Starting on May 25th of 2018 all EU countries begin to apply the General Data Protection Regulation (GDPR). This aims to protect and regulate data privacy and applies to any organization that holds or processes data on EU citi-zens, regardless of where it is headquartered. The penalties for non-compliance can be as high as 4% of global revenue for companies. As a result, compliance with GDPR is a must for companies who deal with users’ data. The hallmark for data collection nowadays is Internet of Things devices.
The work described in this website has been conducted within the project NeCS. This project has received funding from the European Union’s Horizon 2020 (H2020) research and innovation programme under the Grant Agreement no 675320. This website and the content displayed in it do not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content.
With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems.
On-demand ride and ride-sharing services have revolutionized the point-to-point transportation market and they are rapidly gaining acceptance among customers worldwide. Alone, Uber and Lyft are providing over 11 million rides per day. These services are provided using a client-server infrastructure. The client is a smartphone-based application used for: i) registering riders and drivers, ii) connecting drivers with riders, iii) car-sharing to share the expenses, minimize traffic congestion and saving traveling time, iv) allowing customers to book their rides.
Core-private caches represent a convenient and practical way for exfiltrating secret information and endanger ICT systems, including CIs. Attacks abusing the caches as covert channels are hard to be detected, as the caches are easily accessible without any privileges. To address this threat and enhance the security in CIs and other ICT systems, we proposed the usage of feasibility metrics to assess the probability of a covert channel exploit happening in the system or, to conduct post mortem analysis.
In this paper, we have explored the relation among different actors involved in the Cloud ecosystem to develop an ontology. This ontology is further mapped to a design structure matrix for evaluating threats from varied actors’ perspectives. Our DSM-based threat analysis can be utilized to identify the most critical/influential as well as least critical/influential actor in the Cloud. However, our DSM-based approach is flexible and thus, it can be used to reveal other critical information such as classifying vulnerabilities that achieve a common goal.
In this paper, we present a novel motion-based unobtrusive behavioral biometric-based user authentication solution-SnapAuth, for Android-based smartwatch. SnapAuth requires the user to perform a fingersnapping action, while wearing the smartwatch (in the gesture performing arm), to perform the authentication. SnapAuth profiles the arm-movements by collecting data from smartwatch’s built-in accelerometer and gyroscope sensors, while the user performs this action. We implemented and evaluated SnapAuth on Motorolla Moto 3G smartwatch.
Incident information sharing is being encouraged and mandated as a way of improving overall cyber intelligence and defense, but its take up is slow. Organisations may well be justified in perceiving risks in sharing and disclosing cyber incident information, but they tend to express such worries in broad and vague terms. This paper presents a specific and granular analysis of the risks in cyber incident information sharing, looking in detail at what information may be contained in incident reports and which specific risks are associated with its disclosure.
Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other.
This paper proposes an extension to the standard STIX representation for Cyber Threat Information (CTI) which couples specific data attributes with privacy-preserving conditions expressed through Data Sharing Agreements (DSA). The proposed scheme allows, in fact, to define sharing and anonymization policies in the form of a human-readable DSA, bound to the specific CTI. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation.
Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy.