Publications
Papers
2022
4530785
2022
items
1
0
default
asc
4000
https://intersct.nl/wp-content/plugins/zotpress/
%7B%22status%22%3A%22success%22%2C%22updateneeded%22%3Afalse%2C%22instance%22%3A%22zotpress-d25853e8b48aebac656b7da7755d9d8a%22%2C%22meta%22%3A%7B%22request_last%22%3A0%2C%22request_next%22%3A0%2C%22used_cache%22%3Atrue%7D%2C%22data%22%3A%5B%7B%22key%22%3A%22HXXBKCRV%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22George%20and%20Sciancalepore%22%2C%22parsedDate%22%3A%222022%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EGeorge%2C%20D.%20R.%2C%20%26amp%3B%20Sciancalepore%2C%20S.%20%282022%29.%20PRM%20-%20Private%20Interference%20Discovery%20for%20IEEE%20802.15.%204%20Networks.%20%3Ci%3E2022%20IEEE%20Conference%20on%20Communications%20and%20Network%20Security%20%28CNS%29%3C%5C%2Fi%3E%2C%20136%26%23x2013%3B144.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCNS56114.2022.9947236%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCNS56114.2022.9947236%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22PRM%20-%20Private%20Interference%20Discovery%20for%20IEEE%20802.15.%204%20Networks%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Dominik%20Roy%22%2C%22lastName%22%3A%22George%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%5D%2C%22abstractNote%22%3A%22Due%20to%20the%20mobile%20and%20pervasive%20nature%20of%20IoT%20networks%2C%20even%20more%20frequently%2C%20multiple%20IoT%20networks%20managed%20by%20different%20network%20administrators%20share%20the%20same%20spectrum%20and%20operate%20in%20the%20same%20area%2C%20leading%20to%20packet%20losses%20and%20degradation%20of%20the%20Quality%20of%20Service%20%28QoS%29.%20Assuming%20the%20use%20of%20the%20widespread%20IEEE%20802.15.4%20communication%20technology%2C%20the%20most%20straightforward%20solution%20would%20be%20to%20allow%20the%20networks%20to%20share%20the%20local%20Radio%20Scheduling%20Table%20%28RST%29%20to%20optimize%20channel%20access.%20However%2C%20exchanging%20the%20RST%20can%20leak%20several%20key%20information%2C%20such%20as%20the%20topology%20of%20the%20network%2C%20the%20number%20of%20devices%2C%20and%20the%20channel%20access%20patterns.%20To%20address%20such%20problems%2C%20we%20present%20PRM%2C%20the%20first%20scheme%20for%20discovering%20in%20advance%20potential%20interferences%20among%20IEEE%20802.15.4%20networks%2C%20without%20exposing%20the%20whole%20RST%20to%20untrusted%20parties.%20Our%20solution%20adapts%20a%20protocol%20for%20Private%20Set%20Intersection%2C%20while%20combining%20it%20with%20an%20innovative%20iterative%20set%20division%20algorithm%2C%20making%20the%20whole%20solution%20feasible%20on%20constrained%20devices%20of%20the%20IoT%20domain.%20Our%20experimental%20performance%20assessment%2C%20carried%20out%20on%20heterogeneous%20devices%2C%20shows%20that%20PRM%20can%20discover%20colliding%20channel%20assignments%20in%20less%20than%201%20sec.%20on%20more%20capable%20embedded%20devices%20%28e.g.%2C%20the%20Raspberry%20PI%29%2C%20while%20also%20being%20feasible%20for%20more%20constrained%20platforms%20%28e.g.%2C%20the%20ESPCopter%29%2C%20depending%20on%20the%20amount%20of%20used%20radio%20resources.%22%2C%22date%22%3A%222022%22%2C%22proceedingsTitle%22%3A%222022%20IEEE%20Conference%20on%20Communications%20and%20Network%20Security%20%28CNS%29%22%2C%22conferenceName%22%3A%222022%20IEEE%20Conference%20on%20Communications%20and%20Network%20Security%20%28CNS%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FCNS56114.2022.9947236%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCNS56114.2022.9947236%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222023-05-31T08%3A09%3A00Z%22%7D%7D%2C%7B%22key%22%3A%223BRV7I2B%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22lastModifiedByUser%22%3A%7B%22id%22%3A6036767%2C%22username%22%3A%22imperador%22%2C%22name%22%3A%22%22%2C%22links%22%3A%7B%22alternate%22%3A%7B%22href%22%3A%22https%3A%5C%2F%5C%2Fwww.zotero.org%5C%2Fimperador%22%2C%22type%22%3A%22text%5C%2Fhtml%22%7D%7D%7D%2C%22creatorSummary%22%3A%22Sciancalepore%20and%20George%22%2C%22parsedDate%22%3A%222022%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESciancalepore%2C%20S.%2C%20%26amp%3B%20George%2C%20D.%20R.%20%282022%29.%20Privacy-Preserving%20Trajectory%20Matching%20on%20Autonomous%20Unmanned%20Aerial%20Vehicles.%20%3Ci%3EProceedings%20of%20the%2038th%20Annual%20Computer%20Security%20Applications%20Conference%3C%5C%2Fi%3E.%20Annual%20Computer%20Security%20Applications%20Conference.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3564625.3564626%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3564625.3564626%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Privacy-Preserving%20Trajectory%20Matching%20on%20Autonomous%20Unmanned%20Aerial%20Vehicles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Dominik%20Roy%22%2C%22lastName%22%3A%22George%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%222022%22%2C%22proceedingsTitle%22%3A%22Proceedings%20of%20the%2038th%20Annual%20Computer%20Security%20Applications%20Conference%22%2C%22conferenceName%22%3A%22Annual%20Computer%20Security%20Applications%20Conference%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3564625.3564626%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22%22%2C%22collections%22%3A%5B%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222023-05-31T08%3A03%3A29Z%22%7D%7D%2C%7B%22key%22%3A%227BQRDC3I%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Luca%20Morgese%20Zangrandi%20et%20al.%22%2C%22parsedDate%22%3A%222022%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ELuca%20Morgese%20Zangrandi%2C%20Thijs%20van%20Ede%2C%20Tim%20Booij%2C%20Savio%20Sciancalepore%2C%20Luca%20Allodi%2C%20%26amp%3B%20Andrea%20Continella.%20%282022%29.%20%3Ci%3EStepping%20out%20of%20the%20MUD%3A%20Contextual%20threat%20information%20for%20IoT%20devices%20with%20manufacturer-provided%20behaviour%20profiles%3C%5C%2Fi%3E.%20Annual%20Computer%20Security%20Applications%20Security%20Conference.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fvm-thijs.ewi.utwente.nl%5C%2Fstatic%5C%2Fhomepage%5C%2Fpapers%5C%2Fmudscope.pdf%27%3Ehttps%3A%5C%2F%5C%2Fvm-thijs.ewi.utwente.nl%5C%2Fstatic%5C%2Fhomepage%5C%2Fpapers%5C%2Fmudscope.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Stepping%20out%20of%20the%20MUD%3A%20Contextual%20threat%20information%20for%20IoT%20devices%20with%20manufacturer-provided%20behaviour%20profiles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Luca%20Morgese%20Zangrandi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Thijs%20van%20Ede%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Tim%20Booij%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Savio%20Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Luca%20Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Andrea%20Continella%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%222022%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%22Annual%20Computer%20Security%20Applications%20Security%20Conference%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fvm-thijs.ewi.utwente.nl%5C%2Fstatic%5C%2Fhomepage%5C%2Fpapers%5C%2Fmudscope.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-12-09T11%3A47%3A58Z%22%7D%7D%2C%7B%22key%22%3A%22XCQX346M%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Dalla%20Corte%22%2C%22parsedDate%22%3A%222022-07-21%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EDalla%20Corte%2C%20L.%20%282022%29.%20On%20proportionality%20in%20the%20data%20protection%20jurisprudence%20of%20the%20CJEU.%20%3Ci%3EInternational%20Data%20Privacy%20Law%3C%5C%2Fi%3E%2C%20ipac014.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipac014%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipac014%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22On%20proportionality%20in%20the%20data%20protection%20jurisprudence%20of%20the%20CJEU%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Lorenzo%22%2C%22lastName%22%3A%22Dalla%20Corte%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%22July%2021%202022%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1093%5C%2Fidpl%5C%2Fipac014%22%2C%22ISSN%22%3A%222044-3994%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipac014%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-07-27T13%3A21%3A36Z%22%7D%7D%2C%7B%22key%22%3A%22SQT9V5HQ%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Leukfeldt%20and%20Holt%22%2C%22parsedDate%22%3A%222022-01-01%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ELeukfeldt%2C%20E.%20R.%2C%20%26amp%3B%20Holt%2C%20T.%20J.%20%282022%29.%20Cybercrime%20on%20the%20menu%3F%20Examining%20cafeteria-style%20offending%20among%20financially%20motivated%20cybercriminals.%20%3Ci%3EComputers%20in%20Human%20Behavior%3C%5C%2Fi%3E%2C%20%3Ci%3E126%3C%5C%2Fi%3E%2C%20106979.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chb.2021.106979%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chb.2021.106979%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Cybercrime%20on%20the%20menu%3F%20Examining%20cafeteria-style%20offending%20among%20financially%20motivated%20cybercriminals%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Eric%20Rutger%22%2C%22lastName%22%3A%22Leukfeldt%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Thomas%20J.%22%2C%22lastName%22%3A%22Holt%22%7D%5D%2C%22abstractNote%22%3A%22Criminologists%20have%20frequently%20debated%20whether%20offenders%20are%20specialists%2C%20in%20that%20they%20consistently%20perform%20either%20one%20offense%20or%20similar%20offenses%2C%20or%20versatile%20by%20performing%20any%20crime%20based%20on%20opportunities%20and%20situational%20provocations.%20Such%20foundational%20research%20has%20yet%20to%20be%20developed%20regarding%20cybercrimes%2C%20or%20offenses%20enabled%20by%20computer%20technology%20and%20the%20Internet.%20This%20study%20address%20this%20issue%20using%20a%20sample%20of%2037%20offender%20networks.%20The%20results%20show%20variations%20in%20the%20offending%20behaviors%20of%20those%20involved%20in%20cybercrime.%20Almost%20half%20of%20the%20offender%20networks%20in%20this%20sample%20appeared%20to%20be%20cybercrime%20specialists%2C%20in%20that%20they%20only%20performed%20certain%20forms%20of%20cybercrime.%20The%20other%20half%20performed%20various%20types%20of%20crimes%20on%20and%20offline.%20The%20relative%20equity%20in%20specialization%20relative%20to%20versatility%2C%20particularly%20in%20both%20on%20and%20offline%20activities%2C%20suggests%20that%20there%20may%20be%20limited%20value%20in%20treating%20cybercriminals%20as%20a%20distinct%20offender%20group.%20Furthermore%2C%20this%20study%20calls%20to%20question%20what%20factors%20influence%20an%20offender%27s%20pathway%20into%20cybercrime%2C%20whether%20as%20a%20specialized%20or%20versatile%20offender.%20The%20actors%20involved%20in%20cybercrime%20networks%2C%20whether%20as%20specialists%20or%20generalists%2C%20were%20enmeshed%20into%20broader%20online%20offender%20networks%20who%20may%20have%20helped%20recognize%20and%20act%20on%20opportunities%20to%20engage%20in%20phishing%2C%20malware%2C%20and%20other%20economic%20offenses.%22%2C%22date%22%3A%22January%201%202022%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.1016%5C%2Fj.chb.2021.106979%22%2C%22ISSN%22%3A%220747-5632%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.sciencedirect.com%5C%2Fscience%5C%2Farticle%5C%2Fpii%5C%2FS0747563221003022%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-01-26T15%3A27%3A19Z%22%7D%7D%2C%7B%22key%22%3A%22FHR6AMIT%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Sciancalepore%20and%20Zannone%22%2C%22parsedDate%22%3A%222022-01-05%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESciancalepore%2C%20S.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282022%29.%20PICO%3A%20Privacy-Preserving%20Access%20Control%20in%20IoT%20Scenarios%20through%20Incomplete%20Information.%20%3Ci%3EThe%2037th%20ACM%5C%2FSIGAPP%20Symposium%20on%20Applied%20Computing%20%28SAC%20%26%23x2019%3B22%29%3C%5C%2Fi%3E%2C%2010.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2022%5C%2F01%5C%2Fiot_ac_uncertainty-1.pdf%27%3Ehttps%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2022%5C%2F01%5C%2Fiot_ac_uncertainty-1.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22PICO%3A%20Privacy-Preserving%20Access%20Control%20in%20IoT%20Scenarios%20through%20Incomplete%20Information%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22Internet%20of%20Things%20%28IoT%29%20platforms%20typically%20require%20IoT%20devices%20and%20users%20to%20provide%20fine-grained%20information%20to%20determine%20whether%20access%20to%20resources%20and%20services%20can%20be%20granted.%20However%2C%20this%20information%20can%20be%20sensitive%20for%20users%20and%20its%20disclosure%20can%20lead%20to%20severe%20privacy%20threats%2C%20forcing%20users%20to%20decide%20between%20receiving%20a%20service%20or%20protecting%20their%20privacy.%20To%20close%20this%20gap%2C%20this%20work%20proposes%20PICO%2C%20a%20framework%20for%20privacy-preserving%20access%20control%20in%20IoT%20scenarios%20through%20incomplete%20information.%20PICO%20allows%20IoT%20devices%20to%20evaluate%20the%20privacy%20risks%20of%20disclosing%20the%20information%20needed%20to%20access%20a%20service%20and%20determine%20at%20which%20level%20of%20granularity%20such%20information%20can%20be%20disclosed.%20At%20the%20same%20time%2C%20PICO%20empowers%20IoT%20platforms%20to%20evaluate%20access%20control%20policies%20even%20when%20incomplete%20information%20is%20provided%20and%20possibly%20grant%20access%20to%20services%20based%20on%20a%20customized%20service-dependent%20risk%20factor.%20Through%20simulations%20using%20data%20from%20real%20IoT%20devices%2C%20we%20show%20the%20existence%20of%20a%20trade-off%20between%20privacy%20and%20energy%20consumption%20on%20IoT%20devices%20running%20PICO%2C%20and%20that%20more%20privacy%20can%20be%20achieved%20for%20such%20devices%20only%20by%20sacrificing%20a%20consistent%20portion%20of%20the%20overall%20energy%20capacity.%22%2C%22date%22%3A%22January%205%202022%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISSN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2022%5C%2F01%5C%2Fiot_ac_uncertainty-1.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A51%3A48Z%22%7D%7D%5D%7D
George, D. R., & Sciancalepore, S. (2022). PRM - Private Interference Discovery for IEEE 802.15. 4 Networks. 2022 IEEE Conference on Communications and Network Security (CNS), 136–144. https://doi.org/10.1109/CNS56114.2022.9947236
Sciancalepore, S., & George, D. R. (2022). Privacy-Preserving Trajectory Matching on Autonomous Unmanned Aerial Vehicles. Proceedings of the 38th Annual Computer Security Applications Conference. Annual Computer Security Applications Conference. https://doi.org/https://doi.org/10.1145/3564625.3564626
Luca Morgese Zangrandi, Thijs van Ede, Tim Booij, Savio Sciancalepore, Luca Allodi, & Andrea Continella. (2022). Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behaviour profiles. Annual Computer Security Applications Security Conference. https://vm-thijs.ewi.utwente.nl/static/homepage/papers/mudscope.pdf
Dalla Corte, L. (2022). On proportionality in the data protection jurisprudence of the CJEU. International Data Privacy Law, ipac014. https://doi.org/10.1093/idpl/ipac014
Leukfeldt, E. R., & Holt, T. J. (2022). Cybercrime on the menu? Examining cafeteria-style offending among financially motivated cybercriminals. Computers in Human Behavior, 126, 106979. https://doi.org/10.1016/j.chb.2021.106979
Sciancalepore, S., & Zannone, N. (2022). PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information. The 37th ACM/SIGAPP Symposium on Applied Computing (SAC ’22), 10. https://intersct.nl/wp-content/uploads/2022/01/iot_ac_uncertainty-1.pdf
2021
4530785
2021
items
1
0
default
asc
4000
https://intersct.nl/wp-content/plugins/zotpress/
%7B%22status%22%3A%22success%22%2C%22updateneeded%22%3Afalse%2C%22instance%22%3A%22zotpress-626d5c14809e489ed72755745058030e%22%2C%22meta%22%3A%7B%22request_last%22%3A0%2C%22request_next%22%3A0%2C%22used_cache%22%3Atrue%7D%2C%22data%22%3A%5B%7B%22key%22%3A%22DMUCTYGM%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Bouwmeester%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EBouwmeester%2C%20B.%2C%20Turcios%20Rodriguez%2C%20E.%20R.%2C%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%2C%20van%20Eeten%2C%20M.%2C%20%26amp%3B%20Parkin%2C%20S.%20%282021%29.%20The%20thing%20doesn%26%23x2019%3Bt%20have%20a%20name.%20%3Ci%3EProceedings%20of%20the%2017th%20Symposium%20on%20Usable%20Privacy%20and%20Security%2C%20SOUPS%202021%3C%5C%2Fi%3E%2C%20493%26%23x2013%3B512.%20%3Ca%20href%3D%27http%3A%5C%2F%5C%2Fwww.scopus.com%5C%2Finward%5C%2Frecord.url%3Fscp%3D85114464267%26partnerID%3D8YFLogxK%27%3Ehttp%3A%5C%2F%5C%2Fwww.scopus.com%5C%2Finward%5C%2Frecord.url%3Fscp%3D85114464267%26partnerID%3D8YFLogxK%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22The%20thing%20doesn%27t%20have%20a%20name%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Brennen%22%2C%22lastName%22%3A%22Bouwmeester%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22E.R.%22%2C%22lastName%22%3A%22Turcios%20Rodriguez%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlos%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michel%22%2C%22lastName%22%3A%22van%20Eeten%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Simon%22%2C%22lastName%22%3A%22Parkin%22%7D%5D%2C%22abstractNote%22%3A%22Many%20consumer%20Internet-of-Things%20%28IoT%29%20devices%20are%2C%20and%20will%20remain%2C%20subject%20to%20compromise%2C%20often%20without%20the%20owner%27s%20knowledge.%20Internet%20Service%20Providers%20%28ISPs%29%20are%20among%20the%20actors%20best-placed%20to%20coordinate%20the%20remediation%20of%20these%20problems.%20They%20receive%20infection%20data%20and%20can%20notify%20customers%20of%20recommended%20remediation%20actions.%20There%20is%20insufficient%20understanding%20of%20what%20happens%20in%20peoples%27%20homes%20and%20businesses%20during%20attempts%20to%20remediate%20infected%20IoT%20devices.%20We%20coordinate%20with%20an%20ISP%20and%20conduct%20remote%20think-aloud%20observations%20with%2017%20customers%20who%20have%20an%20infected%20device%2C%20capturing%20their%20initial%20efforts%20to%20follow%20best-practice%20remediation%20steps.%20We%20identify%20real%2C%20personal%20consequences%20from%20wide-scale%20interventions%20which%20lack%20situated%20guidance%20for%20applying%20advice.%20Combining%20observations%20and%20thematic%20analysis%2C%20we%20synthesize%20the%20personal%20stories%20of%20the%20successes%20and%20struggles%20of%20these%20customers.%20Most%20participants%20think%20they%20were%20able%20to%20pinpoint%20the%20infected%20device%3B%20however%2C%20there%20were%20common%20issues%20such%20as%20not%20knowing%20how%20to%20comply%20with%20the%20recommended%20actions%2C%20remediations%20regarded%20as%20requiring%20excessive%20effort%2C%20a%20lack%20of%20feedback%20on%20success%2C%20and%20a%20perceived%20lack%20of%20support%20from%20device%20manufacturers.%20Only%204%20of%2017%20participants%20were%20able%20to%20successfully%20complete%20all%20remediation%20steps.%20We%20provide%20recommendations%20relevant%20to%20various%20stakeholders%2C%20to%20focus%20where%20emergent%20interventions%20can%20be%20improved.%22%2C%22date%22%3A%222021%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISSN%22%3A%22%22%2C%22url%22%3A%22http%3A%5C%2F%5C%2Fwww.scopus.com%5C%2Finward%5C%2Frecord.url%3Fscp%3D85114464267%26partnerID%3D8YFLogxK%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-01-26T15%3A21%3A29Z%22%7D%7D%2C%7B%22key%22%3A%22XWSU8J4D%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Rodr%5Cu00edguez%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ERodr%26%23xED%3Bguez%2C%20E.%2C%20Noroozian%2C%20A.%2C%20van%20Eeten%2C%20M.%2C%20%26amp%3B%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%20%282021%29.%20Superspreaders%3A%20Quantifying%20the%20Role%20of%20IoT%20Manufacturers%20in%20Device%20Infections.%20%3Ci%3EAnnual%20Workshop%20on%20the%20Economics%20on%20Information%20Security%3C%5C%2Fi%3E%2C%2018.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fweis2021.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F9%5C%2F2021%5C%2F06%5C%2Fweis21-rodriguez.pdf%27%3Ehttps%3A%5C%2F%5C%2Fweis2021.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F9%5C%2F2021%5C%2F06%5C%2Fweis21-rodriguez.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Superspreaders%3A%20Quantifying%20the%20Role%20of%20IoT%20Manufacturers%20in%20Device%20Infections%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elsa%22%2C%22lastName%22%3A%22Rodr%5Cu00edguez%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Arman%22%2C%22lastName%22%3A%22Noroozian%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michel%22%2C%22lastName%22%3A%22van%20Eeten%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlos%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%5D%2C%22abstractNote%22%3A%22The%20in%5Cufb02ux%20of%20insecure%20IoT%20devices%20into%20the%20consumer%20market%20can%20only%20be%20stemmed%20if%20manufacturers%20adopt%20more%20secure%20practices.%20It%20is%20unlikely%20that%20this%20will%20happen%20without%20government%20involvement.%20Developing%20effective%20regulation%20takes%20years.%20In%20the%20meantime%2C%20governments%20have%20an%20urgent%20need%20to%20engage%20manufacturers%20directly%20to%20stop%20the%20damage%20from%20getting%20worse.%20The%20problem%20is%20that%20there%20are%20many%20thousands%20of%20companies%20that%20produce%20IoT%20devices.%20Where%20to%20start%3F%20In%20this%20paper%2C%20we%20focus%20on%20identifying%20the%20most%20urgent%20class%3A%20the%20manufacturers%20of%20IoT%20devices%20that%20get%20compromised%20in%20the%20wild.%20To%20identify%20the%20manufacturers%20of%20infected%20IoT%2C%20we%20conducted%20active%20scanning%20of%20Mirai-infected%20devices.%20Over%20a%20period%20of%202%20months%2C%20we%20collected%20Web-UI%20images%20and%20banners%20to%20identify%20device%20types%20and%20manufacturers.%20We%20identi%5Cufb01ed%2031%2C950%20infected%20IoT%20devices%20in%2068%20countries%20produced%20by%2070%20unique%20manufacturers.%20We%20found%20that%209%20vendors%20share%20almost%2050%25%20of%20the%20infections.%20This%20pattern%20is%20remarkably%20consistent%20across%20countries%2C%20notwithstanding%20the%20enormous%20variety%20of%20devices%20across%20markets.%20In%20terms%20of%20supporting%20customers%2C%2053%25%20of%20the%2070%20identi%5Cufb01ed%20manufacturers%20offer%20%5Cufb01rmware%20or%20software%20downloads%20on%20their%20websites%2C%2043%25%20provide%20some%20password%20changing%20procedure%2C%20and%2026%25%20of%20the%20manufacturers%20offer%20some%20advice%20to%20protect%20devices%20from%20attacks.%20Our%20%5Cufb01ndings%20suggest%20that%20targeting%20a%20small%20number%20of%20manufacturers%20can%20have%20a%20major%20impact%20on%20overall%20IoT%20security%20and%20that%20governments%20can%20join%20forces%20in%20these%20efforts%2C%20as%20they%20are%20often%20confronted%20with%20the%20same%20manufacturers.%22%2C%22date%22%3A%222021%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISSN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fweis2021.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F9%5C%2F2021%5C%2F06%5C%2Fweis21-rodriguez.pdf%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-01-26T14%3A47%3A23Z%22%7D%7D%2C%7B%22key%22%3A%22T77FBV2F%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Khashooei%20et%20al.%22%2C%22parsedDate%22%3A%222021-06-14%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EKhashooei%2C%20B.%20A.%2C%20Vasenev%2C%20A.%2C%20Kocademir%2C%20H.%20A.%2C%20%26amp%3B%20Mathijssen%2C%20R.%20%282021%29.%20Architecting%20System%20of%20Systems%20Solutions%20with%20Security%20and%20Data-Protection%20Principles.