7,151 research outputs found
Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
Social Virtual Reality based Learning Environments (VRLEs) such as vSocial
render instructional content in a three-dimensional immersive computer
experience for training youth with learning impediments. There are limited
prior works that explored attack vulnerability in VR technology, and hence
there is a need for systematic frameworks to quantify risks corresponding to
security, privacy, and safety (SPS) threats. The SPS threats can adversely
impact the educational user experience and hinder delivery of VRLE content. In
this paper, we propose a novel risk assessment framework that utilizes attack
trees to calculate a risk score for varied VRLE threats with rate and duration
of threats as inputs. We compare the impact of a well-constructed attack tree
with an adhoc attack tree to study the trade-offs between overheads in managing
attack trees, and the cost of risk mitigation when vulnerabilities are
identified. We use a vSocial VRLE testbed in a case study to showcase the
effectiveness of our framework and demonstrate how a suitable attack tree
formalism can result in a more safer, privacy-preserving and secure VRLE
system.Comment: Tp appear in the CCNC 2019 Conferenc
On the Role of Primary and Secondary Assets in Adaptive Security: An Application in Smart Grids
peer-reviewedAdaptive security aims to protect valuable assets
managed by a system, by applying a varying set of security
controls. Engineering adaptive security is not an easy task. A
set of effective security countermeasures should be identified.
These countermeasures should not only be applied to (primary)
assets that customers desire to protect, but also to other
(secondary) assets that can be exploited by attackers to harm
the primary assets. Another challenge arises when assets vary
dynamically at runtime. To accommodate these variabilities, it
is necessary to monitor changes in assets, and apply the most
appropriate countermeasures at runtime. The paper provides
three main contributions for engineering adaptive security.
First, it proposes a modeling notation to represent primary
and secondary assets, along with their variability. Second,
it describes how to use the extended models in engineering
security requirements and designing required monitoring functions.
Third, the paper illustrates our approach through a set
of adaptive security scenarios in the customer domain of a
smart grid. We suggest that modeling secondary assets aids
the deployment of countermeasures, and, in combination with
a representation of assets variability, facilitates the design of
monitoring function
Automated Crowdturfing Attacks and Defenses in Online Review Systems
Malicious crowdsourcing forums are gaining traction as sources of spreading
misinformation online, but are limited by the costs of hiring and managing
human workers. In this paper, we identify a new class of attacks that leverage
deep learning language models (Recurrent Neural Networks or RNNs) to automate
the generation of fake online reviews for products and services. Not only are
these attacks cheap and therefore more scalable, but they can control rate of
content output to eliminate the signature burstiness that makes crowdsourced
campaigns easy to detect.
Using Yelp reviews as an example platform, we show how a two phased review
generation and customization attack can produce reviews that are
indistinguishable by state-of-the-art statistical detectors. We conduct a
survey-based user study to show these reviews not only evade human detection,
but also score high on "usefulness" metrics by users. Finally, we develop novel
automated defenses against these attacks, by leveraging the lossy
transformation introduced by the RNN training and generation cycle. We consider
countermeasures against our mechanisms, show that they produce unattractive
cost-benefit tradeoffs for attackers, and that they can be further curtailed by
simple constraints imposed by online service providers
- …