The Privacy Implications of Cyber Security Systems

Toch, Eran; Bettini, Cláudio; Shmueli, Erez; Radaelli, Laura; Lanzi, Andrea; Riboni, Daniele; Lepri, Bruno

doi:10.1145/3172869

Cited by 56 publications

(19 citation statements)

References 95 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Information theft violates individuals' privacy and cause organizations to lose a large amount of money and jeopardize their reputation, particularly after the establishment of the General Data Protection Regulation (GDPR) [23], which imposes significant fines on vendors whose customers have suffered from privacy violation. Toch et al [24] recently presented a comprehensive survey of common and novel cyber-attacks and analyzed them according to the type of privacy invasion. They also suggested a taxonomy for the assessment of privacy risks of information security technologies.…”

Section: Classification Of Malware By Malicious Behaviormentioning

confidence: 99%

Dynamic Malware Analysis in the Modern Era—A State of the Art Survey

et al. 2019

View full text Add to dashboard Cite

ORI OR-MEIR, NIR NISSIM, YUVAL ELOVICI, and LIOR ROKACH, Ben-Gurion University of the Negev, Beer-Sheva, IsraelAlthough malicious software (malware) has been around since the early days of computers, the sophistication and innovation of malware has increased over the years. In particular, the latest crop of ransomware has drawn attention to the dangers of malicious software, which can cause harm to private users as well as corporations, public services (hospitals and transportation systems), governments, and security institutions. To protect these institutions and the public from malware attacks, malicious activity must be detected as early as possible, preferably before it conducts its harmful acts. However, it is not always easy to know what to look for-especially when dealing with new and unknown malware that has never been seen. Analyzing a suspicious file by static or dynamic analysis methods can provide relevant and valuable information regarding a file's impact on the hosting system and help determine whether the file is malicious or not, based on the method's predefined rules. While various techniques (e.g., code obfuscation, dynamic code loading, encryption, and packing) can be used by malware writers to evade static analysis (including signature-based antivirus tools), dynamic analysis is robust to these techniques and can provide greater understanding regarding the analyzed file and consequently can lead to better detection capabilities. Although dynamic analysis is more robust than static analysis, existing dynamic analysis tools and techniques are imperfect, and there is no single tool that can cover all aspects of malware behavior. The most recent comprehensive survey performed in this area was published in 2012. Since that time, the computing environment has changed dramatically with new types of malware (ransomware, cryptominers), new analysis methods (volatile memory forensics, side-channel analysis), new computing environments (cloud computing, IoT devices), new machine-learning algorithms, and more. The goal of this survey is to provide a comprehensive and up-to-date overview of existing methods used to dynamically analyze malware, which includes a description of each method, its strengths and weaknesses, and its resilience against malware evasion techniques. In addition, we include an overview of prominent studies presenting the usage of machine-learning methods to enhance dynamic malware analysis capabilities aimed at detection, classification, and categorization.

show abstract

Section: Classification Of Malware By Malicious Behaviormentioning

confidence: 99%

Dynamic Malware Analysis in the Modern Era—A State of the Art Survey

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Most efforts to improve cyber security focus on the inclusion of new technological approaches [15]. However, these security systems collect a large amount of data, which poses a serious threat to the privacy of persons protected by system [16].…”

Section: The Proposed Model To Evaluate Cyber Security Technologiesmentioning

confidence: 99%

A Fuzzy Based MCDM Methodology for Risk Evaluation of Cyber Security Technologies

Erdoğan

Karaşan

Kaya

et al. 2019

Intelligent and Fuzzy Techniques in Big Data Analytics and Decision Making

View full text Add to dashboard Cite

Cyber security that also known as information technology security is to protect computers, mobile devices, servers, electronic systems and networks from malicious digital attacks. In recent years, cyber security threats have been a growing problem for any critical digital infrastructure and various cyber-attacks created over the Internet are also becoming a big issue for the society. Therefore, the use of technologies developed to provide cyber security is very important. However, the risks of cyber security technologies should be taken into account when choosing among cyber security technologies. For this aim, we have proposed a multi-criteria decision making (MCDM) methodology based on hesitant fuzzy sets (HFSs) that gives experts extra flexibility in using linguistic terms to evaluate the criteria and alternatives to determine the best cyber security technology. For this aim, a study has also been discussed which deals with risk factors in the selection of cyber security technologies via fuzzy MCDM process.

show abstract

“…Good design takes security, ease of access, and usability into account, striking a balance between protecting the system and ease of use. Good practice has evolved a number of practical approaches like minimizing attack surface area [7], establish secure defaults [8], using the principle of defence in depth [9], not trusting services [10], keeping security simple [11], and fixing security issues correctly [12].These approaches are used for maintaining and improving security which are so natural and important that they should be adopted as a first layer of protection as a matter of standard practice, even when more sophisticated approaches are also in use [13].…”

Section: A Good Security Design Practicementioning

confidence: 99%

Experiments and Proofs in Web-service Security

Sheniar

Hadaad

Addie

et al. 2018

2018 28th International Telecommunication Networks and Applications Conference (ITNAC)

View full text Add to dashboard Cite

Many web services have a subsystem for allowing users to register, authenticate, reset their password, and change personal details. It is important that such subsystems cannot be abused by attackers to gain access to the accounts of other users. We study a system which was initially prone to such attacks. Specific attacks are demonstrated and the system is then modified to prevent such attacks in future. The design achieved in this way is then analysed to show that it can't be broken in future unless users allow their email to be intercepted. This is achieved by formulating the requirement as a statement of the user's expectations of the system and then analysing the source code of the system to prove that it meets these requirements. The process of attack, correction, and formulation of security rules, and proof that rules hold, is proposed as a methodical security design philosophy.

show abstract

The Privacy Implications of Cyber Security Systems

Cited by 56 publications

References 95 publications

Dynamic Malware Analysis in the Modern Era—A State of the Art Survey

Dynamic Malware Analysis in the Modern Era—A State of the Art Survey

A Fuzzy Based MCDM Methodology for Risk Evaluation of Cyber Security Technologies

Experiments and Proofs in Web-service Security

Contact Info

Product

Resources

About