发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2021 New Security Paradigms Workshop最新文献

筛选
英文 中文
COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal Designs COLBAC:将网络安全从层次设计转变为水平设计
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3498903
Kevin Gallagher, Santiago Torres-Arias, N. Memon, J. Feldman
{"title":"COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal Designs","authors":"Kevin Gallagher, Santiago Torres-Arias, N. Memon, J. Feldman","doi":"10.1145/3498891.3498903","DOIUrl":"https://doi.org/10.1145/3498891.3498903","url":null,"abstract":"Cybersecurity suffers from an oversaturation of centralized, hierarchical systems and a lack of exploration in the area of horizontal security, or security techniques and technologies which utilize democratic participation for security decision-making. Because of this, many horizontally governed organizations such as activist groups, worker cooperatives, trade unions, not-for-profit associations, and others are not represented in current cybersecurity solutions, and are forced to adopt hierarchical solutions to cybersecurity problems. This causes power dynamic mismatches that lead to cybersecurity and organizational operations failures. In this work we introduce COLBAC, a collective based access control system aimed at addressing this lack. COLBAC uses democratically authorized capability tokens to express access control policies. It allows for a flexible and dynamic degree of horizontality to meet the needs of different horizontally governed organizations. After introducing COLBAC, we finish with a discussion on future work needed to realize more horizontal security techniques, tools, and technologies.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123344344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
The tragedy of common bandwidth: rDDoS 公共带宽的悲剧:rDDoS
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3500928
Arturs Lavrenovs, É. Leverett, Aaron L. Kaplan
{"title":"The tragedy of common bandwidth: rDDoS","authors":"Arturs Lavrenovs, É. Leverett, Aaron L. Kaplan","doi":"10.1145/3498891.3500928","DOIUrl":"https://doi.org/10.1145/3498891.3500928","url":null,"abstract":"Reflected distributed denial of service (rDDoS) policy interventions often focus on reflector count reductions. Current rDDoS metrics (max DDoS witnessed) favour commercial responses, but don’t frame this as a problem of the commons. This results in non-objective, and non-independent discussion of policy interventions, and holds back discussion of any public health style interventions that aren’t commercially motivated. In this paper, we explore multiple questions when it comes to measuring the potential for rDDoS attacks (i.e. how large could a rDDoS attack become?). We also raise some new questions. The paper builds on top of our previous research [6]. Whereas [7] was motivated by understanding properties of the individual rDDoS reflectors, in the current paper we present evidence that chasing high bandwidth reflectors is far more impact-ful in rDDoS harm reduction. If the internet is a commons, then high bandwidth reflectors contribute the most to a tragedy of the commons (see Figure 1). We examine and compare reflector counts, contribution estimation, and empirical contribution verification as methodologies. We also extend previous works on the topic to provide ASN level metrics, and show that the top 5 ASNs contribute between 30-70 percent of the problem depending on the protocol examined. This finding alone, motivates much easier and cheaper layered policy interventions which we discuss within the paper. The motivation of our research is also given by the surprisingly strong increase of actual (r)DDoS attacks as shown by [30]. Given this increase, our aim is to trigger policy change1 when it comes to cleaning up reflectors. Our main contribution in this paper is to show that policy should focus on the high bandwidth reflectors and some top ASNs reduce rDDoS’s potential.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"104 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126128331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Change that Respects Business Expertise: Stories as Prompts for a Conversation about Organisation Security 尊重业务专长的变革:组织安全对话的故事提示
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3498895
S. Parkin, Simon Arnell, Jeremy Ward
{"title":"Change that Respects Business Expertise: Stories as Prompts for a Conversation about Organisation Security","authors":"S. Parkin, Simon Arnell, Jeremy Ward","doi":"10.1145/3498891.3498895","DOIUrl":"https://doi.org/10.1145/3498891.3498895","url":null,"abstract":"Leaders of organisations must make investment decisions relating to the security of their organisation. This often happens through consultation with a security specialist. Consultations may be regarded as conversations taking place in a trading zone between the two domains. We propose that supporting the trading zone is a route to sustainable, workable security change improvements. Prompts for such improvements are already in place, in the security stories that reach business leaders through news media, or anecdotes from trusted peers. However, a shift in perspective is needed to view these stories and anecdotes as prompts for individual decision makers to enter into the trading zone with security specialists. We illustrate how to facilitate this shift by recasting security ontology tools, previously centred around security-specific expertise, as a support device to enrich conversations between business expertise and security advice toward finding workable security choices. We frame our proposal within a broader view of community transformation, exploring the important principle of identifying practical opportunities to inform discussions about security solutions that are appropriate in the business context. Community-level discussions have potential to lead to more lasting, effective improvements than those instigated by one-way interventions from security specialists. We extend the view, applying the paradigm to articulate the importance of two-way conversations between business peers and security specialists.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124477332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Shame in Cyber Security: Effective Behavior Modification Tool or Counterproductive Foil? 网络安全中的羞耻感:有效的行为矫正工具还是适得其反的陪衬?
