Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.Comment: ACM CCS 1

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

Digital Democracy: Episode IV—A New Hope*: How a Corporation for Public Software Could Transform Digital Engagement for Government and Civil Society

Although successive generations of digital technology have become increasingly powerful in the past 20 years, digital democracy has yet to realize its potential for deliberative transformation. The undemocratic exploitation of massive social media systems continued this trend, but it only worsened an existing problem of modern democracies, which were already struggling to develop deliberative infrastructure independent of digital technologies. There have been many creative conceptions of civic tech, but implementation has lagged behind innovation. This article argues for implementing one such vision of digital democracy through the establishment of a public corporation. Modeled on the Corporation for Public Broadcasting in the United States, this entity would foster the creation of new digital technology by providing a stable source of funding to nonprofit technologists, interest groups, civic organizations, government, researchers, private companies, and the public. Funded entities would produce and maintain software infrastructure for public benefit. The concluding sections identify what circumstances might create and sustain such an entity

Teens, Kindness and Cruelty on Social Network Sites

Analyzes survey findings about how teenagers navigate the world of "digital citizenship," including experiences of, reactions to, and sources of advice about online cruelty; privacy controls and practices; and levels of parental regulation

Relationship Between Corporate Governance and Information Security Governance Effectiveness in United States Corporations

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 largest for-profit United States headquartered corporations. The results of the multiple linear regression indicated the model was able to significantly predict ISG effectiveness, F(5, 89) = 3.08, p = 0.01, R² = 0.15. Strategic alignment was the only statistically significant (t = 2.401, p \u3c= 0.018) predictor. The implications for positive social change include the potential to constructively understand the correlates of ISG effectiveness, thus increasing the propensity for consumer trust and reducing consumers' costs

Hog Daddy and the Walls of Steel: Catch Shares and Ecosystem Change in the New England Groundfishery

The U.S. National Oceanic and Atmospheric Administration implemented marketbased fishery management in the New England groundfishery as catch shares, controlling aggregate harvests through tradable annual catch quotas allocated to fishing groups called sectors. Policy supporters assert that resulting markets raise conservation incentives. In compliance with the Magnuson–Stevens Fishery Conservation and Management Act, species assessments permit catch shares to replace more spatially and temporally specific constraints on fishing gear, time, areas, and daily harvest limits. Qualitative evidence from field interviews and participant observation questions the efficacy of catch shares. Fishing industry members observe that increased presence of large trawl vessels in previously protected areas damages fish subpopulations and benthic habitat. Regulatory bioeconomic models fail to consider these lay observations. The consequent inability of quota markets to recognize the materiality of human–environment relationships at the spatiotemporal scales of fishing activity, and to internalize associated externalities, may have devastating consequences for the fishery