发布求助
文献互助 智能选刊 最新文献

Proceedings of the Central European Cybersecurity Conference 2018最新文献

筛选
英文 中文
Privacy improvement model for biometric person recognition in ambient intelligence using perceptual hashing 基于感知哈希的环境智能生物特征人识别隐私改进模型
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277589
Petra Grd, Igor Tomičić, M. Baca
{"title":"Privacy improvement model for biometric person recognition in ambient intelligence using perceptual hashing","authors":"Petra Grd, Igor Tomičić, M. Baca","doi":"10.1145/3277570.3277589","DOIUrl":"https://doi.org/10.1145/3277570.3277589","url":null,"abstract":"In the past two decades ambient intelligence (AmI) has been a focus of research in different fields and from different points of view. It can be defined as an electronic environment consisting of devices capable of recognising people presence and responding in a certain way. The security and privacy in these kind of environments is still a challenge. With employing biometrics for person recognition in ambient intelligence, the devices could distinguish between different people in a non-intrusive way. With this, the privacy issue occurring in ambient intelligence is even more pronounced when combined with biometric recognition. This paper shows a privacy improvement model for biometric person recognition in ambient intelligence using perceptual hashing.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124459652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
One Countermeasure, Multiple Patterns: Countermeasure Variation for Covert Channels 一种对抗,多种模式:隐蔽信道的对抗变化
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277571
S. Wendzel, Daniela Eller, W. Mazurczyk
{"title":"One Countermeasure, Multiple Patterns: Countermeasure Variation for Covert Channels","authors":"S. Wendzel, Daniela Eller, W. Mazurczyk","doi":"10.1145/3277570.3277571","DOIUrl":"https://doi.org/10.1145/3277570.3277571","url":null,"abstract":"Network covert channels enable stealthy communications for malware and data exfiltration. For this reason, the development of effective countermeasures for covert channels is important for the protection of individuals and organizations. However, due to the number of available covert channel techniques, it can be considered impractical to develop countermeasures for all existing covert channels. In recent years, researchers started to develop countermeasures that (instead of only countering one particular hiding technique) can be applied to a whole family of similar hiding techniques. These families are referred to as hiding patterns. The main contribution of this paper is that we extend the idea of hiding patterns by introducing the concept of countermeasure variation. Countermeasure variation is the slight modification of a given countermeasure that was designed to detect covert channels of one specific hiding pattern so that the countermeasure can also detect covert channels that are representing other hiding patterns. We exemplify countermeasure variation using the compressibility score originally presented by Cabuk et al. The compressibility score is used to detect covert channels of the 'inter-packet times' pattern and we show that countermeasure variation allows the application of the compressibility score to detect covert channels of the 'size modulation' pattern, too.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125022301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Application Detection in Anonymous Communication Networks 匿名通信网络中的应用检测
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277583
Mohammad Hajian Berenjestanaki, M. Akhaee
{"title":"Application Detection in Anonymous Communication Networks","authors":"Mohammad Hajian Berenjestanaki, M. Akhaee","doi":"10.1145/3277570.3277583","DOIUrl":"https://doi.org/10.1145/3277570.3277583","url":null,"abstract":"Considering the wide application of network communication in the past two decades and the need to protect users' privacy, tools have been developed to make the users' activity unobservable. However, some organizations prevent access to these tools and greatly improved their technical capabilities. To be continuously available for users, these tools must be unobservable to censorship organizations. Considering the importance of unobservability of anonymity tools, this study shows three anonymity tools, including TOR, UltraSurf, and ScrambleSuit, have weaknesses against data flow analysis by designing a supervised classification system. This system works based on machine learning and traffic classification techniques considering a set of features and the correlation between data flows of each application. In the first step, it classifies data flows through a set of extracted statistical features including packet number, size, time interval, etc. Then, the pattern of sessions are evaluated to identify anonymity tools with a higher certainty. Considering the complexities involved in each tool, the obtained results are acceptable implying that the proposed system can be extended to identify other applications.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122257731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Do ut des: Disseminating online child sexual abuse material for investigative purposes? 你是否认为:为了调查目的而在网上传播儿童性虐待材料?
