Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00025
G. Primiero, Agostino Martorana, J. Tagliabue
From a security standpoint, VANETs (Vehicular ad hoc Networks) are vulnerable to attacks by malicious users, due to the decentralized and open nature of the wireless system. For many of these kinds of attacks detection is unfeasible, thus making it hard to produce security. Despite their characterization as dynamically reconfigurable networks, it is nonetheless essential to identify topology and population properties that can optimise mitigation protocols' deployment. In this paper, we provide an algorithmic definition and simulation of a trust and mitigation based protocol to contain a Black Hole style attack on a VANET. We experimentally show its optimal working conditions: total connectivity, followed by a random network; connection to external networks; early deployment of the protocol and ranking of the message. We compare results with those of existing protocols and future work shall focus on repeated broadcasting, opportunistic message forwarding and testing on real data.
{"title":"Simulation of a Trust and Reputation Based Mitigation Protocol for a Black Hole Style Attack on VANETs","authors":"G. Primiero, Agostino Martorana, J. Tagliabue","doi":"10.1109/EuroSPW.2018.00025","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00025","url":null,"abstract":"From a security standpoint, VANETs (Vehicular ad hoc Networks) are vulnerable to attacks by malicious users, due to the decentralized and open nature of the wireless system. For many of these kinds of attacks detection is unfeasible, thus making it hard to produce security. Despite their characterization as dynamically reconfigurable networks, it is nonetheless essential to identify topology and population properties that can optimise mitigation protocols' deployment. In this paper, we provide an algorithmic definition and simulation of a trust and mitigation based protocol to contain a Black Hole style attack on a VANET. We experimentally show its optimal working conditions: total connectivity, followed by a random network; connection to external networks; early deployment of the protocol and ranking of the message. We compare results with those of existing protocols and future work shall focus on repeated broadcasting, opportunistic message forwarding and testing on real data.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121172773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00028
R. Derbyshire, B. Green, D. Prince, A. Mauthe, D. Hutchison
Taxonomies have been developed as a mechanism for cyber attack categorisation. However, when one considers the recent and rapid evolution of attacker techniques and targets, the applicability and effectiveness of these taxonomies should be questioned. This paper applies two approaches to the evaluation of seven taxonomies. The first employs a criteria set, derived through analysis of existing works in which critical components to the creation of taxonomies are defined. The second applies historical attack data to each taxonomy under review, more specifically, attacks in which industrial control systems have been targeted. This combined approach allows for a more in-depth understanding of existing taxonomies to be developed, from both a theoretical and practical perspective.
{"title":"An Analysis of Cyber Security Attack Taxonomies","authors":"R. Derbyshire, B. Green, D. Prince, A. Mauthe, D. Hutchison","doi":"10.1109/EuroSPW.2018.00028","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00028","url":null,"abstract":"Taxonomies have been developed as a mechanism for cyber attack categorisation. However, when one considers the recent and rapid evolution of attacker techniques and targets, the applicability and effectiveness of these taxonomies should be questioned. This paper applies two approaches to the evaluation of seven taxonomies. The first employs a criteria set, derived through analysis of existing works in which critical components to the creation of taxonomies are defined. The second applies historical attack data to each taxonomy under review, more specifically, attacks in which industrial control systems have been targeted. This combined approach allows for a more in-depth understanding of existing taxonomies to be developed, from both a theoretical and practical perspective.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"130 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123434902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00009
Lesly-Ann Daniel, E. Poll, Joeri de Ruiter
The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.
{"title":"Inferring OpenVPN State Machines Using Protocol State Fuzzing","authors":"Lesly-Ann Daniel, E. Poll, Joeri de Ruiter","doi":"10.1109/EuroSPW.2018.00009","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00009","url":null,"abstract":"The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121041221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00010
Kevin Lee, Andrew K. Miller
Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a "Refereed Delegation" approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.
{"title":"Authenticated Data Structures for Privacy-Preserving Monero Light Clients","authors":"Kevin Lee, Andrew K. Miller","doi":"10.1109/EuroSPW.2018.00010","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00010","url":null,"abstract":"Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a \"Refereed Delegation\" approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122349979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00021
Y. Martín, A. Kung
In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-to-start PDP4E project, where privacy will be introduced into existent general-purpose software engineering tools and methods, dealing with (risk management, requirements engineering, model-driven design, and software/systems assurance).
