The Tor anonymity network has millions of daily users and thousands of volunteer-run relays. Increasing the number of Tor users will enhance the privacy of not just new users, but also existing users by increasing their anonymity sets. However, growing the network further has several research and deployment challenges. One such challenge is supporting the increase in bandwidth required by additional users joining the network. While adding more Tor relays to the network would increase the total available bandwidth, it requires network architecture changes to reduce the impact of Tor’s growing directory documents. In order to increase the total available network bandwidth without needing to grow Tor’s directory documents, this work provides a multi-threaded relay architecture designed to improve the throughput of individual multi-core relays with available network capacity. We built an implementation of a subset of this new design on top of the standard Tor code base to demonstrate the potential throughput improvements of this architecture on both high- and low-performance hardware.
{"title":"Weaving a Faster Tor: A Multi-Threaded Relay Architecture for Improved Throughput","authors":"S. Engler, I. Goldberg","doi":"10.1145/3465481.3465745","DOIUrl":"https://doi.org/10.1145/3465481.3465745","url":null,"abstract":"The Tor anonymity network has millions of daily users and thousands of volunteer-run relays. Increasing the number of Tor users will enhance the privacy of not just new users, but also existing users by increasing their anonymity sets. However, growing the network further has several research and deployment challenges. One such challenge is supporting the increase in bandwidth required by additional users joining the network. While adding more Tor relays to the network would increase the total available bandwidth, it requires network architecture changes to reduce the impact of Tor’s growing directory documents. In order to increase the total available network bandwidth without needing to grow Tor’s directory documents, this work provides a multi-threaded relay architecture designed to improve the throughput of individual multi-core relays with available network capacity. We built an implementation of a subset of this new design on top of the standard Tor code base to demonstrate the potential throughput improvements of this architecture on both high- and low-performance hardware.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"396 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115916895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Efficient cyber risk assessment needs to consider all security alerts provided by cybersecurity solutions deployed in a network. To build a reliable overview of cyber risk, there is a need to adopt continuous monitoring of emerged cyber threats related to that risk. Indeed, the integration of Cyber Threat Intelligence (CTI) into cybersecurity solutions provides valuable information about threats, targets, and potential vulnerabilities. Structured Threat Information eXpression (STIX), as a language for expressing information about cyber threats in a structured and unambiguous manner, is becoming a de facto standard for sharing information about cyber threats. In addition, ontology-based semantic knowledge modeling has become a promising solution that provides a machine-readable language for downstream work in cybersecurity problem-solving. In this paper, we propose an ontology using CTI for risk monitoring. This latter improves an existing ontology, originally proposed to be used within a SIEM (Security Information Event Management), by extending it and aligning it with the STIX concepts.
{"title":"Ontology-based Cyber Risk Monitoring Using Cyber Threat Intelligence","authors":"Yazid Merah, Tayeb Kenaza","doi":"10.1145/3465481.3470024","DOIUrl":"https://doi.org/10.1145/3465481.3470024","url":null,"abstract":"Efficient cyber risk assessment needs to consider all security alerts provided by cybersecurity solutions deployed in a network. To build a reliable overview of cyber risk, there is a need to adopt continuous monitoring of emerged cyber threats related to that risk. Indeed, the integration of Cyber Threat Intelligence (CTI) into cybersecurity solutions provides valuable information about threats, targets, and potential vulnerabilities. Structured Threat Information eXpression (STIX), as a language for expressing information about cyber threats in a structured and unambiguous manner, is becoming a de facto standard for sharing information about cyber threats. In addition, ontology-based semantic knowledge modeling has become a promising solution that provides a machine-readable language for downstream work in cybersecurity problem-solving. In this paper, we propose an ontology using CTI for risk monitoring. This latter improves an existing ontology, originally proposed to be used within a SIEM (Security Information Event Management), by extending it and aligning it with the STIX concepts.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116329548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Copstein, J. Schwartzentruber, N. Zincir-Heywood, M. Heywood
The collection of log messages regarding the operation of deployed services and application is an integral component to the forensic analysis for the identification and understanding of security incidents. Approaches for parsing and abstraction of such logs, despite widespread use and study, do not directly account for the individualities of the domain of information security. This, in return, limits their applicability on the field. In this work, we analyze the state-of-the-art log parsing and abstraction algorithms from the perspective of information security. First, we reproduce/replicate previous analysis of such algorithms from the literature. Then, we evaluate their ability for parsing and abstraction of log files for forensic analysis purposes. Our study demonstrates that while the state-of-the-art techniques are accurate in log parsing, improvements are necessary in terms of achieving a holistic view to aid in forensic analysis for the identification and understanding of security incidents.
