首页 > 最新文献

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)最新文献

英文 中文
Simulation of a Trust and Reputation Based Mitigation Protocol for a Black Hole Style Attack on VANETs 基于信任和声誉的黑洞型VANETs攻击缓解协议仿真
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00025
G. Primiero, Agostino Martorana, J. Tagliabue
From a security standpoint, VANETs (Vehicular ad hoc Networks) are vulnerable to attacks by malicious users, due to the decentralized and open nature of the wireless system. For many of these kinds of attacks detection is unfeasible, thus making it hard to produce security. Despite their characterization as dynamically reconfigurable networks, it is nonetheless essential to identify topology and population properties that can optimise mitigation protocols' deployment. In this paper, we provide an algorithmic definition and simulation of a trust and mitigation based protocol to contain a Black Hole style attack on a VANET. We experimentally show its optimal working conditions: total connectivity, followed by a random network; connection to external networks; early deployment of the protocol and ranking of the message. We compare results with those of existing protocols and future work shall focus on repeated broadcasting, opportunistic message forwarding and testing on real data.
从安全的角度来看,由于无线系统的分散性和开放性,vanet(车辆自组织网络)容易受到恶意用户的攻击。对于许多这类攻击,检测是不可行的,因此很难产生安全性。尽管它们的特征是动态可重构网络,但仍然有必要确定拓扑和种群属性,以优化缓解协议的部署。在本文中,我们提供了基于信任和缓解的协议的算法定义和模拟,以包含对VANET的黑洞式攻击。我们通过实验证明了它的最佳工作条件:完全连接,其次是随机网络;连接外部网络;协议的早期部署和消息的排序。我们将结果与现有协议的结果进行了比较,未来的工作将集中在重复广播、机会消息转发和真实数据测试上。
{"title":"Simulation of a Trust and Reputation Based Mitigation Protocol for a Black Hole Style Attack on VANETs","authors":"G. Primiero, Agostino Martorana, J. Tagliabue","doi":"10.1109/EuroSPW.2018.00025","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00025","url":null,"abstract":"From a security standpoint, VANETs (Vehicular ad hoc Networks) are vulnerable to attacks by malicious users, due to the decentralized and open nature of the wireless system. For many of these kinds of attacks detection is unfeasible, thus making it hard to produce security. Despite their characterization as dynamically reconfigurable networks, it is nonetheless essential to identify topology and population properties that can optimise mitigation protocols' deployment. In this paper, we provide an algorithmic definition and simulation of a trust and mitigation based protocol to contain a Black Hole style attack on a VANET. We experimentally show its optimal working conditions: total connectivity, followed by a random network; connection to external networks; early deployment of the protocol and ranking of the message. We compare results with those of existing protocols and future work shall focus on repeated broadcasting, opportunistic message forwarding and testing on real data.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121172773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
An Analysis of Cyber Security Attack Taxonomies 网络安全攻击分类分析
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00028
R. Derbyshire, B. Green, D. Prince, A. Mauthe, D. Hutchison
Taxonomies have been developed as a mechanism for cyber attack categorisation. However, when one considers the recent and rapid evolution of attacker techniques and targets, the applicability and effectiveness of these taxonomies should be questioned. This paper applies two approaches to the evaluation of seven taxonomies. The first employs a criteria set, derived through analysis of existing works in which critical components to the creation of taxonomies are defined. The second applies historical attack data to each taxonomy under review, more specifically, attacks in which industrial control systems have been targeted. This combined approach allows for a more in-depth understanding of existing taxonomies to be developed, from both a theoretical and practical perspective.