%20%3Ci%3E2021%2016th%20International%20Conference%20of%20System%20of%20Systems%20Engineering%20%28SoSE%29%3C%5C%2Fi%3E%2C%2043%26%23x2013%3B48.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FSOSE52739.2021.9497461%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FSOSE52739.2021.9497461%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Architecting%20System%20of%20Systems%20Solutions%20with%20Security%20and%20Data-Protection%20Principles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Behnam%20Asadi%22%2C%22lastName%22%3A%22Khashooei%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Alexandr%22%2C%22lastName%22%3A%22Vasenev%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hasan%20Alper%22%2C%22lastName%22%3A%22Kocademir%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Roland%22%2C%22lastName%22%3A%22Mathijssen%22%7D%5D%2C%22abstractNote%22%3A%22The%20rapid%20advancement%20of%20communication%20technology%20realized%20the%20dream%20of%20interconnected%20systems.%20In%20addition%20to%20enabling%20scalability%20and%20flexibility%20of%20solutions%2C%20this%20paradigm%20created%20new%20system%20design%20challenges.%20One%20such%20challenge%20is%20to%20holistically%20address%20security%20and%20privacy%20concerns%20of%20solutions%20early%20in%20design%20while%20respecting%20the%20system%20of%20systems%20context.%20This%20paper%20proposes%20a%20method%20for%20the%20concept%20design%20phase%20on%20how%20to%20create%20design%20alternatives%20with%20the%20help%20of%20security%20and%20data-protection%20principles.%20The%20outcome%20is%20a%20set%20of%20design%20concepts%20that%20reflect%20stakeholders%27%20concerns%20and%20best%20practices.%22%2C%22date%22%3A%22Jun%2014%202021%22%2C%22proceedingsTitle%22%3A%222021%2016th%20International%20Conference%20of%20System%20of%20Systems%20Engineering%20%28SoSE%29%22%2C%22conferenceName%22%3A%222021%2016th%20International%20Conference%20of%20System%20of%20Systems%20Engineering%20%28SoSE%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FSOSE52739.2021.9497461%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fieeexplore.ieee.org%5C%2Fdocument%5C%2F9497461%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A43%3A56Z%22%7D%7D%2C%7B%22key%22%3A%22DQQ7PMJX%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Asadi%20Khashooei%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EAsadi%20Khashooei%2C%20B.%2C%20Vasenev%2C%20A.%2C%20%26amp%3B%20Kocademir%2C%20H.%20A.%20%282021%29.%20Structured%20Traceability%20of%20Security%20and%20Privacy%20Principles%20for%20Designing%20Safe%20Automated%20Systems.%20In%20I.%20Habli%2C%20M.%20Sujan%2C%20S.%20Gerasimou%2C%20E.%20Schoitsch%2C%20%26amp%3B%20F.%20Bitsch%20%28Eds.%29%2C%20%3Ci%3EComputer%20Safety%2C%20Reliability%2C%20and%20Security.%20SAFECOMP%202021%20Workshops%3C%5C%2Fi%3E%20%28pp.%2052%26%23x2013%3B62%29.%20Springer%20International%20Publishing.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-83906-2_4%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-83906-2_4%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Structured%20Traceability%20of%20Security%20and%20Privacy%20Principles%20for%20Designing%20Safe%20Automated%20Systems%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Behnam%22%2C%22lastName%22%3A%22Asadi%20Khashooei%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Alexandr%22%2C%22lastName%22%3A%22Vasenev%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hasan%20Alper%22%2C%22lastName%22%3A%22Kocademir%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Ibrahim%22%2C%22lastName%22%3A%22Habli%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Mark%22%2C%22lastName%22%3A%22Sujan%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Simos%22%2C%22lastName%22%3A%22Gerasimou%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Erwin%22%2C%22lastName%22%3A%22Schoitsch%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Friedemann%22%2C%22lastName%22%3A%22Bitsch%22%7D%5D%2C%22abstractNote%22%3A%22Creating%20modern%20safe%20automated%20systems%20like%20vehicles%20demands%20making%20them%20secure.%20With%20many%20diverse%20components%20addressing%20different%20needs%2C%20it%20is%20hard%20to%20trace%20and%20ensure%20the%20contributions%20of%20components%20to%20the%20overall%20security%20of%20systems.%20Principles%2C%20as%20high-level%20statements%2C%20can%20be%20used%20to%20reason%20how%20components%20contribute%20to%20security%20%28and%20privacy%29%20needs.%20This%20would%20help%20to%20design%20systems%20and%20products%20by%20aligning%20security%20and%20privacy%20concerns.%20The%20structure%20proposed%20in%20this%20positioning%20paper%20helps%20to%20make%20traceable%20links%20from%20stakeholders%20to%20specific%20technologies%20and%20system%20components.%20It%20aims%20at%20informing%20holistic%20discussions%20and%20reasoning%20on%20security%20approaches%20with%20stakeholders%20involved%20in%20the%20system%20development%20process.%20Ultimately%2C%20the%20traceable%20links%20can%20help%20to%20assist%20in%20aligning%20developers%2C%20create%20test%20cases%2C%20and%20provide%20certification%20claims%20-%20essential%20activities%20to%20ensure%20the%20final%20system%20is%20secure%20and%20safe.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22Computer%20Safety%2C%20Reliability%2C%20and%20Security.%20SAFECOMP%202021%20Workshops%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.1007%5C%2F978-3-030-83906-2_4%22%2C%22ISBN%22%3A%22978-3-030-83906-2%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Flink.springer.com%5C%2Fchapter%5C%2F10.1007%5C%2F978-3-030-83906-2_4%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A43%3A39Z%22%7D%7D%2C%7B%22key%22%3A%22VWPQKDXX%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Noroozian%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ENoroozian%2C%20A.%2C%20Rodriguez%2C%20E.%20T.%2C%20Lastdrager%2C%20E.%2C%20Kasama%2C%20T.%2C%20Van%20Eeten%2C%20M.%2C%20%26amp%3B%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%20H.%20%282021%29.%20Can%20ISPs%20Help%20Mitigate%20IoT%20Malware%3F%20A%20Longitudinal%20Study%20of%20Broadband%20ISP%20Security%20Efforts.%20%3Ci%3E2021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20%28EuroS%20P%29%3C%5C%2Fi%3E%2C%20337%26%23x2013%3B352.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSP51992.2021.00031%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSP51992.2021.00031%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Can%20ISPs%20Help%20Mitigate%20IoT%20Malware%3F%20A%20Longitudinal%20Study%20of%20Broadband%20ISP%20Security%20Efforts%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Arman%22%2C%22lastName%22%3A%22Noroozian%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elsa%20Turcios%22%2C%22lastName%22%3A%22Rodriguez%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elmer%22%2C%22lastName%22%3A%22Lastdrager%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Takahiro%22%2C%22lastName%22%3A%22Kasama%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michel%22%2C%22lastName%22%3A%22Van%20Eeten%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlos%20H.%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%5D%2C%22abstractNote%22%3A%22For%20the%20mitigation%20of%20compromised%20Internet%20of%20Things%20%28IoT%29%20devices%20we%20rely%20on%20Internet%20Service%20Providers%20%28ISPs%29%20and%20their%20users.%20Given%20that%20devices%20are%20in%20the%20hands%20of%20their%20subscribers%2C%20what%20can%20ISPs%20realistically%20do%3F%20This%20study%20examines%20the%20effects%20of%20ISP%20countermeasures%20on%20infections%20caused%20by%20variants%20of%20the%20notorious%20Mirai%20family%20of%20IoT%20malware%2C%20still%20among%20the%20dominant%20families.%20We%20collect%20and%20analyze%20more%20than%204%20years%20of%20longitudinal%20darknet%20data%20tracking%20Mirai-like%20infections%20in%20conjunction%20with%20threat%20intelligence%20data%20on%20various%20other%20IoT%20and%20non-IoT%20botnets%20across%20the%20globe%20from%20January%202016%20to%20May%202020.%20We%20measure%20the%20effect%20of%20two%20ISP%20countermeasures%20on%20Mirai%20variant%20infection%20numbers%3A%20%28i%29%20reducing%20the%20attack%20surface%20%28i.e.%2C%20closing%20ports%20that%20are%20used%20by%20the%20malware%20for%20propagation%29%20and%20%28ii%29%20ISPs%20increasing%20their%20general%20network%20hygiene%20and%20malware%20removal%20efforts%20%28as%20observed%20by%20proxy%20of%20the%20remediation%20of%20infections%20of%20other%20families%20of%20IoT%20and%20non-IoT%20malware%20and%20reductions%20in%20the%20number%20of%20DDoS%20amplifiers%20in%20their%20networks%29.%20We%20map%20our%20infection%20data%20to%20342%20broadband%20providers%20that%20have%20the%20bulk%20of%20the%20broadband%20market%20share%20in%20their%20respective%2083%20countries.%20We%20find%20that%20the%20number%20of%20infections%20correlates%20strongly%20with%20the%20number%20of%20ISP%20subscribers%20%28%24R%5E2%3D0.55%24%29.%20Yet%2C%20infection%20numbers%20can%20still%20vary%20by%20three%20orders%20of%20magnitude%20even%20for%20ISPs%20with%20comparable%20subscriber%20numbers.%20We%20observe%20that%20many%20ISPs%2C%20together%20with%20their%20subscribers%2C%20have%20reduced%20their%20attack%20surface%20for%20IoT%20compromise%20by%20blocking%20traffic%20to%20commonly-exploited%20infection%20vectors%20such%20as%20Telnet%20and%20FTP.%20We%20statistically%20estimate%20the%20impact%20of%20these%20reductions%20on%20infection%20levels%20and%2C%20counter-intuitively%2C%20find%20no%20significant%20impact.%20In%20contrast%2C%20we%20do%20find%20a%20significant%20impact%20for%20improving%20general%20network%20hygiene%20and%20best%20malware%20mitigation%20practices.%20ISPs%20that%20were%20more%20successful%20in%20reducing%20DDoS%20amplifiers%20and%20non-Mirai%20malware%20infections%20in%20their%20networks%20also%20end%20up%20with%20significantly%20lower%20Mirai%20infection%20rates.%20In%20other%20words%2C%20rather%20than%20investing%20in%20IoT-specific%20countermeasures%20like%20reducing%20the%20attack%20surface%2C%20our%20findings%20suggest%20that%20ISPs%20might%20be%20better%20off%20investing%20in%20general%20security%20efforts%20to%20improve%20network%20hygiene%20and%20clean%20up%20abuse.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20%28EuroS%20P%29%22%2C%22conferenceName%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20%28EuroS%20P%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FEuroSP51992.2021.00031%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fieeexplore.ieee.org%5C%2Fdocument%5C%2F9581172%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A43%3A11Z%22%7D%7D%2C%7B%22key%22%3A%229USDL8XS%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Gra%5Cu00dfl%20et%20al.%22%2C%22parsedDate%22%3A%222021-08-02%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EGra%26%23xDF%3Bl%2C%20P.%2C%20Schraffenberger%2C%20H.%2C%20Borgesius%2C%20F.%20Z.%2C%20%26amp%3B%20Buijzen%2C%20M.%20%282021%29.%20Dark%20and%20Bright%20Patterns%20in%20Cookie%20Consent%20Requests.%20%3Ci%3EJournal%20of%20Digital%20Social%20Research%3C%5C%2Fi%3E%2C%20%3Ci%3E3%3C%5C%2Fi%3E%281%29%2C%201%26%23x2013%3B38.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.33621%5C%2Fjdsr.v3i1.54%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.33621%5C%2Fjdsr.v3i1.54%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Dark%20and%20Bright%20Patterns%20in%20Cookie%20Consent%20Requests%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Paul%22%2C%22lastName%22%3A%22Gra%5Cu00dfl%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hanna%22%2C%22lastName%22%3A%22Schraffenberger%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Frederik%20Zuiderveen%22%2C%22lastName%22%3A%22Borgesius%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Moniek%22%2C%22lastName%22%3A%22Buijzen%22%7D%5D%2C%22abstractNote%22%3A%22Dark%20patterns%20are%20%28evil%29%20design%20nudges%20that%20steer%20people%5Cu2019s%20behaviour%20through%20persuasive%20interface%20design.%20Increasingly%20found%20in%20cookie%20consent%20requests%2C%20they%20possibly%20undermine%20principles%20of%20EU%20privacy%20law.%20In%20two%20preregistered%20online%20experiments%20we%20investigated%20the%20effects%20of%20three%20common%20design%20nudges%20%28default%2C%20aesthetic%20manipulation%2C%20obstruction%29%20on%20users%5Cu2019%20consent%20decisions%20and%20their%20perception%20of%20control%20over%20their%20personal%20data%20in%20these%20situations.%20In%20the%20first%20experiment%20%28N%20%3D%20228%29%20we%20explored%20the%20effects%20of%20design%20nudges%20towards%20the%20privacy-unfriendly%20option%20%28dark%20patterns%29.%20The%20experiment%20revealed%20that%20most%20participants%20agreed%20to%20all%20consent%20requests%20regardless%20of%20dark%20design%20nudges.%20Unexpectedly%2C%20despite%20generally%20low%20levels%20of%20perceived%20control%2C%20obstructing%20the%20privacy-friendly%20option%20led%20to%20more%20rather%20than%20less%20perceived%20control.%20In%20the%20second%20experiment%20%28N%20%3D%20255%29%20we%20reversed%20the%20direction%20of%20the%20design%20nudges%20towards%20the%20privacy-friendly%20option%2C%20which%20we%20title%20%5Cu201cbright%20patterns%5Cu201d.%20This%20time%20the%20obstruction%20and%20default%20nudges%20swayed%20people%20effectively%20towards%20the%20privacy-friendly%20option%2C%20while%20the%20result%20regarding%20perceived%20control%20stayed%20the%20same%20compared%20to%20Experiment%201.%20Overall%2C%20our%20findings%20suggest%20that%20many%20current%20implementations%20of%20cookie%20consent%20requests%20do%20not%20enable%20meaningful%20choices%20by%20internet%20users%2C%20and%20are%20thus%20not%20in%20line%20with%20the%20intention%20of%20the%20EU%20policymakers.%20We%20also%20explore%20how%20policymakers%20could%20address%20the%20problem.%22%2C%22date%22%3A%22Aug%202%202021%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.33621%5C%2Fjdsr.v3i1.54%22%2C%22ISSN%22%3A%222003-1998%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fjdsr.se%5C%2Fojs%5C%2Findex.php%5C%2Fjdsr%5C%2Farticle%5C%2Fview%5C%2F54%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A39%3A41Z%22%7D%7D%2C%7B%22key%22%3A%22UD7BD8Q3%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Garg%20et%20al.%22%2C%22parsedDate%22%3A%222021-06-08%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EGarg%2C%20C.%2C%20Machiry%2C%20A.%2C%20Continella%2C%20A.%2C%20Kruegel%2C%20C.%2C%20%26amp%3B%20Vigna%2C%20G.%20%282021%29.%20Toward%20a%20Secure%20Crowdsourced%20Location%20Tracking%20System.%20%3Ci%3E14th%20ACM%20Conference%20on%20Security%20and%20Privacy%20in%20Wireless%20and%20Mobile%20Networks%20%28WiSec%29%3C%5C%2Fi%3E%2C%20311%26%23x2013%3B322.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3448300.3467821%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3448300.3467821%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Toward%20a%20Secure%20Crowdsourced%20Location%20Tracking%20System%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Chinmay%22%2C%22lastName%22%3A%22Garg%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Aravind%22%2C%22lastName%22%3A%22Machiry%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Andrea%22%2C%22lastName%22%3A%22Continella%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Christopher%22%2C%22lastName%22%3A%22Kruegel%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Giovanni%22%2C%22lastName%22%3A%22Vigna%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%22Jun%208%202021%22%2C%22proceedingsTitle%22%3A%2214th%20ACM%20Conference%20on%20Security%20and%20Privacy%20in%20Wireless%20and%20Mobile%20Networks%20%28WiSec%29%22%2C%22conferenceName%22%3A%2214th%20ACM%20Conference%20on%20Security%20and%20Privacy%20in%20Wireless%20and%20Mobile%20Networks%22%2C%22language%22%3A%22English%22%2C%22DOI%22%3A%2210.1145%5C%2F3448300.3467821%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fresearch.utwente.nl%5C%2Fen%5C%2Fpublications%5C%2Ftoward-a-secure-crowdsourced-location-tracking-system%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A38%3A23Z%22%7D%7D%2C%7B%22key%22%3A%22TFKUGNHJ%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Meijaard%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EMeijaard%2C%20Y.%2C%20Meiler%2C%20P.-P.%2C%20%26amp%3B%20Allodi%2C%20L.%20%282021%29.%20%3Ci%3EModelling%20Disruptive%20APTs%20targeting%20Critical%20Infrastructure%20using%20Military%20Theory%3C%5C%2Fi%3E.%20178%26%23x2013%3B190.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00026%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00026%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Modelling%20Disruptive%20APTs%20targeting%20Critical%20Infrastructure%20using%20Military%20Theory%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Yoram%22%2C%22lastName%22%3A%22Meijaard%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Peter-Paul%22%2C%22lastName%22%3A%22Meiler%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%5D%2C%22abstractNote%22%3A%22Disruptive%20Advanced%20Persistent%20Threats%20%28D-APTs%29%20are%20a%20new%20sophisticated%20class%20of%20cyberattacks%20targeting%20critical%20infrastructures.%20Whereas%20regular%20APTs%20are%20well-described%20in%20the%20literature%2C%20no%20existing%20APT%20kill%20chain%20model%20incorporates%20the%20disruptive%20actions%20of%20D-APTs%20and%20can%20be%20used%20to%20represent%20DAPTs%20in%20data.%20To%20this%20aim%2C%20the%20contribution%20of%20this%20paper%20is%20twofold%3A%20first%2C%20we%20review%20the%20evolution%20of%20existing%20APT%20kill%20chain%20models.%20Second%2C%20we%20present%20a%20novel%20D-APT%20model%20based%20on%20existing%20ATP%20models%20and%20military%20theory.%20The%20model%20describes%20the%20strategic%20objective%20setting%2C%20the%20operational%20kill%20chain%20and%20the%20tactics%20of%20the%20attacker%2C%20as%20well%20as%20the%20defender%26%23x2019%3Bs%20critical%20infrastructure%2C%20processes%20and%20societal%20function.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20Workshops%20%28EuroS%26PW%29%22%2C%22language%22%3A%22English%22%2C%22DOI%22%3A%2210.1109%5C%2FEuroSPW54576.2021.00026%22%2C%22ISBN%22%3A%22978-1-66541-012-0%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.computer.org%5C%2Fcsdl%5C%2Fproceedings-article%5C%2Feuros%26pw%5C%2F2021%5C%2F999900a178%5C%2F1y63lcSC3qU%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A37%3A22Z%22%7D%7D%2C%7B%22key%22%3A%22VHLRPZD6%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Burda%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EBurda%2C%20P.%2C%20Allodi%2C%20L.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282021%29.%20%3Ci%3EDissecting%20Social%20Engineering%20Attacks%20Through%20the%20Lenses%20of%20Cognition%3C%5C%2Fi%3E.%20149%26%23x2013%3B160.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00024%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00024%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Dissecting%20Social%20Engineering%20Attacks%20Through%20the%20Lenses%20of%20Cognition%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pavlo%22%2C%22lastName%22%3A%22Burda%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22In%20this%20paper%20we%20present%2C%20showcase%2C%20and%20analize%20a%20novel%20framework%20to%20dissect%20Social%20Engineering%20%28SE%29%20attacks.%20The%20framework%20is%20based%20on%20extant%20theories%20in%20the%20cognitive%20sciences%2C%20and%20is%20meant%20as%20an%20instrument%20for%20researchers%20and%20practitioners%20alike%20to%20structure%20and%20analyze%20SE%20attacks%20of%20varying%20sophistication%2C%20isolating%20specific%20features%20and%20their%20effects%20at%20the%20cognitive%20level%2C%20and%20providing%20a%20common%20structure%20for%20comparisons%20across%20different%20attacks.%20We%20showcase%20the%20framework%20against%20attacks%20reproduced%20in%20the%20academic%20literature%20as%20well%20as%20against%20real%20%28highly-targeted%29%20SE%20attacks%20reported%20in%20the%20wild%2C%20isolating%20and%20relating%20effects%20and%20techniques%20adopted%20by%20the%20attackers%20to%20the%20target%26%23x2019%3Bs%20cognitive%20process.%20We%20discuss%20implications%20for%20research%20and%20practice%20of%20the%20proposed%20framework.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20Workshops%20%28EuroS%26PW%29%22%2C%22language%22%3A%22English%22%2C%22DOI%22%3A%2210.1109%5C%2FEuroSPW54576.2021.00024%22%2C%22ISBN%22%3A%22978-1-66541-012-0%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.computer.org%5C%2Fcsdl%5C%2Fproceedings-article%5C%2Feuros%26pw%5C%2F2021%5C%2F999900a149%5C%2F1y63kTlpFpC%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A36%3A39Z%22%7D%7D%2C%7B%22key%22%3A%224XQ7UINY%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22van%20Dooremaal%20et%20al.%22%2C%22parsedDate%22%3A%222021-08-17%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3Evan%20Dooremaal%2C%20B.%2C%20Burda%2C%20P.%2C%20Allodi%2C%20L.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282021%29.%20Combining%20Text%20and%20Visual%20Features%20to%20Improve%20the%20Identification%20of%20Cloned%20Webpages%20for%20Early%20Phishing%20Detection.%20%3Ci%3EThe%2016th%20International%20Conference%20on%20Availability%2C%20Reliability%20and%20Security%3C%5C%2Fi%3E%2C%201%26%23x2013%3B10.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3465481.3470112%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3465481.3470112%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Combining%20Text%20and%20Visual%20Features%20to%20Improve%20the%20Identification%20of%20Cloned%20Webpages%20for%20Early%20Phishing%20Detection%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Bram%22%2C%22lastName%22%3A%22van%20Dooremaal%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pavlo%22%2C%22lastName%22%3A%22Burda%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22Phishing%20attacks%20arrive%20in%20high%20numbers%20and%20often%20spread%20quickly%2C%20meaning%20that%20after-the-fact%20countermeasures%20such%20as%20domain%20blacklisting%20are%20limited%20in%20efficacy.%20Visual%20similarity-based%20approaches%20have%20the%20potential%20of%20detecting%20previously%20unseen%20phishing%20webpages.%20These%20approaches%2C%20however%2C%20require%20identifying%20the%20legitimate%20webpage%28s%29%20they%20reproduce.%20Existing%20approaches%20rely%20on%20textual%20feature%20analysis%20for%20target%20identification%2C%20with%20misclassification%20rates%20of%20approximately%201%25%3B%20however%2C%20as%20most%20websites%20a%20user%20might%20visit%20are%20legitimate%2C%20additional%20research%20is%20needed%20to%20further%20reduce%20classification%20errors.%20In%20this%20work%2C%20we%20propose%20a%20novel%20method%20for%20target%20identification%20that%20relies%20on%20both%20visual%20features%20%28extracted%20from%20a%20screenshot%20of%20the%20web%20page%29%20and%20textual%20features%20%28extracted%20from%20the%20DOM%20of%20the%20web%20page%29%20to%20identify%20which%20website%20a%20phishing%20web%20page%20is%20replicating%2C%20and%20assess%20its%20effectiveness%20in%20detecting%20phishing%20websites%20using%20data%20from%20phishing%20aggregators%20such%20as%20OpenPhish%2C%20PhishTank%20and%20PhishStats.%20Compared%20to%20state-of-the-art%20text-based%20classifiers%2C%20our%20method%20reduces%20the%20phishing%20misclassification%20rate%20by%2067%25%20%28from%201.02%25%20to%200.34%25%29%2C%20for%20an%20accuracy%20of%2099.66%25.%20This%20work%20provides%20a%20further%20step%20forwards%20toward%20semi-automated%20decision%20support%20systems%20for%20phishing%20detection.%22%2C%22date%22%3A%22August%2017%202021%22%2C%22proceedingsTitle%22%3A%22The%2016th%20International%20Conference%20on%20Availability%2C%20Reliability%20and%20Security%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1145%5C%2F3465481.3470112%22%2C%22ISBN%22%3A%22978-1-4503-9051-4%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3465481.3470112%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A35%3A57Z%22%7D%7D%2C%7B%22key%22%3A%22KYLF4AZM%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22van%20de%20Weijer%20et%20al.