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3498896
K. Renaud, R. Searle, M. Dupuis
{"title":"Shame in Cyber Security: Effective Behavior Modification Tool or Counterproductive Foil?","authors":"K. Renaud, R. Searle, M. Dupuis","doi":"10.1145/3498891.3498896","DOIUrl":"https://doi.org/10.1145/3498891.3498896","url":null,"abstract":"Organizations often respond to cyber security breaches by blaming and shaming the employees who were involved. There is an intuitive natural justice to using such strategies in the belief that the need to avoid repeated shaming occurrences will encourage them to exercise more care. However, psychology highlights significant short- and long-term impacts and harmful consequences of felt shame. To explore and investigate this in the cyber domain, we asked those who had inadvertently triggered an adverse cyber security incident to tell us about their responses and to recount the emotions they experienced when this occurred. We also examined the impact of the organization’s management of the incident on the “culprit’s” future behaviors and attitudes. We discovered that those who had caused a cyber security incident often felt guilt and shame, and their employers’ responses either exacerbated or ameliorated these negative emotions. In the case of the former, there were enduring unfavorable consequences, both in terms of employee well-being and damaged relationships. We conclude with a set of recommendations for employers, in terms of responding to adverse cyber security incidents. The aim is to ensure that negative emotions, such as shame, do not make the incident much more damaging than it needs to be.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130851157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
VoxPop: An Experimental Social Media Platform for Calibrated (Mis)information Discourse VoxPop:一个校准(Mis)信息话语的实验性社交媒体平台
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3498893
Filipo Sharevski, Peter Jachim, Emma Pieroni, Nathaniel Jachim
{"title":"VoxPop: An Experimental Social Media Platform for Calibrated (Mis)information Discourse","authors":"Filipo Sharevski, Peter Jachim, Emma Pieroni, Nathaniel Jachim","doi":"10.1145/3498891.3498893","DOIUrl":"https://doi.org/10.1145/3498891.3498893","url":null,"abstract":"VoxPop, shortened for Vox Populi, is an experimental social media platform that neither has an absolute “truth-keeping” mission nor an uncontrolled “free-speaking” vision. Instead, it allows discourses that naturally include (mis)information to contextualize among users with the aid of UX design and data science affordances and frictions. VoxPop introduces calibration metrics, namely a Faithfulness-To-Known-Facts (FTKF) score associated with each post and a Cumulative FTKF (C-FTKF) score associated with each user, appealing to the self-regulated participation using sociocognitive signals. The goal of VoxPop is not to become an ideal platform—that is impossible; rather, to bring to attention an adaptive approach in dealing with (mis)information rooted in social calibration instead of imposing or avoiding altogether punitive moderation.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134379432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
“Taking out the Trash”: Why Security Behavior Change requires Intentional Forgetting “倒垃圾”:为什么安全行为的改变需要有意识的遗忘
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3498902
Jonas Hielscher, A. Kluge, Uta Menges, M. Sasse