{"title":"Log Abstraction for Information Security: Heuristics and Reproducibility","authors":"R. Copstein, J. Schwartzentruber, N. Zincir-Heywood, M. Heywood","doi":"10.1145/3465481.3470083","DOIUrl":"https://doi.org/10.1145/3465481.3470083","url":null,"abstract":"The collection of log messages regarding the operation of deployed services and application is an integral component to the forensic analysis for the identification and understanding of security incidents. Approaches for parsing and abstraction of such logs, despite widespread use and study, do not directly account for the individualities of the domain of information security. This, in return, limits their applicability on the field. In this work, we analyze the state-of-the-art log parsing and abstraction algorithms from the perspective of information security. First, we reproduce/replicate previous analysis of such algorithms from the literature. Then, we evaluate their ability for parsing and abstraction of log files for forensic analysis purposes. Our study demonstrates that while the state-of-the-art techniques are accurate in log parsing, improvements are necessary in terms of achieving a holistic view to aid in forensic analysis for the identification and understanding of security incidents.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116792208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays, Internet of Things (IoT) devices are widely used in several application scenarios. Due to their cheap structure, they often do not guarantee high security standard, making them prone to hacker attacks. Remote attestation is widely used to verify the configuration integrity on remote devices. Unfortunately, checking the integrity of each single device is impractical, thus several collective remote attestation protocols have been recently proposed to efficiently run attestations in wide device swarms. However, current solutions still have several limitations in terms of network topology, scalability, and efficiency. This paper presents a new efficient collective remote attestation protocol for highly dynamic networks. Our protocol is implemented according to the self-attestation procedure, where devices iteratively establish a common view of the integrity of the network through a consensus mechanism. Differently from previous protocols, we leverage on Bloom filters, which permits to drastically reduce the message size for communication and to be more flexible with mobile nodes that can also join or leave the swarm. We evaluate our proposal through several simulations and experiments, showing that it outperforms the state of the art.
{"title":"Bloom Filter based Collective Remote Attestation for Dynamic Networks","authors":"Salvatore Frontera, R. Lazzeretti","doi":"10.1145/3465481.3470054","DOIUrl":"https://doi.org/10.1145/3465481.3470054","url":null,"abstract":"Nowadays, Internet of Things (IoT) devices are widely used in several application scenarios. Due to their cheap structure, they often do not guarantee high security standard, making them prone to hacker attacks. Remote attestation is widely used to verify the configuration integrity on remote devices. Unfortunately, checking the integrity of each single device is impractical, thus several collective remote attestation protocols have been recently proposed to efficiently run attestations in wide device swarms. However, current solutions still have several limitations in terms of network topology, scalability, and efficiency. This paper presents a new efficient collective remote attestation protocol for highly dynamic networks. Our protocol is implemented according to the self-attestation procedure, where devices iteratively establish a common view of the integrity of the network through a consensus mechanism. Differently from previous protocols, we leverage on Bloom filters, which permits to drastically reduce the message size for communication and to be more flexible with mobile nodes that can also join or leave the swarm. We evaluate our proposal through several simulations and experiments, showing that it outperforms the state of the art.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115563604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hiroki Inayoshi, S. Kakei, Eiji Takimoto, Koichi Mouri, S. Saito
Bytecode-level taint tracking discovers suspicious apps on the Android platform; however, malicious apps can bypass it by transferring information via system layers in the Android. A context tainting countermeasure has been devised, but since it employs a list of flow-causing API methods, it will miss flows when unlisted methods are exploited and can also produce false positives. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to detect such flows without relying on lists of API methods. We implemented it into our taint-tracking system called VTDroid and confirmed its effectiveness with our test suite. We also evaluated it with popular apps collected from Google Play. The results show that the precision of VTDroid is 37 points higher than the context tainting.
