No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone

It is generally recognized that the traffic generated by an individual connected to a network acts as his biometric signature. Several tools exploit this fact to fingerprint and monitor users. Often, though, these tools assume to access the entire traffic, including IP addresses and payloads. This is not feasible on the grounds that both performance and privacy would be negatively affected. In reality, most ISPs convert user traffic into NetFlow records for a concise representation that does not include, for instance, any payloads. More importantly, large and distributed networks are usually NAT'd, thus a few IP addresses may be associated to thousands of users. We devised a new fingerprinting framework that overcomes these hurdles. Our system is able to analyze a huge amount of network traffic represented as NetFlows, with the intent to track people. It does so by accurately inferring when users are connected to the network and which IP addresses they are using, even though thousands of users are hidden behind NAT. Our prototype implementation was deployed and tested within an existing large metropolitan WiFi network serving about 200,000 users, with an average load of more than 1,000 users simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned out to be very effective, with an accuracy greater than 90%. We also devised new tools and refined existing ones that may be applied to other contexts related to NetFlow analysis

STIXnet: A Novel and Modular Solution for Extracting All STIX Objects in CTI Reports

The automatic extraction of information from Cyber Threat Intelligence (CTI) reports is crucial in risk management. The increased frequency of the publications of these reports has led researchers to develop new systems for automatically recovering different types of entities and relations from textual data. Most state-of-the-art models leverage Natural Language Processing (NLP) techniques, which perform greatly in extracting a few types of entities at a time but cannot detect heterogeneous data or their relations. Furthermore, several paradigms, such as STIX, have become de facto standards in the CTI community and dictate a formal categorization of different entities and relations to enable organizations to share data consistently. This paper presents STIXnet, the first solution for the automated extraction of all STIX entities and relationships in CTI reports. Through the use of NLP techniques and an interactive Knowledge Base (KB) of entities, our approach obtains F1 scores comparable to state-of-the-art models for entity extraction (0.916) and relation extraction (0.724) while considering significantly more types of entities and relations. Moreover, STIXnet constitutes a modular and extensible framework that manages and coordinates different modules to merge their contributions uniquely and exhaustively. With our approach, researchers and organizations can extend their Information Extraction (IE) capabilities by integrating the efforts of several techniques without needing to develop new tools from scratch.Comment: 11 pages, 3 figure

Evaluating the Risk of Adopting RBAC Roles

Abstract. We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are operating. By focusing on such users and permissions during the role definition process, it is possible to mitigate the risk of unauthorized accesses and role misuse

A probabilistic bound on the basic role mining problem and its applications

Abstract The aim of this paper is to describe a new probabilistic approach to the role engineering process for RBAC. We address the issue of minimizing the number of roles, problem known in literature as the Basic Role Mining Problem (basicRMP). We leverage the equivalence of the above issue with the vertex coloring problem. Our main result is to prove that the minimum number of roles is sharply concentrated around its expected value. A further contribution is to show how this result can be applied as a stop condition when striving to find out an approximation for the basicRMP. The proposal can be also used to decide whether it is advisable to undertake the efforts to renew a RBAC state. Both these applications can result in a substantial saving of resources. A thorough analysis using advanced probabilistic tools supports our results. Finally, further relevant research directions are highlighted

