116 research outputs found
Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving)
Today, targeted online advertising relies on unique identifiers assigned to
users through third-party cookies--a practice at odds with user privacy. While
the web and advertising communities have proposed interest-disclosing
mechanisms, including Google's Topics API, as solutions, an independent
analysis of these proposals in realistic scenarios has yet to be performed. In
this paper, we attempt to validate the privacy (i.e., preventing unique
identification) and utility (i.e., enabling ad targeting) claims of Google's
Topics proposal in the context of realistic user behavior. Through new
statistical models of the distribution of user behaviors and resulting
targeting topics, we analyze the capabilities of malicious advertisers
observing users over time and colluding with other third parties. Our analysis
shows that even in the best case, individual users' identification across sites
is possible, as 0.4% of the 250k users we simulate are re-identified. These
guarantees weaken further over time and when advertisers collude: 57% of users
are uniquely re-identified after 15 weeks of browsing, increasing to 75% after
30 weeks. While measuring that the Topics API provides moderate utility, we
also find that advertisers and publishers can abuse the Topics API to
potentially assign unique identifiers to users, defeating the desired privacy
guarantees. As a result, the inherent diversity of users' interests on the web
is directly at odds with the privacy objectives of interest-disclosing
mechanisms; we discuss how any replacement of third-party cookies may have to
seek other avenues to achieve privacy for the web
Réalisation d’un support pédagogique pour l’enseignement de la chirurgie à l’ENVT : l’ovariectomie de la chatte, la castration du chat
La chirurgie est un aspect particulier du métier de vétérinaire. Tous les praticiens ou presque sont amenés à réaliser ces interventions courantes. Dans leur formation, les étudiants vétérinaires commencent l’apprentissage des techniques chirurgicales par la réalisation d’intervention de convenance chez le chat et la chatte. C’est pourquoi, nous avons choisi de présenter une DVD à visée pédagogique pour les étudiants de l’ENVT, présentant ces opérations. Il leur est présenté les techniques enseignées à l’école, ainsi que d’autres qu’ils pourront rencontrer chez des confrères. Des schémas explicatifs, des arrêts sur images ainsi que des questionnaires interactifs relatifs tant à l’anatomie indispensable à la réalisation des ces interventions que la technique elle-même, viennent renforcer l’aspect pédagogique de ce DVD
Livrable 3.2 - GNSS Quantitative Analysis for ERSAT GGC Project - Projet ERSAT GGC - ERTMS on SATELLITE Galileo Game Changer
In order to apply the Enhanced ERTMS/ETCS Functional Architecture, capable of using GNSS and Public Radio TLC Technologies, the safety aspects of the ERTMS/ETCS system upon the future application of the above mentioned positioning and communication technologies have to be investigated. This document describes the Quantitative Safety and Hazard Analysis carried out in ERSAT GGC WP3 - Task 3.2 and reports the relative results
Measuring and Mitigating the Risk of IP Reuse on Public Clouds
Public clouds provide scalable and cost-efficient computing through resource
sharing. However, moving from traditional on-premises service management to
clouds introduces new challenges; failure to correctly provision, maintain, or
decommission elastic services can lead to functional failure and vulnerability
to attack. In this paper, we explore a broad class of attacks on clouds which
we refer to as cloud squatting. In a cloud squatting attack, an adversary
allocates resources in the cloud (e.g., IP addresses) and thereafter leverages
latent configuration to exploit prior tenants. To measure and categorize cloud
squatting we deployed a custom Internet telescope within the Amazon Web
Services us-east-1 region. Using this apparatus, we deployed over 3 million
servers receiving 1.5 million unique IP addresses (56% of the available pool)
over 101 days beginning in March of 2021. We identified 4 classes of cloud
services, 7 classes of third-party services, and DNS as sources of exploitable
latent configurations. We discovered that exploitable configurations were both
common and in many cases extremely dangerous; we received over 5 million cloud
messages, many containing sensitive data such as financial transactions, GPS
location, and PII. Within the 7 classes of third-party services, we identified
dozens of exploitable software systems spanning hundreds of servers (e.g.,
databases, caches, mobile applications, and web services). Lastly, we
identified 5446 exploitable domains spanning 231 eTLDs-including 105 in the top
10,000 and 23 in the top 1000 popular domains. Through tenant disclosures we
have identified several root causes, including (a) a lack of organizational
controls, (b) poor service hygiene, and (c) failure to follow best practices.
We conclude with a discussion of the space of possible mitigations and describe
the mitigations to be deployed by Amazon in response to this study
EIPSIM: Modeling Secure IP Address Allocation at Cloud Scale
Public clouds provide impressive capability through resource sharing.