{"title":"VTDroid: Value-based Tracking for Overcoming Anti-Taint-Analysis Techniques in Android Apps","authors":"Hiroki Inayoshi, S. Kakei, Eiji Takimoto, Koichi Mouri, S. Saito","doi":"10.1145/3465481.3465759","DOIUrl":"https://doi.org/10.1145/3465481.3465759","url":null,"abstract":"Bytecode-level taint tracking discovers suspicious apps on the Android platform; however, malicious apps can bypass it by transferring information via system layers in the Android. A context tainting countermeasure has been devised, but since it employs a list of flow-causing API methods, it will miss flows when unlisted methods are exploited and can also produce false positives. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to detect such flows without relying on lists of API methods. We implemented it into our taint-tracking system called VTDroid and confirmed its effectiveness with our test suite. We also evaluated it with popular apps collected from Google Play. The results show that the precision of VTDroid is 37 points higher than the context tainting.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121808918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital technology provides unique opportunities to revolutionize the healthcare ecosystem and health research. However, this comes with serious security, safety, and privacy threats. The healthcare sector has been proven unequipped and unready to face cyberattacks while its vulnerabilities are being systematically exploited by attackers. The growing need and use of medical devices and smart equipment, the complexity of operations and the incompatible systems are leaving healthcare organizations exposed to various malware, including ransomware, which result in compromised healthcare access, quality, safety and care. To fully benefit from the advantages of technology, cybersecurity issues need to be resolved. Cybersecurity measures are being suggested via a number of healthcare standards which are often contradicting and confusing, making these measures ineffective and difficult to implement. To place a solid foundation for the healthcare sector, in improving the understanding of complex cybersecurity issues, this paper explores the existing vulnerabilities in the health care critical information infrastructures which are used in cyberattacks and discusses the reasons why this sector is under attack. Furthermore, the existing security standards in healthcare are presented alongside with their implementation challenges. The paper also discusses the use of living labs as a novel way to discover how to practically implement cybersecurity measures and also provides a set of recommendations as future steps. Finally, to our knowledge this is the first paper that analyses security in the context of living labs and provides suggestions relevant to this context.
{"title":"The landscape of cybersecurity vulnerabilities and challenges in healthcare: Security standards and paradigm shift recommendations","authors":"K. Kioskli, Theo Fotis, H. Mouratidis","doi":"10.1145/3465481.3470033","DOIUrl":"https://doi.org/10.1145/3465481.3470033","url":null,"abstract":"Digital technology provides unique opportunities to revolutionize the healthcare ecosystem and health research. However, this comes with serious security, safety, and privacy threats. The healthcare sector has been proven unequipped and unready to face cyberattacks while its vulnerabilities are being systematically exploited by attackers. The growing need and use of medical devices and smart equipment, the complexity of operations and the incompatible systems are leaving healthcare organizations exposed to various malware, including ransomware, which result in compromised healthcare access, quality, safety and care. To fully benefit from the advantages of technology, cybersecurity issues need to be resolved. Cybersecurity measures are being suggested via a number of healthcare standards which are often contradicting and confusing, making these measures ineffective and difficult to implement. To place a solid foundation for the healthcare sector, in improving the understanding of complex cybersecurity issues, this paper explores the existing vulnerabilities in the health care critical information infrastructures which are used in cyberattacks and discusses the reasons why this sector is under attack. Furthermore, the existing security standards in healthcare are presented alongside with their implementation challenges. The paper also discusses the use of living labs as a novel way to discover how to practically implement cybersecurity measures and also provides a set of recommendations as future steps. Finally, to our knowledge this is the first paper that analyses security in the context of living labs and provides suggestions relevant to this context.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123700082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Louise Axon, Arnau Erola, Alastair Janse van Rensburg, Jason R. C. Nurse, M. Goldsmith, S. Creese
Cybersecurity practitioners working in organisations implement risk controls aiming to improve the security of their systems. Determining prioritisation of the deployment of controls and understanding their likely impact on overall cybersecurity posture is challenging, yet without this understanding there is a risk of implementing inefficient or even harmful security practices. There is a critical need to comprehend the value of controls in reducing cyber-risk exposure in various organisational contexts, and the factors affecting their usage. Such information is important for research into cybersecurity risk and defences, for supporting cybersecurity decisions within organisations, and for external parties guiding cybersecurity practice such as standards bodies and cyber-insurance companies. Cybersecurity practitioners possess a wealth of field knowledge in this area, yet there has been little academic work collecting and synthesising their views. In an attempt to highlights trends and a range of wider organisational factors that impact on a control’s effectiveness and deployment, we conduct a set of interviews exploring practitioners’ perceptions. We compare alignment with the recommendations of security standards and requirements of cyber-insurance policies to validate findings. Although still exploratory, we believe this methodology would help in identifying points of improvement in cybersecurity investment, describing specific potential benefits.