Role mining over big and noisy data theory and some applications

RBAC (Role-Based Access Control [2]) is a widely adopted access control model. According to this model, roles are created for various job functions within the organization. The permissions required to perform certain operations are assigned to specific roles. System users, in turn, are assigned to appropriate roles based on their responsibilities and qualifications. Through role assignments they acquire the permissions to perform particular system functions. By deploying RBAC systems, organizations obtain several benefits such as simplified access control administration, improved organizational productivity, and security policy enforcement. Companies that plan to use RBAC model are usually large or medium organizations that are currently using other access control models and/or legacy systems. Despite the benefits related to RBAC, it is sometimes hard for these organizations to adopt such a model. Indeed, there is an important issue that needs to be addressed: the model must be customized to capture the needs and functions of the company. For this purpose, the role engineering discipline [21] has been introduced. Various approaches to role engineering have been proposed, which are usually classified as: top-down and bottom-up. The former requires a deep analysis of business processes to identify which access permissions are necessary to carry out specific tasks. The latter seeks to identify de facto roles embedded in existing access control information. Since bottom-up approaches usually resort to data mining techniques, the term role mining is often used as a synonym for bottom-up. This thesis is devoted to role mining techniques, and their applications to large scale datasets. Several works prove that the role mining problem is reducible to many other well-known NP-hard problems, such as binary matrices factorization [56, 72] and tiling database [38] to cite a few. Therefore, most of the existing theoretical approaches cannot be directly applied to large datasets. Indeed, such algorithms have a complexity that is not linear com- pared to the number of users or permissions to analyze [6, 29, 78]. In this thesis, the main drawbacks of traditional role mining tasks that are based on minimality measures are highlighted. Indeed, a minimal set of roles is generally not useful to the system administrators. We point out that in order to provide a good candidate role-set, role mining algorithms have to take into account business information as well. We address the problem of reducing the role mining complexity in RBAC systems by making it practical and usable. The first approach that we propose is to elicit stable candidate roles, by contextually simplifying the role selection task. Furthermore, we introduce two methodologies that can be combined together in order to elicit meaningful roles, while reducing the role mining complexity. The first is a divide et impera strategy that is driven by one or more business attributes. The second methodology, overcomes the main limitation of the divide et impera approach by reducing the problem size without sacrificing on utility and accuracy. The original access control dataset is compressed and then analyzed in order to identify interesting portions, which are then reconstructed. Any existing role mining algorithm can be used to analyze the reconstructed portions—that are orders of magnitude smaller than the original dataset. We point out that to effectively elicit a deployable role-set, role engineers have to handle the noise that is always present within access control datasets. It is important to figure out if there are assignments that have been not granted, but that, if they would be granted, they could help the management of the role set. Also, it is important to figure out if there are permissions that have been accidentally granted, but that could hinder the role management. We introduce two algorithms that are able to find missing and abnormal userpermission assignments. Furthermore, we introduce a fast update operation that quickly re-evaluate the dataset when a modification occurs during the normal life cycle of the roles. Further, we introduce a new approach to the role mining, referred to as visual role mining. It offers a graphical way to effectively navigate the result of any existing role mining algorithm, showing at glance what it would take a lot of data to expound. Moreover, we allow to visually identify meaningful roles within access control data without resorting to traditional role mining tools. Finally, some final remarks as well as future research directions are highlighted

