发布求助
文献互助 智能选刊 最新文献

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)最新文献

筛选
英文 中文
Evaluation of Information Elements in a Cyber Incident Report 网络事件报告中信息要素的评估
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00012
Patrik Lif, Stefan Varga, Mikael Wedlin, David Lindahl, M. Persson
{"title":"Evaluation of Information Elements in a Cyber Incident Report","authors":"Patrik Lif, Stefan Varga, Mikael Wedlin, David Lindahl, M. Persson","doi":"10.1109/EuroSPW51379.2020.00012","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00012","url":null,"abstract":"An analyst’s main task within cyber security is to monitor, analyze, and decide on appropriate remedies for detected attacks. Analysts should ideally produce incident reports for record keeping and traceability, but also for enabling information sharing.This paper investigates which information elements that need to be included in an incident report to support incident management in a time-critical and high mental workload situation. Background information on existing reporting templates were drawn from the literature. Five different templates, a data exchange format, as well as two cyber situational awareness frameworks were analyzed. Then a novel reporting template from the military domain was scrutinized during a live cyber defense exercise.The results show that the information elements in the various existing templates differ, probably due to the different areas of use. The proposed military template was found to be useful to a high degree, even for incident reporting in the civilian sector. The new template can be improved by introducing additional fields, such as, e.g. descriptions of victims, attackers and assessments of attackers’ motives.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"721 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114675522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Defensive Programming for Smart Home Cybersecurity 智能家居网络安全防御编程
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00087
Maria Teresa Rossi, Renan Greca, Ludovico Iovino, G. Giacinto, A. Bertolino
{"title":"Defensive Programming for Smart Home Cybersecurity","authors":"Maria Teresa Rossi, Renan Greca, Ludovico Iovino, G. Giacinto, A. Bertolino","doi":"10.1109/EuroSPW51379.2020.00087","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00087","url":null,"abstract":"Cybersecurity has become a real issue in the development of smart services in the smart home domain, which is formed by a System of Systems where several smart objects are connected to each other and to the Internet. However, these connections expose the devices to possible attackers inside or outside the network, who may exploit software or hardware vulnerabilities to achieve malicious goals. To alleviate this issue, the use of defensive programming assertions can allow the behaviour of smart objects to be monitored and checked for correctness. Furthermore, open source intelligence tools, such as the Shodan search engine, provide features that could be leveraged to detect potential vulnerabilities. In this paper, we propose an approach for the monitoring of Systems of Systems in the smart home domain exploiting the defensive programming paradigm in combination with Shodan APIs.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115071546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Feasibility of Large-Scale Vulnerability Notifications after GDPR GDPR后大规模漏洞通知的可行性
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00078
Wissem Soussi, Maciej Korczyński, S. Maroofi, A. Duda
{"title":"Feasibility of Large-Scale Vulnerability Notifications after GDPR","authors":"Wissem Soussi, Maciej Korczyński, S. Maroofi, A. Duda","doi":"10.1109/EuroSPW51379.2020.00078","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00078","url":null,"abstract":"In this paper, we consider the problem of effective notifications of domain abuse or vulnerabilities to the domain owners, administrators, or webmasters. We have developed a scanner to test whether selected email aliases specified in RFC 2142 are correctly configured and whether notifications can be successfully delivered. We also test the reachability of email addresses collected from the DNS Start of Authority (SOA) records. Based on a measurement campaign of a large number of domains compared to the previous studies (4,602,907 domains), we show that domains are more reachable through SOA contacts. We find that the country-code TLD names are more reachable compared to the new gTLD names. We have also observed that the most used generic email alias is abuse (67.95%). Using regression analysis, we show the relationship between the reachability of email addresses and the fact that names are hosted on large shared platforms or have a significant value. Our results confirm that direct notification channels are currently not scalable, so we propose a scheme that preserves user privacy in compliance with GDPR and supports large-scale vulnerability notifications.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116545685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags 一种评估网络风险的实验方法:基于网络范围和捕获标志的建议
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00016
Giorgio Di Tizio, F. Massacci, Luca Allodi, Stanislav Dashevskyi, J. Mirkovic
{"title":"An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags","authors":"Giorgio Di Tizio, F. Massacci, Luca Allodi, Stanislav Dashevskyi, J. Mirkovic","doi":"10.1109/EuroSPW51379.2020.00016","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00016","url":null,"abstract":"Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122961004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records TXT 101:查找DNS TXT记录长尾中的安全问题
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00080
O. V. D. Toorn, R. V. Rijswijk-Deij, T. Fiebig, Martina Lindorfer, A. Sperotto
{"title":"TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records","authors":"O. V. D. Toorn, R. V. Rijswijk-Deij, T. Fiebig, Martina Lindorfer, A. Sperotto","doi":"10.1109/EuroSPW51379.2020.00080","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00080","url":null,"abstract":"The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to classify over 99.54% of all TXT records in our dataset, finding security issues including accidentally published private keys and exploit delivery attempts. We also report on our lessons learned during our large-scale, systematic analysis of TXT records.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122038092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
User Access Privacy in OAuth 2.0 and OpenID Connect OAuth 2.0和OpenID Connect中的用户访问隐私
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00095
Wanpeng Li, C. Mitchell
