Enhancing user's privacy : developing a model for managing and testing the lifecycle of consent and revocation

Increasingly, people turn to the Internet for access to services, which often require disclosure of a significant amount of personal data. Networked technologies have enabled an explosive growth in the collection, storage and processing of personal information with notable commercial potential. However, there are asymmetries in relation to how people are able to control their own information when handled by enterprises. This raises significant privacy concerns and increases the risk of privacy breaches, thus creating an imperative need for mechanisms offering information control functionalities. To address the lack of controls in online environments, this thesis focuses on consent and revocation mechanisms to introduce a novel approach for controlling the collection, usage and dissemination of personal data and managing privacy ex- pectations. Drawing on an extensive multidisciplinary review on privacy and on empirical data from focus groups, this research presents a mathematical logic as the foundation for the management of consent and revocation controls in technological systems. More specifically, this work proposes a comprehensive conceptual model for con- sent and revocation and introduces the notion of 'informed revocation'. Based on this model, a Hoare-style logic is developed to capture the effects of expressing indi- viduals' consent and revocation preferences. The logic is designed to support certain desirable properties, defined as healthiness conditions. Proofs that these conditions hold are provided with the use of Maude software. This mathematical logic is then verified in three real-world case study applications with different consent and revocation requirements for the management of employee data in a business envi- ronment, medical data in a biobank and identity assurance in government services. The results confirm the richness and the expressiveness of the logic. In addition, a novel testing strategy underpinned by this logic is presented. This strategy is able to generate testing suites for systems offering consent and revocation controls, such as the EnCoRe system, where testing was carried out successfully and resulted in identifying faults in the EnCoRe implementation

Anomaly detection using pattern-of-life visual metaphors

Complex dependencies exist across the technology estate, users and purposes of machines. This can make it difficult to efficiently detect attacks. Visualization to date is mainly used to communicate patterns of raw logs, or to visualize the output of detection systems. In this paper we explore a novel approach to presenting cybersecurity-related information to analysts. Specifically, we investigate the feasibility of using visualizations to make analysts become anomaly detectors using Pattern-of-Life Visual Metaphors. Unlike glyph metaphors, the visualizations themselves (rather than any single visual variable on screen) transform complex systems into simpler ones using different mapping strategies. We postulate that such mapping strategies can yield new, meaningful ways to showing anomalies in a manner that can be easily identified by analysts. We present a classification system to describe machine and human activities on a host machine, a strategy to map machine dependencies and activities to a metaphor. We then present two examples, each with three attack scenarios, running data generated from attacks that affect confidentiality, integrity and availability of machines. Finally, we present three in-depth use-case studies to assess feasibility (i.e. can this general approach be used to detect anomalies in systems?), usability and detection abilities of our approach. Our findings suggest that our general approach is easy to use to detect anomalies in complex systems, but the type of metaphor has an impact on user's ability to detect anomalies. Similar to other anomaly-detection techniques, false positives do exist in our general approach as well. Future work will need to investigate optimal mapping strategies, other metaphors, and examine how our approach compares to and can complement existing techniques

Reviewing National Cybersecurity Awareness in Africa: An Empirical Study

Over the last years, there has been an unprecedented increase in cybercrime globally. Africa is a region with one of the highest rates of cybercrime and significant financial losses. Yet, awareness of risks in cyberspace amongst citizens of African countries is in its infancy and capacity building initiatives focusing on designing and implementing such campaigns are lacking. As part of the Global Cybersecurity Capacity Centre (GCSCC) programme, we visited six countries and assessed their cybersecurity posture based on the Cybersecurity Capacity Maturity Model for Nations (CMM) developed by the GCSCC. In this paper, we analyse qualitative data collected by conducting focus groups with experts in awareness campaigns during our visits. We reflect on best practice approaches for developing campaigns and draw conclusions on what the current state of African countries is regarding awareness in risks from cybercrime, what are the main obstacles in combating cybercrime and how countries should identify and prioritise their actions. We believe that our paper contributes in research concerned with how to mitigate cybercrime