{"title":"“Taking out the Trash”: Why Security Behavior Change requires Intentional Forgetting","authors":"Jonas Hielscher, A. Kluge, Uta Menges, M. Sasse","doi":"10.1145/3498891.3498902","DOIUrl":"https://doi.org/10.1145/3498891.3498902","url":null,"abstract":"Security awareness is big business – virtually every organization in the Western world provides some form of awareness or training, mostly bought from external vendors. However, studies and industry reports show that these programs have little to no effect in terms of changing the security behavior of employees. We explain the conditions that enable behavior change, and identify one significant blocker in the implementation phase: not disabling existing (insecure) routines – failure to take out the trash – prevents embedding of new (secure) routines. Organizational Psychology offers the paradigm Intentional Forgetting (IF) and associated tools for replacing old (insecure) behaviors with new (secure) ones by identifying and eliminating different cues (sensoric, routine-based, time and space based as well as situational strength cues) that trigger old behavior. We introduce the underlying theory, examples of successful application in safety contexts, and show how its application leads to effective behavior change by reducing the information that needs to be transmitted to employees, and suppressing obsolete routines.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129221719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Beyond NVD: Cybersecurity meets the Semantic Web. 超越NVD:网络安全遇上语义网。
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3501259
Raúl Aranovich, Katya Katsy, Benyamin Ahmadnia, V. Filkov, K. Sagae
{"title":"Beyond NVD: Cybersecurity meets the Semantic Web.","authors":"Raúl Aranovich, Katya Katsy, Benyamin Ahmadnia, V. Filkov, K. Sagae","doi":"10.1145/3498891.3501259","DOIUrl":"https://doi.org/10.1145/3498891.3501259","url":null,"abstract":"Cybersecurity experts rely on the knowledge stored in databases like the NVD to do their work, but these are not the only sources of information about threats and vulnerabilities. Much of that information flows through social media channels. In this paper we argue that security experts and general users alike can benefit from the technologies of the Semantic Web, merging heterogeneous sources of knowledge in an ontological representation. We present a system that has an ontology of vulnerabilities at its core, but that is enhanced with NLP tools to identify cybersecurity-related information in social media and to launch queries over heterogeneous data sources. The transformative power of Semantic Web technologies for cybersecurity, which has been proven in the biomedical field, is evaluated and discussed.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"160 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133976731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Blessed Are The Lawyers, For They Shall Inherit Cybersecurity 律师有福了,因为他们将继承网络安全
Proceedings of the 2021 New Security Paradigms Workshop Pub Date : 2021-10-25 DOI: 10.1145/3498891.3501257
Daniel W. Woods, Aaron Ceross
{"title":"Blessed Are The Lawyers, For They Shall Inherit Cybersecurity","authors":"Daniel W. Woods, Aaron Ceross","doi":"10.1145/3498891.3501257","DOIUrl":"https://doi.org/10.1145/3498891.3501257","url":null,"abstract":"This paper considers which types of evidence guide cybersecurity decisions. We argue that the “InfoSec belongs to the quants” paradigm will not be realised despite its normative appeal. In terms of progress to date, we find few empirical results that can guide risk mitigation decisions. We suggest the knowledge base about quantitative cybersecurity is continually eroded by increasing complexity, technological flux, and strategic adversaries. Given these secular forces will not abate any time soon, we argue that legal reasoning will increasingly influence cybersecurity decisions relative to technical and quantitative reasoning. The law as a system of social control bristles with ambiguity and so legal mechanisms exist to resolve uncertainties over time. Actors with greater claims to authority over this knowledge base, predominantly lawyers, will accrue decision making power within organisations. We speculate about the downstream impacts of lawyers inheriting cybersecurity, and also sketch the limits of the paradigm’s explanatory power.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114216666","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信