Role mining over big and noisy data theory and some applications

RBAC (Role-Based Access Control [2]) is a widely adopted access control model. According to this model, roles are created for various job functions within the organization. The permissions required to perform certain operations are assigned to specific roles. System users, in turn, are assigned to appropriate roles based on their responsibilities and qualifications. Through role assignments they acquire the permissions to perform particular system functions. By deploying RBAC systems, organizations obtain several benefits such as simplified access control administration, improved organizational productivity, and security policy enforcement. Companies that plan to use RBAC model are usually large or medium organizations that are currently using other access control models and/or legacy systems. Despite the benefits related to RBAC, it is sometimes hard for these organizations to adopt such a model. Indeed, there is an important issue that needs to be addressed: the model must be customized to capture the needs and functions of the company. For this purpose, the role engineering discipline [21] has been introduced. Various approaches to role engineering have been proposed, which are usually classified as: top-down and bottom-up. The former requires a deep analysis of business processes to identify which access permissions are necessary to carry out specific tasks. The latter seeks to identify de facto roles embedded in existing access control information. Since bottom-up approaches usually resort to data mining techniques, the term role mining is often used as a synonym for bottom-up. This thesis is devoted to role mining techniques, and their applications to large scale datasets. Several works prove that the role mining problem is reducible to many other well-known NP-hard problems, such as binary matrices factorization [56, 72] and tiling database [38] to cite a few. Therefore, most of the existing theoretical approaches cannot be directly applied to large datasets. Indeed, such algorithms have a complexity that is not linear com- pared to the number of users or permissions to analyze [6, 29, 78]. In this thesis, the main drawbacks of traditional role mining tasks that are based on minimality measures are highlighted. Indeed, a minimal set of roles is generally not useful to the system administrators. We point out that in order to provide a good candidate role-set, role mining algorithms have to take into account business information as well. We address the problem of reducing the role mining complexity in RBAC systems by making it practical and usable. The first approach that we propose is to elicit stable candidate roles, by contextually simplifying the role selection task. Furthermore, we introduce two methodologies that can be combined together in order to elicit meaningful roles, while reducing the role mining complexity. The first is a divide et impera strategy that is driven by one or more business attributes. The second methodology, overcomes the main limitation of the divide et impera approach by reducing the problem size without sacrificing on utility and accuracy. The original access control dataset is compressed and then analyzed in order to identify interesting portions, which are then reconstructed. Any existing role mining algorithm can be used to analyze the reconstructed portions—that are orders of magnitude smaller than the original dataset. We point out that to effectively elicit a deployable role-set, role engineers have to handle the noise that is always present within access control datasets. It is important to figure out if there are assignments that have been not granted, but that, if they would be granted, they could help the management of the role set. Also, it is important to figure out if there are permissions that have been accidentally granted, but that could hinder the role management. We introduce two algorithms that are able to find missing and abnormal userpermission assignments. Furthermore, we introduce a fast update operation that quickly re-evaluate the dataset when a modification occurs during the normal life cycle of the roles. Further, we introduce a new approach to the role mining, referred to as visual role mining. It offers a graphical way to effectively navigate the result of any existing role mining algorithm, showing at glance what it would take a lot of data to expound. Moreover, we allow to visually identify meaningful roles within access control data without resorting to traditional role mining tools. Finally, some final remarks as well as future research directions are highlighted

Introducing epidemic models for data survivability in Unattended Wireless Sensor Networks

One of the most relevant issues pertaining UWSNis to guarantee a certain level of information survivability,even in presence of a powerful attacker. In this paper, weprovide a preliminary assessment of epidemic-domain inspiredapproaches to model the information survivability in UWSN.In particular, we show that epidemic models can be used to setup the parameters that allow the information to survive, onceestimated the maximal compromising power of the attacker.Further, we point out that the mere application of these modelsis not always the right choice. Indeed, it comes out that thesedeterministic models are not enough accurate, and ?unlikely?events can cause the loss of the datum. Finally, we providesome final comments, as well as promising research directions

Analyzing Android Encrypted Network Traffic to Identify User Actions

Mobile devices can be maliciously exploited to violate the privacy of people. In most attack scenarios, the adversary takes the local or remote control of the mobile device, by leveraging a vulnerability of the system, hence sending back the collected information to some remote web service. In this paper, we consider a different adversary, who does not interact actively with the mobile device, but he is able to eavesdrop the network traffic of the device from the network side (e.g., controlling a Wi-Fi access point). The fact that the network traffic is often encrypted makes the attack even more challenging. In this paper, we investigate to what extent such an external attacker can identify the specific actions that a user is performing on her mobile apps. We design a system that achieves this goal using advanced machine learning techniques. We built a complete implementation of this system, and we also run a thorough set of experiments, which show that our attack can achieve accuracy and precision higher than 95%, for most of the considered actions. We compared our solution with the three state-of-the-art algorithms, and confirming that our system outperforms all these direct competitors

Track me if you can: Transparent obfuscation for Location based Services

Although Location-based Services (LBSs) offer evident advantages to their users, many privacy concerns are sought when user tracking data are shared with the service provider. Existing privacy enhancing solutions (e.g. k-anonymity) usually degrade service precision, and also require the collaboration of the service provider-this latter one not always willing to lose control over the user's location data. In this paper, we propose a solution that is able to obfuscate the user's path to the service provider, while preserving (for the LBS) the capability to compute a few functions-useful for the user-over the obfuscated path. In particular, we provide several contributions: first, we formalize the concept of obfuscation function, and we propose a solution that provides user privacy while allowing users to continue leveraging the services offered by the service provider. Moreover, we formally prove the privacy preserving properties of our approach. Finally, an extensive experimental campaign supports the feasibility of our approach, showing that the proposed solution can be efficiently implemented over mobile device