发布求助
文献互助 智能选刊 最新文献

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)最新文献

筛选
英文 中文
Position Paper: The role of law in achieving privacy and security measures in smart buildings from the GDPR context 立场文件:从GDPR的背景下,法律在实现智能建筑隐私和安全措施中的作用
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00073
Natalie Leesakul, C. Morisset
{"title":"Position Paper: The role of law in achieving privacy and security measures in smart buildings from the GDPR context","authors":"Natalie Leesakul, C. Morisset","doi":"10.1109/EuroSPW59978.2023.00073","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00073","url":null,"abstract":"Background.Smart buildings are gaining more awareness and becoming adaptive to building occupant preferences, enabling by personal data processing given the implementation of sensors and pervasive computing. Although these technologies may provide great benefits, they can equally threaten the privacy of building occupants and raise data security concerns.Aim. The complexity of smart buildings poses difficulties when applying the General Data Protection Regulations (GDPR) in addressing the aforementioned concerns. This paper unpacks the specific ambiguities that make applying the GDPR in this context challenging and identify the key requirements for data controllers in managing data privacy. Methods. This paper takes on a doctrinal approach to research by drawing upon legal sources and existing scholarship in related fields, in particular, legal privacy scholars. Results. The pressing compliance problems stem from the debate on what is considered as 'personal data' in smart buildings in which dictates the compliance requirements, in particular, data protection impact assessments (DPIAs). We identify three facets that smart building controllers should focus on in complying with the GDPR: establishing personal data, identifying individual rights, and determining a high risk to the rights and freedom of natural persons. Conclusions. The law can help prevent harms and ensure that individual rights are protected in smart buildings. To achieve this, understanding the compliance pain points of smart environment in order to strike the balance between the privacy of the occupants and the benefits of smart buildings is crucial. This is a call for further empirical and interdisciplinary research to effectively address the issues surrounding smart environment compliance challenges.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128179135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting and Analyzing Mouse Tracking in the Wild 野外老鼠追踪的检测与分析
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00061
Marcel Urpí-Bricollé, Ismael Castell-Uroz, P. Barlet-Ros
{"title":"Detecting and Analyzing Mouse Tracking in the Wild","authors":"Marcel Urpí-Bricollé, Ismael Castell-Uroz, P. Barlet-Ros","doi":"10.1109/EuroSPW59978.2023.00061","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00061","url":null,"abstract":"Nowadays, most websites collect personal information about their users in order to identify them and personalize their services. Among the tools used to that end, fingerprinting is one of the most advanced and precise methods, given the huge amount of features they can collect and combine to build a robust identifier of the user. Although many fingerprinting techniques have recently been studied in the literature, the use and prevalence of mouse tracking, a method that collects information about the computer pointer, is still unexplored in detail. In this work, we propose a new methodology to detect this tracking method and measure its actual usage on the top 80,000 most popular websites. Our results show that about 1.2% of the analyzed websites use some sort of mouse tracking, including some popular websites within the top-1k ranking.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131529868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Hexanonymity: a scalable geo-positioned data clustering algorithm for anonymisation purposes Hexanonymity:用于匿名目的的可扩展地理定位数据聚类算法
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00050
Javier Rodriguez-Viñas, Ines Ortega-Fernandez, Eva Sotos Martínez
{"title":"Hexanonymity: a scalable geo-positioned data clustering algorithm for anonymisation purposes","authors":"Javier Rodriguez-Viñas, Ines Ortega-Fernandez, Eva Sotos Martínez","doi":"10.1109/EuroSPW59978.2023.00050","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00050","url":null,"abstract":"Advances in sensors, trackers and positioning systems had led to the emergence of multiple locationbased services (LBS), resulting in multiple devices and users reporting their precise position and raising many privacy concerns. Anonymisation of geo-positioned data can provide a high level of privacy to the end users, but usually at the cost of introducing high levels of information loss on the location reported to the LBS. This paper presents Hexanonymity, a new algorithm for the anonymisation of geo-positioned data which introduces a limited amount of information loss while providing k-anonymity. Hexanonymity leverages the Uber H3 geo-indexing system, which subdivides the earth into hexagonal meshes. We take advantage of a property of hexagon meshes, where for any of them, the distance from its centre to the centre of the six surrounding hexagons is always the same. This property allows the algorithm to generate high-quality clusters of geo-positioned data points, introducing a limited information loss. This new algorithm improves the current state-of-the-art in terms of the quality of the anonymised data points while providing a similar level of privacy, with a percentage of anonymised locations reduced by only 0.503% when compared to Adaptive Interval Cloaking. Hexanonymity leverages geo-indexing systems to offer a scalable approach to the anonymisation of geo-positioned data in linear time, suitable for big data and real-time scenarios.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123706367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Unified Communication: What do Digital Activists need? 统一通信:数字活动家需要什么?