{"title":"Practitioners’ Views on Cybersecurity Control Adoption and Effectiveness","authors":"Louise Axon, Arnau Erola, Alastair Janse van Rensburg, Jason R. C. Nurse, M. Goldsmith, S. Creese","doi":"10.1145/3465481.3470038","DOIUrl":"https://doi.org/10.1145/3465481.3470038","url":null,"abstract":"Cybersecurity practitioners working in organisations implement risk controls aiming to improve the security of their systems. Determining prioritisation of the deployment of controls and understanding their likely impact on overall cybersecurity posture is challenging, yet without this understanding there is a risk of implementing inefficient or even harmful security practices. There is a critical need to comprehend the value of controls in reducing cyber-risk exposure in various organisational contexts, and the factors affecting their usage. Such information is important for research into cybersecurity risk and defences, for supporting cybersecurity decisions within organisations, and for external parties guiding cybersecurity practice such as standards bodies and cyber-insurance companies. Cybersecurity practitioners possess a wealth of field knowledge in this area, yet there has been little academic work collecting and synthesising their views. In an attempt to highlights trends and a range of wider organisational factors that impact on a control’s effectiveness and deployment, we conduct a set of interviews exploring practitioners’ perceptions. We compare alignment with the recommendations of security standards and requirements of cyber-insurance policies to validate findings. Although still exploratory, we believe this methodology would help in identifying points of improvement in cybersecurity investment, describing specific potential benefits.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123847543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pascal Wichmann, Matthias Marx, H. Federrath, Mathias Fischer
Network intrusion detection systems (NIDSs) can detect attacks in network traffic. However, the increasing ratio of encrypted connections on the Internet restricts their ability to observe such attacks. This paper proposes a completely passive method that allows to detect brute-force attacks in encrypted traffic without the need to decrypt it. For that, we propose five novel metrics for attack detection which quantify metadata like packet size or packet timing. We evaluate the performance of our method with synthetically generated but realistic traffic as well as on real-world traffic from a Tor exit node on the Internet. Our results indicate that the proposed metrics can reliably detect brute-force attacks in encrypted traffic in protocols like HTTPS, FTPS, IMAPS, SMTPS, and SSH. Simultaneously, our approach causes only a few false positives, achieving an F-measure between 75% and 100%.
{"title":"Detection of Brute-Force Attacks in End-to-End Encrypted Network Traffic","authors":"Pascal Wichmann, Matthias Marx, H. Federrath, Mathias Fischer","doi":"10.1145/3465481.3470113","DOIUrl":"https://doi.org/10.1145/3465481.3470113","url":null,"abstract":"Network intrusion detection systems (NIDSs) can detect attacks in network traffic. However, the increasing ratio of encrypted connections on the Internet restricts their ability to observe such attacks. This paper proposes a completely passive method that allows to detect brute-force attacks in encrypted traffic without the need to decrypt it. For that, we propose five novel metrics for attack detection which quantify metadata like packet size or packet timing. We evaluate the performance of our method with synthetically generated but realistic traffic as well as on real-world traffic from a Tor exit node on the Internet. Our results indicate that the proposed metrics can reliably detect brute-force attacks in encrypted traffic in protocols like HTTPS, FTPS, IMAPS, SMTPS, and SSH. Simultaneously, our approach causes only a few false positives, achieving an F-measure between 75% and 100%.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130663471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we explore why partial identity technologies such as privacy-preserving attribute based credentials (pABCs) have been around for a while without getting adopted in real life identity solutions and how we might design for such technologies. This is done by exploring whether this is perceived useful from the user as well as the service provider side through the design of a digital identity solution in Denmark. Two interview studies with three and 11 participants representing service providers and users, respectively, were carried out and a design for a digital identity solution was created. The results show that while there is a use for such technologies, there are certain issues that need to be considered. Based on the results, we present 8 design recommendations on implementing a digital identity solution based on pABCs. For future work, we suggest that these studies should be repeated in other national contexts to explore how general the results are.