%22%2C%22parsedDate%22%3A%222021-08-01%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3Evan%20de%20Weijer%2C%20S.%20G.%20A.%2C%20Holt%2C%20T.%20J.%2C%20%26amp%3B%20Leukfeldt%2C%20E.%20R.%20%282021%29.%20Heterogeneity%20in%20trajectories%20of%20cybercriminals%3A%20A%20longitudinal%20analyses%20of%20web%20defacements.%20%3Ci%3EComputers%20in%20Human%20Behavior%20Reports%3C%5C%2Fi%3E%2C%20%3Ci%3E4%3C%5C%2Fi%3E%2C%20100113.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chbr.2021.100113%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chbr.2021.100113%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Heterogeneity%20in%20trajectories%20of%20cybercriminals%3A%20A%20longitudinal%20analyses%20of%20web%20defacements%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Steve%20G.%20A.%22%2C%22lastName%22%3A%22van%20de%20Weijer%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Thomas%20J.%22%2C%22lastName%22%3A%22Holt%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22E.%20Rutger%22%2C%22lastName%22%3A%22Leukfeldt%22%7D%5D%2C%22abstractNote%22%3A%22Longitudinal%20criminological%20studies%20greatly%20improved%20our%20understanding%20of%20the%20longitudinal%20patterns%20of%20criminality.%20These%20studies%2C%20however%2C%20focused%20almost%20exclusively%20on%20traditional%20types%20of%20offending%20and%20it%20is%20therefore%20unclear%20whether%20results%20are%20generalizable%20to%20online%20types%20of%20offending.%20This%20study%20attempted%20to%20identify%20the%20developmental%20trajectories%20of%20active%20hackers%20who%20perform%20web%20defacements.%20The%20data%20for%20this%20study%20consisted%20of%202%2C745%2C311%20attacks%20performed%20by%2066%2C553%20hackers%20and%20reported%20to%20Zone-H%20between%20January%202010%20and%20March%202017.%20Semi-parametric%20group-based%20trajectory%20models%20were%20used%20to%20distinguish%20six%20different%20groups%20of%20hackers%20based%20on%20the%20timing%20and%20frequency%20of%20their%20defacements.%20The%20results%20demonstrated%20some%20common%20relationships%20to%20traditional%20types%20of%20crime%2C%20as%20a%20small%20population%20of%20defacers%20accounted%20for%20the%20majority%20of%20defacements%20against%20websites.%20Additionally%2C%20the%20methods%20and%20targeting%20practices%20of%20defacers%20differed%20based%20on%20the%20frequency%20with%20which%20they%20performed%20defacements%20generally.%22%2C%22date%22%3A%22August%201%202021%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.1016%5C%2Fj.chbr.2021.100113%22%2C%22ISSN%22%3A%222451-9588%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.sciencedirect.com%5C%2Fscience%5C%2Farticle%5C%2Fpii%5C%2FS2451958821000610%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A35%3A14Z%22%7D%7D%2C%7B%22key%22%3A%22DK88EEDW%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Fasano%20et%20al.%22%2C%22parsedDate%22%3A%222021-05-24%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EFasano%2C%20A.%2C%20Ballo%2C%20T.%2C%20Muench%2C%20M.%2C%20Leek%2C%20T.%2C%20Bulekov%2C%20A.%2C%20Dolan-Gavitt%2C%20B.%2C%20Egele%2C%20M.%2C%20Francillon%2C%20A.%2C%20Lu%2C%20L.%2C%20Gregory%2C%20N.%2C%20Balzarotti%2C%20D.%2C%20%26amp%3B%20Robertson%2C%20W.%20%282021%29.%20SoK%3A%20Enabling%20Security%20Analyses%20of%20Embedded%20Systems%20via%20Rehosting.%20In%20%3Ci%3EProceedings%20of%20the%202021%20ACM%20Asia%20Conference%20on%20Computer%20and%20Communications%20Security%3C%5C%2Fi%3E%20%28pp.%20687%26%23x2013%3B701%29.%20Association%20for%20Computing%20Machinery.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3433210.3453093%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3433210.3453093%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22bookSection%22%2C%22title%22%3A%22SoK%3A%20Enabling%20Security%20Analyses%20of%20Embedded%20Systems%20via%20Rehosting%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Andrew%22%2C%22lastName%22%3A%22Fasano%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tiemoko%22%2C%22lastName%22%3A%22Ballo%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Marius%22%2C%22lastName%22%3A%22Muench%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tim%22%2C%22lastName%22%3A%22Leek%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Alexander%22%2C%22lastName%22%3A%22Bulekov%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Brendan%22%2C%22lastName%22%3A%22Dolan-Gavitt%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Manuel%22%2C%22lastName%22%3A%22Egele%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Aur%5Cu00e9lien%22%2C%22lastName%22%3A%22Francillon%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Long%22%2C%22lastName%22%3A%22Lu%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nick%22%2C%22lastName%22%3A%22Gregory%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Davide%22%2C%22lastName%22%3A%22Balzarotti%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22William%22%2C%22lastName%22%3A%22Robertson%22%7D%5D%2C%22abstractNote%22%3A%22Closely%20monitoring%20the%20behavior%20of%20a%20software%20system%20during%20its%20execution%20enables%20developers%20and%20analysts%20to%20observe%2C%20and%20ultimately%20understand%2C%20how%20it%20works.%20This%20kind%20of%20dynamic%20analysis%20can%20be%20instrumental%20to%20reverse%20engineering%2C%20vulnerability%20discovery%2C%20exploit%20development%2C%20and%20debugging.%20While%20these%20analyses%20are%20typically%20well-supported%20for%20homogeneous%20desktop%20platforms%20%28e.g.%2C%20x86%20desktop%20PCs%29%2C%20they%20can%20rarely%20be%20applied%20in%20the%20heterogeneous%20world%20of%20embedded%20systems.%20One%20approach%20to%20enable%20dynamic%20analyses%20of%20embedded%20systems%20is%20to%20move%20software%20stacks%20from%20physical%20systems%20into%20virtual%20environments%20that%20sufficiently%20model%20hardware%20behavior.%20This%20process%20which%20we%20call%20%5C%22rehosting%5C%22%20poses%20a%20significant%20research%20challenge%20with%20major%20implications%20for%20security%20analyses.%20Although%20rehosting%20has%20traditionally%20been%20an%20unscientific%20and%20ad-hoc%20endeavor%20undertaken%20by%20domain%20experts%20with%20varying%20time%20and%20resources%20at%20their%20disposal%2C%20researchers%20are%20beginning%20to%20address%20rehosting%20challenges%20systematically%20and%20in%20earnest.%20In%20this%20paper%2C%20we%20establish%20that%20emulation%20is%20insufficient%20to%20conduct%20large-scale%20dynamic%20analysis%20of%20real-world%20hardware%20systems%20and%20present%20rehosting%20as%20a%20firmware-centric%20alternative.%20Furthermore%2C%20we%20taxonomize%20preliminary%20rehosting%20efforts%2C%20identify%20the%20fundamental%20components%20of%20the%20rehosting%20process%2C%20and%20propose%20directions%20for%20future%20research.%22%2C%22bookTitle%22%3A%22Proceedings%20of%20the%202021%20ACM%20Asia%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22date%22%3A%22May%2024%202021%22%2C%22language%22%3A%22%22%2C%22ISBN%22%3A%22978-1-4503-8287-8%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3433210.3453093%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A34%3A40Z%22%7D%7D%2C%7B%22key%22%3A%2224WIZXNK%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Ragab%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ERagab%2C%20H.%2C%20Barberis%2C%20E.%2C%20Bos%2C%20H.%2C%20%26amp%3B%20Giuffrida%2C%20C.%20%282021%29.%20%3Ci%3ERage%20Against%20the%20Machine%20Clear%3A%20A%20Systematic%20Analysis%20of%20Machine%20Clears%20and%20Their%20Implications%20for%20Transient%20Execution%20Attacks%3C%5C%2Fi%3E.%201451%26%23x2013%3B1468.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fwww.usenix.org%5C%2Fconference%5C%2Fusenixsecurity21%5C%2Fpresentation%5C%2Fragab%27%3Ehttps%3A%5C%2F%5C%2Fwww.usenix.org%5C%2Fconference%5C%2Fusenixsecurity21%5C%2Fpresentation%5C%2Fragab%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Rage%20Against%20the%20Machine%20Clear%3A%20A%20Systematic%20Analysis%20of%20Machine%20Clears%20and%20Their%20Implications%20for%20Transient%20Execution%20Attacks%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hany%22%2C%22lastName%22%3A%22Ragab%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Enrico%22%2C%22lastName%22%3A%22Barberis%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Herbert%22%2C%22lastName%22%3A%22Bos%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Cristiano%22%2C%22lastName%22%3A%22Giuffrida%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%2230th%20USENIX%20Security%20Symposium%20%28USENIX%20Security%2021%29%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22978-1-939133-24-3%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.usenix.org%5C%2Fconference%5C%2Fusenixsecurity21%5C%2Fpresentation%5C%2Fragab%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A32%3A36Z%22%7D%7D%2C%7B%22key%22%3A%22G2UVGRGV%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Pletinckx%20et%20al.%22%2C%22parsedDate%22%3A%222021-11-19%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EPletinckx%2C%20S.%2C%20Borgolte%2C%20K.%2C%20%26amp%3B%20Fiebig%2C%20T.%20%282021%29.%20Out%20of%20Sight%2C%20Out%20of%20Mind%3A%20Detecting%20Orphaned%20Web%20Pages%20at%20Internet-Scale.%20%3Ci%3EProc.%20of%20ACM%20Computer%20and%20Communication%20Security%3C%5C%2Fi%3E%2C%2021%26%23x2013%3B35.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3460120.3485367%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3460120.3485367%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Out%20of%20Sight%2C%20Out%20of%20Mind%3A%20Detecting%20Orphaned%20Web%20Pages%20at%20Internet-Scale%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Stijn%22%2C%22lastName%22%3A%22Pletinckx%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Kevin%22%2C%22lastName%22%3A%22Borgolte%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tobias%22%2C%22lastName%22%3A%22Fiebig%22%7D%5D%2C%22abstractNote%22%3A%22Security%20misconfigurations%20and%20neglected%20updates%20commonly%20lead%5Cnto%20systems%20being%20vulnerable.%20Especially%20in%20the%20context%20of%20websites%2C%5Cnwe%20often%20find%20pages%20that%20were%20forgotten%2C%20that%20is%2C%20they%20were%20left%20online%20after%20they%20served%20their%20purpose%20and%20never%20updated%20thereafter.%5CnIn%20this%20paper%2C%20we%20introduce%20new%20methodology%20to%20detect%20such%20forgotten%20or%20orphaned%20web%20pages.%20We%20combine%20historic%20data%20from%20the%5CnInternet%20Archive%20with%20active%20measurements%20to%20identify%20pages%20no%5Cnlonger%20reachable%20via%20a%20path%20from%20the%20index%20page%2C%20yet%20stay%20accessible%5Cnthrough%20their%20specific%20URL.%20We%20show%20the%20efficacy%20of%20our%20approach%5Cnand%20the%20real-world%20relevance%20of%20orphaned%20web-pages%20by%20applying%5Cnit%20to%20a%20sample%20of%20100%2C000%20domains%20from%20the%20Tranco%20Top%201M.%5CnLeveraging%20our%20methodology%2C%20we%20find%201%2C953%20pages%20on%20907%20unique%5Cndomains%20that%20are%20orphaned%2C%20some%20of%20which%20are%2020%20years%20old.%20Analyzing%20their%20security%20posture%2C%20we%20find%20that%20these%20pages%20are%20significantly%20%28%5Cud835%5Cudc5d%20%3C%200.01%20using%20%5Cud835%5Cudf12%5Cn2%5Cn%29%20more%20likely%20to%20be%20vulnerable%20to%20crosssite%20scripting%20%28XSS%29%20and%20SQL%20injection%20%28SQLi%29%20vulnerabilities%20than%5Cnmaintained%20pages.%20In%20fact%2C%20orphaned%20pages%20are%20almost%20ten%20times%20as%5Cnlikely%20to%20suffer%20from%20XSS%20%2819.3%25%29%20than%20maintained%20pages%20from%20a%20random%20Internet%20crawl%20%282.0%25%29%2C%20and%20maintained%20pages%20of%20websites%20with%5Cnsome%20orphans%20are%20almost%20three%20times%20as%20vulnerable%20%285.9%25%29.%20Concerning%20SQLi%2C%20maintained%20pages%20on%20websites%20with%20some%20orphans%5Cnare%20almost%20as%20vulnerable%20%289.5%25%29%20as%20orphans%20%2810.8%25%29%2C%20and%20both%20are%5Cnsignificantly%20more%20likely%20to%20be%20vulnerable%20than%20other%20maintained%5Cnpages%20%282.7%25%29.%20Overall%2C%20we%20see%20a%20clear%20hierarchy%3A%20Orphaned%20pages%5Cnare%20the%20most%20vulnerable%2C%20followed%20by%20maintained%20pages%20on%20websites%5Cnwith%20orphans%2C%20with%20fully%20maintained%20sites%20being%20least%20vulnerable.%5CnWe%20share%20an%20open%20source%20implementation%20of%20our%20methodology%20to%5Cnenable%20the%20reproduction%20and%20application%20of%20our%20results%20in%20practice.%22%2C%22date%22%3A%22November%2019%202021%22%2C%22proceedingsTitle%22%3A%22Proc.%20of%20ACM%20Computer%20and%20Communication%20Security%22%2C%22conferenceName%22%3A%22ACM%20Computer%20and%20Communication%20Security%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3460120.3485367%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdl.acm.org%5C%2Fdoi%5C%2Fabs%5C%2F10.1145%5C%2F3460120.3485367%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A46%3A16Z%22%7D%7D%2C%7B%22key%22%3A%22KWYTH6ZI%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Sciancalepore%20et%20al.%22%2C%22parsedDate%22%3A%222021-10-06%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESciancalepore%2C%20S.%2C%20Tedeschi%2C%20P.%2C%20Riasat%2C%20U.%2C%20%26amp%3B%20Di%20Pietro%2C%20R.%20%282021%2C%20October%206%29.%20Mitigating%20Energy%20Depletion%20Attacks%20in%20IoT%20via%20Random%20Time-Slotted%20Channel%20Access.%20%3Ci%3EProc.%20of%20IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%3C%5C%2Fi%3E.%20IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%2C%20Virtual.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Sciancalepore_CNS.pdf%27%3Ehttps%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Sciancalepore_CNS.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Mitigating%20Energy%20Depletion%20Attacks%20in%20IoT%20via%20Random%20Time-Slotted%20Channel%20Access%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pietro%22%2C%22lastName%22%3A%22Tedeschi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Usman%22%2C%22lastName%22%3A%22Riasat%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Roberto%22%2C%22lastName%22%3A%22Di%20Pietro%22%7D%5D%2C%22abstractNote%22%3A%22Energy%20depletion%20attacks%20represent%20a%20challenging%5Cnthreat%20towards%20the%20secure%20and%20reliable%20deployment%20of%20low-power%5CnInternet%20of%20Things%20%28IoT%29%20networks.%20Indeed%2C%20by%20simply%20transmitting%5Cncanning%20standard-compliant%20packets%20to%20a%20target%20IoT%20device%2C%20an%5Cnadversary%20can%20quickly%20exhaust%20target%20devices%5Cu2019%20available%20energy%5Cnand%20reduce%20network%20lifetime%2C%20leading%20to%20extensive%20Denial-ofService%20%28DoS%29.%20Current%20solutions%20to%20tackle%20energy%20depletion%20attacks%5Cnmainly%20rely%20on%20ex-post%20detection%20of%20the%20attack%20and%20the%20adoption%5Cnof%20follow-up%20countermeasures.%20Still%2C%20the%20cited%20approaches%20cannot%5Cnprevent%20external%20adversaries%20from%20sending%20wireless%20packets%20to%5Cntarget%20devices%20and%20draining%20down%20their%20energy%20budget.%5CnIn%20this%20paper%2C%20we%20present%20RTSCA%2C%20a%20novel%20countermeasure%20to%5Cnenergy%20depletion%20attacks%20in%20IoT%20networks%2C%20that%20leverages%20Random%5CnTime-Slotted%20Channel%20Access.%20RTSCA%20randomizes%20channel%20access%5Cnoperations%20executed%20by%20a%20couple%20of%20directly-connected%20IoT%20devices%5Cnoperating%20through%20the%20IEEE%20802.15.4%20MAC%2C%20significantly%20reducing%5Cnthe%20time%20window%20of%20opportunity%20for%20the%20attacker%2C%20with%20little-to-none%5Cnenergy%20cost%20on%20legitimate%20IoT%20devices.%20RTSCA%20also%20includes%20a%20detection%20mechanism%20targeted%20to%20the%20recently-introduced%20Truncateafter-Preamble%20%28TaP%29%20energy%20depletion%20attacks%2C%20that%20leverages%5Cnthe%20observation%20of%20error%20patterns%20in%20the%20received%20packets.%20We%5Cncarried%20out%20an%20extensive%20performance%20assessment%20campaign%20on%5Cnreal%20Openmote-b%20IoT%20nodes%2C%20showing%20that%20RTSCA%20forces%20the%5Cnadversary%20to%20behave%20as%20a%20%28sub-optimal%29%20reactive%20jammer%20to%20achieve%5Cnenergy%20depletion%20attacks.%20In%20such%20a%20setting%2C%20the%20adversary%20has%20to%5Cnspend%20between%2042.5%25%20and%2055%25%20more%20energy%20to%20carry%20out%20the%5Cnattack%2C%20while%20at%20the%20same%20time%20having%20no%20deterministic%20chances%5Cnof%20success%22%2C%22date%22%3A%22October%206%202021%22%2C%22proceedingsTitle%22%3A%22Proc.%20of%20IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22conferenceName%22%3A%22IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Sciancalepore_CNS.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A46%3A08Z%22%7D%7D%2C%7B%22key%22%3A%22GGDWTGMJ%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Tedeschi%20et%20al.%22%2C%22parsedDate%22%3A%222021-12-06%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ETedeschi%2C%20P.%2C%20Sciancalepore%2C%20S.%2C%20%26amp%3B%20Di%20Pietro%2C%20R.%20%282021%2C%20December%206%29.%20ARID%20%26%23x2013%3B%20Anonymous%20Remote%20Identication%20of%20Unmanned%20Aerial%20Vehicles.%20%3Ci%3EProc.%20of%20ACM%20Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%3C%5C%2Fi%3E.%20Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%2C%20Virtual.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Tedeschi_ACSAC.pdf%27%3Ehttps%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Tedeschi_ACSAC.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22ARID%20%5Cu2013%20Anonymous%20Remote%20Identication%20of%20Unmanned%20Aerial%20Vehicles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pietro%22%2C%22lastName%22%3A%22Tedeschi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Roberto%22%2C%22lastName%22%3A%22Di%20Pietro%22%7D%5D%2C%22abstractNote%22%3A%22To%20enable%20enhanced%20accountability%20of%20Unmanned%20Aerial%20Vehicles%5Cn%28UAVs%29%20operations%2C%20the%20US-based%20Federal%20Avionics%20Administration%5Cn%28FAA%29%20recently%20published%20a%20new%20dedicated%20regulation%2C%20namely%20RemoteID%2C%20requiring%20UAV%20operators%20to%20broadcast%20messages%20reporting%5Cntheir%20identity%20and%20location.%20The%20enforcement%20of%20such%20a%20rule%2C%20mandatory%20by%202022%2C%20generated%20significant%20concerns%20on%20UAV%20operators%2C%5Cnprimarily%20because%20of%20privacy%20issues%20derived%20by%20the%20indiscriminate%5Cnbroadcast%20of%20the%20plain-text%20identity%20of%20the%20UAV%20on%20the%20wireless%5Cnchannel.%5CnIn%20this%20paper%2C%20we%20propose%20ARID%2C%20a%20solution%20enabling%20RemoteIDcompliant%20Anonymous%20Remote%20Identification%20of%20UAVs.%20The%20adoption%5Cnof%20ARID%20allows%20UAVs%20to%20broadcast%20RemoteID-compliant%20messages%5Cnusing%20ephemeral%20pseudonyms%20that%20only%20a%20Trusted%20Authority%2C%20such%5Cnas%20the%20FAA%2C%20can%20link%20to%20the%20long-term%20identifier%20of%20the%20UAV%20and%20its%5Cnoperator.%20Moreover%2C%20ARID%20also%20enforces%20UAV%20message%20authenticity%2C%5Cnto%20protect%20UAVs%20against%20impersonation%20and%20spoofed%20reporting%2C%20while%5Cnrequiring%20an%20overall%20minimal%20toll%20on%20the%20battery%20budget.%20Furthermore%2C%20ARID%20generates%20negligible%20overhead%20on%20the%20Trusted%20Authority%2C%5Cnnot%20requiring%20the%20secure%20maintenance%20of%20any%20private%20database.%5CnWhile%20the%20security%20properties%20of%20ARID%20are%20thoroughly%20discussed%5Cnand%20formally%20verified%20with%20ProVerif%2C%20we%20also%20implemented%20a%20prototype%20of%20ARID%20on%20a%20real%20UAV%2C%20i.e.%2C%20the%203DR-Solo%20drone%2C%20integrating%20our%5Cnsolution%20within%20the%20popular%20Poky%20Operating%20System%2C%20on%20top%20of%20the%5Cnwidespread%20MAVLink%20protocol.%20Our%20experimental%20performance%20evaluation%20shows%20that%20the%20most%20demanding%20configuration%20of%20ARID%20takes%5Cnonly%20%5Cu2248%2011.23%20ms%20to%20generate%20a%20message%20and%20requires%20a%20mere%204.72%20mJ%5Cnof%20energy.%20Finally%2C%20we%20also%20released%20the%20source%20code%20of%20ARID%20to%20foster%5Cnfurther%20investigations%20and%20development%20by%20Academia%2C%20Industry%2C%20and%20practitioners%22%2C%22date%22%3A%22December%206%202021%22%2C%22proceedingsTitle%22%3A%22Proc.%20of%20ACM%20Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%22%2C%22conferenceName%22%3A%22Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Tedeschi_ACSAC.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A46%3A00Z%22%7D%7D%2C%7B%22key%22%3A%22D4XU6RA3%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Van%20Aubel%20and%20Poll%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EVan%20Aubel%2C%20P.%2C%20%26amp%3B%20Poll%2C%20E.%20%282021%29.%20Compromised%20through%20Compression%20%26%23x2013%3B%20Privacy%20Implications%20of%20Smart%20Meter%20Traffic%20Analysis.%20%3Ci%3ELecture%20Notes%20of%20the%20Institute%20for%20Computer%20Sciences%2C%20Social%20Informatics%20and%20Telecommunications%20Engineering%202021%3C%5C%2Fi%3E%2C%20%3Ci%3E399%3C%5C%2Fi%3E%2C%20317%26%23x2013%3B337.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-90022-9_16%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-90022-9_16%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Compromised%20through%20Compression%20%5Cu2013%20Privacy%20Implications%20of%20Smart%20Meter%20Traffic%20Analysis%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pol%22%2C%22lastName%22%3A%22Van%20Aubel%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Erik%22%2C%22lastName%22%3A%22Poll%22%7D%5D%2C%22abstractNote%22%3A%22Smart%20metering%20comes%20with%20risks%20to%20privacy.%20One%20concern%20is%5Cnthe%20possibility%20of%20an%20attacker%20seeing%20the%20traffic%20that%20reports%20the%20energy%20use%5Cnof%20a%20household%20and%20deriving%20private%20information%20from%20that.%20Encryption%5Cnhelps%20to%20mask%20the%20actual%20energy%20measurements%2C%20but%20is%20not%20sufficient%20to%5Cncover%20all%20risks.%20One%20aspect%20which%20has%20yet%20gone%20unexplored%20%5Cu2013%20and%20where%5Cnencryption%20does%20not%20help%20%5Cu2013%20is%20traffic%20analysis%2C%20i.e.%20whether%20the%20length%20of%5Cnmessages%20communicating%20energy%20measurements%20can%20leak%20privacy-sensitive%5Cninformation%20to%20an%20observer.%20In%20this%20paper%20we%20examine%20whether%20using%5Cnencodings%20or%20compression%20for%20smart%20metering%20data%20could%20potentially%20leak%5Cninformation%20about%20household%20energy%20use.%20Our%20analysis%20is%20based%20on%20the%5Cnreal-world%20energy%20use%20data%20of%20%5Cu00b180%20Dutch%20households.%5CnWe%20find%20that%20traffic%20analysis%20could%20reveal%20information%20about%20the%20energy%5Cnuse%20of%20individual%20households%20if%20compression%20is%20used.%20As%20a%20result%2C%20when%5Cnmessages%20are%20sent%20daily%2C%20an%20attacker%20performing%20traffic%20analysis%20would%5Cnbe%20able%20to%20determine%20when%20all%20the%20members%20of%20a%20household%20are%20away%5Cnor%20not%20using%20electricity%20for%20an%20entire%20day.%20We%20demonstrate%20this%20issue%20by%5Cnrecognizing%20when%20households%20from%20our%20dataset%20were%20on%20holiday.%20If%20messages%20are%20sent%20more%20often%2C%20more%20granular%20living%20patterns%20could%20likely%20be%5Cndetermined.%5CnWe%20propose%20a%20method%20of%20encoding%20the%20data%20that%20is%20nearly%20as%20effective%20as%5Cncompression%20at%20reducing%20message%20size%2C%20but%20does%20not%20leak%20the%20information%5Cnthat%20compression%20leaks.%20By%20not%20requiring%20compression%20to%20achieve%20the%20best%5Cnpossible%20data%20savings%2C%20the%20risk%20of%20traffic%20analysis%20is%20eliminated.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22Lecture%20Notes%20of%20the%20Institute%20for%20Computer%20Sciences%2C%20Social%20Informatics%20and%20Telecommunications%20Engineering%202021%22%2C%22conferenceName%22%3A%22EAI%20SecureComm%202021%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1007%5C%2F978-3-030-90022-9_16%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Flink.springer.com%5C%2Fchapter%5C%2F10.1007%252F978-3-030-90022-9_16%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A45%3A37Z%22%7D%7D%2C%7B%22key%22%3A%22JSCDW9XC%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Dupont%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EDupont%2C%20G.%2C%20Leite%2C%20C.%2C%20dos%20Santos%2C%20D.%20R.%2C%20Costante%2C%20E.%2C%20den%20Hartog%2C%20J.%2C%20%26amp%3B%20Etalle%2C%20S.%20%282021%29.%20Similarity-Based%20Clustering%20For%20IoT%20Device%20Classification.%20%3Ci%3E2021%20IEEE%20International%20Conference%20on%20Omni-Layer%20Intelligent%20Systems%20%28COINS%29%3C%5C%2Fi%3E%2C%201%26%23x2013%3B7.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCOINS51742.2021.9524201%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCOINS51742.2021.9524201%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Similarity-Based%20Clustering%20For%20IoT%20Device%20Classification%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Guillaume%22%2C%22lastName%22%3A%22Dupont%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Cristoffer%22%2C%22lastName%22%3A%22Leite%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Daniel%20Ricardo%22%2C%22lastName%22%3A%22dos%20Santos%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elisa%22%2C%22lastName%22%3A%22Costante%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Jerry%22%2C%22lastName%22%3A%22den%20Hartog%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Sandro%22%2C%22lastName%22%3A%22Etalle%22%7D%5D%2C%22abstractNote%22%3A%22Classifying%20devices%20connected%20to%20an%20enterprise%20network%20is%20a%20fundamental%20security%20control%20that%20is%20nevertheless%20challenging%20due%20to%20the%20limitations%20of%20fingerprint-based%20classification%20and%20black-box%20machine%20learning.%20In%20this%20paper%2C%20we%20address%20such%20limitations%20by%20proposing%20a%20similarity-based%20clustering%20method.%20We%20evaluate%20our%20solution%20and%20compare%20it%20to%20a%20state-of-the-art%20fingerprint-based%20classification%20engine%20using%20data%20from%2020%2C000%20devices.%20The%20results%20show%20that%20we%20can%20successfully%20classify%20around%20half%20of%20the%20unclassified%20devices%20with%20a%20high%20accuracy.%20We%20also%20validate%20our%20approach%20with%20domain%20experts%20to%20demonstrate%20its%20usability%20in%20producing%20new%20fingerprinting%20rules.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%222021%20IEEE%20International%20Conference%20on%20Omni-Layer%20Intelligent%20Systems%20%28COINS%29%22%2C%22conferenceName%22%3A%222021%20IEEE%20International%20Conference%20on%20Omni-Layer%20Intelligent%20Systems%20%28COINS%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FCOINS51742.2021.9524201%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22%22%2C%22collections%22%3A%5B%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A45%3A27Z%22%7D%7D%5D%7D