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277585
Sabine K. Witting
{"title":"Do ut des: Disseminating online child sexual abuse material for investigative purposes?","authors":"Sabine K. Witting","doi":"10.1145/3277570.3277585","DOIUrl":"https://doi.org/10.1145/3277570.3277585","url":null,"abstract":"The infiltration of child sexual abuse fora on the dark web is a key investigation strategy in combating online child sexual abuse worldwide, aiming to identify perpetrators and rescue children from ongoing abuse and exploitation. The dissemination of child sexual abuse material is hereby the currency required to gain access to these fora. As the dissemination of such material constitutes a criminal offence, police are prohibited from engaging in such interventions in most countries. Germany is currently discussing whether police should be legally authorised to disseminate child sexual abuse material in such cases. Even though this contributes to the continuous traumatisation of the depicted child, police might eventually be able to save more children from abuse and exploitation. Whether and under which circumstances such interventions 'for the greater good' justify the damage caused to the depicted child, and whether such interventions can be brought in line with the rule of law, is discussed in this article.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"42 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124113643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Improving Lawful Interception in Virtual Datacenters 改进虚拟数据中心的合法拦截
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277578
Daniel Spiekermann, J. Keller, Tobias Eggendorfer
{"title":"Improving Lawful Interception in Virtual Datacenters","authors":"Daniel Spiekermann, J. Keller, Tobias Eggendorfer","doi":"10.1145/3277570.3277578","DOIUrl":"https://doi.org/10.1145/3277570.3277578","url":null,"abstract":"The rise of cloud computing led to the need for highly flexible and dynamic infrastructures, which are able to handle a variety of different applications, the accruing big data and the requests of various customers simultaneously. By the use of virtualization modern datacenters provide an environment for cloud computing infrastructures. In these environments hundreds of thousands of physical servers host hundreds of thousands of virtual machines. This huge number of involved systems as well as additional virtual layer inside these environments impede lawful interceptions and network forensic investigations, which are performed to wiretap a suspicious system. Without any constraints, all phases of a network forensic investigation are faced with arising challenges like access and packet capture of virtual network interface cards, record the captured packets on hardware devices or the subsequent analysis of encapsulated network packets. Due to the huge number of relevant systems, the investigation gets inflexible and slow, which prevents a valid and usable wiretapping of a suspicious system. In this paper we propose an improvement of the packet capture process, which in turn enhances the recording and the subsequent analysis of the lawful interception. By reducing the number of relevant physical servers the number of involved hosting servers is decreased. In combination with further information of the virtual environment an enhanced process is possible, which ensures a valid lawful interception of the relevant network traffic.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130516168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Towards unambiguous IT risk definition 朝着明确的IT风险定义迈进
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277586
Maksim Goman
{"title":"Towards unambiguous IT risk definition","authors":"Maksim Goman","doi":"10.1145/3277570.3277586","DOIUrl":"https://doi.org/10.1145/3277570.3277586","url":null,"abstract":"The paper addresses the fundamental methodological problem of risk analysis and control in information technology (IT) -- the definition of risk as a subject of interest. Based on analysis of many risk concepts, we provide a consistent definition that describes the phenomenon. The proposed terminology is sound in terms of system analysis principles and applicable to practical use in risk assessment and control. Implication to risk assessment methods were summarized.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"471 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122788963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A Framework for a Forensically Sound Harvesting the Dark Web 一个从暗网收集法医声音的框架
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277584
O. Popov, J. Bergman, Christian Valassi
{"title":"A Framework for a Forensically Sound Harvesting the Dark Web","authors":"O. Popov, J. Bergman, Christian Valassi","doi":"10.1145/3277570.3277584","DOIUrl":"https://doi.org/10.1145/3277570.3277584","url":null,"abstract":"The generative and transformative nature of the Internet which has become a synonym for the infrastructure of the contemporary digital society, is also a place where there are unsavoury and illegal activities such as fraud, human trafficking, exchange of control substances, arms smuggling, extremism, and terrorism. The legitimate concerns such as anonymity and privacy are used for proliferation of nefarious deeds in parts of the Internet termed as a deep web and a dark web. The cryptographic and anonymity mechanisms employed by the dark web miscreants create serious problems for the law enforcement agencies and other legal institutions to monitor, control, investigate, prosecute, and prevent the range of criminal events which should not be part of the Internet, and the human society in general. The paper describes the research on