首页 > 最新文献

2014 IEEE Security and Privacy Workshops最新文献

英文 中文
A Case Study in Malware Research Ethics Education: When Teaching Bad is Good 恶意软件研究伦理教育的案例研究:什么时候教不好就是好
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.46
John P. Sullins
There is a growing interest in the research of malware in the context of cyber-security. In this paper I will present a case study that will outline the curriculum used to teach malware ethics within the context of a computer science course that teaches students malware programming techniques. Issues from computer and information ethics that apply most closely to ethical malware research will be highlighted. The topics discussed in the course will be outlined and assessment techniques will be discussed.
在网络安全的背景下,人们对恶意软件的研究越来越感兴趣。在本文中,我将提出一个案例研究,该案例研究将概述用于在教授学生恶意软件编程技术的计算机科学课程的背景下教授恶意软件伦理的课程。从计算机和信息伦理的问题,应用最密切的伦理恶意软件研究将突出。课程中讨论的主题将被概述,评估技术将被讨论。
{"title":"A Case Study in Malware Research Ethics Education: When Teaching Bad is Good","authors":"John P. Sullins","doi":"10.1109/SPW.2014.46","DOIUrl":"https://doi.org/10.1109/SPW.2014.46","url":null,"abstract":"There is a growing interest in the research of malware in the context of cyber-security. In this paper I will present a case study that will outline the curriculum used to teach malware ethics within the context of a computer science course that teaches students malware programming techniques. Issues from computer and information ethics that apply most closely to ethical malware research will be highlighted. The topics discussed in the course will be outlined and assessment techniques will be discussed.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114917768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Steganography in Long Term Evolution Systems 长期进化系统中的隐写术
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.23
Iwona Grabska, K. Szczypiorski
This paper contains a description and analysis of a new steganographic method, called LaTEsteg, designed for LTE (Long Term Evolution) systems. The LaTEsteg uses physical layer padding of packets sent over LTE networks. This method allows users to gain additional data transfer that is invisible to unauthorized parties that are unaware of hidden communication. Three important parameters of the LaTESteg are defined and evaluated: performance, cost and security.
本文描述和分析了一种新的隐写方法,称为LaTEsteg,专为LTE(长期演进)系统设计。LaTEsteg使用物理层填充在LTE网络上发送的数据包。这种方法允许用户获得额外的数据传输,这些数据传输对于未授权方来说是不可见的,因为他们不知道隐藏的通信。定义并评估了LaTESteg的三个重要参数:性能、成本和安全性。
{"title":"Steganography in Long Term Evolution Systems","authors":"Iwona Grabska, K. Szczypiorski","doi":"10.1109/SPW.2014.23","DOIUrl":"https://doi.org/10.1109/SPW.2014.23","url":null,"abstract":"This paper contains a description and analysis of a new steganographic method, called LaTEsteg, designed for LTE (Long Term Evolution) systems. The LaTEsteg uses physical layer padding of packets sent over LTE networks. This method allows users to gain additional data transfer that is invisible to unauthorized parties that are unaware of hidden communication. Three important parameters of the LaTESteg are defined and evaluated: performance, cost and security.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128691538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Ethos' Deeply Integrated Distributed Types Ethos的深度集成分布式类型
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.32
W. M. Petullo, Wenyuan Fei, Jon A. Solworth, Pat Gavlin
Programming languages have long incorporated type safety, increasing their level of abstraction and thus aiding programmers. Type safety eliminates whole classes of security-sensitive bugs, replacing the tedious and error-prone search for such bugs in each application with verifying the correctness of the type system. Despite their benefits, these protections often end at the process boundary, that is, type safety holds within a program but usually not to the file system or communication with other programs. Existing operating system approaches to bridge this gap require the use of a single programming language or common language runtime. We describe the deep integration of type safety in Ethos, a clean-slate operating system which requires that all program input and output satisfy a recognizer before applications are permitted to further process it. Ethos types are multilingual and runtime-agnostic, and each has an automatically generated unique type identifier. Ethos bridges the type-safety gap between programs by (1) providing a convenient mechanism for specifying the types each program may produce or consume, (2) ensuring that each type has a single, distributed-system-wide recognizer implementation, and (3) inescapably enforcing these type constraints.
编程语言很早就包含了类型安全,提高了它们的抽象级别,从而帮助了程序员。类型安全消除了所有类型的安全敏感错误,用验证类型系统的正确性取代了在每个应用程序中查找此类错误的繁琐和容易出错的工作。尽管有这些好处,但这些保护通常在进程边界结束,也就是说,类型安全只适用于程序,而不适用于文件系统或与其他程序的通信。现有的弥合这一差距的操作系统方法需要使用单一的编程语言或公共语言运行时。我们描述了Ethos中类型安全的深度集成,这是一个全新的操作系统,它要求所有程序输入和输出在允许应用程序进一步处理之前满足识别器。气质类型是多语言的,并且与运行时无关,每个类型都有一个自动生成的唯一类型标识符。Ethos通过(1)提供一种方便的机制来指定每个程序可能产生或使用的类型,(2)确保每个类型都有一个单一的、分布式的系统范围的识别器实现,以及(3)不可避免地执行这些类型约束,在程序之间架起了类型安全的桥梁。
{"title":"Ethos' Deeply Integrated Distributed Types","authors":"W. M. Petullo, Wenyuan Fei, Jon A. Solworth, Pat Gavlin","doi":"10.1109/SPW.2014.32","DOIUrl":"https://doi.org/10.1109/SPW.2014.32","url":null,"abstract":"Programming languages have long incorporated type safety, increasing their level of abstraction and thus aiding programmers. Type safety eliminates whole classes of security-sensitive bugs, replacing the tedious and error-prone search for such bugs in each application with verifying the correctness of the type system. Despite their benefits, these protections often end at the process boundary, that is, type safety holds within a program but usually not to the file system or communication with other programs. Existing operating system approaches to bridge this gap require the use of a single programming language or common language runtime. We describe the deep integration of type safety in Ethos, a clean-slate operating system which requires that all program input and output satisfy a recognizer before applications are permitted to further process it. Ethos types are multilingual and runtime-agnostic, and each has an automatically generated unique type identifier. Ethos bridges the type-safety gap between programs by (1) providing a convenient mechanism for specifying the types each program may produce or consume, (2) ensuring that each type has a single, distributed-system-wide recognizer implementation, and (3) inescapably enforcing these type constraints.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"os-25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127772431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Structure Matters - A New Approach for Data Flow Tracking 结构问题——数据流跟踪的新方法
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.15
Enrico Lovat, Florian Kelbert
Usage control (UC) is concerned with how data may or may not be used after initial access has been granted. UC requirements are expressed in terms of data (e.g. a picture, a song) which exist within a system in forms of different technical representations (containers, e.g. files, memory locations, windows). A model combining UC enforcement with data flow tracking across containers has been proposed in the literature, but it exhibits a high false positives detection rate. In this paper we propose a refined approach for data flow tracking that mitigates this over approximation problem by leveraging information about the inherent structure of the data being tracked. We propose a formal model and show some exemplary instantiations.
使用控制(UC)关注的是在授予初始访问权限后如何使用或不使用数据。UC需求是用数据(例如一张图片、一首歌)来表达的,这些数据以不同的技术表示形式(容器,例如文件、内存位置、窗口)存在于系统中。文献中已经提出了一种将UC强制执行与跨容器的数据流跟踪相结合的模型,但它显示出很高的误报检测率。在本文中,我们提出了一种数据流跟踪的改进方法,通过利用被跟踪数据的固有结构信息来缓解这种过度逼近问题。我们提出了一个形式化模型,并给出了一些示例实例。
{"title":"Structure Matters - A New Approach for Data Flow Tracking","authors":"Enrico Lovat, Florian Kelbert","doi":"10.1109/SPW.2014.15","DOIUrl":"https://doi.org/10.1109/SPW.2014.15","url":null,"abstract":"Usage control (UC) is concerned with how data may or may not be used after initial access has been granted. UC requirements are expressed in terms of data (e.g. a picture, a song) which exist within a system in forms of different technical representations (containers, e.g. files, memory locations, windows). A model combining UC enforcement with data flow tracking across containers has been proposed in the literature, but it exhibits a high false positives detection rate. In this paper we propose a refined approach for data flow tracking that mitigates this over approximation problem by leveraging information about the inherent structure of the data being tracked. We propose a formal model and show some exemplary instantiations.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128082669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Automatic Identification of Replicated Criminal Websites Using Combined Clustering 基于组合聚类的复制犯罪网站自动识别
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.26
Jake Drew, T. Moore
To be successful, cyber criminals must figure out how to scale their scams. They duplicate content on new websites, often staying one step ahead of defenders that shut down past schemes. For some scams, such as phishing and counterfeit-goods shops, the duplicated content remains nearly identical. In others, such as advanced-fee fraud and online Ponzi schemes, the criminal must alter content so that it appears different in order to evade detection by victims and law enforcement. Nevertheless, similarities often remain, in terms of the website structure or content, since making truly unique copies does not scale well. In this paper, we present a novel combined clustering method that links together replicated scam websites, even when the criminal has taken steps to hide connections. We evaluate its performance against two collected datasets of scam websites: fake-escrow services and high-yield investment programs (HYIPs). We find that our method more accurately groups similar websites together than does existing general-purpose consensus clustering methods.
要想成功,网络犯罪分子必须弄清楚如何扩大他们的骗局。他们在新网站上复制内容,通常比那些关闭过去计划的防御者领先一步。对于某些诈骗,如网络钓鱼和假冒商品商店,复制的内容几乎是相同的。在其他情况下,如预付费用欺诈和在线庞氏骗局,犯罪分子必须改变内容,使其看起来不同,以逃避受害者和执法部门的侦查。然而,在网站结构或内容方面,相似性往往仍然存在,因为制作真正独特的副本并不能很好地扩展。在本文中,我们提出了一种新的组合聚类方法,将复制的诈骗网站链接在一起,即使犯罪分子已经采取措施隐藏连接。我们根据两个收集的诈骗网站数据集评估其性能:虚假托管服务和高收益投资计划(hyip)。我们发现我们的方法比现有的通用共识聚类方法更准确地将相似的网站聚在一起。
{"title":"Automatic Identification of Replicated Criminal Websites Using Combined Clustering","authors":"Jake Drew, T. Moore","doi":"10.1109/SPW.2014.26","DOIUrl":"https://doi.org/10.1109/SPW.2014.26","url":null,"abstract":"To be successful, cyber criminals must figure out how to scale their scams. They duplicate content on new websites, often staying one step ahead of defenders that shut down past schemes. For some scams, such as phishing and counterfeit-goods shops, the duplicated content remains nearly identical. In others, such as advanced-fee fraud and online Ponzi schemes, the criminal must alter content so that it appears different in order to evade detection by victims and law enforcement. Nevertheless, similarities often remain, in terms of the website structure or content, since making truly unique copies does not scale well. In this paper, we present a novel combined clustering method that links together replicated scam websites, even when the criminal has taken steps to hide connections. We evaluate its performance against two collected datasets of scam websites: fake-escrow services and high-yield investment programs (HYIPs). We find that our method more accurately groups similar websites together than does existing general-purpose consensus clustering methods.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115615964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Detecting Unknown Insider Threat Scenarios 检测未知的内部威胁场景
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.42
W. T. Young, Alex Memory, H. Goldberg, T. Senator
This paper reports results from a set of experiments that evaluate an insider threat detection prototype on its ability to detect scenarios that have not previously been seen or contemplated by the developers of the system. We show the ability to detect a large variety of insider threat scenario instances imbedded in real data with no prior knowledge of what scenarios are present or when they occur. We report results of an ensemble-based, unsupervised technique for detecting potential insider threat instances over eight months of real monitored computer usage activity augmented with independently developed, unknown but realistic, insider threat scenarios that robustly achieves results within 5% of the best individual detectors identified after the fact. We explore factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of prior knowledge encoded in scenario-based detectors designed for known activity patterns. We report results over the entire period of the ensemble approach and of ablation experiments that remove the scenario-based detectors.
本文报告了一组实验的结果,这些实验评估了内部威胁检测原型对系统开发人员以前没有看到或考虑到的场景的检测能力。我们展示了检测嵌入在真实数据中的各种内部威胁场景实例的能力,而无需事先了解存在哪些场景或何时发生。我们报告了一种基于集成的无监督技术的结果,该技术用于检测潜在的内部威胁实例,超过八个月的真实监控计算机使用活动,增强了独立开发的,未知但现实的内部威胁场景,在事实之后确定的最佳单个检测器的5%内实现了结果。我们探索了有助于集成方法成功的因素,例如无监督检测器的数量和种类,以及为已知活动模式设计的基于场景的检测器中编码的先验知识的使用。我们报告了整个时期的集合方法和去除基于场景的探测器的烧蚀实验的结果。
{"title":"Detecting Unknown Insider Threat Scenarios","authors":"W. T. Young, Alex Memory, H. Goldberg, T. Senator","doi":"10.1109/SPW.2014.42","DOIUrl":"https://doi.org/10.1109/SPW.2014.42","url":null,"abstract":"This paper reports results from a set of experiments that evaluate an insider threat detection prototype on its ability to detect scenarios that have not previously been seen or contemplated by the developers of the system. We show the ability to detect a large variety of insider threat scenario instances imbedded in real data with no prior knowledge of what scenarios are present or when they occur. We report results of an ensemble-based, unsupervised technique for detecting potential insider threat instances over eight months of real monitored computer usage activity augmented with independently developed, unknown but realistic, insider threat scenarios that robustly achieves results within 5% of the best individual detectors identified after the fact. We explore factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of prior knowledge encoded in scenario-based detectors designed for known activity patterns. We report results over the entire period of the ensemble approach and of ablation experiments that remove the scenario-based detectors.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114568730","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
LEGO(TM) Bricks for Reactive Programming 响应式编程的乐高积木
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.30
D. Volpano
A fundamental unit of computation is introduced for reactive programming called the LEGO® brick. It is targeted for domains in which JavaScript runs in an attempt to allow a user to build a trustworthy reactive program on demand rather than try to analyze JavaScript. A formal definition is given for snapping bricks together based on the standard product construction for deterministic finite automata.
为响应式编程引入了一个基本的计算单元,称为乐高®砖。它针对JavaScript运行的领域,试图允许用户根据需要构建一个值得信赖的响应式程序,而不是试图分析JavaScript。基于确定性有限自动机的标准积构造,给出了拼合砖的形式化定义。
{"title":"LEGO(TM) Bricks for Reactive Programming","authors":"D. Volpano","doi":"10.1109/SPW.2014.30","DOIUrl":"https://doi.org/10.1109/SPW.2014.30","url":null,"abstract":"A fundamental unit of computation is introduced for reactive programming called the LEGO® brick. It is targeted for domains in which JavaScript runs in an attempt to allow a user to build a trustworthy reactive program on demand rather than try to analyze JavaScript. A formal definition is given for snapping bricks together based on the standard product construction for deterministic finite automata.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"86 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127437543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Using Existing Hardware Services for Malware Detection 使用现有硬件服务进行恶意软件检测
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.49
Sarat Kompalli
The paper is divided into two sections. First, we describe our experiments in using hardware-based metrics such as those collected by the BPU and MMU for detection of malware activity at runtime. Second, we sketch a defense-in-depth security model that combines such detection with hardware-aided proof-carrying code and input validation.
本文分为两部分。首先,我们描述了我们使用基于硬件的指标的实验,例如由BPU和MMU收集的用于在运行时检测恶意软件活动的指标。其次,我们概述了一个深度防御安全模型,该模型将这种检测与硬件辅助的携带证明的代码和输入验证相结合。
{"title":"Using Existing Hardware Services for Malware Detection","authors":"Sarat Kompalli","doi":"10.1109/SPW.2014.49","DOIUrl":"https://doi.org/10.1109/SPW.2014.49","url":null,"abstract":"The paper is divided into two sections. First, we describe our experiments in using hardware-based metrics such as those collected by the BPU and MMU for detection of malware activity at runtime. Second, we sketch a defense-in-depth security model that combines such detection with hardware-aided proof-carrying code and input validation.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128162894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Mind Your Language(s): A Discussion about Languages and Security 注意你的语言:关于语言和安全的讨论
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.29
Éric Jaeger, O. Levillain
Following several studies conducted by the French Network and Information Security Agency (ANSSI), this paper discusses the question of the intrinsic security characteristics of programming languages. Through illustrations and discussions, it advocates for a different vision of well-known mechanisms and is intended to provide some food for thoughts regarding languages and development tools.
根据法国网络和信息安全局(ANSSI)进行的几项研究,本文讨论了编程语言的内在安全特性问题。通过插图和讨论,它提倡对已知机制的不同看法,并旨在为有关语言和开发工具的思想提供一些食粮。
{"title":"Mind Your Language(s): A Discussion about Languages and Security","authors":"Éric Jaeger, O. Levillain","doi":"10.1109/SPW.2014.29","DOIUrl":"https://doi.org/10.1109/SPW.2014.29","url":null,"abstract":"Following several studies conducted by the French Network and Information Security Agency (ANSSI), this paper discusses the question of the intrinsic security characteristics of programming languages. Through illustrations and discussions, it advocates for a different vision of well-known mechanisms and is intended to provide some food for thoughts regarding languages and development tools.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133872548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
DF-C2M2: A Capability Maturity Model for Digital Forensics Organisations DF-C2M2:数字取证组织的能力成熟度模型
Pub Date : 2014-05-17 DOI: 10.1109/SPW.2014.17
Ebrahim Hamad Al Hanaei, A. Rashid
The field of digital forensics has emerged as one of the fastest changing and most rapidly developing investigative specialisations in a wide range of criminal and civil cases. Increasingly there is a requirement from the various legal and judicial authorities throughout the world, that any digital evidence presented in criminal and civil cases should meet requirements regarding the acceptance and admissibility of digital evidence, e.g., Daubert or Frye in the US. There is also increasing expectation that digital forensics labs are accredited to ISO 17025 or the US equivalent ASCLD-Lab International requirements. On the one hand, these standards cover general requirements and are not geared specifically towards digital forensics. On the other hand, digital forensics labs are mostly left with costly piece-meal efforts in order to try and address such pressing legal and regulatory requirements. In this paper, we address these issues by proposing DF-C2M2, a capability maturity model that enables organisations to evaluate the maturity of their digital forensics capabilities and identify roadmaps for improving it in accordance with business or regulatory requirements. The model has been developed through consultations and interviews with digital forensics experts. The model has been evaluated by using it to assess the digital forensics capability maturity of a lab in a law enforcement agency.
数字取证领域在广泛的刑事和民事案件中已经成为变化最快、发展最快的调查专业之一。世界各地的各种法律和司法当局越来越多地要求,在刑事和民事案件中提出的任何数字证据都应符合关于数字证据的接受和可采性的要求,例如美国的Daubert或Frye。越来越多的人期望数字取证实验室符合ISO 17025或美国等效的ASCLD-Lab国际要求。一方面,这些标准涵盖了一般要求,并不专门针对数字取证。另一方面,数字取证实验室大多需要付出昂贵的零敲碎打的努力,以尝试解决这些紧迫的法律和监管要求。在本文中,我们通过提出DF-C2M2来解决这些问题,DF-C2M2是一个能力成熟度模型,使组织能够评估其数字取证能力的成熟度,并根据业务或监管要求确定改进它的路线图。该模型是通过与数字取证专家的磋商和访谈而开发的。通过使用该模型评估执法机构实验室的数字取证能力成熟度,对该模型进行了评估。
{"title":"DF-C2M2: A Capability Maturity Model for Digital Forensics Organisations","authors":"Ebrahim Hamad Al Hanaei, A. Rashid","doi":"10.1109/SPW.2014.17","DOIUrl":"https://doi.org/10.1109/SPW.2014.17","url":null,"abstract":"The field of digital forensics has emerged as one of the fastest changing and most rapidly developing investigative specialisations in a wide range of criminal and civil cases. Increasingly there is a requirement from the various legal and judicial authorities throughout the world, that any digital evidence presented in criminal and civil cases should meet requirements regarding the acceptance and admissibility of digital evidence, e.g., Daubert or Frye in the US. There is also increasing expectation that digital forensics labs are accredited to ISO 17025 or the US equivalent ASCLD-Lab International requirements. On the one hand, these standards cover general requirements and are not geared specifically towards digital forensics. On the other hand, digital forensics labs are mostly left with costly piece-meal efforts in order to try and address such pressing legal and regulatory requirements. In this paper, we address these issues by proposing DF-C2M2, a capability maturity model that enables organisations to evaluate the maturity of their digital forensics capabilities and identify roadmaps for improving it in accordance with business or regulatory requirements. The model has been developed through consultations and interviews with digital forensics experts. The model has been evaluated by using it to assess the digital forensics capability maturity of a lab in a law enforcement agency.","PeriodicalId":142224,"journal":{"name":"2014 IEEE Security and Privacy Workshops","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127518517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
期刊
2014 IEEE Security and Privacy Workshops
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1