Bouwmeester, B., Turcios Rodriguez, E. R., Gañán, C., van Eeten, M., & Parkin, S. (2021). The thing doesn’t have a name. Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021, 493–512. http://www.scopus.com/inward/record.url?scp=85114464267&partnerID=8YFLogxK
Rodríguez, E., Noroozian, A., van Eeten, M., & Gañán, C. (2021). Superspreaders: Quantifying the Role of IoT Manufacturers in Device Infections. Annual Workshop on the Economics on Information Security, 18. https://weis2021.econinfosec.org/wp-content/uploads/sites/9/2021/06/weis21-rodriguez.pdf
Khashooei, B. A., Vasenev, A., Kocademir, H. A., & Mathijssen, R. (2021). Architecting System of Systems Solutions with Security and Data-Protection Principles. 2021 16th International Conference of System of Systems Engineering (SoSE), 43–48. https://doi.org/10.1109/SOSE52739.2021.9497461
Asadi Khashooei, B., Vasenev, A., & Kocademir, H. A. (2021). Structured Traceability of Security and Privacy Principles for Designing Safe Automated Systems. In I. Habli, M. Sujan, S. Gerasimou, E. Schoitsch, & F. Bitsch (Eds.), Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops (pp. 52–62). Springer International Publishing. https://doi.org/10.1007/978-3-030-83906-2_4
Noroozian, A., Rodriguez, E. T., Lastdrager, E., Kasama, T., Van Eeten, M., & Gañán, C. H. (2021). Can ISPs Help Mitigate IoT Malware? A Longitudinal Study of Broadband ISP Security Efforts. 2021 IEEE European Symposium on Security and Privacy (EuroS P), 337–352. https://doi.org/10.1109/EuroSP51992.2021.00031
Graßl, P., Schraffenberger, H., Borgesius, F. Z., & Buijzen, M. (2021). Dark and Bright Patterns in Cookie Consent Requests. Journal of Digital Social Research, 3(1), 1–38. https://doi.org/10.33621/jdsr.v3i1.54
Garg, C., Machiry, A., Continella, A., Kruegel, C., & Vigna, G. (2021). Toward a Secure Crowdsourced Location Tracking System. 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 311–322. https://doi.org/10.1145/3448300.3467821
Meijaard, Y., Meiler, P.-P., & Allodi, L. (2021). Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory. 178–190. https://doi.org/10.1109/EuroSPW54576.2021.00026
Burda, P., Allodi, L., & Zannone, N. (2021). Dissecting Social Engineering Attacks Through the Lenses of Cognition. 149–160. https://doi.org/10.1109/EuroSPW54576.2021.00024
van Dooremaal, B., Burda, P., Allodi, L., & Zannone, N. (2021). Combining Text and Visual Features to Improve the Identification of Cloned Webpages for Early Phishing Detection. The 16th International Conference on Availability, Reliability and Security, 1–10. https://doi.org/10.1145/3465481.3470112
van de Weijer, S. G. A., Holt, T. J., & Leukfeldt, E. R. (2021). Heterogeneity in trajectories of cybercriminals: A longitudinal analyses of web defacements. Computers in Human Behavior Reports, 4, 100113. https://doi.org/10.1016/j.chbr.2021.100113
Fasano, A., Ballo, T., Muench, M., Leek, T., Bulekov, A., Dolan-Gavitt, B., Egele, M., Francillon, A., Lu, L., Gregory, N., Balzarotti, D., & Robertson, W. (2021). SoK: Enabling Security Analyses of Embedded Systems via Rehosting. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (pp. 687–701). Association for Computing Machinery. https://doi.org/10.1145/3433210.3453093
Ragab, H., Barberis, E., Bos, H., & Giuffrida, C. (2021). Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks. 1451–1468. https://www.usenix.org/conference/usenixsecurity21/presentation/ragab
Pletinckx, S., Borgolte, K., & Fiebig, T. (2021). Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale. Proc. of ACM Computer and Communication Security, 21–35. https://doi.org/https://doi.org/10.1145/3460120.3485367
Sciancalepore, S., Tedeschi, P., Riasat, U., & Di Pietro, R. (2021, October 6). Mitigating Energy Depletion Attacks in IoT via Random Time-Slotted Channel Access. Proc. of IEEE Conference on Computer and Communications Security. IEEE Conference on Computer and Communications Security, Virtual. https://intersct.nl/wp-content/uploads/2021/11/2021_Sciancalepore_CNS.pdf
Tedeschi, P., Sciancalepore, S., & Di Pietro, R. (2021, December 6). ARID – Anonymous Remote Identication of Unmanned Aerial Vehicles. Proc. of ACM Annual Computer Security Applications Conference (ACSAC). Annual Computer Security Applications Conference (ACSAC), Virtual. https://intersct.nl/wp-content/uploads/2021/11/2021_Tedeschi_ACSAC.pdf
Van Aubel, P., & Poll, E. (2021). Compromised through Compression – Privacy Implications of Smart Meter Traffic Analysis. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2021, 399, 317–337. https://doi.org/10.1007/978-3-030-90022-9_16
Dupont, G., Leite, C., dos Santos, D. R., Costante, E., den Hartog, J., & Etalle, S. (2021). Similarity-Based Clustering For IoT Device Classification. 2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS), 1–7. https://doi.org/10.1109/COINS51742.2021.9524201
2020
4530785
2020
items
1
0
default
asc
4000
https://intersct.nl/wp-content/plugins/zotpress/
%7B%22status%22%3A%22success%22%2C%22updateneeded%22%3Afalse%2C%22instance%22%3A%22zotpress-91e2d2d75c8254db5bad695b6096f129%22%2C%22meta%22%3A%7B%22request_last%22%3A0%2C%22request_next%22%3A0%2C%22used_cache%22%3Atrue%7D%2C%22data%22%3A%5B%7B%22key%22%3A%227LINZR6M%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Walree%20and%20Wolters%22%2C%22parsedDate%22%3A%222020-11-01%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EWalree%2C%20T.%20F.%2C%20%26amp%3B%20Wolters%2C%20P.%20T.%20J.%20%282020%29.%20The%20right%20to%20compensation%20of%20a%20competitor%20for%20a%20violation%20of%20the%20GDPR.%20%3Ci%3EInternational%20Data%20Privacy%20Law%3C%5C%2Fi%3E%2C%20%3Ci%3E10%3C%5C%2Fi%3E%284%29%2C%20346%26%23x2013%3B355.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipaa018%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipaa018%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22The%20right%20to%20compensation%20of%20a%20competitor%20for%20a%20violation%20of%20the%20GDPR%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tim%20F%22%2C%22lastName%22%3A%22Walree%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pieter%20T%20J%22%2C%22lastName%22%3A%22Wolters%22%7D%5D%2C%22abstractNote%22%3A%22Key%20PointsAlthough%20the%20General%20Data%20Protection%20Regulation%20%28GDPR%29%20is%20primarily%20aimed%20at%20the%20protection%20of%20data%20subjects%2C%20competitors%20of%20the%20controller%20may%20also%20suffer%20damage%20due%20to%20an%20infringement.Article%2082%281%29%20of%20the%20GDPR%20stipulates%20that%20%5Cu2018any%20person%5Cu2019%20shall%20have%20the%20right%20to%20receive%20compensation.%20It%20does%20not%20clarify%20whether%20a%20competitor%20can%20also%20invoke%20this%20right.At%20first%20sight%2C%20a%20right%20to%20compensation%20for%20competitors%20does%20not%20match%20the%20primary%20purpose%20of%20the%20GDPR.However%2C%20the%20GDPR%20also%20intends%20to%20advance%20the%20free%20movement%20of%20personal%20data%2C%20strengthen%20the%20protection%20of%20personal%20data%2C%20and%20harmonize%20data%20protection%20law.%20The%20right%20to%20compensation%20of%20competitors%20can%20make%20a%20meaningful%20contribution%20to%20these%20objectives.Furthermore%2C%20other%20provisions%20of%20European%20origin%20also%20allow%20enforcement%20by%20competitors.%22%2C%22date%22%3A%22November%201%202020%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1093%5C%2Fidpl%5C%2Fipaa018%22%2C%22ISSN%22%3A%222044-3994%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipaa018%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A29%3A52Z%22%7D%7D%2C%7B%22key%22%3A%22UNLQ359I%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Pirocca%20et%20al.%22%2C%22parsedDate%22%3A%222020-12-06%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EPirocca%2C%20S.%2C%20Allodi%2C%20L.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282020%29.%20%3Ci%3EA%20Toolkit%20for%20Security%20Awareness%20Training%20Against%20Targeted%20Phishing%3C%5C%2Fi%3E%20%28pp.%20137%26%23x2013%3B159%29.%20https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-65610-2_9%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22bookSection%22%2C%22title%22%3A%22A%20Toolkit%20for%20Security%20Awareness%20Training%20Against%20Targeted%20Phishing%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Simone%22%2C%22lastName%22%3A%22Pirocca%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22The%20attack%20landscape%20is%20evolving%2C%20and%20attackers%20are%20employing%20new%20techniques%20to%20launch%20increasingly%20targeted%20and%20sophisticated%20social%20engineering%20attacks%20that%20exploit%20human%20vulnerabilities.%20Many%20organizations%20provide%20their%20employees%20with%20security%20awareness%20training%20to%20counter%20and%20mitigate%20such%20threats.%20However%2C%20recent%20studies%20have%20shown%20that%20current%20embedded%20phishing%20training%20programs%20and%20tools%20are%20often%20ineffective%20or%20incapable%20of%20addressing%20modern%2C%20tailored%20social%20engineering%20attacks.%20This%20paper%20presents%20a%20toolkit%20for%20the%20deployment%20of%20sophisticated%2C%20tailored%20phishing%20campaigns%20at%20scale%20%28e.g.%2C%20to%20deploy%20specific%20training%20within%20an%20organization%29.%20We%20enable%20the%20use%20of%20highly%20customizable%20phishing%20email%20templates%20that%20can%20be%20instantiated%20with%20a%20large%20range%20of%20information%20about%20the%20specific%20target%20and%20a%20semi-automated%20process%20for%20the%20selection%20of%20the%20phishing%20domain%20name.%20We%20demonstrate%20our%20tool%20by%20showing%20how%20tailored%20phishing%20campaigns%20proposed%20in%20previous%20studies%20can%20be%20enhanced%20to%20increase%20the%20credibility%20of%20the%20phishing%20email%2C%20effectively%20addressing%20the%20very%20limitations%20identified%20in%20those%20studies.%22%2C%22bookTitle%22%3A%22%22%2C%22date%22%3A%22December%206%202020%22%2C%22language%22%3A%22%22%2C%22ISBN%22%3A%22978-3-030-65609-6%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.researchgate.net%5C%2Fpublication%5C%2F347625933_A_Toolkit_for_Security_Awareness_Training_Against_Targeted_Phishing%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A29%3A01Z%22%7D%7D%2C%7B%22key%22%3A%22ZZHYZQTE%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Rosso%20et%20al.%22%2C%22parsedDate%22%3A%222020-12-07%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ERosso%2C%20M.%2C%20Campobasso%2C%20M.%2C%20Gankhuyag%2C%20G.%2C%20%26amp%3B%20Allodi%2C%20L.%20%282020%29.%20SAIBERSOC%3A%20Synthetic%20Attack%20Injection%20to%20Benchmark%20and%20Evaluate%20the%20Performance%20of%20Security%20Operation%20Centers.%20%3Ci%3EAnnual%20Computer%20Security%20Applications%20Conference%3C%5C%2Fi%3E%2C%20141%26%23x2013%3B153.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3427228.3427233%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3427228.3427233%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22SAIBERSOC%3A%20Synthetic%20Attack%20Injection%20to%20Benchmark%20and%20Evaluate%20the%20Performance%20of%20Security%20Operation%20Centers%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Martin%22%2C%22lastName%22%3A%22Rosso%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michele%22%2C%22lastName%22%3A%22Campobasso%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Ganduulga%22%2C%22lastName%22%3A%22Gankhuyag%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%5D%2C%22abstractNote%22%3A%22In%20this%20paper%20we%20introduce%20SAIBERSOC%2C%20a%20tool%20and%20methodology%20enabling%20security%20researchers%20and%20operators%20to%20evaluate%20the%20performance%20of%20deployed%20and%20operational%20Security%20Operation%20Centers%20%28SOCs%29%20%28or%20any%20other%20security%20monitoring%20infrastructure%29.%20The%20methodology%20relies%20on%20the%20MITRE%20ATT%26CK%20Framework%20to%20define%20a%20procedure%20to%20generate%20and%20automatically%20inject%20synthetic%20attacks%20in%20an%20operational%20SOC%20to%20evaluate%20any%20output%20metric%20of%20interest%20%28e.g.%2C%20detection%20accuracy%2C%20time-to-investigation%2C%20etc.%29.%20To%20evaluate%20the%20effectiveness%20of%20the%20proposed%20methodology%2C%20we%20devise%20an%20experiment%20with%20n%20%3D%20124%20students%20playing%20the%20role%20of%20SOC%20analysts.%20The%20experiment%20relies%20on%20a%20real%20SOC%20infrastructure%20and%20assigns%20students%20to%20either%20a%20BADSOC%20or%20a%20GOODSOC%20experimental%20condition.%20Our%20results%20show%20that%20the%20proposed%20methodology%20is%20effective%20in%20identifying%20variations%20in%20SOC%20performance%20caused%20by%20%28minimal%29%20changes%20in%20SOC%20configuration.%20We%20release%20the%20SAIBERSOC%20tool%20implementation%20as%20free%20and%20open%20source%20software.%22%2C%22date%22%3A%22December%207%202020%22%2C%22proceedingsTitle%22%3A%22Annual%20Computer%20Security%20Applications%20Conference%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1145%5C%2F3427228.3427233%22%2C%22ISBN%22%3A%22978-1-4503-8858-0%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3427228.3427233%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A28%3A01Z%22%7D%7D%2C%7B%22key%22%3A%22BD4QG7TF%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Campobasso%20and%20Allodi%22%2C%22parsedDate%22%3A%222020-10-30%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ECampobasso%2C%20M.%2C%20%26amp%3B%20Allodi%2C%20L.%20%282020%29.%20Impersonation-as-a-Service%3A%20Characterizing%20the%20Emerging%20Criminal%20Infrastructure%20for%20User%20Impersonation%20at%20Scale.%20%3Ci%3EProceedings%20of%20the%202020%20ACM%20SIGSAC%20Conference%20on%20Computer%20and%20Communications%20Security%3C%5C%2Fi%3E%2C%201665%26%23x2013%3B1680.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3372297.3417892%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3372297.3417892%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Impersonation-as-a-Service%3A%20Characterizing%20the%20Emerging%20Criminal%20Infrastructure%20for%20User%20Impersonation%20at%20Scale%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michele%22%2C%22lastName%22%3A%22Campobasso%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%5D%2C%22abstractNote%22%3A%22In%20this%20paper%20we%20provide%20evidence%20of%20an%20emerging%20criminal%20infrastructure%20enabling%20impersonation%20attacks%20at%20scale.%20Impersonation-as-a-Service%20%28IMPaaS%29%20allows%20attackers%20to%20systematically%20collect%20and%20enforce%20user%20profiles%20%28consisting%20of%20user%20credentials%2C%20cookies%2C%20device%20and%20behavioural%20fingerprints%2C%20and%20other%20metadata%29%20to%20circumvent%20risk-based%20authentication%20system%20and%20effectively%20bypass%20multi-factor%20authentication%20mechanisms.%20We%20present%20the%20IMPaaS%20model%20and%20evaluate%20its%20implementation%20by%20analysing%20the%20operation%20of%20a%20large%2C%20invite-only%2C%20Russian%20IMPaaS%20platform%20providing%20user%20profiles%20for%20more%20than%20260%2C000%20Internet%20users%20worldwide.%20Our%20findings%20suggest%20that%20the%20IMPaaS%20model%20is%20growing%2C%20and%20provides%20the%20mechanisms%20needed%20to%20systematically%20evade%20authentication%20controls%20across%20multiple%20platforms%2C%20while%20providing%20attackers%20with%20a%20reliable%2C%20up-to-date%2C%20and%20semi-automated%20environment%20enabling%20target%20selection%20and%20user%20impersonation%20against%20Internet%20users%20as%20scale.%22%2C%22date%22%3A%22October%2030%202020%22%2C%22proceedingsTitle%22%3A%22Proceedings%20of%20the%202020%20ACM%20SIGSAC%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1145%5C%2F3372297.3417892%22%2C%22ISBN%22%3A%22978-1-4503-7089-9%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3372297.3417892%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A27%3A21Z%22%7D%7D%2C%7B%22key%22%3A%22VEFY7ZEY%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Schrama%20et%20al.%22%2C%22parsedDate%22%3A%222020%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESchrama%2C%20V.%2C%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%20H.%2C%20Aschenbrenner%2C%20D.%2C%20de%20Reuver%2C%20M.%2C%20Borgolte%2C%20K.%2C%20Fiebig%2C%20T.%2C%20Delft%2C%20T.%2C%20%26amp%3B%20Schrama%2C%20V.%20C.%20M.%20%282020%29.%20%3Ci%3EUnderstanding%20the%20Knowledge%20Gap%3A%20How%20Security%20Awareness%20Influences%20the%20Adoption%20of%20Industrial%20IoT%3C%5C%2Fi%3E.%2017.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fweis2020.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F8%5C%2F2020%5C%2F06%5C%2Fweis20-final23.pdf%27%3Ehttps%3A%5C%2F%5C%2Fweis2020.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F8%5C%2F2020%5C%2F06%5C%2Fweis20-final23.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Understanding%20the%20Knowledge%20Gap%3A%20How%20Security%20Awareness%20Influences%20the%20Adoption%20of%20Industrial%20IoT%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Verena%22%2C%22lastName%22%3A%22Schrama%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlo%20H%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Doris%22%2C%22lastName%22%3A%22Aschenbrenner%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Mark%22%2C%22lastName%22%3A%22de%20Reuver%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Kevin%22%2C%22lastName%22%3A%22Borgolte%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tobias%22%2C%22lastName%22%3A%22Fiebig%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22TU%22%2C%22lastName%22%3A%22Delft%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22V%20C%20M%22%2C%22lastName%22%3A%22Schrama%22%7D%5D%2C%22abstractNote%22%3A%22The%20Internet-of-Things%20is%20no%20longer%20confined%20to%20endusers%20and%20private%20homes.%20Industrial%20IoT%20%28IIoT%29%20is%20supposed%20to%20improve%20industrial%20processes%20and%20make%20them%20more%20efficient.%20However%2C%20IIoT%20technologies%20may%20also%20pose%20%28significant%29%20security%20threats.%20Therefore%2C%20it%20is%20important%20to%20understand%20the%20balance%20between%20security%20awareness%20and%20willingness%20to%20adopt%20IIoT%20among%20manufacturing%20companies.%22%2C%22date%22%3A%222020%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%22Proceedings%20of%20the%202020%20Workshop%20on%20the%20Economics%20of%20Information%20Security%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fweis2020.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F8%5C%2F2020%5C%2F06%5C%2Fweis20-final23.pdf%22%2C%22collections%22%3A%5B%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A11%3A14Z%22%7D%7D%5D%7D
Walree, T. F., & Wolters, P. T. J. (2020). The right to compensation of a competitor for a violation of the GDPR. International Data Privacy Law, 10(4), 346–355. https://doi.org/10.1093/idpl/ipaa018
Pirocca, S., Allodi, L., & Zannone, N. (2020). A Toolkit for Security Awareness Training Against Targeted Phishing (pp. 137–159). https://doi.org/10.1007/978-3-030-65610-2_9
Rosso, M., Campobasso, M., Gankhuyag, G., & Allodi, L. (2020). SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers. Annual Computer Security Applications Conference, 141–153. https://doi.org/10.1145/3427228.3427233
Campobasso, M., & Allodi, L. (2020). Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 1665–1680. https://doi.org/10.1145/3372297.3417892
Schrama, V., Gañán, C. H., Aschenbrenner, D., de Reuver, M., Borgolte, K., Fiebig, T., Delft, T., & Schrama, V. C. M. (2020). Understanding the Knowledge Gap: How Security Awareness Influences the Adoption of Industrial IoT. 17. https://weis2020.econinfosec.org/wp-content/uploads/sites/8/2020/06/weis20-final23.pdf
4530785
2022
items
1
0
date
asc
4000
https://intersct.nl/wp-content/plugins/zotpress/
