state or local jurisdictions, as well as innovations on other websites that are used rarely or not at all on state election websites. The authors recommend that states follow new technologies and trends in information delivery and design, and offer voters a full range of candidate and ballot information in innovative formats and media

The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts

Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across a decentralised network of nodes. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In the past few years, several smart contracts have been exploited by attackers. However, a new trend towards a more proactive approach seems to be on the rise, where attackers do not search for vulnerable contracts anymore. Instead, they try to lure their victims into traps by deploying seemingly vulnerable contracts that contain hidden traps. This new type of contracts is commonly referred to as honeypots. In this paper, we present the first systematic analysis of honeypot smart contracts, by investigating their prevalence, behaviour and impact on the Ethereum blockchain. We develop a taxonomy of honeypot techniques and use this to build HoneyBadger - a tool that employs symbolic execution and well defined heuristics to expose honeypots. We perform a large-scale analysis on more than 2 million smart contracts and show that our tool not only achieves high precision, but is also highly efficient. We identify 690 honeypot smart contracts as well as 240 victims in the wild, with an accumulated profit of more than $90,000 for the honeypot creators. Our manual validation shows that 87% of the reported contracts are indeed honeypots