{"title":"User Access Privacy in OAuth 2.0 and OpenID Connect","authors":"Wanpeng Li, C. Mitchell","doi":"10.1109/EuroSPW51379.2020.00095","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00095","url":null,"abstract":"Currently widely used federated login (single sign-on) systems, notably those based on OAuth 2.0, offer very little privacy for the user, and as a result the identity provider (e.g. Google or Facebook) can learn a great deal about user web behaviour, in particular which sites they access. This is clearly not desirable for privacy reasons, and in particular for privacy-conscious users who wish to minimise the information about web access behaviour that they reveal to third party organisations. In this paper we give a systematic analysis of the user access privacy properties of OAuth 2.0 and OpenID Connect systems, and in doing so describe how simple it is for an identity provider to track user accesses. We also propose possible ways in which these privacy issues could to some extent be mitigated, although we conclude that to make the protocols truly privacy-respecting requires significant changes to the way in which they operate. In particular, it seems impossible to develop simple browser-based mitigations without modifying the protocol behaviour. We also briefly examine parallel research by Hammann et al., who have proposed a means of improving the privacy properties of OpenID Connect.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128336142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
A Social Network Analysis and Comparison of Six Dark Web Forums 六个暗网论坛的社会网络分析与比较
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00071
Ildiko Pete, Jack Hughes, Y. Chua, Maria Bada
{"title":"A Social Network Analysis and Comparison of Six Dark Web Forums","authors":"Ildiko Pete, Jack Hughes, Y. Chua, Maria Bada","doi":"10.1109/EuroSPW51379.2020.00071","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00071","url":null,"abstract":"With increasing monitoring and regulation by platforms, communities with criminal interests are moving to the dark web, which hosts content ranging from whistle-blowing and privacy, to drugs, terrorism, and hacking. Using post discussion data from six dark web forums we construct six interaction graphs and use social network analysis tools to study these underground communities. We observe the structure of each network to highlight structural patterns and identify nodes of importance through network centrality analysis. Our findings suggest that in the majority of the forums some members are highly connected and form hubs, while most members have a lower number of connections. When examining the posting activities of central nodes we found that most of the central nodes post in sub-forums with broader topics, such as general discussions and tutorials. These members play different roles in the different forums, and within each forum we identified diverse user profiles.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127806211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
International Workshop on Cyber Range Technologies and Applications (CACOE 2020) 网络测距技术与应用国际研讨会(CACOE 2020)
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/eurospw51379.2020.00009
Maria Leitner, T. Sommestad
{"title":"International Workshop on Cyber Range Technologies and Applications (CACOE 2020)","authors":"Maria Leitner, T. Sommestad","doi":"10.1109/eurospw51379.2020.00009","DOIUrl":"https://doi.org/10.1109/eurospw51379.2020.00009","url":null,"abstract":"Cyber ranges are virtual environments (e.g., cyber-physical labs and private clouds) meant to represent real cyber environments. Analogous to a shooting range, a cyber range is a safe place to test and explore various types of cyber attacks without jeopardizing any operational systems or business processes. There are countless examples of when cyber ranges are been used to advance knowledge in cyber security and countless examples of training programs and larger exercises that have used cyber ranges to reach their learning goals. Unfortunately, setting up events in a cyber range can be difficult and error-prone. This is not strange, because it is often expected that a few cyber range engineers should both instantiate and manage cyber environments that normally require a whole IT-department and simulate realistic user activity in these environments. Nevertheless, tools to support this process is warranted. Furthermore, since the use of cyber ranges can be costly compared to alternatives, such as computer modeling and tabletop exercises, more knowledge of their utility to different types of problems is also desirable.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131265410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
REHAD: Using Low-Frequency Reconfigurable Hardware for Cache Side-Channel Attacks Detection REHAD:使用低频可重构硬件进行缓存侧信道攻击检测
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00101
Yuxiao Mao, Vincent Migliore, V. Nicomette
{"title":"REHAD: Using Low-Frequency Reconfigurable Hardware for Cache Side-Channel Attacks Detection","authors":"Yuxiao Mao, Vincent Migliore, V. Nicomette","doi":"10.1109/EuroSPW51379.2020.00101","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00101","url":null,"abstract":"Cache side-channel attacks consist, for a malicious process, to infer the current state of the cache by measuring the time it takes to access the memory, and indirectly gain knowledge about other processes sharing this same physical cache. Because cache side-channel attacks leverage a hardware leakage without requiring any physical access to the devices, they represent very serious threats. Among the runtime detection techniques for cache side-channel attacks, hardware solutions are usually fine-grained and benefit from less performance overhead than software solutions. However, they are not flexible enough to suit the rapid evolution and appearance of software attacks. In this paper we describe REHAD, a novel attack detection architecture that uses reconfigurable hardware. More precisely, it includes a hardware detection module that can be reconfigured by means of a trusted software kernel, to adapt to the level of threats and to detect new attacks. This architecture also benefits from hardware parallelism to fill the frequency gap between reconfigurable hardware and core processor. REHAD has been integrated into the ORCA softcore RISCV on a FPGA and two common cache side-channel attacks have been successfully detected.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131865565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Reverse Engineering the Stream Prefetcher for Profit 逆向工程流预取器获利
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2020-09-01 DOI: 10.1109/EuroSPW51379.2020.00098
Aditya Rohan, Biswabandan Panda, Prakhar Agarwal
{"title":"Reverse Engineering the Stream Prefetcher for Profit","authors":"Aditya Rohan, Biswabandan Panda, Prakhar Agarwal","doi":"10.1109/EuroSPW51379.2020.00098","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00098","url":null,"abstract":"Micro-architectural attacks exploit timing channels at different micro-architecture units. Some of the micro-architecture units like cache automatically provide the timing difference (the difference between a hit and a miss). However, there are other units that are not documented, and their influence on the timing difference is not fully understood. One such micro-architecture unit is an L2 hardware prefetcher named Streamer. In this paper, we reverse-engineer the Stream prefetcher, which is commercially available in the Intel machines. We perform a set of experiments and provide our observations and insights. Further, we use these observations to construct a cross-thread covert channel using the Stream prefetcher, with an accuracy of 91.3% and a bandwidth of 54.44 KBps.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117306664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信