%7B%22status%22%3A%22success%22%2C%22updateneeded%22%3Afalse%2C%22instance%22%3A%22zotpress-abee4541fe8a34c43a51d160a40bca8a%22%2C%22meta%22%3A%7B%22request_last%22%3A0%2C%22request_next%22%3A0%2C%22used_cache%22%3Atrue%7D%2C%22data%22%3A%5B%7B%22key%22%3A%227BQRDC3I%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Luca%20Morgese%20Zangrandi%20et%20al.%22%2C%22parsedDate%22%3A%222022%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ELuca%20Morgese%20Zangrandi%2C%20Thijs%20van%20Ede%2C%20Tim%20Booij%2C%20Savio%20Sciancalepore%2C%20Luca%20Allodi%2C%20%26amp%3B%20Andrea%20Continella.%20%282022%29.%20%3Ci%3EStepping%20out%20of%20the%20MUD%3A%20Contextual%20threat%20information%20for%20IoT%20devices%20with%20manufacturer-provided%20behaviour%20profiles%3C%5C%2Fi%3E.%20Annual%20Computer%20Security%20Applications%20Security%20Conference.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fvm-thijs.ewi.utwente.nl%5C%2Fstatic%5C%2Fhomepage%5C%2Fpapers%5C%2Fmudscope.pdf%27%3Ehttps%3A%5C%2F%5C%2Fvm-thijs.ewi.utwente.nl%5C%2Fstatic%5C%2Fhomepage%5C%2Fpapers%5C%2Fmudscope.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Stepping%20out%20of%20the%20MUD%3A%20Contextual%20threat%20information%20for%20IoT%20devices%20with%20manufacturer-provided%20behaviour%20profiles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Luca%20Morgese%20Zangrandi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Thijs%20van%20Ede%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Tim%20Booij%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Savio%20Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Luca%20Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22name%22%3A%22Andrea%20Continella%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%222022%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%22Annual%20Computer%20Security%20Applications%20Security%20Conference%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fvm-thijs.ewi.utwente.nl%5C%2Fstatic%5C%2Fhomepage%5C%2Fpapers%5C%2Fmudscope.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-12-09T11%3A47%3A58Z%22%7D%7D%2C%7B%22key%22%3A%223BRV7I2B%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22lastModifiedByUser%22%3A%7B%22id%22%3A6036767%2C%22username%22%3A%22imperador%22%2C%22name%22%3A%22%22%2C%22links%22%3A%7B%22alternate%22%3A%7B%22href%22%3A%22https%3A%5C%2F%5C%2Fwww.zotero.org%5C%2Fimperador%22%2C%22type%22%3A%22text%5C%2Fhtml%22%7D%7D%7D%2C%22creatorSummary%22%3A%22Sciancalepore%20and%20George%22%2C%22parsedDate%22%3A%222022%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESciancalepore%2C%20S.%2C%20%26amp%3B%20George%2C%20D.%20R.%20%282022%29.%20Privacy-Preserving%20Trajectory%20Matching%20on%20Autonomous%20Unmanned%20Aerial%20Vehicles.%20%3Ci%3EProceedings%20of%20the%2038th%20Annual%20Computer%20Security%20Applications%20Conference%3C%5C%2Fi%3E.%20Annual%20Computer%20Security%20Applications%20Conference.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3564625.3564626%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3564625.3564626%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Privacy-Preserving%20Trajectory%20Matching%20on%20Autonomous%20Unmanned%20Aerial%20Vehicles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Dominik%20Roy%22%2C%22lastName%22%3A%22George%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%222022%22%2C%22proceedingsTitle%22%3A%22Proceedings%20of%20the%2038th%20Annual%20Computer%20Security%20Applications%20Conference%22%2C%22conferenceName%22%3A%22Annual%20Computer%20Security%20Applications%20Conference%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3564625.3564626%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22%22%2C%22collections%22%3A%5B%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222023-05-31T08%3A03%3A29Z%22%7D%7D%2C%7B%22key%22%3A%22HXXBKCRV%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22George%20and%20Sciancalepore%22%2C%22parsedDate%22%3A%222022%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EGeorge%2C%20D.%20R.%2C%20%26amp%3B%20Sciancalepore%2C%20S.%20%282022%29.%20PRM%20-%20Private%20Interference%20Discovery%20for%20IEEE%20802.15.%204%20Networks.%20%3Ci%3E2022%20IEEE%20Conference%20on%20Communications%20and%20Network%20Security%20%28CNS%29%3C%5C%2Fi%3E%2C%20136%26%23x2013%3B144.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCNS56114.2022.9947236%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCNS56114.2022.9947236%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22PRM%20-%20Private%20Interference%20Discovery%20for%20IEEE%20802.15.%204%20Networks%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Dominik%20Roy%22%2C%22lastName%22%3A%22George%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%5D%2C%22abstractNote%22%3A%22Due%20to%20the%20mobile%20and%20pervasive%20nature%20of%20IoT%20networks%2C%20even%20more%20frequently%2C%20multiple%20IoT%20networks%20managed%20by%20different%20network%20administrators%20share%20the%20same%20spectrum%20and%20operate%20in%20the%20same%20area%2C%20leading%20to%20packet%20losses%20and%20degradation%20of%20the%20Quality%20of%20Service%20%28QoS%29.%20Assuming%20the%20use%20of%20the%20widespread%20IEEE%20802.15.4%20communication%20technology%2C%20the%20most%20straightforward%20solution%20would%20be%20to%20allow%20the%20networks%20to%20share%20the%20local%20Radio%20Scheduling%20Table%20%28RST%29%20to%20optimize%20channel%20access.%20However%2C%20exchanging%20the%20RST%20can%20leak%20several%20key%20information%2C%20such%20as%20the%20topology%20of%20the%20network%2C%20the%20number%20of%20devices%2C%20and%20the%20channel%20access%20patterns.%20To%20address%20such%20problems%2C%20we%20present%20PRM%2C%20the%20first%20scheme%20for%20discovering%20in%20advance%20potential%20interferences%20among%20IEEE%20802.15.4%20networks%2C%20without%20exposing%20the%20whole%20RST%20to%20untrusted%20parties.%20Our%20solution%20adapts%20a%20protocol%20for%20Private%20Set%20Intersection%2C%20while%20combining%20it%20with%20an%20innovative%20iterative%20set%20division%20algorithm%2C%20making%20the%20whole%20solution%20feasible%20on%20constrained%20devices%20of%20the%20IoT%20domain.%20Our%20experimental%20performance%20assessment%2C%20carried%20out%20on%20heterogeneous%20devices%2C%20shows%20that%20PRM%20can%20discover%20colliding%20channel%20assignments%20in%20less%20than%201%20sec.%20on%20more%20capable%20embedded%20devices%20%28e.g.%2C%20the%20Raspberry%20PI%29%2C%20while%20also%20being%20feasible%20for%20more%20constrained%20platforms%20%28e.g.%2C%20the%20ESPCopter%29%2C%20depending%20on%20the%20amount%20of%20used%20radio%20resources.%22%2C%22date%22%3A%222022%22%2C%22proceedingsTitle%22%3A%222022%20IEEE%20Conference%20on%20Communications%20and%20Network%20Security%20%28CNS%29%22%2C%22conferenceName%22%3A%222022%20IEEE%20Conference%20on%20Communications%20and%20Network%20Security%20%28CNS%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FCNS56114.2022.9947236%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCNS56114.2022.9947236%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222023-05-31T08%3A09%3A00Z%22%7D%7D%2C%7B%22key%22%3A%22SQT9V5HQ%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Leukfeldt%20and%20Holt%22%2C%22parsedDate%22%3A%222022-01-01%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ELeukfeldt%2C%20E.%20R.%2C%20%26amp%3B%20Holt%2C%20T.%20J.%20%282022%29.%20Cybercrime%20on%20the%20menu%3F%20Examining%20cafeteria-style%20offending%20among%20financially%20motivated%20cybercriminals.%20%3Ci%3EComputers%20in%20Human%20Behavior%3C%5C%2Fi%3E%2C%20%3Ci%3E126%3C%5C%2Fi%3E%2C%20106979.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chb.2021.106979%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chb.2021.106979%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Cybercrime%20on%20the%20menu%3F%20Examining%20cafeteria-style%20offending%20among%20financially%20motivated%20cybercriminals%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Eric%20Rutger%22%2C%22lastName%22%3A%22Leukfeldt%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Thomas%20J.%22%2C%22lastName%22%3A%22Holt%22%7D%5D%2C%22abstractNote%22%3A%22Criminologists%20have%20frequently%20debated%20whether%20offenders%20are%20specialists%2C%20in%20that%20they%20consistently%20perform%20either%20one%20offense%20or%20similar%20offenses%2C%20or%20versatile%20by%20performing%20any%20crime%20based%20on%20opportunities%20and%20situational%20provocations.%20Such%20foundational%20research%20has%20yet%20to%20be%20developed%20regarding%20cybercrimes%2C%20or%20offenses%20enabled%20by%20computer%20technology%20and%20the%20Internet.%20This%20study%20address%20this%20issue%20using%20a%20sample%20of%2037%20offender%20networks.%20The%20results%20show%20variations%20in%20the%20offending%20behaviors%20of%20those%20involved%20in%20cybercrime.%20Almost%20half%20of%20the%20offender%20networks%20in%20this%20sample%20appeared%20to%20be%20cybercrime%20specialists%2C%20in%20that%20they%20only%20performed%20certain%20forms%20of%20cybercrime.%20The%20other%20half%20performed%20various%20types%20of%20crimes%20on%20and%20offline.%20The%20relative%20equity%20in%20specialization%20relative%20to%20versatility%2C%20particularly%20in%20both%20on%20and%20offline%20activities%2C%20suggests%20that%20there%20may%20be%20limited%20value%20in%20treating%20cybercriminals%20as%20a%20distinct%20offender%20group.%20Furthermore%2C%20this%20study%20calls%20to%20question%20what%20factors%20influence%20an%20offender%27s%20pathway%20into%20cybercrime%2C%20whether%20as%20a%20specialized%20or%20versatile%20offender.%20The%20actors%20involved%20in%20cybercrime%20networks%2C%20whether%20as%20specialists%20or%20generalists%2C%20were%20enmeshed%20into%20broader%20online%20offender%20networks%20who%20may%20have%20helped%20recognize%20and%20act%20on%20opportunities%20to%20engage%20in%20phishing%2C%20malware%2C%20and%20other%20economic%20offenses.%22%2C%22date%22%3A%22January%201%202022%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.1016%5C%2Fj.chb.2021.106979%22%2C%22ISSN%22%3A%220747-5632%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.sciencedirect.com%5C%2Fscience%5C%2Farticle%5C%2Fpii%5C%2FS0747563221003022%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-01-26T15%3A27%3A19Z%22%7D%7D%2C%7B%22key%22%3A%22FHR6AMIT%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Sciancalepore%20and%20Zannone%22%2C%22parsedDate%22%3A%222022-01-05%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESciancalepore%2C%20S.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282022%29.%20PICO%3A%20Privacy-Preserving%20Access%20Control%20in%20IoT%20Scenarios%20through%20Incomplete%20Information.%20%3Ci%3EThe%2037th%20ACM%5C%2FSIGAPP%20Symposium%20on%20Applied%20Computing%20%28SAC%20%26%23x2019%3B22%29%3C%5C%2Fi%3E%2C%2010.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2022%5C%2F01%5C%2Fiot_ac_uncertainty-1.pdf%27%3Ehttps%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2022%5C%2F01%5C%2Fiot_ac_uncertainty-1.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22PICO%3A%20Privacy-Preserving%20Access%20Control%20in%20IoT%20Scenarios%20through%20Incomplete%20Information%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22Internet%20of%20Things%20%28IoT%29%20platforms%20typically%20require%20IoT%20devices%20and%20users%20to%20provide%20fine-grained%20information%20to%20determine%20whether%20access%20to%20resources%20and%20services%20can%20be%20granted.%20However%2C%20this%20information%20can%20be%20sensitive%20for%20users%20and%20its%20disclosure%20can%20lead%20to%20severe%20privacy%20threats%2C%20forcing%20users%20to%20decide%20between%20receiving%20a%20service%20or%20protecting%20their%20privacy.%20To%20close%20this%20gap%2C%20this%20work%20proposes%20PICO%2C%20a%20framework%20for%20privacy-preserving%20access%20control%20in%20IoT%20scenarios%20through%20incomplete%20information.%20PICO%20allows%20IoT%20devices%20to%20evaluate%20the%20privacy%20risks%20of%20disclosing%20the%20information%20needed%20to%20access%20a%20service%20and%20determine%20at%20which%20level%20of%20granularity%20such%20information%20can%20be%20disclosed.%20At%20the%20same%20time%2C%20PICO%20empowers%20IoT%20platforms%20to%20evaluate%20access%20control%20policies%20even%20when%20incomplete%20information%20is%20provided%20and%20possibly%20grant%20access%20to%20services%20based%20on%20a%20customized%20service-dependent%20risk%20factor.%20Through%20simulations%20using%20data%20from%20real%20IoT%20devices%2C%20we%20show%20the%20existence%20of%20a%20trade-off%20between%20privacy%20and%20energy%20consumption%20on%20IoT%20devices%20running%20PICO%2C%20and%20that%20more%20privacy%20can%20be%20achieved%20for%20such%20devices%20only%20by%20sacrificing%20a%20consistent%20portion%20of%20the%20overall%20energy%20capacity.%22%2C%22date%22%3A%22January%205%202022%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISSN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2022%5C%2F01%5C%2Fiot_ac_uncertainty-1.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A51%3A48Z%22%7D%7D%2C%7B%22key%22%3A%22XCQX346M%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Dalla%20Corte%22%2C%22parsedDate%22%3A%222022-07-21%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EDalla%20Corte%2C%20L.%20%282022%29.%20On%20proportionality%20in%20the%20data%20protection%20jurisprudence%20of%20the%20CJEU.%20%3Ci%3EInternational%20Data%20Privacy%20Law%3C%5C%2Fi%3E%2C%20ipac014.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipac014%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipac014%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22On%20proportionality%20in%20the%20data%20protection%20jurisprudence%20of%20the%20CJEU%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Lorenzo%22%2C%22lastName%22%3A%22Dalla%20Corte%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%22July%2021%202022%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1093%5C%2Fidpl%5C%2Fipac014%22%2C%22ISSN%22%3A%222044-3994%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipac014%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-07-27T13%3A21%3A36Z%22%7D%7D%5D%7D
Luca Morgese Zangrandi, Thijs van Ede, Tim Booij, Savio Sciancalepore, Luca Allodi, & Andrea Continella. (2022). Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behaviour profiles. Annual Computer Security Applications Security Conference. https://vm-thijs.ewi.utwente.nl/static/homepage/papers/mudscope.pdf
Sciancalepore, S., & George, D. R. (2022). Privacy-Preserving Trajectory Matching on Autonomous Unmanned Aerial Vehicles. Proceedings of the 38th Annual Computer Security Applications Conference. Annual Computer Security Applications Conference. https://doi.org/https://doi.org/10.1145/3564625.3564626
George, D. R., & Sciancalepore, S. (2022). PRM - Private Interference Discovery for IEEE 802.15. 4 Networks. 2022 IEEE Conference on Communications and Network Security (CNS), 136–144. https://doi.org/10.1109/CNS56114.2022.9947236
Leukfeldt, E. R., & Holt, T. J. (2022). Cybercrime on the menu? Examining cafeteria-style offending among financially motivated cybercriminals. Computers in Human Behavior, 126, 106979. https://doi.org/10.1016/j.chb.2021.106979
Sciancalepore, S., & Zannone, N. (2022). PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information. The 37th ACM/SIGAPP Symposium on Applied Computing (SAC ’22), 10. https://intersct.nl/wp-content/uploads/2022/01/iot_ac_uncertainty-1.pdf
Dalla Corte, L. (2022). On proportionality in the data protection jurisprudence of the CJEU. International Data Privacy Law, ipac014. https://doi.org/10.1093/idpl/ipac014
4530785
2021
items
1
0
date
asc
4000
https://intersct.nl/wp-content/plugins/zotpress/
%7B%22status%22%3A%22success%22%2C%22updateneeded%22%3Afalse%2C%22instance%22%3A%22zotpress-6afcf7f10054342fb815a5bba28164e8%22%2C%22meta%22%3A%7B%22request_last%22%3A0%2C%22request_next%22%3A0%2C%22used_cache%22%3Atrue%7D%2C%22data%22%3A%5B%7B%22key%22%3A%22D4XU6RA3%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Van%20Aubel%20and%20Poll%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EVan%20Aubel%2C%20P.%2C%20%26amp%3B%20Poll%2C%20E.%20%282021%29.%20Compromised%20through%20Compression%20%26%23x2013%3B%20Privacy%20Implications%20of%20Smart%20Meter%20Traffic%20Analysis.%20%3Ci%3ELecture%20Notes%20of%20the%20Institute%20for%20Computer%20Sciences%2C%20Social%20Informatics%20and%20Telecommunications%20Engineering%202021%3C%5C%2Fi%3E%2C%20%3Ci%3E399%3C%5C%2Fi%3E%2C%20317%26%23x2013%3B337.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-90022-9_16%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-90022-9_16%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Compromised%20through%20Compression%20%5Cu2013%20Privacy%20Implications%20of%20Smart%20Meter%20Traffic%20Analysis%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pol%22%2C%22lastName%22%3A%22Van%20Aubel%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Erik%22%2C%22lastName%22%3A%22Poll%22%7D%5D%2C%22abstractNote%22%3A%22Smart%20metering%20comes%20with%20risks%20to%20privacy.%20One%20concern%20is%5Cnthe%20possibility%20of%20an%20attacker%20seeing%20the%20traffic%20that%20reports%20the%20energy%20use%5Cnof%20a%20household%20and%20deriving%20private%20information%20from%20that.%20Encryption%5Cnhelps%20to%20mask%20the%20actual%20energy%20measurements%2C%20but%20is%20not%20sufficient%20to%5Cncover%20all%20risks.%20One%20aspect%20which%20has%20yet%20gone%20unexplored%20%5Cu2013%20and%20where%5Cnencryption%20does%20not%20help%20%5Cu2013%20is%20traffic%20analysis%2C%20i.e.%20whether%20the%20length%20of%5Cnmessages%20communicating%20energy%20measurements%20can%20leak%20privacy-sensitive%5Cninformation%20to%20an%20observer.%20In%20this%20paper%20we%20examine%20whether%20using%5Cnencodings%20or%20compression%20for%20smart%20metering%20data%20could%20potentially%20leak%5Cninformation%20about%20household%20energy%20use.%20Our%20analysis%20is%20based%20on%20the%5Cnreal-world%20energy%20use%20data%20of%20%5Cu00b180%20Dutch%20households.%5CnWe%20find%20that%20traffic%20analysis%20could%20reveal%20information%20about%20the%20energy%5Cnuse%20of%20individual%20households%20if%20compression%20is%20used.%20As%20a%20result%2C%20when%5Cnmessages%20are%20sent%20daily%2C%20an%20attacker%20performing%20traffic%20analysis%20would%5Cnbe%20able%20to%20determine%20when%20all%20the%20members%20of%20a%20household%20are%20away%5Cnor%20not%20using%20electricity%20for%20an%20entire%20day.%20We%20demonstrate%20this%20issue%20by%5Cnrecognizing%20when%20households%20from%20our%20dataset%20were%20on%20holiday.%20If%20messages%20are%20sent%20more%20often%2C%20more%20granular%20living%20patterns%20could%20likely%20be%5Cndetermined.%5CnWe%20propose%20a%20method%20of%20encoding%20the%20data%20that%20is%20nearly%20as%20effective%20as%5Cncompression%20at%20reducing%20message%20size%2C%20but%20does%20not%20leak%20the%20information%5Cnthat%20compression%20leaks.%20By%20not%20requiring%20compression%20to%20achieve%20the%20best%5Cnpossible%20data%20savings%2C%20the%20risk%20of%20traffic%20analysis%20is%20eliminated.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22Lecture%20Notes%20of%20the%20Institute%20for%20Computer%20Sciences%2C%20Social%20Informatics%20and%20Telecommunications%20Engineering%202021%22%2C%22conferenceName%22%3A%22EAI%20SecureComm%202021%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1007%5C%2F978-3-030-90022-9_16%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Flink.springer.com%5C%2Fchapter%5C%2F10.1007%252F978-3-030-90022-9_16%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A45%3A37Z%22%7D%7D%2C%7B%22key%22%3A%22JSCDW9XC%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Dupont%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EDupont%2C%20G.%2C%20Leite%2C%20C.%2C%20dos%20Santos%2C%20D.%20R.%2C%20Costante%2C%20E.%2C%20den%20Hartog%2C%20J.%2C%20%26amp%3B%20Etalle%2C%20S.%20%282021%29.%20Similarity-Based%20Clustering%20For%20IoT%20Device%20Classification.%20%3Ci%3E2021%20IEEE%20International%20Conference%20on%20Omni-Layer%20Intelligent%20Systems%20%28COINS%29%3C%5C%2Fi%3E%2C%201%26%23x2013%3B7.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCOINS51742.2021.9524201%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FCOINS51742.2021.9524201%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Similarity-Based%20Clustering%20For%20IoT%20Device%20Classification%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Guillaume%22%2C%22lastName%22%3A%22Dupont%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Cristoffer%22%2C%22lastName%22%3A%22Leite%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Daniel%20Ricardo%22%2C%22lastName%22%3A%22dos%20Santos%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elisa%22%2C%22lastName%22%3A%22Costante%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Jerry%22%2C%22lastName%22%3A%22den%20Hartog%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Sandro%22%2C%22lastName%22%3A%22Etalle%22%7D%5D%2C%22abstractNote%22%3A%22Classifying%20devices%20connected%20to%20an%20enterprise%20network%20is%20a%20fundamental%20security%20control%20that%20is%20nevertheless%20challenging%20due%20to%20the%20limitations%20of%20fingerprint-based%20classification%20and%20black-box%20machine%20learning.%20In%20this%20paper%2C%20we%20address%20such%20limitations%20by%20proposing%20a%20similarity-based%20clustering%20method.%20We%20evaluate%20our%20solution%20and%20compare%20it%20to%20a%20state-of-the-art%20fingerprint-based%20classification%20engine%20using%20data%20from%2020%2C000%20devices.%20The%20results%20show%20that%20we%20can%20successfully%20classify%20around%20half%20of%20the%20unclassified%20devices%20with%20a%20high%20accuracy.%20We%20also%20validate%20our%20approach%20with%20domain%20experts%20to%20demonstrate%20its%20usability%20in%20producing%20new%20fingerprinting%20rules.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%222021%20IEEE%20International%20Conference%20on%20Omni-Layer%20Intelligent%20Systems%20%28COINS%29%22%2C%22conferenceName%22%3A%222021%20IEEE%20International%20Conference%20on%20Omni-Layer%20Intelligent%20Systems%20%28COINS%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FCOINS51742.2021.9524201%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22%22%2C%22collections%22%3A%5B%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A45%3A27Z%22%7D%7D%2C%7B%22key%22%3A%2224WIZXNK%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Ragab%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ERagab%2C%20H.%2C%20Barberis%2C%20E.%2C%20Bos%2C%20H.%2C%20%26amp%3B%20Giuffrida%2C%20C.%20%282021%29.%20%3Ci%3ERage%20Against%20the%20Machine%20Clear%3A%20A%20Systematic%20Analysis%20of%20Machine%20Clears%20and%20Their%20Implications%20for%20Transient%20Execution%20Attacks%3C%5C%2Fi%3E.%201451%26%23x2013%3B1468.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fwww.usenix.org%5C%2Fconference%5C%2Fusenixsecurity21%5C%2Fpresentation%5C%2Fragab%27%3Ehttps%3A%5C%2F%5C%2Fwww.usenix.org%5C%2Fconference%5C%2Fusenixsecurity21%5C%2Fpresentation%5C%2Fragab%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Rage%20Against%20the%20Machine%20Clear%3A%20A%20Systematic%20Analysis%20of%20Machine%20Clears%20and%20Their%20Implications%20for%20Transient%20Execution%20Attacks%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hany%22%2C%22lastName%22%3A%22Ragab%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Enrico%22%2C%22lastName%22%3A%22Barberis%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Herbert%22%2C%22lastName%22%3A%22Bos%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Cristiano%22%2C%22lastName%22%3A%22Giuffrida%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%2230th%20USENIX%20Security%20Symposium%20%28USENIX%20Security%2021%29%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22978-1-939133-24-3%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.usenix.org%5C%2Fconference%5C%2Fusenixsecurity21%5C%2Fpresentation%5C%2Fragab%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A32%3A36Z%22%7D%7D%2C%7B%22key%22%3A%22VHLRPZD6%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Burda%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EBurda%2C%20P.%2C%20Allodi%2C%20L.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282021%29.%20%3Ci%3EDissecting%20Social%20Engineering%20Attacks%20Through%20the%20Lenses%20of%20Cognition%3C%5C%2Fi%3E.%20149%26%23x2013%3B160.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00024%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00024%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Dissecting%20Social%20Engineering%20Attacks%20Through%20the%20Lenses%20of%20Cognition%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pavlo%22%2C%22lastName%22%3A%22Burda%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22In%20this%20paper%20we%20present%2C%20showcase%2C%20and%20analize%20a%20novel%20framework%20to%20dissect%20Social%20Engineering%20%28SE%29%20attacks.%20The%20framework%20is%20based%20on%20extant%20theories%20in%20the%20cognitive%20sciences%2C%20and%20is%20meant%20as%20an%20instrument%20for%20researchers%20and%20practitioners%20alike%20to%20structure%20and%20analyze%20SE%20attacks%20of%20varying%20sophistication%2C%20isolating%20specific%20features%20and%20their%20effects%20at%20the%20cognitive%20level%2C%20and%20providing%20a%20common%20structure%20for%20comparisons%20across%20different%20attacks.%20We%20showcase%20the%20framework%20against%20attacks%20reproduced%20in%20the%20academic%20literature%20as%20well%20as%20against%20real%20%28highly-targeted%29%20SE%20attacks%20reported%20in%20the%20wild%2C%20isolating%20and%20relating%20effects%20and%20techniques%20adopted%20by%20the%20attackers%20to%20the%20target%26%23x2019%3Bs%20cognitive%20process.%20We%20discuss%20implications%20for%20research%20and%20practice%20of%20the%20proposed%20framework.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20Workshops%20%28EuroS%26PW%29%22%2C%22language%22%3A%22English%22%2C%22DOI%22%3A%2210.1109%5C%2FEuroSPW54576.2021.00024%22%2C%22ISBN%22%3A%22978-1-66541-012-0%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.computer.org%5C%2Fcsdl%5C%2Fproceedings-article%5C%2Feuros%26pw%5C%2F2021%5C%2F999900a149%5C%2F1y63kTlpFpC%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A36%3A39Z%22%7D%7D%2C%7B%22key%22%3A%22TFKUGNHJ%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Meijaard%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EMeijaard%2C%20Y.%2C%20Meiler%2C%20P.-P.%2C%20%26amp%3B%20Allodi%2C%20L.%20%282021%29.%20%3Ci%3EModelling%20Disruptive%20APTs%20targeting%20Critical%20Infrastructure%20using%20Military%20Theory%3C%5C%2Fi%3E.%20178%26%23x2013%3B190.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00026%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSPW54576.2021.00026%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Modelling%20Disruptive%20APTs%20targeting%20Critical%20Infrastructure%20using%20Military%20Theory%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Yoram%22%2C%22lastName%22%3A%22Meijaard%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Peter-Paul%22%2C%22lastName%22%3A%22Meiler%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%5D%2C%22abstractNote%22%3A%22Disruptive%20Advanced%20Persistent%20Threats%20%28D-APTs%29%20are%20a%20new%20sophisticated%20class%20of%20cyberattacks%20targeting%20critical%20infrastructures.%20Whereas%20regular%20APTs%20are%20well-described%20in%20the%20literature%2C%20no%20existing%20APT%20kill%20chain%20model%20incorporates%20the%20disruptive%20actions%20of%20D-APTs%20and%20can%20be%20used%20to%20represent%20DAPTs%20in%20data.%20To%20this%20aim%2C%20the%20contribution%20of%20this%20paper%20is%20twofold%3A%20first%2C%20we%20review%20the%20evolution%20of%20existing%20APT%20kill%20chain%20models.%20Second%2C%20we%20present%20a%20novel%20D-APT%20model%20based%20on%20existing%20ATP%20models%20and%20military%20theory.%20The%20model%20describes%20the%20strategic%20objective%20setting%2C%20the%20operational%20kill%20chain%20and%20the%20tactics%20of%20the%20attacker%2C%20as%20well%20as%20the%20defender%26%23x2019%3Bs%20critical%20infrastructure%2C%20processes%20and%20societal%20function.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20Workshops%20%28EuroS%26PW%29%22%2C%22language%22%3A%22English%22%2C%22DOI%22%3A%2210.1109%5C%2FEuroSPW54576.2021.00026%22%2C%22ISBN%22%3A%22978-1-66541-012-0%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.computer.org%5C%2Fcsdl%5C%2Fproceedings-article%5C%2Feuros%26pw%5C%2F2021%5C%2F999900a178%5C%2F1y63lcSC3qU%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A37%3A22Z%22%7D%7D%2C%7B%22key%22%3A%22VWPQKDXX%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Noroozian%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ENoroozian%2C%20A.%2C%20Rodriguez%2C%20E.%20T.%2C%20Lastdrager%2C%20E.%2C%20Kasama%2C%20T.%2C%20Van%20Eeten%2C%20M.%2C%20%26amp%3B%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%20H.%20%282021%29.%20Can%20ISPs%20Help%20Mitigate%20IoT%20Malware%3F%20A%20Longitudinal%20Study%20of%20Broadband%20ISP%20Security%20Efforts.%20%3Ci%3E2021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20%28EuroS%20P%29%3C%5C%2Fi%3E%2C%20337%26%23x2013%3B352.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSP51992.2021.00031%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FEuroSP51992.2021.00031%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Can%20ISPs%20Help%20Mitigate%20IoT%20Malware%3F%20A%20Longitudinal%20Study%20of%20Broadband%20ISP%20Security%20Efforts%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Arman%22%2C%22lastName%22%3A%22Noroozian%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elsa%20Turcios%22%2C%22lastName%22%3A%22Rodriguez%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elmer%22%2C%22lastName%22%3A%22Lastdrager%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Takahiro%22%2C%22lastName%22%3A%22Kasama%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michel%22%2C%22lastName%22%3A%22Van%20Eeten%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlos%20H.%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%5D%2C%22abstractNote%22%3A%22For%20the%20mitigation%20of%20compromised%20Internet%20of%20Things%20%28IoT%29%20devices%20we%20rely%20on%20Internet%20Service%20Providers%20%28ISPs%29%20and%20their%20users.%20Given%20that%20devices%20are%20in%20the%20hands%20of%20their%20subscribers%2C%20what%20can%20ISPs%20realistically%20do%3F%20This%20study%20examines%20the%20effects%20of%20ISP%20countermeasures%20on%20infections%20caused%20by%20variants%20of%20the%20notorious%20Mirai%20family%20of%20IoT%20malware%2C%20still%20among%20the%20dominant%20families.%20We%20collect%20and%20analyze%20more%20than%204%20years%20of%20longitudinal%20darknet%20data%20tracking%20Mirai-like%20infections%20in%20conjunction%20with%20threat%20intelligence%20data%20on%20various%20other%20IoT%20and%20non-IoT%20botnets%20across%20the%20globe%20from%20January%202016%20to%20May%202020.%20We%20measure%20the%20effect%20of%20two%20ISP%20countermeasures%20on%20Mirai%20variant%20infection%20numbers%3A%20%28i%29%20reducing%20the%20attack%20surface%20%28i.e.%2C%20closing%20ports%20that%20are%20used%20by%20the%20malware%20for%20propagation%29%20and%20%28ii%29%20ISPs%20increasing%20their%20general%20network%20hygiene%20and%20malware%20removal%20efforts%20%28as%20observed%20by%20proxy%20of%20the%20remediation%20of%20infections%20of%20other%20families%20of%20IoT%20and%20non-IoT%20malware%20and%20reductions%20in%20the%20number%20of%20DDoS%20amplifiers%20in%20their%20networks%29.%20We%20map%20our%20infection%20data%20to%20342%20broadband%20providers%20that%20have%20the%20bulk%20of%20the%20broadband%20market%20share%20in%20their%20respective%2083%20countries.%20We%20find%20that%20the%20number%20of%20infections%20correlates%20strongly%20with%20the%20number%20of%20ISP%20subscribers%20%28%24R%5E2%3D0.55%24%29.%20Yet%2C%20infection%20numbers%20can%20still%20vary%20by%20three%20orders%20of%20magnitude%20even%20for%20ISPs%20with%20comparable%20subscriber%20numbers.%20We%20observe%20that%20many%20ISPs%2C%20together%20with%20their%20subscribers%2C%20have%20reduced%20their%20attack%20surface%20for%20IoT%20compromise%20by%20blocking%20traffic%20to%20commonly-exploited%20infection%20vectors%20such%20as%20Telnet%20and%20FTP.%20We%20statistically%20estimate%20the%20impact%20of%20these%20reductions%20on%20infection%20levels%20and%2C%20counter-intuitively%2C%20find%20no%20significant%20impact.%20In%20contrast%2C%20we%20do%20find%20a%20significant%20impact%20for%20improving%20general%20network%20hygiene%20and%20best%20malware%20mitigation%20practices.%20ISPs%20that%20were%20more%20successful%20in%20reducing%20DDoS%20amplifiers%20and%20non-Mirai%20malware%20infections%20in%20their%20networks%20also%20end%20up%20with%20significantly%20lower%20Mirai%20infection%20rates.%20In%20other%20words%2C%20rather%20than%20investing%20in%20IoT-specific%20countermeasures%20like%20reducing%20the%20attack%20surface%2C%20our%20findings%20suggest%20that%20ISPs%20might%20be%20better%20off%20investing%20in%20general%20security%20efforts%20to%20improve%20network%20hygiene%20and%20clean%20up%20abuse.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20%28EuroS%20P%29%22%2C%22conferenceName%22%3A%222021%20IEEE%20European%20Symposium%20on%20Security%20and%20Privacy%20%28EuroS%20P%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FEuroSP51992.2021.00031%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fieeexplore.ieee.org%5C%2Fdocument%5C%2F9581172%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A43%3A11Z%22%7D%7D%2C%7B%22key%22%3A%22DQQ7PMJX%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Asadi%20Khashooei%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EAsadi%20Khashooei%2C%20B.%2C%20Vasenev%2C%20A.%2C%20%26amp%3B%20Kocademir%2C%20H.%20A.%20%282021%29.%20Structured%20Traceability%20of%20Security%20and%20Privacy%20Principles%20for%20Designing%20Safe%20Automated%20Systems.%20In%20I.%20Habli%2C%20M.%20Sujan%2C%20S.%20Gerasimou%2C%20E.%20Schoitsch%2C%20%26amp%3B%20F.%20Bitsch%20%28Eds.%29%2C%20%3Ci%3EComputer%20Safety%2C%20Reliability%2C%20and%20Security.%20SAFECOMP%202021%20Workshops%3C%5C%2Fi%3E%20%28pp.%2052%26%23x2013%3B62%29.%20Springer%20International%20Publishing.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-83906-2_4%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-83906-2_4%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Structured%20Traceability%20of%20Security%20and%20Privacy%20Principles%20for%20Designing%20Safe%20Automated%20Systems%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Behnam%22%2C%22lastName%22%3A%22Asadi%20Khashooei%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Alexandr%22%2C%22lastName%22%3A%22Vasenev%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hasan%20Alper%22%2C%22lastName%22%3A%22Kocademir%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Ibrahim%22%2C%22lastName%22%3A%22Habli%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Mark%22%2C%22lastName%22%3A%22Sujan%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Simos%22%2C%22lastName%22%3A%22Gerasimou%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Erwin%22%2C%22lastName%22%3A%22Schoitsch%22%7D%2C%7B%22creatorType%22%3A%22editor%22%2C%22firstName%22%3A%22Friedemann%22%2C%22lastName%22%3A%22Bitsch%22%7D%5D%2C%22abstractNote%22%3A%22Creating%20modern%20safe%20automated%20systems%20like%20vehicles%20demands%20making%20them%20secure.%20With%20many%20diverse%20components%20addressing%20different%20needs%2C%20it%20is%20hard%20to%20trace%20and%20ensure%20the%20contributions%20of%20components%20to%20the%20overall%20security%20of%20systems.%20Principles%2C%20as%20high-level%20statements%2C%20can%20be%20used%20to%20reason%20how%20components%20contribute%20to%20security%20%28and%20privacy%29%20needs.%20This%20would%20help%20to%20design%20systems%20and%20products%20by%20aligning%20security%20and%20privacy%20concerns.%20The%20structure%20proposed%20in%20this%20positioning%20paper%20helps%20to%20make%20traceable%20links%20from%20stakeholders%20to%20specific%20technologies%20and%20system%20components.%20It%20aims%20at%20informing%20holistic%20discussions%20and%20reasoning%20on%20security%20approaches%20with%20stakeholders%20involved%20in%20the%20system%20development%20process.%20Ultimately%2C%20the%20traceable%20links%20can%20help%20to%20assist%20in%20aligning%20developers%2C%20create%20test%20cases%2C%20and%20provide%20certification%20claims%20-%20essential%20activities%20to%20ensure%20the%20final%20system%20is%20secure%20and%20safe.%22%2C%22date%22%3A%222021%22%2C%22proceedingsTitle%22%3A%22Computer%20Safety%2C%20Reliability%2C%20and%20Security.%20SAFECOMP%202021%20Workshops%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.1007%5C%2F978-3-030-83906-2_4%22%2C%22ISBN%22%3A%22978-3-030-83906-2%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Flink.springer.com%5C%2Fchapter%5C%2F10.1007%5C%2F978-3-030-83906-2_4%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A43%3A39Z%22%7D%7D%2C%7B%22key%22%3A%22XWSU8J4D%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Rodr%5Cu00edguez%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ERodr%26%23xED%3Bguez%2C%20E.%2C%20Noroozian%2C%20A.%2C%20van%20Eeten%2C%20M.%2C%20%26amp%3B%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%20%282021%29.%20Superspreaders%3A%20Quantifying%20the%20Role%20of%20IoT%20Manufacturers%20in%20Device%20Infections.%20%3Ci%3EAnnual%20Workshop%20on%20the%20Economics%20on%20Information%20Security%3C%5C%2Fi%3E%2C%2018.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fweis2021.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F9%5C%2F2021%5C%2F06%5C%2Fweis21-rodriguez.pdf%27%3Ehttps%3A%5C%2F%5C%2Fweis2021.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F9%5C%2F2021%5C%2F06%5C%2Fweis21-rodriguez.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Superspreaders%3A%20Quantifying%20the%20Role%20of%20IoT%20Manufacturers%20in%20Device%20Infections%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Elsa%22%2C%22lastName%22%3A%22Rodr%5Cu00edguez%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Arman%22%2C%22lastName%22%3A%22Noroozian%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michel%22%2C%22lastName%22%3A%22van%20Eeten%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlos%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%5D%2C%22abstractNote%22%3A%22The%20in%5Cufb02ux%20of%20insecure%20IoT%20devices%20into%20the%20consumer%20market%20can%20only%20be%20stemmed%20if%20manufacturers%20adopt%20more%20secure%20practices.%20It%20is%20unlikely%20that%20this%20will%20happen%20without%20government%20involvement.%20Developing%20effective%20regulation%20takes%20years.%20In%20the%20meantime%2C%20governments%20have%20an%20urgent%20need%20to%20engage%20manufacturers%20directly%20to%20stop%20the%20damage%20from%20getting%20worse.%20The%20problem%20is%20that%20there%20are%20many%20thousands%20of%20companies%20that%20produce%20IoT%20devices.%20Where%20to%20start%3F%20In%20this%20paper%2C%20we%20focus%20on%20identifying%20the%20most%20urgent%20class%3A%20the%20manufacturers%20of%20IoT%20devices%20that%20get%20compromised%20in%20the%20wild.%20To%20identify%20the%20manufacturers%20of%20infected%20IoT%2C%20we%20conducted%20active%20scanning%20of%20Mirai-infected%20devices.%20Over%20a%20period%20of%202%20months%2C%20we%20collected%20Web-UI%20images%20and%20banners%20to%20identify%20device%20types%20and%20manufacturers.%20We%20identi%5Cufb01ed%2031%2C950%20infected%20IoT%20devices%20in%2068%20countries%20produced%20by%2070%20unique%20manufacturers.%20We%20found%20that%209%20vendors%20share%20almost%2050%25%20of%20the%20infections.%20This%20pattern%20is%20remarkably%20consistent%20across%20countries%2C%20notwithstanding%20the%20enormous%20variety%20of%20devices%20across%20markets.%20In%20terms%20of%20supporting%20customers%2C%2053%25%20of%20the%2070%20identi%5Cufb01ed%20manufacturers%20offer%20%5Cufb01rmware%20or%20software%20downloads%20on%20their%20websites%2C%2043%25%20provide%20some%20password%20changing%20procedure%2C%20and%2026%25%20of%20the%20manufacturers%20offer%20some%20advice%20to%20protect%20devices%20from%20attacks.%20Our%20%5Cufb01ndings%20suggest%20that%20targeting%20a%20small%20number%20of%20manufacturers%20can%20have%20a%20major%20impact%20on%20overall%20IoT%20security%20and%20that%20governments%20can%20join%20forces%20in%20these%20efforts%2C%20as%20they%20are%20often%20confronted%20with%20the%20same%20manufacturers.%22%2C%22date%22%3A%222021%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISSN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fweis2021.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F9%5C%2F2021%5C%2F06%5C%2Fweis21-rodriguez.pdf%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-01-26T14%3A47%3A23Z%22%7D%7D%2C%7B%22key%22%3A%22DMUCTYGM%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Bouwmeester%20et%20al.%22%2C%22parsedDate%22%3A%222021%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EBouwmeester%2C%20B.%2C%20Turcios%20Rodriguez%2C%20E.%20R.%2C%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%2C%20van%20Eeten%2C%20M.%2C%20%26amp%3B%20Parkin%2C%20S.%20%282021%29.%20The%20thing%20doesn%26%23x2019%3Bt%20have%20a%20name.%20%3Ci%3EProceedings%20of%20the%2017th%20Symposium%20on%20Usable%20Privacy%20and%20Security%2C%20SOUPS%202021%3C%5C%2Fi%3E%2C%20493%26%23x2013%3B512.%20%3Ca%20href%3D%27http%3A%5C%2F%5C%2Fwww.scopus.com%5C%2Finward%5C%2Frecord.url%3Fscp%3D85114464267%26partnerID%3D8YFLogxK%27%3Ehttp%3A%5C%2F%5C%2Fwww.scopus.com%5C%2Finward%5C%2Frecord.url%3Fscp%3D85114464267%26partnerID%3D8YFLogxK%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22The%20thing%20doesn%27t%20have%20a%20name%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Brennen%22%2C%22lastName%22%3A%22Bouwmeester%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22E.R.%22%2C%22lastName%22%3A%22Turcios%20Rodriguez%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlos%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michel%22%2C%22lastName%22%3A%22van%20Eeten%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Simon%22%2C%22lastName%22%3A%22Parkin%22%7D%5D%2C%22abstractNote%22%3A%22Many%20consumer%20Internet-of-Things%20%28IoT%29%20devices%20are%2C%20and%20will%20remain%2C%20subject%20to%20compromise%2C%20often%20without%20the%20owner%27s%20knowledge.%20Internet%20Service%20Providers%20%28ISPs%29%20are%20among%20the%20actors%20best-placed%20to%20coordinate%20the%20remediation%20of%20these%20problems.%20They%20receive%20infection%20data%20and%20can%20notify%20customers%20of%20recommended%20remediation%20actions.%20There%20is%20insufficient%20understanding%20of%20what%20happens%20in%20peoples%27%20homes%20and%20businesses%20during%20attempts%20to%20remediate%20infected%20IoT%20devices.%20We%20coordinate%20with%20an%20ISP%20and%20conduct%20remote%20think-aloud%20observations%20with%2017%20customers%20who%20have%20an%20infected%20device%2C%20capturing%20their%20initial%20efforts%20to%20follow%20best-practice%20remediation%20steps.%20We%20identify%20real%2C%20personal%20consequences%20from%20wide-scale%20interventions%20which%20lack%20situated%20guidance%20for%20applying%20advice.%20Combining%20observations%20and%20thematic%20analysis%2C%20we%20synthesize%20the%20personal%20stories%20of%20the%20successes%20and%20struggles%20of%20these%20customers.%20Most%20participants%20think%20they%20were%20able%20to%20pinpoint%20the%20infected%20device%3B%20however%2C%20there%20were%20common%20issues%20such%20as%20not%20knowing%20how%20to%20comply%20with%20the%20recommended%20actions%2C%20remediations%20regarded%20as%20requiring%20excessive%20effort%2C%20a%20lack%20of%20feedback%20on%20success%2C%20and%20a%20perceived%20lack%20of%20support%20from%20device%20manufacturers.%20Only%204%20of%2017%20participants%20were%20able%20to%20successfully%20complete%20all%20remediation%20steps.%20We%20provide%20recommendations%20relevant%20to%20various%20stakeholders%2C%20to%20focus%20where%20emergent%20interventions%20can%20be%20improved.%22%2C%22date%22%3A%222021%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISSN%22%3A%22%22%2C%22url%22%3A%22http%3A%5C%2F%5C%2Fwww.scopus.com%5C%2Finward%5C%2Frecord.url%3Fscp%3D85114464267%26partnerID%3D8YFLogxK%22%2C%22collections%22%3A%5B%5D%2C%22dateModified%22%3A%222022-01-26T15%3A21%3A29Z%22%7D%7D%2C%7B%22key%22%3A%22DK88EEDW%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Fasano%20et%20al.%22%2C%22parsedDate%22%3A%222021-05-24%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EFasano%2C%20A.%2C%20Ballo%2C%20T.%2C%20Muench%2C%20M.%2C%20Leek%2C%20T.%2C%20Bulekov%2C%20A.%2C%20Dolan-Gavitt%2C%20B.%2C%20Egele%2C%20M.%2C%20Francillon%2C%20A.%2C%20Lu%2C%20L.%2C%20Gregory%2C%20N.%2C%20Balzarotti%2C%20D.%2C%20%26amp%3B%20Robertson%2C%20W.%20%282021%29.%20SoK%3A%20Enabling%20Security%20Analyses%20of%20Embedded%20Systems%20via%20Rehosting.%20In%20%3Ci%3EProceedings%20of%20the%202021%20ACM%20Asia%20Conference%20on%20Computer%20and%20Communications%20Security%3C%5C%2Fi%3E%20%28pp.%20687%26%23x2013%3B701%29.%20Association%20for%20Computing%20Machinery.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3433210.3453093%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3433210.3453093%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22bookSection%22%2C%22title%22%3A%22SoK%3A%20Enabling%20Security%20Analyses%20of%20Embedded%20Systems%20via%20Rehosting%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Andrew%22%2C%22lastName%22%3A%22Fasano%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tiemoko%22%2C%22lastName%22%3A%22Ballo%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Marius%22%2C%22lastName%22%3A%22Muench%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tim%22%2C%22lastName%22%3A%22Leek%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Alexander%22%2C%22lastName%22%3A%22Bulekov%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Brendan%22%2C%22lastName%22%3A%22Dolan-Gavitt%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Manuel%22%2C%22lastName%22%3A%22Egele%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Aur%5Cu00e9lien%22%2C%22lastName%22%3A%22Francillon%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Long%22%2C%22lastName%22%3A%22Lu%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nick%22%2C%22lastName%22%3A%22Gregory%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Davide%22%2C%22lastName%22%3A%22Balzarotti%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22William%22%2C%22lastName%22%3A%22Robertson%22%7D%5D%2C%22abstractNote%22%3A%22Closely%20monitoring%20the%20behavior%20of%20a%20software%20system%20during%20its%20execution%20enables%20developers%20and%20analysts%20to%20observe%2C%20and%20ultimately%20understand%2C%20how%20it%20works.%20This%20kind%20of%20dynamic%20analysis%20can%20be%20instrumental%20to%20reverse%20engineering%2C%20vulnerability%20discovery%2C%20exploit%20development%2C%20and%20debugging.%20While%20these%20analyses%20are%20typically%20well-supported%20for%20homogeneous%20desktop%20platforms%20%28e.g.%2C%20x86%20desktop%20PCs%29%2C%20they%20can%20rarely%20be%20applied%20in%20the%20heterogeneous%20world%20of%20embedded%20systems.%20One%20approach%20to%20enable%20dynamic%20analyses%20of%20embedded%20systems%20is%20to%20move%20software%20stacks%20from%20physical%20systems%20into%20virtual%20environments%20that%20sufficiently%20model%20hardware%20behavior.%20This%20process%20which%20we%20call%20%5C%22rehosting%5C%22%20poses%20a%20significant%20research%20challenge%20with%20major%20implications%20for%20security%20analyses.%20Although%20rehosting%20has%20traditionally%20been%20an%20unscientific%20and%20ad-hoc%20endeavor%20undertaken%20by%20domain%20experts%20with%20varying%20time%20and%20resources%20at%20their%20disposal%2C%20researchers%20are%20beginning%20to%20address%20rehosting%20challenges%20systematically%20and%20in%20earnest.%20In%20this%20paper%2C%20we%20establish%20that%20emulation%20is%20insufficient%20to%20conduct%20large-scale%20dynamic%20analysis%20of%20real-world%20hardware%20systems%20and%20present%20rehosting%20as%20a%20firmware-centric%20alternative.%20Furthermore%2C%20we%20taxonomize%20preliminary%20rehosting%20efforts%2C%20identify%20the%20fundamental%20components%20of%20the%20rehosting%20process%2C%20and%20propose%20directions%20for%20future%20research.