分类法已经发展成为网络攻击分类的一种机制。然而,当考虑到攻击者技术和目标最近的快速发展时,这些分类法的适用性和有效性应该受到质疑。本文采用两种方法对七个分类法进行评价。第一种方法使用了一个标准集,该标准集是通过对现有工作的分析得出的,其中定义了创建分类法的关键组件。第二种方法将历史攻击数据应用于所审查的每个分类,更具体地说,是针对工业控制系统的攻击。这种组合方法允许从理论和实践的角度更深入地理解要开发的现有分类法。
{"title":"An Analysis of Cyber Security Attack Taxonomies","authors":"R. Derbyshire, B. Green, D. Prince, A. Mauthe, D. Hutchison","doi":"10.1109/EuroSPW.2018.00028","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00028","url":null,"abstract":"Taxonomies have been developed as a mechanism for cyber attack categorisation. However, when one considers the recent and rapid evolution of attacker techniques and targets, the applicability and effectiveness of these taxonomies should be questioned. This paper applies two approaches to the evaluation of seven taxonomies. The first employs a criteria set, derived through analysis of existing works in which critical components to the creation of taxonomies are defined. The second applies historical attack data to each taxonomy under review, more specifically, attacks in which industrial control systems have been targeted. This combined approach allows for a more in-depth understanding of existing taxonomies to be developed, from both a theoretical and practical perspective.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"130 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123434902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Inferring OpenVPN State Machines Using Protocol State Fuzzing 使用协议状态模糊推断OpenVPN状态机
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00009
Lesly-Ann Daniel, E. Poll, Joeri de Ruiter
The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.
安全协议的可靠性是至关重要的,但在实现过程中很容易受到漏洞的影响。实现的一个关键方面是协议的状态机。实现的状态机可以通过使用常规推理的黑盒测试来推断。这些推断状态机提供了对实现的良好洞察,并可用于检测任何虚假行为。我们将此技术应用于OpenVPN的不同实现:标准OpenVPN和OpenVPN- nl实现。尽管OpenVPN是一种广泛使用的基于tls的VPN解决方案,但该协议没有官方规范,这使得它成为一个特别有趣的分析目标。我们推断服务器端实现的状态机,并关注协议的特定阶段。最后,我们分析了这些状态机,说明了它们可以揭示文档中缺少的关于实现的大量信息,并讨论了在正式规范中包含状态机的可能性。
{"title":"Inferring OpenVPN State Machines Using Protocol State Fuzzing","authors":"Lesly-Ann Daniel, E. Poll, Joeri de Ruiter","doi":"10.1109/EuroSPW.2018.00009","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00009","url":null,"abstract":"The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121041221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Authenticated Data Structures for Privacy-Preserving Monero Light Clients 保护隐私的Monero轻客户端的认证数据结构
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00010
Kevin Lee, Andrew K. Miller
Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a "Refereed Delegation" approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.
Monero是一种领先的面向隐私的加密货币,支持客户端/服务器操作模式,允许轻量级客户端避免存储整个区块链,而是依赖远程节点提供有关区块链的必要信息。然而,Monero当前区块链数据结构的一个弱点是轻量级客户端无法验证从远程节点返回的响应。在本文中,我们证明了来自远程节点的恶意响应会导致客户端的隐私降低。我们将讨论几种降低攻击有效性的轻量级缓解措施。为了完全消除这类攻击,我们还展示了如何使用一个额外的索引来增强Monero的区块链数据结构,客户端可以使用该索引来验证来自远程节点的响应。我们提出的解决方案可以作为硬分叉来实现,或者通过“refered Delegation”方法来实现,而不需要任何分叉。我们开发了一个原型实现来证明我们建议的可行性。
{"title":"Authenticated Data Structures for Privacy-Preserving Monero Light Clients","authors":"Kevin Lee, Andrew K. Miller","doi":"10.1109/EuroSPW.2018.00010","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00010","url":null,"abstract":"Monero, a leading privacy-oriented cryptocurrency, supports a client/server operating mode that allows lightweight clients to avoid storing the entire blockchain, instead relying on a remote node to provide necessary information about the blockchain. However, a weakness of Monero's current blockchain data structure is that lightweight clients cannot authenticate the responses returned from a remote node. In this paper, we show that malicious responses from a remote node can lead to reduced privacy for the client. We discuss several lightweight mitigations that reduce the attack's effectiveness. To fully eliminate this class of attack, we also show how to augment Monero's blockchain data structure with an additional index that clients can use to authenticate responses from remote nodes. Our proposed solution could be implemented as a hard fork, or alternatively through a \"Refereed Delegation\" approach without needing any fork. We developed a prototype implementation to demonstrate the feasibility of our proposal.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122349979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering 通过隐私和数据保护工程实现GDPR合规的方法和工具
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00021
Y. Martín, A. Kung
In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-to-start PDP4E project, where privacy will be introduced into existent general-purpose software engineering tools and methods, dealing with (risk management, requirements engineering, model-driven design, and software/systems assurance).