However, recent works have shown that the reuse of IP addresses can allow
adversaries to exploit the latent configurations left by previous tenants. In
this work, we perform a comprehensive analysis of the effect of cloud IP
address allocation on exploitation of latent configuration. We first develop a
statistical model of cloud tenant behavior and latent configuration based on
literature and deployed systems. Through these, we analyze IP allocation
policies under existing and novel threat models. Our resulting framework,
EIPSim, simulates our models in representative public cloud scenarios,
evaluating adversarial objectives against pool policies. In response to our
stronger proposed threat model, we also propose IP scan segmentation, an IP
allocation policy that protects the IP pool against adversarial scanning even
when an adversary is not limited by number of cloud tenants. Our evaluation
shows that IP scan segmentation reduces latent configuration exploitability by
97.1% compared to policies proposed in literature and 99.8% compared to those
currently deployed by cloud providers. Finally, we evaluate our statistical
assumptions by analyzing real allocation and configuration data, showing that
results generalize to deployed cloud workloads. In this way, we show that
principled analysis of cloud IP address allocation can lead to substantial
security gains for tenants and their users
Method for evaluating an extended fault tree to analyse the dependability of complex systems: application to a satellite-based railway system
Evaluating dependability of complex systems requires the evolution of the system states over time to be analysed. The problem is to develop modelling approaches that take adequately the evolution of the different operating and failed states of the system components into account. The Fault Tree (FT) is a well- known method that efficiently analyse the failure causes of a system and serves for reliability and availability evaluations. As FT is not adapted to dynamic systems with repairable multi-state compo- nents, extensions of FT (eFT) have been developed. However efficient quantitative evaluation processes of eFT are missing. Petri nets have the advantage of allowing such evaluation but their construction is difficult to manage and their simulation performances are unsatisfactory. Therefore, we propose in this paper a new powerful process to analyse quantitatively eFT. This is based on the use of PN method, which relies on the failed states highlighted by the eFT, combined with a new analytical modelling approach for critical events that depend on time duration. The performances of the new process are demonstrated through a theoretical example of eFT and the practical use of the method is shown on a satellite-based railway system
Application of fuzzy theory for identifying the required availability of an autonomous localization unit in European Train Control System
According to the evolution tendency of the control decision process from a trackside to a train-borne system, various autonomous localization units for railway vehicles were developed. As recommended in railway standards, the design process of each system, here the autonomous localization units (LU), follows the V-model whose first step is to define its availability requirement in order to satisfy the global ETCS system requirements. The classical approach for assigning the subsystem availability is based on the assumption that failure parameters of other units are precisely known. This assumption is too restricted in reality due to the lack of information. In this paper, we propose a new approach that allows taking into account uncertainties in the dependability parameters of the ETCS components for identifying the upper threshold of the LU unavailability to reach ETCS availability requirements. Using fuzzy fault trees, the fuzzy unavailability of the ETCS without the autonomous LU is evaluated. Then, based on its membership function, we assess the satisfaction rate that an advanced ETCS with the autonomous LU can satisfy the ETCS availability target
Securing Cloud File Systems using Shielded Execution
Cloud file systems offer organizations a scalable and reliable file storage
solution. However, cloud file systems have become prime targets for
adversaries, and traditional designs are not equipped to protect organizations
against the myriad of attacks that may be initiated by a malicious cloud
provider, co-tenant, or end-client. Recently proposed designs leveraging
cryptographic techniques and trusted execution environments (TEEs) still force
organizations to make undesirable trade-offs, consequently leading to either
security, functional, or performance limitations. In this paper, we introduce
TFS, a cloud file system that leverages the security capabilities provided by
TEEs to bootstrap new security protocols that meet real-world security,
functional, and performance requirements. Through extensive security and
performance analyses, we show that TFS can ensure stronger security guarantees
while still providing practical utility and performance w.r.t. state-of-the-art
systems; compared to the widely-used NFS, TFS achieves up to 2.1X speedups
across micro-benchmarks and incurs <1X overhead for most macro-benchmark
workloads. TFS demonstrates that organizations need not sacrifice file system
security to embrace the functional and performance advantages of outsourcing
A new analytical approach to evaluate the critical-event probability due to wireless communication errors in train control systems
Wireless communication links tend to be employed more and more in safety-critical railway applications. Their safe use in an advanced train control system (TCS) is an issue that is addressed in this paper by characterizing the TCS service inter- ruption due to communication errors. More precisely, occurrence probabilities of single errors are first discussed. Then, we obtain probabilistic analytical expressions of several temporal conditions that lead to a TCS service interruption, here a train emergency braking (the critical event). The accuracy of this analytical ap- proach is proved when the results are compared with those given by a simulation approach with a Petri net model. Additionally, as the use case related to the “trains’ separation” is considered in this paper, an analytical evaluation process is proposed to discuss the tolerated time margins that can be fixed to limit the critical-event occurrence probability due to the wireless communication errors
- …