%22%2C%22bookTitle%22%3A%22Proceedings%20of%20the%202021%20ACM%20Asia%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22date%22%3A%22May%2024%202021%22%2C%22language%22%3A%22%22%2C%22ISBN%22%3A%22978-1-4503-8287-8%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3433210.3453093%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A34%3A40Z%22%7D%7D%2C%7B%22key%22%3A%22UD7BD8Q3%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Garg%20et%20al.%22%2C%22parsedDate%22%3A%222021-06-08%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EGarg%2C%20C.%2C%20Machiry%2C%20A.%2C%20Continella%2C%20A.%2C%20Kruegel%2C%20C.%2C%20%26amp%3B%20Vigna%2C%20G.%20%282021%29.%20Toward%20a%20Secure%20Crowdsourced%20Location%20Tracking%20System.%20%3Ci%3E14th%20ACM%20Conference%20on%20Security%20and%20Privacy%20in%20Wireless%20and%20Mobile%20Networks%20%28WiSec%29%3C%5C%2Fi%3E%2C%20311%26%23x2013%3B322.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3448300.3467821%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3448300.3467821%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Toward%20a%20Secure%20Crowdsourced%20Location%20Tracking%20System%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Chinmay%22%2C%22lastName%22%3A%22Garg%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Aravind%22%2C%22lastName%22%3A%22Machiry%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Andrea%22%2C%22lastName%22%3A%22Continella%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Christopher%22%2C%22lastName%22%3A%22Kruegel%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Giovanni%22%2C%22lastName%22%3A%22Vigna%22%7D%5D%2C%22abstractNote%22%3A%22%22%2C%22date%22%3A%22Jun%208%202021%22%2C%22proceedingsTitle%22%3A%2214th%20ACM%20Conference%20on%20Security%20and%20Privacy%20in%20Wireless%20and%20Mobile%20Networks%20%28WiSec%29%22%2C%22conferenceName%22%3A%2214th%20ACM%20Conference%20on%20Security%20and%20Privacy%20in%20Wireless%20and%20Mobile%20Networks%22%2C%22language%22%3A%22English%22%2C%22DOI%22%3A%2210.1145%5C%2F3448300.3467821%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fresearch.utwente.nl%5C%2Fen%5C%2Fpublications%5C%2Ftoward-a-secure-crowdsourced-location-tracking-system%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A38%3A23Z%22%7D%7D%2C%7B%22key%22%3A%22T77FBV2F%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Khashooei%20et%20al.%22%2C%22parsedDate%22%3A%222021-06-14%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EKhashooei%2C%20B.%20A.%2C%20Vasenev%2C%20A.%2C%20Kocademir%2C%20H.%20A.%2C%20%26amp%3B%20Mathijssen%2C%20R.%20%282021%29.%20Architecting%20System%20of%20Systems%20Solutions%20with%20Security%20and%20Data-Protection%20Principles.%20%3Ci%3E2021%2016th%20International%20Conference%20of%20System%20of%20Systems%20Engineering%20%28SoSE%29%3C%5C%2Fi%3E%2C%2043%26%23x2013%3B48.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FSOSE52739.2021.9497461%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1109%5C%2FSOSE52739.2021.9497461%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Architecting%20System%20of%20Systems%20Solutions%20with%20Security%20and%20Data-Protection%20Principles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Behnam%20Asadi%22%2C%22lastName%22%3A%22Khashooei%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Alexandr%22%2C%22lastName%22%3A%22Vasenev%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hasan%20Alper%22%2C%22lastName%22%3A%22Kocademir%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Roland%22%2C%22lastName%22%3A%22Mathijssen%22%7D%5D%2C%22abstractNote%22%3A%22The%20rapid%20advancement%20of%20communication%20technology%20realized%20the%20dream%20of%20interconnected%20systems.%20In%20addition%20to%20enabling%20scalability%20and%20flexibility%20of%20solutions%2C%20this%20paradigm%20created%20new%20system%20design%20challenges.%20One%20such%20challenge%20is%20to%20holistically%20address%20security%20and%20privacy%20concerns%20of%20solutions%20early%20in%20design%20while%20respecting%20the%20system%20of%20systems%20context.%20This%20paper%20proposes%20a%20method%20for%20the%20concept%20design%20phase%20on%20how%20to%20create%20design%20alternatives%20with%20the%20help%20of%20security%20and%20data-protection%20principles.%20The%20outcome%20is%20a%20set%20of%20design%20concepts%20that%20reflect%20stakeholders%27%20concerns%20and%20best%20practices.%22%2C%22date%22%3A%22Jun%2014%202021%22%2C%22proceedingsTitle%22%3A%222021%2016th%20International%20Conference%20of%20System%20of%20Systems%20Engineering%20%28SoSE%29%22%2C%22conferenceName%22%3A%222021%2016th%20International%20Conference%20of%20System%20of%20Systems%20Engineering%20%28SoSE%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1109%5C%2FSOSE52739.2021.9497461%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fieeexplore.ieee.org%5C%2Fdocument%5C%2F9497461%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A43%3A56Z%22%7D%7D%2C%7B%22key%22%3A%22KYLF4AZM%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22van%20de%20Weijer%20et%20al.%22%2C%22parsedDate%22%3A%222021-08-01%22%2C%22numChildren%22%3A0%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3Evan%20de%20Weijer%2C%20S.%20G.%20A.%2C%20Holt%2C%20T.%20J.%2C%20%26amp%3B%20Leukfeldt%2C%20E.%20R.%20%282021%29.%20Heterogeneity%20in%20trajectories%20of%20cybercriminals%3A%20A%20longitudinal%20analyses%20of%20web%20defacements.%20%3Ci%3EComputers%20in%20Human%20Behavior%20Reports%3C%5C%2Fi%3E%2C%20%3Ci%3E4%3C%5C%2Fi%3E%2C%20100113.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chbr.2021.100113%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1016%5C%2Fj.chbr.2021.100113%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Heterogeneity%20in%20trajectories%20of%20cybercriminals%3A%20A%20longitudinal%20analyses%20of%20web%20defacements%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Steve%20G.%20A.%22%2C%22lastName%22%3A%22van%20de%20Weijer%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Thomas%20J.%22%2C%22lastName%22%3A%22Holt%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22E.%20Rutger%22%2C%22lastName%22%3A%22Leukfeldt%22%7D%5D%2C%22abstractNote%22%3A%22Longitudinal%20criminological%20studies%20greatly%20improved%20our%20understanding%20of%20the%20longitudinal%20patterns%20of%20criminality.%20These%20studies%2C%20however%2C%20focused%20almost%20exclusively%20on%20traditional%20types%20of%20offending%20and%20it%20is%20therefore%20unclear%20whether%20results%20are%20generalizable%20to%20online%20types%20of%20offending.%20This%20study%20attempted%20to%20identify%20the%20developmental%20trajectories%20of%20active%20hackers%20who%20perform%20web%20defacements.%20The%20data%20for%20this%20study%20consisted%20of%202%2C745%2C311%20attacks%20performed%20by%2066%2C553%20hackers%20and%20reported%20to%20Zone-H%20between%20January%202010%20and%20March%202017.%20Semi-parametric%20group-based%20trajectory%20models%20were%20used%20to%20distinguish%20six%20different%20groups%20of%20hackers%20based%20on%20the%20timing%20and%20frequency%20of%20their%20defacements.%20The%20results%20demonstrated%20some%20common%20relationships%20to%20traditional%20types%20of%20crime%2C%20as%20a%20small%20population%20of%20defacers%20accounted%20for%20the%20majority%20of%20defacements%20against%20websites.%20Additionally%2C%20the%20methods%20and%20targeting%20practices%20of%20defacers%20differed%20based%20on%20the%20frequency%20with%20which%20they%20performed%20defacements%20generally.%22%2C%22date%22%3A%22August%201%202021%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.1016%5C%2Fj.chbr.2021.100113%22%2C%22ISSN%22%3A%222451-9588%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.sciencedirect.com%5C%2Fscience%5C%2Farticle%5C%2Fpii%5C%2FS2451958821000610%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A35%3A14Z%22%7D%7D%2C%7B%22key%22%3A%229USDL8XS%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Gra%5Cu00dfl%20et%20al.%22%2C%22parsedDate%22%3A%222021-08-02%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EGra%26%23xDF%3Bl%2C%20P.%2C%20Schraffenberger%2C%20H.%2C%20Borgesius%2C%20F.%20Z.%2C%20%26amp%3B%20Buijzen%2C%20M.%20%282021%29.%20Dark%20and%20Bright%20Patterns%20in%20Cookie%20Consent%20Requests.%20%3Ci%3EJournal%20of%20Digital%20Social%20Research%3C%5C%2Fi%3E%2C%20%3Ci%3E3%3C%5C%2Fi%3E%281%29%2C%201%26%23x2013%3B38.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.33621%5C%2Fjdsr.v3i1.54%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.33621%5C%2Fjdsr.v3i1.54%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22Dark%20and%20Bright%20Patterns%20in%20Cookie%20Consent%20Requests%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Paul%22%2C%22lastName%22%3A%22Gra%5Cu00dfl%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Hanna%22%2C%22lastName%22%3A%22Schraffenberger%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Frederik%20Zuiderveen%22%2C%22lastName%22%3A%22Borgesius%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Moniek%22%2C%22lastName%22%3A%22Buijzen%22%7D%5D%2C%22abstractNote%22%3A%22Dark%20patterns%20are%20%28evil%29%20design%20nudges%20that%20steer%20people%5Cu2019s%20behaviour%20through%20persuasive%20interface%20design.%20Increasingly%20found%20in%20cookie%20consent%20requests%2C%20they%20possibly%20undermine%20principles%20of%20EU%20privacy%20law.%20In%20two%20preregistered%20online%20experiments%20we%20investigated%20the%20effects%20of%20three%20common%20design%20nudges%20%28default%2C%20aesthetic%20manipulation%2C%20obstruction%29%20on%20users%5Cu2019%20consent%20decisions%20and%20their%20perception%20of%20control%20over%20their%20personal%20data%20in%20these%20situations.%20In%20the%20first%20experiment%20%28N%20%3D%20228%29%20we%20explored%20the%20effects%20of%20design%20nudges%20towards%20the%20privacy-unfriendly%20option%20%28dark%20patterns%29.%20The%20experiment%20revealed%20that%20most%20participants%20agreed%20to%20all%20consent%20requests%20regardless%20of%20dark%20design%20nudges.%20Unexpectedly%2C%20despite%20generally%20low%20levels%20of%20perceived%20control%2C%20obstructing%20the%20privacy-friendly%20option%20led%20to%20more%20rather%20than%20less%20perceived%20control.%20In%20the%20second%20experiment%20%28N%20%3D%20255%29%20we%20reversed%20the%20direction%20of%20the%20design%20nudges%20towards%20the%20privacy-friendly%20option%2C%20which%20we%20title%20%5Cu201cbright%20patterns%5Cu201d.%20This%20time%20the%20obstruction%20and%20default%20nudges%20swayed%20people%20effectively%20towards%20the%20privacy-friendly%20option%2C%20while%20the%20result%20regarding%20perceived%20control%20stayed%20the%20same%20compared%20to%20Experiment%201.%20Overall%2C%20our%20findings%20suggest%20that%20many%20current%20implementations%20of%20cookie%20consent%20requests%20do%20not%20enable%20meaningful%20choices%20by%20internet%20users%2C%20and%20are%20thus%20not%20in%20line%20with%20the%20intention%20of%20the%20EU%20policymakers.%20We%20also%20explore%20how%20policymakers%20could%20address%20the%20problem.%22%2C%22date%22%3A%22Aug%202%202021%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%2210.33621%5C%2Fjdsr.v3i1.54%22%2C%22ISSN%22%3A%222003-1998%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fjdsr.se%5C%2Fojs%5C%2Findex.php%5C%2Fjdsr%5C%2Farticle%5C%2Fview%5C%2F54%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A39%3A41Z%22%7D%7D%2C%7B%22key%22%3A%224XQ7UINY%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22van%20Dooremaal%20et%20al.%22%2C%22parsedDate%22%3A%222021-08-17%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3Evan%20Dooremaal%2C%20B.%2C%20Burda%2C%20P.%2C%20Allodi%2C%20L.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282021%29.%20Combining%20Text%20and%20Visual%20Features%20to%20Improve%20the%20Identification%20of%20Cloned%20Webpages%20for%20Early%20Phishing%20Detection.%20%3Ci%3EThe%2016th%20International%20Conference%20on%20Availability%2C%20Reliability%20and%20Security%3C%5C%2Fi%3E%2C%201%26%23x2013%3B10.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3465481.3470112%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3465481.3470112%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Combining%20Text%20and%20Visual%20Features%20to%20Improve%20the%20Identification%20of%20Cloned%20Webpages%20for%20Early%20Phishing%20Detection%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Bram%22%2C%22lastName%22%3A%22van%20Dooremaal%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pavlo%22%2C%22lastName%22%3A%22Burda%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22Phishing%20attacks%20arrive%20in%20high%20numbers%20and%20often%20spread%20quickly%2C%20meaning%20that%20after-the-fact%20countermeasures%20such%20as%20domain%20blacklisting%20are%20limited%20in%20efficacy.%20Visual%20similarity-based%20approaches%20have%20the%20potential%20of%20detecting%20previously%20unseen%20phishing%20webpages.%20These%20approaches%2C%20however%2C%20require%20identifying%20the%20legitimate%20webpage%28s%29%20they%20reproduce.%20Existing%20approaches%20rely%20on%20textual%20feature%20analysis%20for%20target%20identification%2C%20with%20misclassification%20rates%20of%20approximately%201%25%3B%20however%2C%20as%20most%20websites%20a%20user%20might%20visit%20are%20legitimate%2C%20additional%20research%20is%20needed%20to%20further%20reduce%20classification%20errors.%20In%20this%20work%2C%20we%20propose%20a%20novel%20method%20for%20target%20identification%20that%20relies%20on%20both%20visual%20features%20%28extracted%20from%20a%20screenshot%20of%20the%20web%20page%29%20and%20textual%20features%20%28extracted%20from%20the%20DOM%20of%20the%20web%20page%29%20to%20identify%20which%20website%20a%20phishing%20web%20page%20is%20replicating%2C%20and%20assess%20its%20effectiveness%20in%20detecting%20phishing%20websites%20using%20data%20from%20phishing%20aggregators%20such%20as%20OpenPhish%2C%20PhishTank%20and%20PhishStats.%20Compared%20to%20state-of-the-art%20text-based%20classifiers%2C%20our%20method%20reduces%20the%20phishing%20misclassification%20rate%20by%2067%25%20%28from%201.02%25%20to%200.34%25%29%2C%20for%20an%20accuracy%20of%2099.66%25.%20This%20work%20provides%20a%20further%20step%20forwards%20toward%20semi-automated%20decision%20support%20systems%20for%20phishing%20detection.%22%2C%22date%22%3A%22August%2017%202021%22%2C%22proceedingsTitle%22%3A%22The%2016th%20International%20Conference%20on%20Availability%2C%20Reliability%20and%20Security%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1145%5C%2F3465481.3470112%22%2C%22ISBN%22%3A%22978-1-4503-9051-4%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3465481.3470112%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A35%3A57Z%22%7D%7D%2C%7B%22key%22%3A%22KWYTH6ZI%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Sciancalepore%20et%20al.%22%2C%22parsedDate%22%3A%222021-10-06%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESciancalepore%2C%20S.%2C%20Tedeschi%2C%20P.%2C%20Riasat%2C%20U.%2C%20%26amp%3B%20Di%20Pietro%2C%20R.%20%282021%2C%20October%206%29.%20Mitigating%20Energy%20Depletion%20Attacks%20in%20IoT%20via%20Random%20Time-Slotted%20Channel%20Access.%20%3Ci%3EProc.%20of%20IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%3C%5C%2Fi%3E.%20IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%2C%20Virtual.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Sciancalepore_CNS.pdf%27%3Ehttps%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Sciancalepore_CNS.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Mitigating%20Energy%20Depletion%20Attacks%20in%20IoT%20via%20Random%20Time-Slotted%20Channel%20Access%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pietro%22%2C%22lastName%22%3A%22Tedeschi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Usman%22%2C%22lastName%22%3A%22Riasat%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Roberto%22%2C%22lastName%22%3A%22Di%20Pietro%22%7D%5D%2C%22abstractNote%22%3A%22Energy%20depletion%20attacks%20represent%20a%20challenging%5Cnthreat%20towards%20the%20secure%20and%20reliable%20deployment%20of%20low-power%5CnInternet%20of%20Things%20%28IoT%29%20networks.%20Indeed%2C%20by%20simply%20transmitting%5Cncanning%20standard-compliant%20packets%20to%20a%20target%20IoT%20device%2C%20an%5Cnadversary%20can%20quickly%20exhaust%20target%20devices%5Cu2019%20available%20energy%5Cnand%20reduce%20network%20lifetime%2C%20leading%20to%20extensive%20Denial-ofService%20%28DoS%29.%20Current%20solutions%20to%20tackle%20energy%20depletion%20attacks%5Cnmainly%20rely%20on%20ex-post%20detection%20of%20the%20attack%20and%20the%20adoption%5Cnof%20follow-up%20countermeasures.%20Still%2C%20the%20cited%20approaches%20cannot%5Cnprevent%20external%20adversaries%20from%20sending%20wireless%20packets%20to%5Cntarget%20devices%20and%20draining%20down%20their%20energy%20budget.%5CnIn%20this%20paper%2C%20we%20present%20RTSCA%2C%20a%20novel%20countermeasure%20to%5Cnenergy%20depletion%20attacks%20in%20IoT%20networks%2C%20that%20leverages%20Random%5CnTime-Slotted%20Channel%20Access.%20RTSCA%20randomizes%20channel%20access%5Cnoperations%20executed%20by%20a%20couple%20of%20directly-connected%20IoT%20devices%5Cnoperating%20through%20the%20IEEE%20802.15.4%20MAC%2C%20significantly%20reducing%5Cnthe%20time%20window%20of%20opportunity%20for%20the%20attacker%2C%20with%20little-to-none%5Cnenergy%20cost%20on%20legitimate%20IoT%20devices.%20RTSCA%20also%20includes%20a%20detection%20mechanism%20targeted%20to%20the%20recently-introduced%20Truncateafter-Preamble%20%28TaP%29%20energy%20depletion%20attacks%2C%20that%20leverages%5Cnthe%20observation%20of%20error%20patterns%20in%20the%20received%20packets.%20We%5Cncarried%20out%20an%20extensive%20performance%20assessment%20campaign%20on%5Cnreal%20Openmote-b%20IoT%20nodes%2C%20showing%20that%20RTSCA%20forces%20the%5Cnadversary%20to%20behave%20as%20a%20%28sub-optimal%29%20reactive%20jammer%20to%20achieve%5Cnenergy%20depletion%20attacks.%20In%20such%20a%20setting%2C%20the%20adversary%20has%20to%5Cnspend%20between%2042.5%25%20and%2055%25%20more%20energy%20to%20carry%20out%20the%5Cnattack%2C%20while%20at%20the%20same%20time%20having%20no%20deterministic%20chances%5Cnof%20success%22%2C%22date%22%3A%22October%206%202021%22%2C%22proceedingsTitle%22%3A%22Proc.%20of%20IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22conferenceName%22%3A%22IEEE%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Sciancalepore_CNS.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A46%3A08Z%22%7D%7D%2C%7B%22key%22%3A%22G2UVGRGV%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Pletinckx%20et%20al.%22%2C%22parsedDate%22%3A%222021-11-19%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EPletinckx%2C%20S.%2C%20Borgolte%2C%20K.%2C%20%26amp%3B%20Fiebig%2C%20T.%20%282021%29.%20Out%20of%20Sight%2C%20Out%20of%20Mind%3A%20Detecting%20Orphaned%20Web%20Pages%20at%20Internet-Scale.%20%3Ci%3EProc.%20of%20ACM%20Computer%20and%20Communication%20Security%3C%5C%2Fi%3E%2C%2021%26%23x2013%3B35.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3460120.3485367%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2Fhttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3460120.3485367%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Out%20of%20Sight%2C%20Out%20of%20Mind%3A%20Detecting%20Orphaned%20Web%20Pages%20at%20Internet-Scale%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Stijn%22%2C%22lastName%22%3A%22Pletinckx%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Kevin%22%2C%22lastName%22%3A%22Borgolte%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tobias%22%2C%22lastName%22%3A%22Fiebig%22%7D%5D%2C%22abstractNote%22%3A%22Security%20misconfigurations%20and%20neglected%20updates%20commonly%20lead%5Cnto%20systems%20being%20vulnerable.%20Especially%20in%20the%20context%20of%20websites%2C%5Cnwe%20often%20find%20pages%20that%20were%20forgotten%2C%20that%20is%2C%20they%20were%20left%20online%20after%20they%20served%20their%20purpose%20and%20never%20updated%20thereafter.%5CnIn%20this%20paper%2C%20we%20introduce%20new%20methodology%20to%20detect%20such%20forgotten%20or%20orphaned%20web%20pages.%20We%20combine%20historic%20data%20from%20the%5CnInternet%20Archive%20with%20active%20measurements%20to%20identify%20pages%20no%5Cnlonger%20reachable%20via%20a%20path%20from%20the%20index%20page%2C%20yet%20stay%20accessible%5Cnthrough%20their%20specific%20URL.%20We%20show%20the%20efficacy%20of%20our%20approach%5Cnand%20the%20real-world%20relevance%20of%20orphaned%20web-pages%20by%20applying%5Cnit%20to%20a%20sample%20of%20100%2C000%20domains%20from%20the%20Tranco%20Top%201M.%5CnLeveraging%20our%20methodology%2C%20we%20find%201%2C953%20pages%20on%20907%20unique%5Cndomains%20that%20are%20orphaned%2C%20some%20of%20which%20are%2020%20years%20old.%20Analyzing%20their%20security%20posture%2C%20we%20find%20that%20these%20pages%20are%20significantly%20%28%5Cud835%5Cudc5d%20%3C%200.01%20using%20%5Cud835%5Cudf12%5Cn2%5Cn%29%20more%20likely%20to%20be%20vulnerable%20to%20crosssite%20scripting%20%28XSS%29%20and%20SQL%20injection%20%28SQLi%29%20vulnerabilities%20than%5Cnmaintained%20pages.%20In%20fact%2C%20orphaned%20pages%20are%20almost%20ten%20times%20as%5Cnlikely%20to%20suffer%20from%20XSS%20%2819.3%25%29%20than%20maintained%20pages%20from%20a%20random%20Internet%20crawl%20%282.0%25%29%2C%20and%20maintained%20pages%20of%20websites%20with%5Cnsome%20orphans%20are%20almost%20three%20times%20as%20vulnerable%20%285.9%25%29.%20Concerning%20SQLi%2C%20maintained%20pages%20on%20websites%20with%20some%20orphans%5Cnare%20almost%20as%20vulnerable%20%289.5%25%29%20as%20orphans%20%2810.8%25%29%2C%20and%20both%20are%5Cnsignificantly%20more%20likely%20to%20be%20vulnerable%20than%20other%20maintained%5Cnpages%20%282.7%25%29.%20Overall%2C%20we%20see%20a%20clear%20hierarchy%3A%20Orphaned%20pages%5Cnare%20the%20most%20vulnerable%2C%20followed%20by%20maintained%20pages%20on%20websites%5Cnwith%20orphans%2C%20with%20fully%20maintained%20sites%20being%20least%20vulnerable.%5CnWe%20share%20an%20open%20source%20implementation%20of%20our%20methodology%20to%5Cnenable%20the%20reproduction%20and%20application%20of%20our%20results%20in%20practice.%22%2C%22date%22%3A%22November%2019%202021%22%2C%22proceedingsTitle%22%3A%22Proc.%20of%20ACM%20Computer%20and%20Communication%20Security%22%2C%22conferenceName%22%3A%22ACM%20Computer%20and%20Communication%20Security%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3460120.3485367%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdl.acm.org%5C%2Fdoi%5C%2Fabs%5C%2F10.1145%5C%2F3460120.3485367%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A46%3A16Z%22%7D%7D%2C%7B%22key%22%3A%22GGDWTGMJ%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Tedeschi%20et%20al.%22%2C%22parsedDate%22%3A%222021-12-06%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ETedeschi%2C%20P.%2C%20Sciancalepore%2C%20S.%2C%20%26amp%3B%20Di%20Pietro%2C%20R.%20%282021%2C%20December%206%29.%20ARID%20%26%23x2013%3B%20Anonymous%20Remote%20Identication%20of%20Unmanned%20Aerial%20Vehicles.%20%3Ci%3EProc.%20of%20ACM%20Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%3C%5C%2Fi%3E.%20Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%2C%20Virtual.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Tedeschi_ACSAC.pdf%27%3Ehttps%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Tedeschi_ACSAC.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22ARID%20%5Cu2013%20Anonymous%20Remote%20Identication%20of%20Unmanned%20Aerial%20Vehicles%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pietro%22%2C%22lastName%22%3A%22Tedeschi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Savio%22%2C%22lastName%22%3A%22Sciancalepore%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Roberto%22%2C%22lastName%22%3A%22Di%20Pietro%22%7D%5D%2C%22abstractNote%22%3A%22To%20enable%20enhanced%20accountability%20of%20Unmanned%20Aerial%20Vehicles%5Cn%28UAVs%29%20operations%2C%20the%20US-based%20Federal%20Avionics%20Administration%5Cn%28FAA%29%20recently%20published%20a%20new%20dedicated%20regulation%2C%20namely%20RemoteID%2C%20requiring%20UAV%20operators%20to%20broadcast%20messages%20reporting%5Cntheir%20identity%20and%20location.%20The%20enforcement%20of%20such%20a%20rule%2C%20mandatory%20by%202022%2C%20generated%20significant%20concerns%20on%20UAV%20operators%2C%5Cnprimarily%20because%20of%20privacy%20issues%20derived%20by%20the%20indiscriminate%5Cnbroadcast%20of%20the%20plain-text%20identity%20of%20the%20UAV%20on%20the%20wireless%5Cnchannel.%5CnIn%20this%20paper%2C%20we%20propose%20ARID%2C%20a%20solution%20enabling%20RemoteIDcompliant%20Anonymous%20Remote%20Identification%20of%20UAVs.%20The%20adoption%5Cnof%20ARID%20allows%20UAVs%20to%20broadcast%20RemoteID-compliant%20messages%5Cnusing%20ephemeral%20pseudonyms%20that%20only%20a%20Trusted%20Authority%2C%20such%5Cnas%20the%20FAA%2C%20can%20link%20to%20the%20long-term%20identifier%20of%20the%20UAV%20and%20its%5Cnoperator.%20Moreover%2C%20ARID%20also%20enforces%20UAV%20message%20authenticity%2C%5Cnto%20protect%20UAVs%20against%20impersonation%20and%20spoofed%20reporting%2C%20while%5Cnrequiring%20an%20overall%20minimal%20toll%20on%20the%20battery%20budget.%20Furthermore%2C%20ARID%20generates%20negligible%20overhead%20on%20the%20Trusted%20Authority%2C%5Cnnot%20requiring%20the%20secure%20maintenance%20of%20any%20private%20database.%5CnWhile%20the%20security%20properties%20of%20ARID%20are%20thoroughly%20discussed%5Cnand%20formally%20verified%20with%20ProVerif%2C%20we%20also%20implemented%20a%20prototype%20of%20ARID%20on%20a%20real%20UAV%2C%20i.e.%2C%20the%203DR-Solo%20drone%2C%20integrating%20our%5Cnsolution%20within%20the%20popular%20Poky%20Operating%20System%2C%20on%20top%20of%20the%5Cnwidespread%20MAVLink%20protocol.%20Our%20experimental%20performance%20evaluation%20shows%20that%20the%20most%20demanding%20configuration%20of%20ARID%20takes%5Cnonly%20%5Cu2248%2011.23%20ms%20to%20generate%20a%20message%20and%20requires%20a%20mere%204.72%20mJ%5Cnof%20energy.%20Finally%2C%20we%20also%20released%20the%20source%20code%20of%20ARID%20to%20foster%5Cnfurther%20investigations%20and%20development%20by%20Academia%2C%20Industry%2C%20and%20practitioners%22%2C%22date%22%3A%22December%206%202021%22%2C%22proceedingsTitle%22%3A%22Proc.%20of%20ACM%20Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%22%2C%22conferenceName%22%3A%22Annual%20Computer%20Security%20Applications%20Conference%20%28ACSAC%29%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fintersct.nl%5C%2Fwp-content%5C%2Fuploads%5C%2F2021%5C%2F11%5C%2F2021_Tedeschi_ACSAC.pdf%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%2C%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A46%3A00Z%22%7D%7D%5D%7D