在这篇立场文件中,我们认为,为了实现隐私设计的可行性,工程师必须有效地参与并赋予更接近他们思维方式的方法和技术工具,并将其集成到软件和系统工程方法和工具中,从而实现隐私工程的定义。该职位将应用于即将启动的PDP4E项目,该项目将在现有的通用软件工程工具和方法中引入隐私,处理(风险管理、需求工程、模型驱动设计和软件/系统保证)。
{"title":"Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering","authors":"Y. Martín, A. Kung","doi":"10.1109/EuroSPW.2018.00021","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00021","url":null,"abstract":"In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-to-start PDP4E project, where privacy will be introduced into existent general-purpose software engineering tools and methods, dealing with (risk management, requirements engineering, model-driven design, and software/systems assurance).","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127613856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
The Secret Processor Will Go to the Ball: Benchmark Insider-Proof Encrypted Computing 秘密处理器将参加舞会:基准防内部加密计算
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00027
Peter T. Breuer, Jonathan P. Bowen, Esther Palomar, Zhiming Liu
‘Encrypted computing’ is an approach to preventing insider attacks by the privileged operator against the unprivileged user on a computing system. It requires a processor that works natively on encrypted data in user mode, and the security barrier that protects the user is hardware-based encryption, not access. We report on progress and practical experience with our superscalar RISC class prototype processor for encrypted computing and supporting software infrastructure. This paper aims to alert the secure hardware community that encrypted computing is possibly practical, as well as theoretically plausible. It has been shown formally impossible for operator mode to read (or write to order) the plaintext form of data originating from or being operated on in the user mode of this class of processor, given that the encryption is independently secure. Now we report standard Dhrystone benchmarks for the prototype, showing performance with AES-128 like a 433MHz classic Pentium (1 GHz base clock), thousands of times faster than other approaches.
“加密计算”是一种防止特权操作人员对计算系统上的非特权用户进行内部攻击的方法。它需要一个能够在用户模式下本地处理加密数据的处理器,保护用户的安全屏障是基于硬件的加密,而不是访问。我们报告了我们用于加密计算和支持软件基础设施的标量RISC类原型处理器的进展和实践经验。本文旨在提醒安全硬件社区,加密计算可能是实用的,以及理论上可行的。考虑到加密是独立安全的,操作员模式不可能读取(或按顺序写入)源自此类处理器的用户模式或在此类处理器中操作的明文形式的数据。现在我们报告了原型机的标准Dhrystone基准测试,显示AES-128的性能与433MHz经典奔腾(1 GHz基本时钟)一样,比其他方法快数千倍。
{"title":"The Secret Processor Will Go to the Ball: Benchmark Insider-Proof Encrypted Computing","authors":"Peter T. Breuer, Jonathan P. Bowen, Esther Palomar, Zhiming Liu","doi":"10.1109/EuroSPW.2018.00027","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00027","url":null,"abstract":"‘Encrypted computing’ is an approach to preventing insider attacks by the privileged operator against the unprivileged user on a computing system. It requires a processor that works natively on encrypted data in user mode, and the security barrier that protects the user is hardware-based encryption, not access. We report on progress and practical experience with our superscalar RISC class prototype processor for encrypted computing and supporting software infrastructure. This paper aims to alert the secure hardware community that encrypted computing is possibly practical, as well as theoretically plausible. It has been shown formally impossible for operator mode to read (or write to order) the plaintext form of data originating from or being operated on in the user mode of this class of processor, given that the encryption is independently secure. Now we report standard Dhrystone benchmarks for the prototype, showing performance with AES-128 like a 433MHz classic Pentium (1 GHz base clock), thousands of times faster than other approaches.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114350639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Interaction-Based Privacy Threat Elicitation 基于交互的隐私威胁引出
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00017
Laurens Sion, Kim Wuyts, Koen Yskout, D. Landuyt, W. Joosen