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00021
T. Reisinger, Isabel Wagner, E. Boiten
{"title":"Unified Communication: What do Digital Activists need?","authors":"T. Reisinger, Isabel Wagner, E. Boiten","doi":"10.1109/EuroSPW59978.2023.00021","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00021","url":null,"abstract":"Digital activists use tools and platforms such as Facebook, WhatsApp, and Twitter to organize networked protest. However, these tools appear to lack the necessary features to establish secure and private communication, particularly regarding anonymity and encryption, which could put activists and others at risk of persecution. However, it is not clear which security and privacy features are actually required from the activists’, rather than the academic, point of view. In this paper, we use semi-structured interviews to collect and analyze the specific requirements for functionality, security, and privacy of Unified Communication (UC) (i.e., audio/video conferencing + instant messaging). We compare these requirements with features provided by common UC platforms and derive critical technical requirements and guidelines for sociotechnical aspects which need further research.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"179 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124744038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Digital Drift and the Evolution of a Large Cybercrime Forum 数字漂移和大型网络犯罪论坛的演变
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00026
Jack Hughes, Alice Hutchings
{"title":"Digital Drift and the Evolution of a Large Cybercrime Forum","authors":"Jack Hughes, Alice Hutchings","doi":"10.1109/EuroSPW59978.2023.00026","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00026","url":null,"abstract":"Cybercrime forum datasets are large and complex. Prior research uses aggregated time series data to create a picture of the whole dataset, or focuses on a smaller sample of cross sectional data, often for a specific subcommunity or crime time. This paper uses the longitudinal time series aspect of cybercrime forums to measure and observe the evolution of forums at a macro scale. Applying the digital drift theoretical framework, borrowed from criminology, we find a large amount of churn on the forum, with only a small proportion of users continuing long-term engagement. Measurements show a continual shift in forum activity, with yearbased cohorts moving from starting in hacking discussions, towards starting in general discussions, and later towards e-whoring boards. The group of members who are active on the forum for over 12 months, typically have their last post in the marketplace, while other members, who are active for shorter periods of time, have their last post in hacking-related boards. Overall, we see an increasing trend towards financially-driven cybercrime, at both the user and forum level. Users post more in financially-related boards over time, and forum activity has trended away from gaming/social activity, trending towards more activity in market-related boards.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122163131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Honey Infiltrator: Injecting Honeytoken Using Netfilter 蜂蜜渗透者:使用Netfilter注入蜂蜜令牌
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00057
Daniel Reti, Tillmann Angeli, H. Schotten
{"title":"Honey Infiltrator: Injecting Honeytoken Using Netfilter","authors":"Daniel Reti, Tillmann Angeli, H. Schotten","doi":"10.1109/EuroSPW59978.2023.00057","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00057","url":null,"abstract":"Deception based cyber security is already well-established in form of honeypots, honeytoken and moving target defense. With these techniques, attacks can be detected, slowed down or prevented. Many techniques to deploy such deception measures have been researched. In this paper, a novel technique is proposed, where honeytoken are deployed in application traffic through a layer 2 network bridge. This way its functions similarly to a reverse-proxy, but is ’invisible’ in the sense that it does not need its own network address. This makes the installation and integration easier, and does not require any alteration of existing systems in the network. This functionality is made possible by the use of various modifications to the iptables firewall on the network bridge and libnetfilter queue and Scapy for capturing packets and passing them to the user space for processing. In this work a proof of concept implementation for injecting decoy web pages into TCP traffic is presented. Thereby it is shown that both simple and complex modifications or inventions of TCP packets on the network bridge are possible. Existing packets can be modified, for example by adding a HTML comment to the response of a requested HTML webpage, and decoy HTML pages can be created.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126967346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Work in Progress: A Glance at Social Media Self-Censorship in North America 进展中的工作:北美社交媒体自我审查的一瞥
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00072
Wei Hu, Diogo Barradas