Insider threat response and recovery strategies in financial services firms

Insiders have become some of the most widely cited culprits of cybercrime. Over the past decade, the scale of attacks carried out by insiders has steadily increased. Financial services firms, in particular, have been frequent targets of insider at-tacks. While insider-threat awareness levels have grown over the years, threat management strategies remain to be better understood. This article analyses how financial services institutions address insider threat, and how they respond to, and recover from insider-threat incidents. It is argued that response and recovery strategies of financial services organisations are still nascent. Combining industry reports, academic literature, and semi-structured interviews with senior financial services security professionals, the research offers a practice-oriented perspective on insider-threat response and recovery strategies, and identifies best practices

The Data that Drives Cyber Insurance: A Study into the Underwriting and Claims Processes

Cyber insurance is a key component in risk management, intended to transfer risks and support business recovery in the event of a cyber incident. As cyber insurance is still a new concept in practice and research, there are many unanswered questions regarding the data and economic models that drive it, the coverage options and pricing of premiums, and its more procedural policy-related aspects. This paper aims to address some of these questions by focusing on the key types of data which are used by cyber-insurance practitioners, particularly for decision-making in the insurance underwriting and claim processes. We further explore practitioners' perceptions of the challenges they face in gathering and using data, and identify gaps where further data is required. We draw our conclusions from a qualitative study by conducting a focus group with a range of cyber-insurance professionals (including underwriters, actuaries, claims specialists, breach responders, and cyber operations specialists) and provide valuable contributions to existing knowledge. These insights include examples of key data types which contribute to the calculation of premiums and decisions on claims, the identification of challenges and gaps at various stages of data gathering, and initial perspectives on the development of a pre-competitive dataset for the cyber insurance industry. We believe an improved understanding of data gathering and usage in cyber insurance, and of the current challenges faced, can be invaluable for informing future research and practice

Catching the Phish: Detecting Phishing Attacks using Recurrent Neural Networks (RNNs)

The emergence of online services in our daily lives has been accompanied by a range of malicious attempts to trick individuals into performing undesired actions, often to the benefit of the adversary. The most popular medium of these attempts is phishing attacks, particularly through emails and websites. In order to defend against such attacks, there is an urgent need for automated mechanisms to identify this malevolent content before it reaches users. Machine learning techniques have gradually become the standard for such classification problems. However, identifying common measurable features of phishing content (e.g., in emails) is notoriously difficult. To address this problem, we engage in a novel study into a phishing content classifier based on a recurrent neural network (RNN), which identifies such features without human input. At this stage, we scope our research to emails, but our approach can be extended to apply to websites. Our results show that the proposed system outperforms state-of-the-art tools. Furthermore, our classifier is efficient and takes into account only the text and, in particular, the textual structure of the email. Since these features are rarely considered in email classification, we argue that our classifier can complement existing classifiers with high information gain

A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models

The threat that malicious insiders pose towards organisations is a significant problem. In this paper, we investigate the task of detecting such insiders through a novel method of modelling a user's normal behaviour in order to detect anomalies in that behaviour which may be indicative of an attack. Specifically, we make use of Hidden Markov Models to learn what constitutes normal behaviour, and then use them to detect significant deviations from that behaviour. Our results show that this approach is indeed successful at detecting insider threats, and in particular is able to accurately learn a user's behaviour. These initial tests improve on existing research and may provide a useful approach in addressing this part of the insider-threat challenge

A semi-supervised approach to message stance classification

Social media communications are becoming increasingly prevalent; some useful, some false, whether unwittingly or maliciously. An increasing number of rumours daily flood the social networks. Determining their veracity in an autonomous way is a very active and challenging field of research, with a variety of methods proposed. However, most of the models rely on determining the constituent messages’ stance towards the rumour, a feature known as the “wisdom of the crowd”. Although several supervised machine-learning approaches have been proposed to tackle the message stance classification problem, these have numerous shortcomings. In this paper we argue that semi-supervised learning is more effective than supervised models and use two graph-based methods to demonstrate it. This is not only in terms of classification accuracy, but equally important, in terms of speed and scalability. We use the Label Propagation and Label Spreading algorithms and run experiments on a dataset of 72 rumours and hundreds of thousands messages collected from Twitter. We compare our results on two available datasets to the state-of-the-art to demonstrate our algorithms’ performance regarding accuracy, speed and scalability for real-time applications