Threat modeling involves the systematic identification, elicitation, and analysis of privacy- and/or security-related threats in the context of a specific system. These modeling practices are performed at a specific level of architectural abstraction – the use of Data Flow Diagram (DFD) models, for example, is common in this context. To identify and elicit threats, two fundamentally different approaches can be taken: (1) elicitation on a per-element basis involves iteratively singling out individual architectural elements and considering the applicable threats, (2) elicitation at the level of system interactions (which involve the local context of three elements: a source, a data flow, and a destination) performs elicitation at the basis of system-level communication. Although not considering the local context of the element under investigation makes the former approach easier to adopt and use for human analysts, this approach also leads to threat duplication and redundancy, relies more extensively on implicit analyst expertise, and requires more manual effort. In this paper, we provide a detailed analysis of these issues with element-based threat elicitation in the context of LINDDUN, an element-driven privacy-by-design threat modeling methodology. Subsequently, we present a LINDDUN extension that implements interaction-based privacy threat elicitation and we provide indepth argumentation on how this approach leads to better process guidance and more concrete interpretation of privacy threat types, ultimately requiring less effort and expertise. A third standalone contribution of this work is a catalog of realistic and illustrative LINDDUN privacy threats, which in turn facilitates practical threat elicitation using LINDDUN.
威胁建模涉及在特定系统的上下文中系统地识别、引出和分析与隐私和/或安全相关的威胁。这些建模实践是在特定的体系结构抽象级别上执行的——例如,数据流程图(DFD)模型的使用在此上下文中是常见的。为了识别和引出威胁,可以采用两种根本不同的方法:(1)基于每个元素的引出涉及迭代地挑出单个体系结构元素并考虑可应用的威胁,(2)系统交互级别的引出(涉及三个元素的本地上下文:源、数据流和目的地)在系统级通信的基础上执行引出。尽管不考虑所调查元素的本地上下文使得前一种方法更容易被人工分析人员采用和使用,但这种方法也会导致威胁重复和冗余,更广泛地依赖于隐性分析人员的专业知识,并且需要更多的手工工作。在本文中,我们在LINDDUN(一种元素驱动的基于设计的隐私威胁建模方法)的背景下,对这些问题进行了基于元素的威胁引出的详细分析。随后,我们提出了一个实现基于交互的隐私威胁引出的LINDDUN扩展,并深入论证了这种方法如何导致更好的过程指导和更具体的隐私威胁类型解释,最终需要更少的努力和专业知识。这项工作的第三个独立贡献是现实和说明性LINDDUN隐私威胁的目录,这反过来又促进了使用LINDDUN的实际威胁引出。
{"title":"Interaction-Based Privacy Threat Elicitation","authors":"Laurens Sion, Kim Wuyts, Koen Yskout, D. Landuyt, W. Joosen","doi":"10.1109/EuroSPW.2018.00017","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00017","url":null,"abstract":"Threat modeling involves the systematic identification, elicitation, and analysis of privacy- and/or security-related threats in the context of a specific system. These modeling practices are performed at a specific level of architectural abstraction – the use of Data Flow Diagram (DFD) models, for example, is common in this context. To identify and elicit threats, two fundamentally different approaches can be taken: (1) elicitation on a per-element basis involves iteratively singling out individual architectural elements and considering the applicable threats, (2) elicitation at the level of system interactions (which involve the local context of three elements: a source, a data flow, and a destination) performs elicitation at the basis of system-level communication. Although not considering the local context of the element under investigation makes the former approach easier to adopt and use for human analysts, this approach also leads to threat duplication and redundancy, relies more extensively on implicit analyst expertise, and requires more manual effort. In this paper, we provide a detailed analysis of these issues with element-based threat elicitation in the context of LINDDUN, an element-driven privacy-by-design threat modeling methodology. Subsequently, we present a LINDDUN extension that implements interaction-based privacy threat elicitation and we provide indepth argumentation on how this approach leads to better process guidance and more concrete interpretation of privacy threat types, ultimately requiring less effort and expertise. A third standalone contribution of this work is a catalog of realistic and illustrative LINDDUN privacy threats, which in turn facilitates practical threat elicitation using LINDDUN.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126249181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
