2,921 research outputs found

    Accountable infrastructure and its impact on internet security and privacy

    Get PDF
    The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stĂŒtzt sich auf die korrekte AusfĂŒhrung zugrundeliegender Protokolle, welche mit Fokus auf FunktionalitĂ€t entwickelt wurden. Sicherheit und Datenschutz wurden nachtrĂ€glich hinzugefĂŒgt, hauptsĂ€chlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden. Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit fĂŒr Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurĂŒckzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstĂŒtzt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung fĂŒr die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von AbhĂ€ngigkeiten zwischen den verschiedenen beteiligten EntitĂ€ten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwĂ€chen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann

    Analysing the Design of Privacy-Preserving Data-Sharing Architecture

    Full text link
    Privacy has become an essential software quality to consider in a software system. Privacy practices should be adopted from the early stages of the system design to safeguard personal data from privacy violations. Privacy patterns are proposed in industry and academia as reusable design solutions to address different privacy issues. However, the diverse types and granularity of the patterns lead to difficulty for the practitioner to select and adopt them in the architecture. First, the fragmented information about the system actors in the patterns does not align with the regulatory entities and interactions between them. Second, these privacy patterns lack architectural perspectives that could help weave patterns into concrete software designs. Third, the consequences of applying the patterns have not covered the impacts on software quality attributes. This thesis aims to provide guidance to software architects and practitioners for considering and applying privacy patterns in their design, by adding new perspectives to the existing patterns. First, the research provides an analysis of the relationships between regulatory entities and their responsibility in adopting the patterns in a software design. Then, the research reports studies that were conducted using architectural-level modelling-based approaches, to analyse the architectural views of privacy patterns. The analyses aim to improve understanding of how privacy patterns are applied in software designs and how such a design affects software quality attributes, including privacy, performance, and modifiability. Finally, in an effort to harmonise and unite the extended view of privacy patterns that have a close relation to system architecture, this research proposes an enhanced pattern catalogue and a systematic privacy-by-design (PbD) pattern-selection model that aims to aid and guide software architects in pattern selection during software design. The enhanced pattern catalogue offers consolidated information on the extended view of privacy patterns. The selection model provides a structured way for the practitioner to know when and how to use the pattern catalogue in the system-design process. Two industry case studies are used to evaluate the proposed pattern catalogue and selection model. The findings demonstrate how the proposed frameworks are applicable to different types of data-sharing software systems and their usability in supporting pattern selection decisions in the privacy design
    • 

    corecore