{"title":"Work in Progress: A Glance at Social Media Self-Censorship in North America","authors":"Wei Hu, Diogo Barradas","doi":"10.1109/EuroSPW59978.2023.00072","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00072","url":null,"abstract":"There is a growing trend of social backlash and ostracism for thoughts and opinions shared online. Coupled with the rise of strict content moderation or digital nudges discouraging unpopular opinions, this trend calls into question whether users feel comfortable expressing their views freely on social media. Self-censorship can be defined as the “act of intentionally and voluntarily withholding information from others in the absence of formal obstacles” [4].In this work, we sought to understand the self-censorship behavior of Canadian and United States social media users through an online survey. Our analysis suggests that users’ exhibit different degrees of concern when posting controversial content, and that these differences can be explained by demographic, psychometric and political orientation factors. Our results also suggest that there seems to be a consensus on the type of content that is more prone to be self-censored.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129898465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
D-GATE: Decentralized Geolocation and Time Enforcement for Usage Control D-GATE:用于使用控制的分散地理位置和时间执行
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00049
Hendrik Meyer zum Felde, Jean-Luc Reding, Michael Lux
{"title":"D-GATE: Decentralized Geolocation and Time Enforcement for Usage Control","authors":"Hendrik Meyer zum Felde, Jean-Luc Reding, Michael Lux","doi":"10.1109/EuroSPW59978.2023.00049","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00049","url":null,"abstract":"In the context of cloud environments, data providers entrust their data to data consumers in order to allow further computing on their own IT infrastructure. Usage control measures allow the data provider to restrict the usage of its data even on the data consumer’s system. Two of these restrictions can be the geographic location and time limitations. Current solutions that could be used to enforce such constraints can be easily manipulated. These include solutions based on the system time, organizational agreements, GPS-based techniques or simple delay measurements to derive the distance to known reference servers. With D-GATE, we propose a reliable solution that uses trusted execution environments and relies on a decentralized mesh of reference nodes, so-called GeoClients. Here, participants periodically measure the lowest network delay to each other to geolocate themselves. For data providers, it is thus possible to technically attest usage control with time and geolocation constraints without depending on centralized reference systems.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"161 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134336526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Work in Progress: Thwarting Timing Attacks in Microcontrollers using Fine-grained Hardware Protections 正在进行的工作:使用细粒度硬件保护阻止微控制器中的定时攻击
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00038
Nicolas Gaudin, Jean-Loup Hatchikian-Houdot, Frédéric Besson, Pascal Cotret, G. Gogniat, Guillaume Hiet, Vianney Lapôtre, Pierre Wilke
{"title":"Work in Progress: Thwarting Timing Attacks in Microcontrollers using Fine-grained Hardware Protections","authors":"Nicolas Gaudin, Jean-Loup Hatchikian-Houdot, Frédéric Besson, Pascal Cotret, G. Gogniat, Guillaume Hiet, Vianney Lapôtre, Pierre Wilke","doi":"10.1109/EuroSPW59978.2023.00038","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00038","url":null,"abstract":"Timing side-channels are an identified threat for security critical software. Existing countermeasures have a cost either on the hardware requirements or execution time. We focus on low-cost microcontrollers that have a very low computational capacity. Although these processors do not feature out-of-order execution or speculation, they remain vulnerable to timing attacks exploiting the varying latencies of ALU operations or memory accesses.We propose to augment the RISC-V ISA with security primitives that have a guaranteed timing behavior. These primitives allow constant time ALU operations and memory accesses that do not alter the state of the cache. Our approach has a low overhead in terms of hardware cost, binary code size, and execution time both for the constant time secure program and other programs running concurrently on the same hardware.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"177 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133835940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Masking Location Streams in the Presence of Colluding Service Providers 屏蔽存在串通服务提供商的位置流
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI: 10.1109/EuroSPW59978.2023.00051
Toon Dehaene, M. Willocx, B. Lagaisse, Vincent Naessens
{"title":"Masking Location Streams in the Presence of Colluding Service Providers","authors":"Toon Dehaene, M. Willocx, B. Lagaisse, Vincent Naessens","doi":"10.1109/EuroSPW59978.2023.00051","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00051","url":null,"abstract":"Many service providers rely on location data or streams to offer personalized services. However, reckless release of location streams can have serious privacy implications, especially with respect to sensitive zones, paths and time intervals. Unfortunately, current approaches by mobile platform providers to enhance privacy expose major shortcomings, especially with respect to releasing location information of frequently visited areas and in the presence of colluding service providers that are willing to combine local knowledge to retrieve more accurate information.This paper presents a practical approach to obfuscate location streams in the presence of the aforementioned challenges. Our solution combines multiple technologies and is validated through the development of a novel privacy-friendly location service in Android. It aims to realize a reasonable trade-off between privacy and utility concerns respectively raised by end-users and service providers. Thereby, sensitive locations, zones, paths, timestamps, and time intervals are highly configurable.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124906416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信