The Odyssey: Modeling Privacy Threats in a Brave New World 奥德赛:在一个美丽的新世界中建模隐私威胁
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00018
Rafa Gálvez, Seda Gurses
In the upcoming General Data Protection Regulation (GDPR), privacy by design and privacy impact assessments are given an even more prominent role than before. It is now required that companies build privacy into the core of their technical products. Recently, researchers and industry players have proposed employing threat modeling methods, traditionally used in security engineering, as a way to bridge these two GDPR requirements in the process of engineering systems. Threat modeling, however, typically assumes a waterfall process and monolithic design, assumptions that are disrupted with the popularization of Agile methodologies and Service Oriented Architectures. Moreover, agile service environments make it easier to address some privacy problems, while complicating others. To date, the challenges of applying threat modeling for privacy in agile service environments remain understudied. This paper sets out to expose and analyze this gap. Specifically, we analyze what challenges and opportunities the shifts in software engineering practice introduce into traditional Threat Modeling activities; how they relate to the different Privacy Goals; and what Agile principles and Service properties have an impact on them. Our results show that both agile and services make the end-toend analysis of applications more difficult. At the same time, the former allows for more efficient communications and iterative progress, while the latter enables the parallelization of tasks and the documentation of some architecture decisions. Additionally, we open a new research avenue pointing to Amazon Macie as an example of Machine Learning applications that aim to provide a solution to the scalability and usability of Privacy Threat Modeling processes.
在即将出台的《通用数据保护条例》(GDPR)中,隐私设计和隐私影响评估被赋予了比以往更加突出的作用。现在要求公司将隐私植入其技术产品的核心。最近,研究人员和行业参与者提出采用传统上用于安全工程的威胁建模方法,作为在工程系统过程中连接这两个GDPR要求的一种方法。然而,威胁建模通常假设瀑布流程和整体设计,这些假设随着敏捷方法和面向服务的体系结构的普及而被打破。此外,敏捷服务环境使解决某些隐私问题变得更容易,而使其他问题复杂化。到目前为止,在敏捷服务环境中为隐私应用威胁建模的挑战仍然没有得到充分的研究。本文旨在揭示和分析这一差距。具体来说,我们分析了软件工程实践的变化给传统的威胁建模活动带来的挑战和机遇;它们与不同隐私目标之间的关系;以及敏捷原则和服务属性对它们的影响。我们的结果表明,敏捷和服务都使应用程序的端到端分析变得更加困难。同时,前者允许更有效的通信和迭代过程,而后者允许任务的并行化和一些体系结构决策的文档化。此外,我们开辟了一条新的研究途径,将亚马逊Macie作为机器学习应用程序的一个例子,旨在为隐私威胁建模过程的可扩展性和可用性提供解决方案。
{"title":"The Odyssey: Modeling Privacy Threats in a Brave New World","authors":"Rafa Gálvez, Seda Gurses","doi":"10.1109/EuroSPW.2018.00018","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00018","url":null,"abstract":"In the upcoming General Data Protection Regulation (GDPR), privacy by design and privacy impact assessments are given an even more prominent role than before. It is now required that companies build privacy into the core of their technical products. Recently, researchers and industry players have proposed employing threat modeling methods, traditionally used in security engineering, as a way to bridge these two GDPR requirements in the process of engineering systems. Threat modeling, however, typically assumes a waterfall process and monolithic design, assumptions that are disrupted with the popularization of Agile methodologies and Service Oriented Architectures. Moreover, agile service environments make it easier to address some privacy problems, while complicating others. To date, the challenges of applying threat modeling for privacy in agile service environments remain understudied. This paper sets out to expose and analyze this gap. Specifically, we analyze what challenges and opportunities the shifts in software engineering practice introduce into traditional Threat Modeling activities; how they relate to the different Privacy Goals; and what Agile principles and Service properties have an impact on them. Our results show that both agile and services make the end-toend analysis of applications more difficult. At the same time, the former allows for more efficient communications and iterative progress, while the latter enables the parallelization of tasks and the documentation of some architecture decisions. Additionally, we open a new research avenue pointing to Amazon Macie as an example of Machine Learning applications that aim to provide a solution to the scalability and usability of Privacy Threat Modeling processes.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131668446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
It Takes a Village: A Community Based Participatory Framework for Privacy Design 它需要一个村庄:一个基于社区的参与式隐私设计框架
Pub Date : 2018-04-23 DOI: 10.1109/EuroSPW.2018.00022
Darakhshan J. Mir, Yan Shvartzshnaider, Mark Latonero
As data-centric technologies are increasingly being considered in social contexts that intervene in marginalized peoples' lives, we consider design paradigms to create systems that fulfill their unique privacy needs and requirements. Disempowered populations often experience disparate harms from the loss of privacy but, typically, have a limited role in formulating the scope and nature of such interventions, and accompanying (implicit or explicit) privacy policies and consequent engineering processes. This gap can be addressed by including recipient communities in designing these privacy policies. We propose a participatory design model for data-centric applications where privacy policies (norms) emerge out of participation of the community in the research/design process. The framework of Contextual Integrity which articulates privacy as respect for normative rules of information flow in specific contexts, lends itself well to enable a community-generated formulation of these privacy norms within the contexts of the proposed intervention. Employing formal logic, these privacy norms can then be used to engineer systems capable of regulating the flow of information as per the negotiated norms [1]. This entire process which we call Contextualized Participatory Privacy by Design, seeks to empower communities in negotiating and articulating their privacy norms, leading to the development of systems that are capable of enforcing what they deem as ethical, contextualized use of their data.
随着以数据为中心的技术越来越多地被考虑在社会环境中干预边缘化人群的生活,我们考虑设计范式来创建满足他们独特的隐私需求和要求的系统。被剥夺权利的人群通常会因隐私的丧失而遭受不同的伤害,但通常在制定此类干预的范围和性质,以及伴随的(隐性或显性)隐私政策和随之而来的工程过程方面的作用有限。这一差距可以通过在设计这些隐私政策时包括接收社区来解决。我们为以数据为中心的应用程序提出了一种参与式设计模型,其中隐私政策(规范)来自于社区在研究/设计过程中的参与。情境完整性的框架将隐私表述为对特定情境下信息流规范规则的尊重,这使得在拟议干预的背景下,社区能够很好地制定这些隐私规范。采用形式化逻辑,这些隐私规范可以用于设计能够根据协商规范调节信息流的系统[1]。这整个过程,我们称之为情境化参与式隐私设计,旨在授权社区协商和阐明他们的隐私规范,导致系统的发展,能够强制执行他们认为合乎道德的,情境化使用他们的数据。
{"title":"It Takes a Village: A Community Based Participatory Framework for Privacy Design","authors":"Darakhshan J. Mir, Yan Shvartzshnaider, Mark Latonero","doi":"10.1109/EuroSPW.2018.00022","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00022","url":null,"abstract":"As data-centric technologies are increasingly being considered in social contexts that intervene in marginalized peoples' lives, we consider design paradigms to create systems that fulfill their unique privacy needs and requirements. Disempowered populations often experience disparate harms from the loss of privacy but, typically, have a limited role in formulating the scope and nature of such interventions, and accompanying (implicit or explicit) privacy policies and consequent engineering processes. This gap can be addressed by including recipient communities in designing these privacy policies. We propose a participatory design model for data-centric applications where privacy policies (norms) emerge out of participation of the community in the research/design process. The framework of Contextual Integrity which articulates privacy as respect for normative rules of information flow in specific contexts, lends itself well to enable a community-generated formulation of these privacy norms within the contexts of the proposed intervention. Employing formal logic, these privacy norms can then be used to engineer systems capable of regulating the flow of information as per the negotiated norms [1]. This entire process which we call Contextualized Participatory Privacy by Design, seeks to empower communities in negotiating and articulating their privacy norms, leading to the development of systems that are capable of enforcing what they deem as ethical, contextualized use of their data.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128879627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Trusted Platform Modules in Cyber-Physical Systems: On the Interference Between Security and Dependability 网络物理系统中的可信平台模块:安全性与可靠性的干扰
Pub Date : 2018-04-01 DOI: 10.1109/EuroSPW.2018.00026
Andrea Höller, Ronald Toegl
Cyber physical systems are the key innovation driver for many domains such as automotive, avionics, industrial process control, and factory automation. However, their interconnection potentially provides adversaries easy access to sensitive data, code, and configurations. If attackers gain control, material damage or even harm to people must be expected. To counteract data theft, system manipulation and cyber-attacks, security mechanisms must be embedded in the cyber physical system. Adding hardware security in the form of the standardized Trusted Platform Module (TPM) is a promising approach. At the same time, traditional dependability features such as safety, availability, and reliability have to be maintained. To determine the right balance between security and dependability it is essential to understand their interferences. This paper supports developers in identifying the implications of using TPMs on the dependability of their system.We highlight potential consequences of adding TPMs to cyber-physical systems by considering the resulting safety, reliability, and availability. Furthermore, we discuss the potential of enhancing the dependability of TPM services by applying traditional redundancy techniques.
网络物理系统是汽车、航空电子、工业过程控制和工厂自动化等许多领域的关键创新驱动力。然而,它们的互连可能为攻击者提供对敏感数据、代码和配置的轻松访问。如果攻击者获得控制权,物质损失甚至对人造成伤害是必然的。为了防止数据盗窃、系统操纵和网络攻击,必须在网络物理系统中嵌入安全机制。以标准化可信平台模块(Trusted Platform Module, TPM)的形式添加硬件安全性是一种很有前途的方法。同时,必须保持传统的可靠性特征,如安全性、可用性和可靠性。要确定安全性和可靠性之间的正确平衡,就必须了解它们之间的相互影响。本文支持开发人员识别使用tpm对其系统可靠性的影响。通过考虑由此产生的安全性、可靠性和可用性,我们强调了将tpm添加到网络物理系统的潜在后果。此外,我们还讨论了通过应用传统冗余技术来增强TPM服务可靠性的潜力。
{"title":"Trusted Platform Modules in Cyber-Physical Systems: On the Interference Between Security and Dependability","authors":"Andrea Höller, Ronald Toegl","doi":"10.1109/EuroSPW.2018.00026","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00026","url":null,"abstract":"Cyber physical systems are the key innovation driver for many domains such as automotive, avionics, industrial process control, and factory automation. However, their interconnection potentially provides adversaries easy access to sensitive data, code, and configurations. If attackers gain control, material damage or even harm to people must be expected. To counteract data theft, system manipulation and cyber-attacks, security mechanisms must be embedded in the cyber physical system. Adding hardware security in the form of the standardized Trusted Platform Module (TPM) is a promising approach. At the same time, traditional dependability features such as safety, availability, and reliability have to be maintained. To determine the right balance between security and dependability it is essential to understand their interferences. This paper supports developers in identifying the implications of using TPMs on the dependability of their system.We highlight potential consequences of adding TPMs to cyber-physical systems by considering the resulting safety, reliability, and availability. Furthermore, we discuss the potential of enhancing the dependability of TPM services by applying traditional redundancy techniques.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"131 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124251031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
期刊
2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1