References of "Computers & Security"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailCollateral damage of Facebook third-party applications: a comprehensive study
Symeonidis, Iraklis UL; Biczók, Gergely; Shirazi, Fatemeh et al

in Computers & Security (2018), 77

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the ... [more ▼]

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers. [less ▲]

Detailed reference viewed: 67 (7 UL)
Full Text
Peer Reviewed
See detailA training-resistant anomaly detection system
Muller, Steve UL; Lancrenon, Jean; Harpes, Carlo et al

in Computers & Security (2018), 76

Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a ... [more ▼]

Modern network intrusion detection systems rely on machine learning techniques to detect traffic anomalies and thus intruders. However, the ability to learn the network behaviour in real-time comes at a cost: malicious software can interfere with the learning process, and teach the intrusion detection system to accept dangerous traffic. This paper presents an intrusion detection system (IDS) that is able to detect common network attacks including but not limited to, denial-of-service, bot nets, intrusions, and network scans. With the help of the proposed example IDS, we show to what extent the training attack (and more sophisticated variants of it) has an impact on machine learning based detection schemes, and how it can be detected. © 2018 Elsevier Ltd [less ▲]

Detailed reference viewed: 103 (6 UL)
Full Text
Peer Reviewed
See detailFormal modelling and analysis of receipt-free auction protocols in applied pi
Dong, Naipeng; Jonker, Hugo; Pang, Jun UL

in Computers & Security (2017), 65

Detailed reference viewed: 101 (1 UL)
Full Text
Peer Reviewed
See detailEfficiently computing the likelihoods of cyclically interdependent risk scenarios
Muller, Steve UL; Harpes, Carlo; Le Traon, Yves UL et al

in Computers & Security (2017), 64

Quantitative risk assessment provides a holistic view of risk in an organisation, which is, however, often biased by the fact that risk shared by several assets is encoded multiple times in a risk ... [more ▼]

Quantitative risk assessment provides a holistic view of risk in an organisation, which is, however, often biased by the fact that risk shared by several assets is encoded multiple times in a risk analysis. An apparent solution to this issue is to take all dependencies between assets into consideration when building a risk model. However, existing approaches rarely support cyclic dependencies, although assets that mutually rely on each other are encountered in many organisations, notably in critical infrastructures. To the best of our knowledge, no author has provided a provably efficient algorithm (in terms of the execution time) for computing the risk in such an organisation, notwithstanding that some heuristics exist. This paper introduces the dependency-aware root cause (DARC) model, which is able to compute the risk resulting from a collection of root causes using a poly-time randomised algorithm, and concludes with a discussion on real-time risk monitoring, which DARC supports by design. © 2016 Elsevier Ltd [less ▲]

Detailed reference viewed: 53 (4 UL)
Full Text
Peer Reviewed
See detailEmpirical analysis of cyber-attacks to an indoor real time localization system for autonomous robots
Guerrero-Higueras, Ángel Manuel; DeCastro-García, Noemí; Rodriguez Lera, Francisco Javier UL et al

in Computers & Security (2017), 70(Supplement C), 422-435

Detailed reference viewed: 54 (6 UL)
Full Text
Peer Reviewed
See detailA new access control scheme for Facebook-style social networks
Pang, Jun UL; Zhang, Yang UL

in Computers & Security (2015), 54

Detailed reference viewed: 59 (5 UL)
Full Text
Peer Reviewed
See detailStealing Bandwidth from BitTorrent Seeders
Adamsky, Florian UL; Khayam, Syed Ali; Jäger, Rudolf et al

in Computers & Security (2014)

Detailed reference viewed: 54 (2 UL)
Full Text
Peer Reviewed
See detailA Comprehensive Study of Multiple Deductions-based Algebraic Trace Driven Cache Attacks on AES
Zhao, Xinjie; Guo, Shize; Zhang, Fan et al

in Computers & Security (2013), 39

Detailed reference viewed: 65 (2 UL)
Full Text
Peer Reviewed
See detailEVIV: An end-to-end verifiable Internet voting system
Joaquim, Rui UL; Ferreira, Paulo; Ribeiro, Carlos

in Computers & Security (2013), 32(0), 170-191

Traditionally, a country’s electoral system requires the voter to vote at a specific day and place, which conflicts with the mobility usually seen in modern live styles. Thus, the widespread of Internet ... [more ▼]

Traditionally, a country’s electoral system requires the voter to vote at a specific day and place, which conflicts with the mobility usually seen in modern live styles. Thus, the widespread of Internet (mobile) broadband access can be seen as an opportunity to deal with this mobility problem, i.e. the adoption of an Internet voting system can make the live of voter’s much more convenient; however, a widespread Internet voting systems adoption relies on the ability to develop trustworthy systems, i.e. systems that are verifiable and preserve the voter’s privacy. Building such a system is still an open research problem. Our contribution is a new Internet voting system: EVIV, a highly sound End-to-end Verifiable Internet Voting system, which offers full voter’s mobility and preserves the voter’s privacy from the vote casting PC even if the voter votes from a public PC, such as a PC at a cybercafe´ or at a public library. Additionally, EVIV has private vote verificationmechanisms, in which the voter just has to perform a simple match of two small strings (4-5 alphanumeric characters), that detect and protect against vote manipulations both at the insecure vote client platform and at the election server side. [less ▲]

Detailed reference viewed: 81 (11 UL)
Full Text
Peer Reviewed
See detailEnforcing privacy in e-commerce by balancing anonymity and trust
Bella, Giampaolo; Giustolisi, Rosario UL; Riccobene, Salvatore

in Computers & Security (2011), 30(8), 705-718

Detailed reference viewed: 68 (5 UL)