developing a framework for identifying, collecting, analysing, and reporting information from the dark web in a forensically sound manner. The framework should provide the fundamentals for creating a real-life system that could be used as a tool by law enforcement institutions, digital forensics researchers and practitioners to explore and study illicit actions and their consequences on the dark web. The design science paradigms is used to develop the framework, while international security and forensic experts are behind the ex-ante evaluation of the basic components and their functionality, the architecture, and the organization of the system. Finally, we discuss the future work concerning the implementation of the framework along with the inducement of some intelligent modules that should empower the tool with adaptability, effectiveness, and efficiency.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123458878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
An Ontology Capturing the Interdependence of the General Data Protection Regulation (GDPR) and Information Security 捕获通用数据保护法规(GDPR)和信息安全相互依存关系的本体
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277590
Melisa Geko, S. Tjoa
{"title":"An Ontology Capturing the Interdependence of the General Data Protection Regulation (GDPR) and Information Security","authors":"Melisa Geko, S. Tjoa","doi":"10.1145/3277570.3277590","DOIUrl":"https://doi.org/10.1145/3277570.3277590","url":null,"abstract":"High returns for processing personal data and low penalties for privacy violations led to the circumstance that protection of privacy was often not considered a priority. To counter this habit and to harmonize data protection laws throughout the European Union, the EU-Commission has adopted the General Data Protection Regulation (GDPR), clarifying data subject rights and ensuring an appropriate level of privacy protection. Through high penalties for non-compliance (i.e. up to 2% - 4% of the annual worldwide turnover), GDPR was able to put high pressure on organizations to comply with the requirements. However, studies have shown that organizations are often overwhelmed by the actual requirements. In this paper, we therefore aim to support organization to understand this complex topic by providing an ontology-based data protection knowledge base, which highlights the interdependency of GDPR and information security.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125232320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
A Testbed for Performing Security Experiments with Software-Defined Industrial Control Systems 软件定义工业控制系统安全实验的试验台
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277576
Z. Szántó, Hunor Sándor, B. Genge
{"title":"A Testbed for Performing Security Experiments with Software-Defined Industrial Control Systems","authors":"Z. Szántó, Hunor Sándor, B. Genge","doi":"10.1145/3277570.3277576","DOIUrl":"https://doi.org/10.1145/3277570.3277576","url":null,"abstract":"Stimulated by the recent progress and the integration of technological solutions from the field of traditional IP networks, Industry 4.0 is known as the new industrial revolution, which can fundamentally reshape the functioning of our modern society. Nevertheless, this technological revolution also raises new challenges pertaining to the security design and maintenance of industrial installations. To this end, emerging paradigms such as Software-Defined Networks (SDN) demonstrated to represent a promising candidate and a key enabler for closing the loop between detection of cyber attacks and the mitigation strategies provisioned into Industrial Control Systems (ICS). However, the development and testing of SDN-enabled security solutions for ICS in production environments can threaten the operation of mission-critical services. To address these issues, this work documents the development of a testbed for performing security experiments with SDN-enabled ICS. The testbed supports custom test scenarios, including the recreation of large-scale industrial SDN-based infrastructures, traffic generators, as well as, tools for monitoring and analyzing the generated data. It leverages the Mininet network emulation tool and the POX SDN controller. An extensive case study demonstrates the applicability of the testbed.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130705493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Aligning Business Process Access Control Policies with Enterprise Architecture 将业务流程访问控制策略与企业架构保持一致
Proceedings of the Central European Cybersecurity Conference 2018 Pub Date : 2018-11-15 DOI: 10.1145/3277570.3277588
R. Pilipchuk, Stephan Seifermann, R. Heinrich
{"title":"Aligning Business Process Access Control Policies with Enterprise Architecture","authors":"R. Pilipchuk, Stephan Seifermann, R. Heinrich","doi":"10.1145/3277570.3277588","DOIUrl":"https://doi.org/10.1145/3277570.3277588","url":null,"abstract":"Access control policies are a fundamental building block in meeting security and privacy requirements in organizations across business processes, enterprise architectures, and software architectures. Usage of different models for business processes and software makes eliciting and enforcing access control policies hard. Approaches like enterprise architecture management target complex mutual interdependencies between business and IT models but can be hard to apply. We suggest an approach to derive access control requirements from business processes and test compliance of software designs by data flow analyses. As a result, business processes and software designs are aligned w.r.t. access control requirements.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128145766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信