{"title":"Towards the Design of a Privacy-preserving Attribute Based Credentials-based Digital ID in Denmark – Usefulness, Barriers, and Recommendations","authors":"Mads Schaarup Andersen","doi":"10.1145/3465481.3469211","DOIUrl":"https://doi.org/10.1145/3465481.3469211","url":null,"abstract":"In this paper, we explore why partial identity technologies such as privacy-preserving attribute based credentials (pABCs) have been around for a while without getting adopted in real life identity solutions and how we might design for such technologies. This is done by exploring whether this is perceived useful from the user as well as the service provider side through the design of a digital identity solution in Denmark. Two interview studies with three and 11 participants representing service providers and users, respectively, were carried out and a design for a digital identity solution was created. The results show that while there is a use for such technologies, there are certain issues that need to be considered. Based on the results, we present 8 design recommendations on implementing a digital identity solution based on pABCs. For future work, we suggest that these studies should be repeated in other national contexts to explore how general the results are.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126307629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since healthcare information systems have many important data that can attract many adversaries, it is important to take the right steps to prevent data breaches. Recent studies suggested that 85% of breaches involved a human element and the frequent patterns used are social engineerings. Therefore, many studies focus on making a better understanding of human behavior in cybersecurity and the factors that affect cybersecurity practices. However, there are only a few peer-reviewed studies that focus on the link between stress level and cybersecurity practices. In this study, we examined the link between stress level and cybersecurity practices among hospital employees in Indonesia by surveying 99 hospital workers. Perceived Stress Scale (PSS) was used to measure the employees’ stress level and a new scale to measure hospital staff’s risky cybersecurity practices was proposed. This study showed that both PSS and proposed cybersecurity practices scales are reliable with Cronbach’s α value of more than 0.7. The survey results also revealed that hospital worker’s higher stress levels correlate significantly with riskier cybersecurity practices (rs = 0.305, p < 0.01). Besides, a higher stress level is also significantly linked to certain cybersecurity practices, such as clicking on a link in an email from an unknown sender, not preventing colleagues from viewing patients’ information for a non-therapeutic purpose, posting patient information on social media, ignoring colleagues who engage in negative information security practices, and failing to create strong passwords.
由于医疗保健信息系统有许多重要数据,可能会吸引许多攻击者,因此采取正确的步骤来防止数据泄露非常重要。最近的研究表明,85%的违规行为涉及人为因素,使用的频繁模式是社会工程。因此,许多研究的重点是更好地理解网络安全中的人类行为以及影响网络安全实践的因素。然而,只有少数同行评议的研究关注压力水平和网络安全实践之间的联系。在本研究中,我们通过调查99名医院工作人员,研究了印度尼西亚医院员工的压力水平与网络安全实践之间的联系。采用感知压力量表(PSS)衡量员工的压力水平,并提出了一种新的量表来衡量医院员工的风险网络安全实践。研究表明,PSS量表和网络安全实践量表均具有较好的可靠性,Cronbach’s α值均大于0.7。调查结果还显示,医院工作人员较高的压力水平与更危险的网络安全实践显著相关(rs = 0.305, p < 0.01)。此外,较高的压力水平也与某些网络安全行为显著相关,例如点击未知发件人的电子邮件中的链接,不阻止同事出于非治疗目的查看患者信息,在社交媒体上发布患者信息,忽视从事负面信息安全实践的同事,以及未创建强密码。
{"title":"Examining the Link Between Stress Level and Cybersecurity Practices of Hospital Staff in Indonesia","authors":"M. Fauzi, P. Yeng, Bian Yang, Dita Rachmayani","doi":"10.1145/3465481.3470094","DOIUrl":"https://doi.org/10.1145/3465481.3470094","url":null,"abstract":"Since healthcare information systems have many important data that can attract many adversaries, it is important to take the right steps to prevent data breaches. Recent studies suggested that 85% of breaches involved a human element and the frequent patterns used are social engineerings. Therefore, many studies focus on making a better understanding of human behavior in cybersecurity and the factors that affect cybersecurity practices. However, there are only a few peer-reviewed studies that focus on the link between stress level and cybersecurity practices. In this study, we examined the link between stress level and cybersecurity practices among hospital employees in Indonesia by surveying 99 hospital workers. Perceived Stress Scale (PSS) was used to measure the employees’ stress level and a new scale to measure hospital staff’s risky cybersecurity practices was proposed. This study showed that both PSS and proposed cybersecurity practices scales are reliable with Cronbach’s α value of more than 0.7. The survey results also revealed that hospital worker’s higher stress levels correlate significantly with riskier cybersecurity practices (rs = 0.305, p < 0.01). Besides, a higher stress level is also significantly linked to certain cybersecurity practices, such as clicking on a link in an email from an unknown sender, not preventing colleagues from viewing patients’ information for a non-therapeutic purpose, posting patient information on social media, ignoring colleagues who engage in negative information security practices, and failing to create strong passwords.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"59 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120905990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: