Computers & Security最新文献

英文中文

“Alexa, how do you protect my privacy?” A quantitative study of user preferences and requirements about smart speaker privacy settings

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-01-06 DOI: 10.1016/j.cose.2024.104302

Luca Hernández Acosta, Delphine Reinhardt

Voice assistants are becoming increasingly popular. While users may benefit from the convenience of voice interactions, the use of voice assistants raises privacy issues. To address them, existing voice assistants propose some privacy settings. However, we are lacking knowledge about (1) which privacy settings are important to users, (2) what are their preferences about their application, and (3) what are their requirements beyond existing privacy settings. Gaining such knowledge is important to understand why users may not use these settings and to identify which settings should be introduced to allow users to better protect their privacy. To this end, we have conducted a quantitative online study with 1,103 German smart speaker owners. Detailed insights are provided into how beliefs about data handling practices, usage of existing privacy settings, affinity for technology interaction, and privacy attitudes vary depending on the brand of smart speakers used by participants. These findings reveal discrepancies in user trust and preferences across different manufacturers. Additionally, statistical evaluations, including effect size calculations, are introduced, alongside expanded results with detailed explanations to enhance the contextual understanding of the findings. The study provides recommendations for manufacturers and policymakers to improve transparency, usability, and education on privacy settings. Practical guidelines for privacy-preserving features are included, advancing understanding of user needs and aiding in the design of better solutions. In addition to partly replicating findings obtained with different samples, the results show that the currently available privacy settings do not fully cover user requirements and indicate a general desire for more transparency and control over the collected data. Our results hence serve as basis for designing future privacy-preserving solutions.

{"title":"“Alexa, how do you protect my privacy?” A quantitative study of user preferences and requirements about smart speaker privacy settings","authors":"Luca Hernández Acosta, Delphine Reinhardt","doi":"10.1016/j.cose.2024.104302","DOIUrl":"10.1016/j.cose.2024.104302","url":null,"abstract":"<div><div>Voice assistants are becoming increasingly popular. While users may benefit from the convenience of voice interactions, the use of voice assistants raises privacy issues. To address them, existing voice assistants propose some privacy settings. However, we are lacking knowledge about (1) which privacy settings are important to users, (2) what are their preferences about their application, and (3) what are their requirements beyond existing privacy settings. Gaining such knowledge is important to understand why users may not use these settings and to identify which settings should be introduced to allow users to better protect their privacy. To this end, we have conducted a quantitative online study with 1,103 German smart speaker owners. Detailed insights are provided into how beliefs about data handling practices, usage of existing privacy settings, affinity for technology interaction, and privacy attitudes vary depending on the brand of smart speakers used by participants. These findings reveal discrepancies in user trust and preferences across different manufacturers. Additionally, statistical evaluations, including effect size calculations, are introduced, alongside expanded results with detailed explanations to enhance the contextual understanding of the findings. The study provides recommendations for manufacturers and policymakers to improve transparency, usability, and education on privacy settings. Practical guidelines for privacy-preserving features are included, advancing understanding of user needs and aiding in the design of better solutions. In addition to partly replicating findings obtained with different samples, the results show that the currently available privacy settings do not fully cover user requirements and indicate a general desire for more transparency and control over the collected data. Our results hence serve as basis for designing future privacy-preserving solutions.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104302"},"PeriodicalIF":4.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148901","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Strengthening cybersecurity: TestCloudIDS dataset and SparkShield algorithm for robust threat detection

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-01-06 DOI: 10.1016/j.cose.2024.104308

Lalit Kumar Vashishtha, Kakali Chatterjee

A significant challenge in cybersecurity is the lack of a large-scale network dataset that accurately records modern traffic patterns, a wide variety of modest incursions, and comprehensive network traffic data. Existing benchmark datasets such as KDDCup99, NSL-KDD, GureKDD, and UNSWNB-15 must be updated to reflect modern cyber attack signatures. To address this issue, a new labeled dataset, namely the TestCloudIDS dataset, is proposed, which contains fifteen variants of DDoS attacks in the cloud environment. In contrast to other datasets lacking realism and coverage of the latest attack strategies, it closely resembles the real world because of its careful construction. It integrates a wide range of attack situations, utilizing both conventional and current vectors, focusing on incorporating state-of-the-art techniques such as Raven Storm. In addition, we propose “SparkShield”, a technique for intrusion detection using Apache Spark within a big data environment. The effectiveness of “SparkShield” is evaluated through in-depth research using a variety of datasets and simulated attack scenarios. Three existing datasets are used to measure performance: UNSW-NB15, NSL-KDD, CICIDS2017, and the proposed TestCloudIDS dataset. The overall performance of the proposed approach achieved better threat classification and trained with recent attack patterns using the TestCloudIDS dataset.

{"title":"Strengthening cybersecurity: TestCloudIDS dataset and SparkShield algorithm for robust threat detection","authors":"Lalit Kumar Vashishtha, Kakali Chatterjee","doi":"10.1016/j.cose.2024.104308","DOIUrl":"10.1016/j.cose.2024.104308","url":null,"abstract":"<div><div>A significant challenge in cybersecurity is the lack of a large-scale network dataset that accurately records modern traffic patterns, a wide variety of modest incursions, and comprehensive network traffic data. Existing benchmark datasets such as KDDCup99, NSL-KDD, GureKDD, and UNSWNB-15 must be updated to reflect modern cyber attack signatures. To address this issue, a new labeled dataset, namely the TestCloudIDS dataset, is proposed, which contains fifteen variants of DDoS attacks in the cloud environment. In contrast to other datasets lacking realism and coverage of the latest attack strategies, it closely resembles the real world because of its careful construction. It integrates a wide range of attack situations, utilizing both conventional and current vectors, focusing on incorporating state-of-the-art techniques such as Raven Storm. In addition, we propose “SparkShield”, a technique for intrusion detection using Apache Spark within a big data environment. The effectiveness of “SparkShield” is evaluated through in-depth research using a variety of datasets and simulated attack scenarios. Three existing datasets are used to measure performance: UNSW-NB15, NSL-KDD, CICIDS2017, and the proposed TestCloudIDS dataset. The overall performance of the proposed approach achieved better threat classification and trained with recent attack patterns using the TestCloudIDS dataset.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104308"},"PeriodicalIF":4.8,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A review of privacy-preserving biometric identification and authentication protocols

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-01-04 DOI: 10.1016/j.cose.2024.104309

Li Zeng , Peisong Shen , Xiaojie Zhu , Xue Tian , Chi Chen

Biometrics now play a crucial role in user identification and authentication. However, storing biometric features in plaintext and conducting authentication without protection pose a risk of privacy leakage. To address this issue, privacy-preserving biometric identification and authentication protocols have been proposed. These protocols leverage techniques such as homomorphic encryption (HE) and secure multi-party computation (MPC) to prevent involving parties from knowing other parties’ biometrics when performing authentications or identifications between different parties. In this paper, we present a thorough survey of privacy-preserving biometric protocols, classifying them into seven distinct models based on their application scenarios. In each scenario, we delve into its security requirements and potential threats, underscoring the importance of comprehending varied application scenarios in the design of practical biometric protection schemes. We also summarize current research gaps and potential future research directions, offering insights for advancing the field.

{"title":"A review of privacy-preserving biometric identification and authentication protocols","authors":"Li Zeng , Peisong Shen , Xiaojie Zhu , Xue Tian , Chi Chen","doi":"10.1016/j.cose.2024.104309","DOIUrl":"10.1016/j.cose.2024.104309","url":null,"abstract":"<div><div>Biometrics now play a crucial role in user identification and authentication. However, storing biometric features in plaintext and conducting authentication without protection pose a risk of privacy leakage. To address this issue, privacy-preserving biometric identification and authentication protocols have been proposed. These protocols leverage techniques such as homomorphic encryption (HE) and secure multi-party computation (MPC) to prevent involving parties from knowing other parties’ biometrics when performing authentications or identifications between different parties. In this paper, we present a thorough survey of privacy-preserving biometric protocols, classifying them into seven distinct models based on their application scenarios. In each scenario, we delve into its security requirements and potential threats, underscoring the importance of comprehending varied application scenarios in the design of practical biometric protection schemes. We also summarize current research gaps and potential future research directions, offering insights for advancing the field.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104309"},"PeriodicalIF":4.8,"publicationDate":"2025-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multi-source log semantic analysis-based attack investigation approach

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-01-02 DOI: 10.1016/j.cose.2024.104303

Yubo Song , Kanghui Wang , Xin Sun , Zhongyuan Qin , Hua Dai , Weiwei Chen , Bang Lv , Jiaqi Chen

As Advanced Persistent Threats (APT) become increasingly complex and destructive, security analysts often use log data for performing attack investigation. Existing approaches based on single-source logs fail to capture the causal dependencies between complex attack behaviors. We propose a novel attack investigation approach based on the semantic analysis of multi-source logs. This approach constructs a provenance graph that integrates both application and operating system logs, which can reduce the false positive rate in the attack investigation. Given the substantial size of the graph generated from multi-source logs, we reduce its complexity by merging repeated log events, deleting unreachable nodes, and removing temporary file nodes. To resolve the issue of lacking explicit objectives in current attack investigation approaches, we introduce a new multi-stage investigation approach that enhances the speed of attack investigation. This approach divides an intrusion process into seven distinct attack stages and use a graph pattern matching algorithm to match attack subgraphs belonging to specific attack stages with the provenance graph. This results in an intrusion process composed of attack subgraphs representing individual stages. Experimental results demonstrate that our attack investigation approach increases precision by 15.1% and recall by 12.2%. In terms of time efficiency, our approach reduces investigation time by over 60%, with a minimal decrease of less than 2% in the F1 score.

{"title":"A multi-source log semantic analysis-based attack investigation approach","authors":"Yubo Song , Kanghui Wang , Xin Sun , Zhongyuan Qin , Hua Dai , Weiwei Chen , Bang Lv , Jiaqi Chen","doi":"10.1016/j.cose.2024.104303","DOIUrl":"10.1016/j.cose.2024.104303","url":null,"abstract":"<div><div>As Advanced Persistent Threats (APT) become increasingly complex and destructive, security analysts often use log data for performing attack investigation. Existing approaches based on single-source logs fail to capture the causal dependencies between complex attack behaviors. We propose a novel attack investigation approach based on the semantic analysis of multi-source logs. This approach constructs a provenance graph that integrates both application and operating system logs, which can reduce the false positive rate in the attack investigation. Given the substantial size of the graph generated from multi-source logs, we reduce its complexity by merging repeated log events, deleting unreachable nodes, and removing temporary file nodes. To resolve the issue of lacking explicit objectives in current attack investigation approaches, we introduce a new multi-stage investigation approach that enhances the speed of attack investigation. This approach divides an intrusion process into seven distinct attack stages and use a graph pattern matching algorithm to match attack subgraphs belonging to specific attack stages with the provenance graph. This results in an intrusion process composed of attack subgraphs representing individual stages. Experimental results demonstrate that our attack investigation approach increases precision by 15.1% and recall by 12.2%. In terms of time efficiency, our approach reduces investigation time by over 60%, with a minimal decrease of less than 2% in the F1 score.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104303"},"PeriodicalIF":4.8,"publicationDate":"2025-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Reconsidering neutralization techniques in behavioral cybersecurity as cybersecurity hygiene discounting

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-01-01 DOI: 10.1016/j.cose.2024.104306

Mikko Siponen , Volkan Topalli , Wael Soliman , Tiina Vestman

Neutralization Theory (NT), with its popular neutralization techniques, have been established as a major framework to explain or predict cybersecurity policy noncompliance by users. NT states that people anticipating the perpetration of a norm violation activity will excuse their behaviors through self-talk justifications (neutralization) to avoid guilt and shame. NT's appeal for cybersecurity is obvious. One can easily imagine users justifying noncompliance by neutralizing the negative outcomes of their behavior. NT, as originally formulated, assumed that guilt and shame were the exclusive outcomes of anticipated transgressions. However, in the cybersecurity context, the role of guilt and shame as the sole motivators of neutralization excuses is debatable. We argue that users may be motivated by other factors (e.g., fear, boredom, concern for efficiency) in neutralizing that could be causally more relevant in predicting noncompliance behavior in cybersecurity. What holds value for behavioral cybersecurity, we argue, is the general mechanism of NT, the process of neutralizing the impact of an anticipated negative outcome on the decision to move forward (or not) with noncompliance. We call for decoupling the general mechanism of NT (e.g., neutralizing) from the criminologically identified motivations for engaging in NT (e.g., guilt and shame). In doing so, we put forward a behavioral cybersecurity security version of NT – cybersecurity hygiene discounting – and suggest four streams of research.

{"title":"Reconsidering neutralization techniques in behavioral cybersecurity as cybersecurity hygiene discounting","authors":"Mikko Siponen , Volkan Topalli , Wael Soliman , Tiina Vestman","doi":"10.1016/j.cose.2024.104306","DOIUrl":"10.1016/j.cose.2024.104306","url":null,"abstract":"<div><div>Neutralization Theory (NT), with its popular neutralization techniques, have been established as a major framework to explain or predict cybersecurity policy noncompliance by users. NT states that people anticipating the perpetration of a norm violation activity will excuse their behaviors through self-talk justifications (neutralization) to avoid <em>guilt</em> and <em>shame</em>. NT's appeal for cybersecurity is obvious. One can easily imagine users justifying noncompliance by neutralizing the negative outcomes of their behavior. NT, as originally formulated, assumed that guilt and shame were the exclusive outcomes of anticipated transgressions. However, in the cybersecurity context, the role of guilt and shame as the sole motivators of neutralization excuses is debatable. We argue that users may be motivated by other factors (e.g., fear, boredom, concern for efficiency) in neutralizing that could be causally more relevant in predicting noncompliance behavior in cybersecurity. What holds value for behavioral cybersecurity, we argue, is the general mechanism of NT, the process of neutralizing the impact of an anticipated negative outcome on the decision to move forward (or not) with noncompliance. We call for decoupling the general mechanism of NT (e.g., neutralizing) from the criminologically identified motivations for engaging in NT (e.g., guilt and shame). In doing so, we put forward a behavioral cybersecurity security version of NT – cybersecurity hygiene discounting – and suggest four streams of research.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104306"},"PeriodicalIF":4.8,"publicationDate":"2025-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143143483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A model for information security vulnerability awareness

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2025-01-01 DOI: 10.1016/j.cose.2024.104305

Roberto J. Mejias , Joshua J. Greer , Gabrila C. Greer , Morgan M. Shepherd , Raul Y. Reyes

As new and evolving technologies are rapidly adopted by organizations, often without the integration of cybersecurity safeguards, information systems have become increasingly vulnerable to a range of cyber threats. Our research suggests a multi-criteria approach in analyzing possible factors that influence an awareness of information security vulnerabilities. Drawing from prior cybersecurity and vulnerability assessment research, this empirical field study develops a research model to analyze possible determinants influencing information security vulnerability awareness. Three constructs were considered to explore their association to information security vulnerability awareness: vulnerability assessment, assessment of IS security controls, and knowledge of an organization's cyber threatscape. The data analyzed was obtained via a survey questionnaire instrument. Confirmatory factor analysis and structural equation modeling were used to validate the proposed research model. Results of this analysis indicate that these three constructs and their related indicator constructs are significantly correlated with an awareness of information security vulnerability. These results provide useful insights for organizations regarding their awareness of information security vulnerability in an increasingly evolving global cyber threatscape.

{"title":"A model for information security vulnerability awareness","authors":"Roberto J. Mejias , Joshua J. Greer , Gabrila C. Greer , Morgan M. Shepherd , Raul Y. Reyes","doi":"10.1016/j.cose.2024.104305","DOIUrl":"10.1016/j.cose.2024.104305","url":null,"abstract":"<div><div>As new and evolving technologies are rapidly adopted by organizations, often without the integration of cybersecurity safeguards, information systems have become increasingly vulnerable to a range of cyber threats. Our research suggests a multi-criteria approach in analyzing possible factors that influence an awareness of information security vulnerabilities. Drawing from prior cybersecurity and vulnerability assessment research, this empirical field study develops a research model to analyze possible determinants influencing information security vulnerability awareness. Three constructs were considered to explore their association to information security vulnerability awareness: vulnerability assessment, assessment of IS security controls, and knowledge of an organization's cyber threatscape. The data analyzed was obtained via a survey questionnaire instrument. Confirmatory factor analysis and structural equation modeling were used to validate the proposed research model. Results of this analysis indicate that these three constructs and their related indicator constructs are significantly correlated with an awareness of information security vulnerability. These results provide useful insights for organizations regarding their awareness of information security vulnerability in an increasingly evolving global cyber threatscape.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104305"},"PeriodicalIF":4.8,"publicationDate":"2025-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143148937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Retraction notice to “TriCh-LKRepNet: A large kernel convolutional malicious code classification network for structure reparameterisation and triple-channel mapping” [Computers & Security 144 (2024) 103937]

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-31 DOI: 10.1016/j.cose.2024.104207

Sicong Li , Jian Wang , Yafei Song , Shuo Wang

This article has been retracted: please see Elsevier Policy on Article Withdrawal (https://www.elsevier.com/locate/withdrawalpolicy).

This article has been retracted at the request of the Author.

The corresponding author requested to modify the title of the article, as the authors thought the new name of the model applied in the research would be better aligned with the research focus and innovations in the article. Title modification is not allowed after the publication of the article. The authors insisted that it is crucial to modify the title and decided to retract the article. The journal has agreed that the authors may submit a new version of the manuscript to the journal for review and publication, if accepted by the Editor-in-Chief.

引用次数: 0

Cybersecurity serious games development: A systematic review

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-30 DOI: 10.1016/j.cose.2024.104307

Chiu Yeong Ng, Mohammad Khatim Bin Hasan

Cybercrime tactics evolve alongside technology, prompting researchers to enhance cybersecurity training for diverse internet users. Serious games have been developed as modern training methods over the years. However, despite all efforts, cybercrime cases continue to rise. This motivated the paper to conduct a comprehensive review of cybersecurity game development from 2014 to 2024, using PRISMA guidelines. The type of games covered include serious games, gamification and entertainment games. The scope of the games studied cover basic or general cybersecurity knowledge and specific fields such as ethical hacking and computer networking. A total of 53 papers were identified and analyzed in this study. The analysis results showed that most cybersecurity games were developed for users who already possessed prior knowledge of the topics delivered, though there were quite a number of games targeting general internet users. The majority of the games seemed to focus on technical aspects more than human aspects by training users on technology-related topics such as hacking, network architectures, and more. Game design suggestions and potential features were also discussed in this paper. Considering game design aspects could help practitioners and researchers in the future when developing new games, the discussions in this paper could be beneficial in improving cybersecurity training efficacy and mitigating cybercrime risks.

{"title":"Cybersecurity serious games development: A systematic review","authors":"Chiu Yeong Ng, Mohammad Khatim Bin Hasan","doi":"10.1016/j.cose.2024.104307","DOIUrl":"10.1016/j.cose.2024.104307","url":null,"abstract":"<div><div>Cybercrime tactics evolve alongside technology, prompting researchers to enhance cybersecurity training for diverse internet users. Serious games have been developed as modern training methods over the years. However, despite all efforts, cybercrime cases continue to rise. This motivated the paper to conduct a comprehensive review of cybersecurity game development from 2014 to 2024, using PRISMA guidelines. The type of games covered include serious games, gamification and entertainment games. The scope of the games studied cover basic or general cybersecurity knowledge and specific fields such as ethical hacking and computer networking. A total of 53 papers were identified and analyzed in this study. The analysis results showed that most cybersecurity games were developed for users who already possessed prior knowledge of the topics delivered, though there were quite a number of games targeting general internet users. The majority of the games seemed to focus on technical aspects more than human aspects by training users on technology-related topics such as hacking, network architectures, and more. Game design suggestions and potential features were also discussed in this paper. Considering game design aspects could help practitioners and researchers in the future when developing new games, the discussions in this paper could be beneficial in improving cybersecurity training efficacy and mitigating cybercrime risks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104307"},"PeriodicalIF":4.8,"publicationDate":"2024-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Unmasking the hidden credential leaks in password managers and VPN clients

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-28 DOI: 10.1016/j.cose.2024.104298

Efstratios Chatzoglou , Vyron Kampourakis , Zisis Tsiatsikas , Georgios Karopoulos , Georgios Kambourakis

With the rapid growth of software services and applications, the need to secure digital assets became paramount. The introduction of Password Manager (PM) and Virtual Private Network (VPN) software was established as a prerequisite toolkit to bolster the end-user arsenal. As a matter of fact, these types of artifacts have been around for at least 25 years in various flavors, including desktop and browser-based applications. This work assesses the ability of 12 desktop PM applications, 5 browsers with integrated PM, and 12 PMs in the form of browser plugins, along with 21 VPN client applications, to effectively protect the confidentiality of secret credentials. Our analysis focuses on the period during which an app is loaded into RAM. Despite the sensitive nature of these applications, our results show that across all scenarios the majority of PM applications store plaintext passwords in the system memory; more specifically, 75% (or 9 out of 12) of desktop PM applications, 100% (5 out of 5) of browser PMs and 75% (or 9 out of 12) of PM browser plugins leak such sensitive information. In addition, 33% (or 7 out of 21) of VPN applications leak user credentials. This practice of storing cleartext sensitive information in system memory is widely recognized as a weakness, having also been registered as CWE-316. At the time of writing, merely four vendors have recognized our exploits as vulnerabilities. Three of these vendors have assigned the relevant Common Vulnerabilities and Exposures (CVE) IDs, namely CVE-2023-23349, CVE-2024-9203, and CVE-2024-50570, whereas the fourth one will issue a CVE ID once it implements the relevant fixes. The remaining vendors have either chosen to disregard or downplay the severity of this issue.

{"title":"Unmasking the hidden credential leaks in password managers and VPN clients","authors":"Efstratios Chatzoglou , Vyron Kampourakis , Zisis Tsiatsikas , Georgios Karopoulos , Georgios Kambourakis","doi":"10.1016/j.cose.2024.104298","DOIUrl":"10.1016/j.cose.2024.104298","url":null,"abstract":"<div><div>With the rapid growth of software services and applications, the need to secure digital assets became paramount. The introduction of Password Manager (PM) and Virtual Private Network (VPN) software was established as a prerequisite toolkit to bolster the end-user arsenal. As a matter of fact, these types of artifacts have been around for at least 25 years in various flavors, including desktop and browser-based applications. This work assesses the ability of 12 desktop PM applications, 5 browsers with integrated PM, and 12 PMs in the form of browser plugins, along with 21 VPN client applications, to effectively protect the confidentiality of secret credentials. Our analysis focuses on the period during which an app is loaded into RAM. Despite the sensitive nature of these applications, our results show that across all scenarios the majority of PM applications store plaintext passwords in the system memory; more specifically, 75% (or 9 out of 12) of desktop PM applications, 100% (5 out of 5) of browser PMs and 75% (or 9 out of 12) of PM browser plugins leak such sensitive information. In addition, 33% (or 7 out of 21) of VPN applications leak user credentials. This practice of storing cleartext sensitive information in system memory is widely recognized as a weakness, having also been registered as CWE-316. At the time of writing, merely four vendors have recognized our exploits as vulnerabilities. Three of these vendors have assigned the relevant Common Vulnerabilities and Exposures (CVE) IDs, namely CVE-2023-23349, CVE-2024-9203, and CVE-2024-50570, whereas the fourth one will issue a CVE ID once it implements the relevant fixes. The remaining vendors have either chosen to disregard or downplay the severity of this issue.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104298"},"PeriodicalIF":4.8,"publicationDate":"2024-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CORAL: Container Online Risk Assessment with Logical attack graphs

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security

Pub Date : 2024-12-28 DOI: 10.1016/j.cose.2024.104296

David Tayouri, Omri Sgan Cohen, Inbar Maimon, Dudu Mimran, Yuval Elovici, Asaf Shabtai

Container-based architectures, with their highly volatile runtime configurations, rapid code changes, and dependence on third-party code, have raised security concerns. The first step in establishing solid security footing in a production application is understanding its risk exposure profile. Attack graphs (AGs), which organize the topology and identified vulnerabilities into possible attack paths as part of a larger graph, help organizations assess and prioritize risks and establish a baseline for countermeasure planning and remediation. Although AGs are valuable, their use in the container environment, where the AG must be repeatedly rebuilt due to frequent data changes, is challenging. In this paper, we present a novel approach for efficiently building container-based AGs that meets the needs of highly dynamic, real-life applications. We propose CORAL, a framework for identifying attack paths between containers, which does not require rebuilding the graph each time the underlying architecture (code or topology) changes. CORAL accomplishes this by intelligently disregarding changes that should not trigger AG build and reusing fragments of existing AGs. We propose a model to evaluate the attack paths’ risks and highlighting the riskiest path in any AG. We evaluate CORAL’s performance in maintaining an up-to-date AG for an environment with many containers. Our proposed framework demonstrated excellent performance for large topologies — searching similar topologies and reusing their AGs was two orders of magnitude faster than AG regeneration. We demonstrate how CORAL can assist in efficiently detecting lateral movement attacks in containerized environments using provenance graphs.

{"title":"CORAL: Container Online Risk Assessment with Logical attack graphs","authors":"David Tayouri, Omri Sgan Cohen, Inbar Maimon, Dudu Mimran, Yuval Elovici, Asaf Shabtai","doi":"10.1016/j.cose.2024.104296","DOIUrl":"10.1016/j.cose.2024.104296","url":null,"abstract":"<div><div>Container-based architectures, with their highly volatile runtime configurations, rapid code changes, and dependence on third-party code, have raised security concerns. The first step in establishing solid security footing in a production application is understanding its risk exposure profile. Attack graphs (AGs), which organize the topology and identified vulnerabilities into possible attack paths as part of a larger graph, help organizations assess and prioritize risks and establish a baseline for countermeasure planning and remediation. Although AGs are valuable, their use in the container environment, where the AG must be repeatedly rebuilt due to frequent data changes, is challenging. In this paper, we present a novel approach for efficiently building container-based AGs that meets the needs of highly dynamic, real-life applications. We propose CORAL, a framework for identifying attack paths between containers, which does not require rebuilding the graph each time the underlying architecture (code or topology) changes. CORAL accomplishes this by intelligently disregarding changes that should not trigger AG build and reusing fragments of existing AGs. We propose a model to evaluate the attack paths’ risks and highlighting the riskiest path in any AG. We evaluate CORAL’s performance in maintaining an up-to-date AG for an environment with many containers. Our proposed framework demonstrated excellent performance for large topologies — searching similar topologies and reusing their AGs was two orders of magnitude faster than AG regeneration. We demonstrate how CORAL can assist in efficiently detecting lateral movement attacks in containerized environments using provenance graphs.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104296"},"PeriodicalIF":4.8,"publicationDate":"2024-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143142813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

首页上一页

下一页尾页

类型

全部化学•材料生命科学医学物理工程技术环境•农林材料科学地球科学法学管理学化学环境科学与生态学计算机科学教育学经济学农林科学人文科学生物学数学物理与天体物理心理学综合性期刊其他工业工程理学历史学农学文学信息工程

数据库

全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley

期刊

Computers & Security

全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.

﹀