{"title":"Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering","authors":"Y. Martín, A. Kung","doi":"10.1109/EuroSPW.2018.00021","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00021","url":null,"abstract":"In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-to-start PDP4E project, where privacy will be introduced into existent general-purpose software engineering tools and methods, dealing with (risk management, requirements engineering, model-driven design, and software/systems assurance).","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127613856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00027
Peter T. Breuer, Jonathan P. Bowen, Esther Palomar, Zhiming Liu
‘Encrypted computing’ is an approach to preventing insider attacks by the privileged operator against the unprivileged user on a computing system. It requires a processor that works natively on encrypted data in user mode, and the security barrier that protects the user is hardware-based encryption, not access. We report on progress and practical experience with our superscalar RISC class prototype processor for encrypted computing and supporting software infrastructure. This paper aims to alert the secure hardware community that encrypted computing is possibly practical, as well as theoretically plausible. It has been shown formally impossible for operator mode to read (or write to order) the plaintext form of data originating from or being operated on in the user mode of this class of processor, given that the encryption is independently secure. Now we report standard Dhrystone benchmarks for the prototype, showing performance with AES-128 like a 433MHz classic Pentium (1 GHz base clock), thousands of times faster than other approaches.
{"title":"The Secret Processor Will Go to the Ball: Benchmark Insider-Proof Encrypted Computing","authors":"Peter T. Breuer, Jonathan P. Bowen, Esther Palomar, Zhiming Liu","doi":"10.1109/EuroSPW.2018.00027","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00027","url":null,"abstract":"‘Encrypted computing’ is an approach to preventing insider attacks by the privileged operator against the unprivileged user on a computing system. It requires a processor that works natively on encrypted data in user mode, and the security barrier that protects the user is hardware-based encryption, not access. We report on progress and practical experience with our superscalar RISC class prototype processor for encrypted computing and supporting software infrastructure. This paper aims to alert the secure hardware community that encrypted computing is possibly practical, as well as theoretically plausible. It has been shown formally impossible for operator mode to read (or write to order) the plaintext form of data originating from or being operated on in the user mode of this class of processor, given that the encryption is independently secure. Now we report standard Dhrystone benchmarks for the prototype, showing performance with AES-128 like a 433MHz classic Pentium (1 GHz base clock), thousands of times faster than other approaches.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114350639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00017
Laurens Sion, Kim Wuyts, Koen Yskout, D. Landuyt, W. Joosen
Threat modeling involves the systematic identification, elicitation, and analysis of privacy- and/or security-related threats in the context of a specific system. These modeling practices are performed at a specific level of architectural abstraction – the use of Data Flow Diagram (DFD) models, for example, is common in this context. To identify and elicit threats, two fundamentally different approaches can be taken: (1) elicitation on a per-element basis involves iteratively singling out individual architectural elements and considering the applicable threats, (2) elicitation at the level of system interactions (which involve the local context of three elements: a source, a data flow, and a destination) performs elicitation at the basis of system-level communication. Although not considering the local context of the element under investigation makes the former approach easier to adopt and use for human analysts, this approach also leads to threat duplication and redundancy, relies more extensively on implicit analyst expertise, and requires more manual effort. In this paper, we provide a detailed analysis of these issues with element-based threat elicitation in the context of LINDDUN, an element-driven privacy-by-design threat modeling methodology. Subsequently, we present a LINDDUN extension that implements interaction-based privacy threat elicitation and we provide indepth argumentation on how this approach leads to better process guidance and more concrete interpretation of privacy threat types, ultimately requiring less effort and expertise. A third standalone contribution of this work is a catalog of realistic and illustrative LINDDUN privacy threats, which in turn facilitates practical threat elicitation using LINDDUN.
{"title":"Interaction-Based Privacy Threat Elicitation","authors":"Laurens Sion, Kim Wuyts, Koen Yskout, D. Landuyt, W. Joosen","doi":"10.1109/EuroSPW.2018.00017","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00017","url":null,"abstract":"Threat modeling involves the systematic identification, elicitation, and analysis of privacy- and/or security-related threats in the context of a specific system. These modeling practices are performed at a specific level of architectural abstraction – the use of Data Flow Diagram (DFD) models, for example, is common in this context. To identify and elicit threats, two fundamentally different approaches can be taken: (1) elicitation on a per-element basis involves iteratively singling out individual architectural elements and considering the applicable threats, (2) elicitation at the level of system interactions (which involve the local context of three elements: a source, a data flow, and a destination) performs elicitation at the basis of system-level communication. Although not considering the local context of the element under investigation makes the former approach easier to adopt and use for human analysts, this approach also leads to threat duplication and redundancy, relies more extensively on implicit analyst expertise, and requires more manual effort. In this paper, we provide a detailed analysis of these issues with element-based threat elicitation in the context of LINDDUN, an element-driven privacy-by-design threat modeling methodology. Subsequently, we present a LINDDUN extension that implements interaction-based privacy threat elicitation and we provide indepth argumentation on how this approach leads to better process guidance and more concrete interpretation of privacy threat types, ultimately requiring less effort and expertise. A third standalone contribution of this work is a catalog of realistic and illustrative LINDDUN privacy threats, which in turn facilitates practical threat elicitation using LINDDUN.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126249181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00018
Rafa Gálvez, Seda Gurses
In the upcoming General Data Protection Regulation (GDPR), privacy by design and privacy impact assessments are given an even more prominent role than before. It is now required that companies build privacy into the core of their technical products. Recently, researchers and industry players have proposed employing threat modeling methods, traditionally used in security engineering, as a way to bridge these two GDPR requirements in the process of engineering systems. Threat modeling, however, typically assumes a waterfall process and monolithic design, assumptions that are disrupted with the popularization of Agile methodologies and Service Oriented Architectures. Moreover, agile service environments make it easier to address some privacy problems, while complicating others. To date, the challenges of applying threat modeling for privacy in agile service environments remain understudied. This paper sets out to expose and analyze this gap. Specifically, we analyze what challenges and opportunities the shifts in software engineering practice introduce into traditional Threat Modeling activities; how they relate to the different Privacy Goals; and what Agile principles and Service properties have an impact on them. Our results show that both agile and services make the end-toend analysis of applications more difficult. At the same time, the former allows for more efficient communications and iterative progress, while the latter enables the parallelization of tasks and the documentation of some architecture decisions. Additionally, we open a new research avenue pointing to Amazon Macie as an example of Machine Learning applications that aim to provide a solution to the scalability and usability of Privacy Threat Modeling processes.
{"title":"The Odyssey: Modeling Privacy Threats in a Brave New World","authors":"Rafa Gálvez, Seda Gurses","doi":"10.1109/EuroSPW.2018.00018","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00018","url":null,"abstract":"In the upcoming General Data Protection Regulation (GDPR), privacy by design and privacy impact assessments are given an even more prominent role than before. It is now required that companies build privacy into the core of their technical products. Recently, researchers and industry players have proposed employing threat modeling methods, traditionally used in security engineering, as a way to bridge these two GDPR requirements in the process of engineering systems. Threat modeling, however, typically assumes a waterfall process and monolithic design, assumptions that are disrupted with the popularization of Agile methodologies and Service Oriented Architectures. Moreover, agile service environments make it easier to address some privacy problems, while complicating others. To date, the challenges of applying threat modeling for privacy in agile service environments remain understudied. This paper sets out to expose and analyze this gap. Specifically, we analyze what challenges and opportunities the shifts in software engineering practice introduce into traditional Threat Modeling activities; how they relate to the different Privacy Goals; and what Agile principles and Service properties have an impact on them. Our results show that both agile and services make the end-toend analysis of applications more difficult. At the same time, the former allows for more efficient communications and iterative progress, while the latter enables the parallelization of tasks and the documentation of some architecture decisions. Additionally, we open a new research avenue pointing to Amazon Macie as an example of Machine Learning applications that aim to provide a solution to the scalability and usability of Privacy Threat Modeling processes.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131668446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/EuroSPW.2018.00022
Darakhshan J. Mir, Yan Shvartzshnaider, Mark Latonero
As data-centric technologies are increasingly being considered in social contexts that intervene in marginalized peoples' lives, we consider design paradigms to create systems that fulfill their unique privacy needs and requirements. Disempowered populations often experience disparate harms from the loss of privacy but, typically, have a limited role in formulating the scope and nature of such interventions, and accompanying (implicit or explicit) privacy policies and consequent engineering processes. This gap can be addressed by including recipient communities in designing these privacy policies. We propose a participatory design model for data-centric applications where privacy policies (norms) emerge out of participation of the community in the research/design process. The framework of Contextual Integrity which articulates privacy as respect for normative rules of information flow in specific contexts, lends itself well to enable a community-generated formulation of these privacy norms within the contexts of the proposed intervention. Employing formal logic, these privacy norms can then be used to engineer systems capable of regulating the flow of information as per the negotiated norms [1]. This entire process which we call Contextualized Participatory Privacy by Design, seeks to empower communities in negotiating and articulating their privacy norms, leading to the development of systems that are capable of enforcing what they deem as ethical, contextualized use of their data.
{"title":"It Takes a Village: A Community Based Participatory Framework for Privacy Design","authors":"Darakhshan J. Mir, Yan Shvartzshnaider, Mark Latonero","doi":"10.1109/EuroSPW.2018.00022","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00022","url":null,"abstract":"As data-centric technologies are increasingly being considered in social contexts that intervene in marginalized peoples' lives, we consider design paradigms to create systems that fulfill their unique privacy needs and requirements. Disempowered populations often experience disparate harms from the loss of privacy but, typically, have a limited role in formulating the scope and nature of such interventions, and accompanying (implicit or explicit) privacy policies and consequent engineering processes. This gap can be addressed by including recipient communities in designing these privacy policies. We propose a participatory design model for data-centric applications where privacy policies (norms) emerge out of participation of the community in the research/design process. The framework of Contextual Integrity which articulates privacy as respect for normative rules of information flow in specific contexts, lends itself well to enable a community-generated formulation of these privacy norms within the contexts of the proposed intervention. Employing formal logic, these privacy norms can then be used to engineer systems capable of regulating the flow of information as per the negotiated norms [1]. This entire process which we call Contextualized Participatory Privacy by Design, seeks to empower communities in negotiating and articulating their privacy norms, leading to the development of systems that are capable of enforcing what they deem as ethical, contextualized use of their data.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128879627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/EuroSPW.2018.00026
Andrea Höller, Ronald Toegl
Cyber physical systems are the key innovation driver for many domains such as automotive, avionics, industrial process control, and factory automation. However, their interconnection potentially provides adversaries easy access to sensitive data, code, and configurations. If attackers gain control, material damage or even harm to people must be expected. To counteract data theft, system manipulation and cyber-attacks, security mechanisms must be embedded in the cyber physical system. Adding hardware security in the form of the standardized Trusted Platform Module (TPM) is a promising approach. At the same time, traditional dependability features such as safety, availability, and reliability have to be maintained. To determine the right balance between security and dependability it is essential to understand their interferences. This paper supports developers in identifying the implications of using TPMs on the dependability of their system.We highlight potential consequences of adding TPMs to cyber-physical systems by considering the resulting safety, reliability, and availability. Furthermore, we discuss the potential of enhancing the dependability of TPM services by applying traditional redundancy techniques.
{"title":"Trusted Platform Modules in Cyber-Physical Systems: On the Interference Between Security and Dependability","authors":"Andrea Höller, Ronald Toegl","doi":"10.1109/EuroSPW.2018.00026","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00026","url":null,"abstract":"Cyber physical systems are the key innovation driver for many domains such as automotive, avionics, industrial process control, and factory automation. However, their interconnection potentially provides adversaries easy access to sensitive data, code, and configurations. If attackers gain control, material damage or even harm to people must be expected. To counteract data theft, system manipulation and cyber-attacks, security mechanisms must be embedded in the cyber physical system. Adding hardware security in the form of the standardized Trusted Platform Module (TPM) is a promising approach. At the same time, traditional dependability features such as safety, availability, and reliability have to be maintained. To determine the right balance between security and dependability it is essential to understand their interferences. This paper supports developers in identifying the implications of using TPMs on the dependability of their system.We highlight potential consequences of adding TPMs to cyber-physical systems by considering the resulting safety, reliability, and availability. Furthermore, we discuss the potential of enhancing the dependability of TPM services by applying traditional redundancy techniques.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"131 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124251031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}