Van Aubel, P., & Poll, E. (2021). Compromised through Compression – Privacy Implications of Smart Meter Traffic Analysis. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2021, 399, 317–337. https://doi.org/10.1007/978-3-030-90022-9_16
Dupont, G., Leite, C., dos Santos, D. R., Costante, E., den Hartog, J., & Etalle, S. (2021). Similarity-Based Clustering For IoT Device Classification. 2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS), 1–7. https://doi.org/10.1109/COINS51742.2021.9524201
Ragab, H., Barberis, E., Bos, H., & Giuffrida, C. (2021). Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks. 1451–1468. https://www.usenix.org/conference/usenixsecurity21/presentation/ragab
Burda, P., Allodi, L., & Zannone, N. (2021). Dissecting Social Engineering Attacks Through the Lenses of Cognition. 149–160. https://doi.org/10.1109/EuroSPW54576.2021.00024
Meijaard, Y., Meiler, P.-P., & Allodi, L. (2021). Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory. 178–190. https://doi.org/10.1109/EuroSPW54576.2021.00026
Noroozian, A., Rodriguez, E. T., Lastdrager, E., Kasama, T., Van Eeten, M., & Gañán, C. H. (2021). Can ISPs Help Mitigate IoT Malware? A Longitudinal Study of Broadband ISP Security Efforts. 2021 IEEE European Symposium on Security and Privacy (EuroS P), 337–352. https://doi.org/10.1109/EuroSP51992.2021.00031
Asadi Khashooei, B., Vasenev, A., & Kocademir, H. A. (2021). Structured Traceability of Security and Privacy Principles for Designing Safe Automated Systems. In I. Habli, M. Sujan, S. Gerasimou, E. Schoitsch, & F. Bitsch (Eds.), Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops (pp. 52–62). Springer International Publishing. https://doi.org/10.1007/978-3-030-83906-2_4
Rodríguez, E., Noroozian, A., van Eeten, M., & Gañán, C. (2021). Superspreaders: Quantifying the Role of IoT Manufacturers in Device Infections. Annual Workshop on the Economics on Information Security, 18. https://weis2021.econinfosec.org/wp-content/uploads/sites/9/2021/06/weis21-rodriguez.pdf
Bouwmeester, B., Turcios Rodriguez, E. R., Gañán, C., van Eeten, M., & Parkin, S. (2021). The thing doesn’t have a name. Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021, 493–512. http://www.scopus.com/inward/record.url?scp=85114464267&partnerID=8YFLogxK
Fasano, A., Ballo, T., Muench, M., Leek, T., Bulekov, A., Dolan-Gavitt, B., Egele, M., Francillon, A., Lu, L., Gregory, N., Balzarotti, D., & Robertson, W. (2021). SoK: Enabling Security Analyses of Embedded Systems via Rehosting. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (pp. 687–701). Association for Computing Machinery. https://doi.org/10.1145/3433210.3453093
Garg, C., Machiry, A., Continella, A., Kruegel, C., & Vigna, G. (2021). Toward a Secure Crowdsourced Location Tracking System. 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 311–322. https://doi.org/10.1145/3448300.3467821
Khashooei, B. A., Vasenev, A., Kocademir, H. A., & Mathijssen, R. (2021). Architecting System of Systems Solutions with Security and Data-Protection Principles. 2021 16th International Conference of System of Systems Engineering (SoSE), 43–48. https://doi.org/10.1109/SOSE52739.2021.9497461
van de Weijer, S. G. A., Holt, T. J., & Leukfeldt, E. R. (2021). Heterogeneity in trajectories of cybercriminals: A longitudinal analyses of web defacements. Computers in Human Behavior Reports, 4, 100113. https://doi.org/10.1016/j.chbr.2021.100113
Graßl, P., Schraffenberger, H., Borgesius, F. Z., & Buijzen, M. (2021). Dark and Bright Patterns in Cookie Consent Requests. Journal of Digital Social Research, 3(1), 1–38. https://doi.org/10.33621/jdsr.v3i1.54
van Dooremaal, B., Burda, P., Allodi, L., & Zannone, N. (2021). Combining Text and Visual Features to Improve the Identification of Cloned Webpages for Early Phishing Detection. The 16th International Conference on Availability, Reliability and Security, 1–10. https://doi.org/10.1145/3465481.3470112
Sciancalepore, S., Tedeschi, P., Riasat, U., & Di Pietro, R. (2021, October 6). Mitigating Energy Depletion Attacks in IoT via Random Time-Slotted Channel Access. Proc. of IEEE Conference on Computer and Communications Security. IEEE Conference on Computer and Communications Security, Virtual. https://intersct.nl/wp-content/uploads/2021/11/2021_Sciancalepore_CNS.pdf
Pletinckx, S., Borgolte, K., & Fiebig, T. (2021). Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale. Proc. of ACM Computer and Communication Security, 21–35. https://doi.org/https://doi.org/10.1145/3460120.3485367
Tedeschi, P., Sciancalepore, S., & Di Pietro, R. (2021, December 6). ARID – Anonymous Remote Identication of Unmanned Aerial Vehicles. Proc. of ACM Annual Computer Security Applications Conference (ACSAC). Annual Computer Security Applications Conference (ACSAC), Virtual. https://intersct.nl/wp-content/uploads/2021/11/2021_Tedeschi_ACSAC.pdf
4530785
2020
items
1
0
date
asc
4000
https://intersct.nl/wp-content/plugins/zotpress/
%7B%22status%22%3A%22success%22%2C%22updateneeded%22%3Afalse%2C%22instance%22%3A%22zotpress-c18a8cf665be9d0a390d820606d8599b%22%2C%22meta%22%3A%7B%22request_last%22%3A0%2C%22request_next%22%3A0%2C%22used_cache%22%3Atrue%7D%2C%22data%22%3A%5B%7B%22key%22%3A%22VEFY7ZEY%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Schrama%20et%20al.%22%2C%22parsedDate%22%3A%222020%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ESchrama%2C%20V.%2C%20Ga%26%23xF1%3B%26%23xE1%3Bn%2C%20C.%20H.%2C%20Aschenbrenner%2C%20D.%2C%20de%20Reuver%2C%20M.%2C%20Borgolte%2C%20K.%2C%20Fiebig%2C%20T.%2C%20Delft%2C%20T.%2C%20%26amp%3B%20Schrama%2C%20V.%20C.%20M.%20%282020%29.%20%3Ci%3EUnderstanding%20the%20Knowledge%20Gap%3A%20How%20Security%20Awareness%20Influences%20the%20Adoption%20of%20Industrial%20IoT%3C%5C%2Fi%3E.%2017.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fweis2020.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F8%5C%2F2020%5C%2F06%5C%2Fweis20-final23.pdf%27%3Ehttps%3A%5C%2F%5C%2Fweis2020.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F8%5C%2F2020%5C%2F06%5C%2Fweis20-final23.pdf%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Understanding%20the%20Knowledge%20Gap%3A%20How%20Security%20Awareness%20Influences%20the%20Adoption%20of%20Industrial%20IoT%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Verena%22%2C%22lastName%22%3A%22Schrama%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Carlo%20H%22%2C%22lastName%22%3A%22Ga%5Cu00f1%5Cu00e1n%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Doris%22%2C%22lastName%22%3A%22Aschenbrenner%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Mark%22%2C%22lastName%22%3A%22de%20Reuver%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Kevin%22%2C%22lastName%22%3A%22Borgolte%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tobias%22%2C%22lastName%22%3A%22Fiebig%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22TU%22%2C%22lastName%22%3A%22Delft%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22V%20C%20M%22%2C%22lastName%22%3A%22Schrama%22%7D%5D%2C%22abstractNote%22%3A%22The%20Internet-of-Things%20is%20no%20longer%20confined%20to%20endusers%20and%20private%20homes.%20Industrial%20IoT%20%28IIoT%29%20is%20supposed%20to%20improve%20industrial%20processes%20and%20make%20them%20more%20efficient.%20However%2C%20IIoT%20technologies%20may%20also%20pose%20%28significant%29%20security%20threats.%20Therefore%2C%20it%20is%20important%20to%20understand%20the%20balance%20between%20security%20awareness%20and%20willingness%20to%20adopt%20IIoT%20among%20manufacturing%20companies.%22%2C%22date%22%3A%222020%22%2C%22proceedingsTitle%22%3A%22%22%2C%22conferenceName%22%3A%22Proceedings%20of%20the%202020%20Workshop%20on%20the%20Economics%20of%20Information%20Security%22%2C%22language%22%3A%22en%22%2C%22DOI%22%3A%22%22%2C%22ISBN%22%3A%22%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fweis2020.econinfosec.org%5C%2Fwp-content%5C%2Fuploads%5C%2Fsites%5C%2F8%5C%2F2020%5C%2F06%5C%2Fweis20-final23.pdf%22%2C%22collections%22%3A%5B%22DNYQG4DP%22%5D%2C%22dateModified%22%3A%222022-01-26T13%3A11%3A14Z%22%7D%7D%2C%7B%22key%22%3A%22BD4QG7TF%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Campobasso%20and%20Allodi%22%2C%22parsedDate%22%3A%222020-10-30%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ECampobasso%2C%20M.%2C%20%26amp%3B%20Allodi%2C%20L.%20%282020%29.%20Impersonation-as-a-Service%3A%20Characterizing%20the%20Emerging%20Criminal%20Infrastructure%20for%20User%20Impersonation%20at%20Scale.%20%3Ci%3EProceedings%20of%20the%202020%20ACM%20SIGSAC%20Conference%20on%20Computer%20and%20Communications%20Security%3C%5C%2Fi%3E%2C%201665%26%23x2013%3B1680.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3372297.3417892%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3372297.3417892%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22Impersonation-as-a-Service%3A%20Characterizing%20the%20Emerging%20Criminal%20Infrastructure%20for%20User%20Impersonation%20at%20Scale%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michele%22%2C%22lastName%22%3A%22Campobasso%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%5D%2C%22abstractNote%22%3A%22In%20this%20paper%20we%20provide%20evidence%20of%20an%20emerging%20criminal%20infrastructure%20enabling%20impersonation%20attacks%20at%20scale.%20Impersonation-as-a-Service%20%28IMPaaS%29%20allows%20attackers%20to%20systematically%20collect%20and%20enforce%20user%20profiles%20%28consisting%20of%20user%20credentials%2C%20cookies%2C%20device%20and%20behavioural%20fingerprints%2C%20and%20other%20metadata%29%20to%20circumvent%20risk-based%20authentication%20system%20and%20effectively%20bypass%20multi-factor%20authentication%20mechanisms.%20We%20present%20the%20IMPaaS%20model%20and%20evaluate%20its%20implementation%20by%20analysing%20the%20operation%20of%20a%20large%2C%20invite-only%2C%20Russian%20IMPaaS%20platform%20providing%20user%20profiles%20for%20more%20than%20260%2C000%20Internet%20users%20worldwide.%20Our%20findings%20suggest%20that%20the%20IMPaaS%20model%20is%20growing%2C%20and%20provides%20the%20mechanisms%20needed%20to%20systematically%20evade%20authentication%20controls%20across%20multiple%20platforms%2C%20while%20providing%20attackers%20with%20a%20reliable%2C%20up-to-date%2C%20and%20semi-automated%20environment%20enabling%20target%20selection%20and%20user%20impersonation%20against%20Internet%20users%20as%20scale.%22%2C%22date%22%3A%22October%2030%202020%22%2C%22proceedingsTitle%22%3A%22Proceedings%20of%20the%202020%20ACM%20SIGSAC%20Conference%20on%20Computer%20and%20Communications%20Security%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1145%5C%2F3372297.3417892%22%2C%22ISBN%22%3A%22978-1-4503-7089-9%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3372297.3417892%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A27%3A21Z%22%7D%7D%2C%7B%22key%22%3A%227LINZR6M%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Walree%20and%20Wolters%22%2C%22parsedDate%22%3A%222020-11-01%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EWalree%2C%20T.%20F.%2C%20%26amp%3B%20Wolters%2C%20P.%20T.%20J.%20%282020%29.%20The%20right%20to%20compensation%20of%20a%20competitor%20for%20a%20violation%20of%20the%20GDPR.%20%3Ci%3EInternational%20Data%20Privacy%20Law%3C%5C%2Fi%3E%2C%20%3Ci%3E10%3C%5C%2Fi%3E%284%29%2C%20346%26%23x2013%3B355.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipaa018%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipaa018%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22journalArticle%22%2C%22title%22%3A%22The%20right%20to%20compensation%20of%20a%20competitor%20for%20a%20violation%20of%20the%20GDPR%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Tim%20F%22%2C%22lastName%22%3A%22Walree%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Pieter%20T%20J%22%2C%22lastName%22%3A%22Wolters%22%7D%5D%2C%22abstractNote%22%3A%22Key%20PointsAlthough%20the%20General%20Data%20Protection%20Regulation%20%28GDPR%29%20is%20primarily%20aimed%20at%20the%20protection%20of%20data%20subjects%2C%20competitors%20of%20the%20controller%20may%20also%20suffer%20damage%20due%20to%20an%20infringement.Article%2082%281%29%20of%20the%20GDPR%20stipulates%20that%20%5Cu2018any%20person%5Cu2019%20shall%20have%20the%20right%20to%20receive%20compensation.%20It%20does%20not%20clarify%20whether%20a%20competitor%20can%20also%20invoke%20this%20right.At%20first%20sight%2C%20a%20right%20to%20compensation%20for%20competitors%20does%20not%20match%20the%20primary%20purpose%20of%20the%20GDPR.However%2C%20the%20GDPR%20also%20intends%20to%20advance%20the%20free%20movement%20of%20personal%20data%2C%20strengthen%20the%20protection%20of%20personal%20data%2C%20and%20harmonize%20data%20protection%20law.%20The%20right%20to%20compensation%20of%20competitors%20can%20make%20a%20meaningful%20contribution%20to%20these%20objectives.Furthermore%2C%20other%20provisions%20of%20European%20origin%20also%20allow%20enforcement%20by%20competitors.%22%2C%22date%22%3A%22November%201%202020%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1093%5C%2Fidpl%5C%2Fipaa018%22%2C%22ISSN%22%3A%222044-3994%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1093%5C%2Fidpl%5C%2Fipaa018%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A29%3A52Z%22%7D%7D%2C%7B%22key%22%3A%22UNLQ359I%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Pirocca%20et%20al.%22%2C%22parsedDate%22%3A%222020-12-06%22%2C%22numChildren%22%3A2%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3EPirocca%2C%20S.%2C%20Allodi%2C%20L.%2C%20%26amp%3B%20Zannone%2C%20N.%20%282020%29.%20%3Ci%3EA%20Toolkit%20for%20Security%20Awareness%20Training%20Against%20Targeted%20Phishing%3C%5C%2Fi%3E%20%28pp.%20137%26%23x2013%3B159%29.%20https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1007%5C%2F978-3-030-65610-2_9%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22bookSection%22%2C%22title%22%3A%22A%20Toolkit%20for%20Security%20Awareness%20Training%20Against%20Targeted%20Phishing%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Simone%22%2C%22lastName%22%3A%22Pirocca%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Nicola%22%2C%22lastName%22%3A%22Zannone%22%7D%5D%2C%22abstractNote%22%3A%22The%20attack%20landscape%20is%20evolving%2C%20and%20attackers%20are%20employing%20new%20techniques%20to%20launch%20increasingly%20targeted%20and%20sophisticated%20social%20engineering%20attacks%20that%20exploit%20human%20vulnerabilities.%20Many%20organizations%20provide%20their%20employees%20with%20security%20awareness%20training%20to%20counter%20and%20mitigate%20such%20threats.%20However%2C%20recent%20studies%20have%20shown%20that%20current%20embedded%20phishing%20training%20programs%20and%20tools%20are%20often%20ineffective%20or%20incapable%20of%20addressing%20modern%2C%20tailored%20social%20engineering%20attacks.%20This%20paper%20presents%20a%20toolkit%20for%20the%20deployment%20of%20sophisticated%2C%20tailored%20phishing%20campaigns%20at%20scale%20%28e.g.%2C%20to%20deploy%20specific%20training%20within%20an%20organization%29.%20We%20enable%20the%20use%20of%20highly%20customizable%20phishing%20email%20templates%20that%20can%20be%20instantiated%20with%20a%20large%20range%20of%20information%20about%20the%20specific%20target%20and%20a%20semi-automated%20process%20for%20the%20selection%20of%20the%20phishing%20domain%20name.%20We%20demonstrate%20our%20tool%20by%20showing%20how%20tailored%20phishing%20campaigns%20proposed%20in%20previous%20studies%20can%20be%20enhanced%20to%20increase%20the%20credibility%20of%20the%20phishing%20email%2C%20effectively%20addressing%20the%20very%20limitations%20identified%20in%20those%20studies.%22%2C%22bookTitle%22%3A%22%22%2C%22date%22%3A%22December%206%202020%22%2C%22language%22%3A%22%22%2C%22ISBN%22%3A%22978-3-030-65609-6%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fwww.researchgate.net%5C%2Fpublication%5C%2F347625933_A_Toolkit_for_Security_Awareness_Training_Against_Targeted_Phishing%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A29%3A01Z%22%7D%7D%2C%7B%22key%22%3A%22ZZHYZQTE%22%2C%22library%22%3A%7B%22id%22%3A4530785%7D%2C%22meta%22%3A%7B%22creatorSummary%22%3A%22Rosso%20et%20al.%22%2C%22parsedDate%22%3A%222020-12-07%22%2C%22numChildren%22%3A1%7D%2C%22bib%22%3A%22%3Cdiv%20class%3D%5C%22csl-bib-body%5C%22%20style%3D%5C%22line-height%3A%202%3B%20padding-left%3A%201em%3B%20text-indent%3A-1em%3B%5C%22%3E%5Cn%20%20%3Cdiv%20class%3D%5C%22csl-entry%5C%22%3ERosso%2C%20M.%2C%20Campobasso%2C%20M.%2C%20Gankhuyag%2C%20G.%2C%20%26amp%3B%20Allodi%2C%20L.%20%282020%29.%20SAIBERSOC%3A%20Synthetic%20Attack%20Injection%20to%20Benchmark%20and%20Evaluate%20the%20Performance%20of%20Security%20Operation%20Centers.%20%3Ci%3EAnnual%20Computer%20Security%20Applications%20Conference%3C%5C%2Fi%3E%2C%20141%26%23x2013%3B153.%20%3Ca%20href%3D%27https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3427228.3427233%27%3Ehttps%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3427228.3427233%3C%5C%2Fa%3E%3C%5C%2Fdiv%3E%5Cn%3C%5C%2Fdiv%3E%22%2C%22data%22%3A%7B%22itemType%22%3A%22conferencePaper%22%2C%22title%22%3A%22SAIBERSOC%3A%20Synthetic%20Attack%20Injection%20to%20Benchmark%20and%20Evaluate%20the%20Performance%20of%20Security%20Operation%20Centers%22%2C%22creators%22%3A%5B%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Martin%22%2C%22lastName%22%3A%22Rosso%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Michele%22%2C%22lastName%22%3A%22Campobasso%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Ganduulga%22%2C%22lastName%22%3A%22Gankhuyag%22%7D%2C%7B%22creatorType%22%3A%22author%22%2C%22firstName%22%3A%22Luca%22%2C%22lastName%22%3A%22Allodi%22%7D%5D%2C%22abstractNote%22%3A%22In%20this%20paper%20we%20introduce%20SAIBERSOC%2C%20a%20tool%20and%20methodology%20enabling%20security%20researchers%20and%20operators%20to%20evaluate%20the%20performance%20of%20deployed%20and%20operational%20Security%20Operation%20Centers%20%28SOCs%29%20%28or%20any%20other%20security%20monitoring%20infrastructure%29.%20The%20methodology%20relies%20on%20the%20MITRE%20ATT%26CK%20Framework%20to%20define%20a%20procedure%20to%20generate%20and%20automatically%20inject%20synthetic%20attacks%20in%20an%20operational%20SOC%20to%20evaluate%20any%20output%20metric%20of%20interest%20%28e.g.%2C%20detection%20accuracy%2C%20time-to-investigation%2C%20etc.%29.%20To%20evaluate%20the%20effectiveness%20of%20the%20proposed%20methodology%2C%20we%20devise%20an%20experiment%20with%20n%20%3D%20124%20students%20playing%20the%20role%20of%20SOC%20analysts.%20The%20experiment%20relies%20on%20a%20real%20SOC%20infrastructure%20and%20assigns%20students%20to%20either%20a%20BADSOC%20or%20a%20GOODSOC%20experimental%20condition.%20Our%20results%20show%20that%20the%20proposed%20methodology%20is%20effective%20in%20identifying%20variations%20in%20SOC%20performance%20caused%20by%20%28minimal%29%20changes%20in%20SOC%20configuration.%20We%20release%20the%20SAIBERSOC%20tool%20implementation%20as%20free%20and%20open%20source%20software.%22%2C%22date%22%3A%22December%207%202020%22%2C%22proceedingsTitle%22%3A%22Annual%20Computer%20Security%20Applications%20Conference%22%2C%22conferenceName%22%3A%22%22%2C%22language%22%3A%22%22%2C%22DOI%22%3A%2210.1145%5C%2F3427228.3427233%22%2C%22ISBN%22%3A%22978-1-4503-8858-0%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdoi.org%5C%2F10.1145%5C%2F3427228.3427233%22%2C%22collections%22%3A%5B%22EEP8JAD2%22%5D%2C%22dateModified%22%3A%222022-01-26T14%3A28%3A01Z%22%7D%7D%5D%7D
Schrama, V., Gañán, C. H., Aschenbrenner, D., de Reuver, M., Borgolte, K., Fiebig, T., Delft, T., & Schrama, V. C. M. (2020). Understanding the Knowledge Gap: How Security Awareness Influences the Adoption of Industrial IoT. 17. https://weis2020.econinfosec.org/wp-content/uploads/sites/8/2020/06/weis20-final23.pdf
Campobasso, M., & Allodi, L. (2020). Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 1665–1680. https://doi.org/10.1145/3372297.3417892
Walree, T. F., & Wolters, P. T. J. (2020). The right to compensation of a competitor for a violation of the GDPR. International Data Privacy Law, 10(4), 346–355. https://doi.org/10.1093/idpl/ipaa018
Pirocca, S., Allodi, L., & Zannone, N. (2020). A Toolkit for Security Awareness Training Against Targeted Phishing (pp. 137–159). https://doi.org/10.1007/978-3-030-65610-2_9
Rosso, M., Campobasso, M., Gankhuyag, G., & Allodi, L. (2020). SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers. Annual Computer Security Applications Conference, 141–153. https://doi.org/10.1145/3427228.3427233
PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information
2022, S. Sciancalepore and N. Zannone in 37th ACM/SIGAPP Symposium on Applied Computing (SAC ’22)
ARID – Anonymous Remote Identication of Unmanned Aerial Vehicles
2021, P. Tedeschi, S. Sciancalepore, R. Di Pietro, in ACM Annual Computer Security Applications Conference (ACSAC)
Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale
2021, S.R.G. Pletinckx, K. Borgolte, T. Fiebig, in ACM Conference on Computer and Communications Security (CCS), 2021
Mitigating Energy Depletion Attacks in IoT via Random Time-Slotted Channel Access
2021, S. Sciancalepore, P. Tedeschi, U. Riasat, R. Di Pietro, in IEEE Conference on Communications and Network Security (CNS)