\n\n \n\n \n\n \n \n\n \n\n \n \n\n \n\n \n

\n generated by\n \n $\"bibbase.org\"\n$ \n \n

\n \n\n

\n\n

\n \n Group by\n \n \n
- \n Year\n
- \n Author\n
- \n Type\n
- \n Keyword\n
- \n Downloads\n
\n
\n \n \n \n \n
- \n \n Expand/Collapse All\n \n
- \n \n Download BibTeX\n \n
- \n \n RSS Feed\n \n
\n

\n\n\n

\n\n Excellent! Next you can\n create a new website with this list, or\n embed it in an existing web page by copying & pasting\n any of the following snippets.\n\n

\n JavaScript\n (easiest)\n

\n            <script src=\"https://bibbase.org/show?bib=https%3A%2F%2Fbibbase.org%2Fzotero-group%2Fhweffers%2F4530785&jsonp=1&jsonp=1\"></script>\n

\n\n PHP\n

\n            <?php\n            $contents = file_get_contents(\"https://bibbase.org/show?bib=https%3A%2F%2Fbibbase.org%2Fzotero-group%2Fhweffers%2F4530785&jsonp=1\");\n            print_r($contents);\n            ?>\n

\n\n iFrame\n (not recommended)\n

\n            <iframe src=\"https://bibbase.org/show?bib=https%3A%2F%2Fbibbase.org%2Fzotero-group%2Fhweffers%2F4530785&jsonp=1\"></iframe>\n

\n\n

\n For more details see the documention.\n

\n\n

\n\n This is a preview! To use this list on your own web site\n or create a new web site from it,\n create a free account. The file will be added\n and you will be able to edit it in the File Manager.\n We will show you instructions once you've created your account.\n

\n\n

To the site owner:

\n\n

Action required! Mendeley is changing its\n API. In order to keep using Mendeley with BibBase past April\n 14th, you need to:\n

renew the authorization for BibBase on Mendeley, and
update the BibBase URL\n in your page the same way you did when you initially set up\n this page.\n

\n\n

\n \n \n Fix it now\n

\n\n

\n\n\n

\n \n \n

\n \n 2023\n \n \n (5)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n An IoT Attack Detection Framework Leveraging Graph Neural Networks.\n \n \n \n \n\n\n \n Bibi, I.; Ozcelebi, T.; and Meratnia, N.\n\n\n \n\n\n\n In Dao, N.; Thinh, T. N.; and Nguyen, N. T., editor(s), Intelligence of Things: Technologies and Applications, volume 188, pages 225–236. Springer Nature Switzerland, Cham, 2023.\n Series Title: Lecture Notes on Data Engineering and Communications Technologies\n\n\n\n
\n\n\n\n \n \n $\"An$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@incollection{dao_iot_2023,\n\taddress = {Cham},\n\ttitle = {An {IoT} {Attack} {Detection} {Framework} {Leveraging} {Graph} {Neural} {Networks}},\n\tvolume = {188},\n\tisbn = {978-3-031-46748-6 978-3-031-46749-3},\n\turl = {https://link.springer.com/10.1007/978-3-031-46749-3_22},\n\tlanguage = {en},\n\turldate = {2024-02-02},\n\tbooktitle = {Intelligence of {Things}: {Technologies} and {Applications}},\n\tpublisher = {Springer Nature Switzerland},\n\tauthor = {Bibi, Iram and Ozcelebi, Tanir and Meratnia, Nirvana},\n\teditor = {Dao, Nhu-Ngoc and Thinh, Tran Ngoc and Nguyen, Ngoc Thanh},\n\tyear = {2023},\n\tdoi = {10.1007/978-3-031-46749-3_22},\n\tnote = {Series Title: Lecture Notes on Data Engineering and Communications Technologies},\n\tpages = {225--236},\n}\n\n\n\n\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images.\n \n \n \n \n\n\n \n Gustafson, E.; Grosen, P.; Redini, N.; Jha, S.; Continella, A.; Wang, R.; Fu, K.; Rampazzi, S.; Kruegel, C.; and Vigna, G.\n\n\n \n\n\n\n In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, pages 32–45, Hong Kong China, October 2023. ACM\n \n\n\n\n
\n\n\n\n \n \n $\"Shimware:$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 1 download\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{gustafson_shimware_2023,\n\taddress = {Hong Kong China},\n\ttitle = {Shimware: {Toward} {Practical} {Security} {Retrofitting} for {Monolithic} {Firmware} {Images}},\n\tisbn = {9798400707650},\n\tshorttitle = {Shimware},\n\turl = {https://dl.acm.org/doi/10.1145/3607199.3607217},\n\tdoi = {10.1145/3607199.3607217},\n\tlanguage = {en},\n\turldate = {2024-02-02},\n\tbooktitle = {Proceedings of the 26th {International} {Symposium} on {Research} in {Attacks}, {Intrusions} and {Defenses}},\n\tpublisher = {ACM},\n\tauthor = {Gustafson, Eric and Grosen, Paul and Redini, Nilo and Jha, Saagar and Continella, Andrea and Wang, Ruoyu and Fu, Kevin and Rampazzi, Sara and Kruegel, Christopher and Vigna, Giovanni},\n\tmonth = oct,\n\tyear = {2023},\n\tpages = {32--45},\n}\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n HoneyKube: Designing and Deploying a Microservices-based Web Honeypot.\n \n \n \n \n\n\n \n Gupta, C.; van Ede, T.; and Continella, A.\n\n\n \n\n\n\n In Proceedings of the SecWeb Workshop (SecWeb), 2023. \n \n\n\n\n
\n\n\n\n \n \n $\"HoneyKube:$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 1 download\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{gupta_honeykube_2023,\n\ttitle = {{HoneyKube}: {Designing} and {Deploying} a {Microservices}-based {Web} {Honeypot}},\n\turl = {https://ris.utwente.nl/ws/portalfiles/portal/303815192/main.pdf},\n\tbooktitle = {Proceedings of the {SecWeb} {Workshop} ({SecWeb})},\n\tauthor = {Gupta, Chakshu and van Ede, Thijs and Continella, Andrea},\n\tyear = {2023},\n}\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n AoT - Attack on Things: A security analysis of IoT ﬁrmware updates.\n \n \n \n \n\n\n \n Ibrahim, M.; Continella, A.; and Bianchi, A.\n\n\n \n\n\n\n In 2023. \n \n\n\n\n
\n\n\n\n \n \n $\"AoT$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{ibrahim_aot_2023,\n\ttitle = {{AoT} - {Attack} on {Things}: {A} security analysis of {IoT} ﬁrmware updates},\n\turl = {https://research.utwente.nl/files/303815289/main.pdf},\n\tabstract = {IoT devices implement ﬁrmware update mechanisms to ﬁx security issues and deploy new features. These mechanisms are often triggered and mediated by mobile companion apps running on the users’ smartphones. While it is crucial to update devices, these mechanisms may cause critical security ﬂaws if they are not implemented correctly. Given their relevance, in this paper, we perform a systematic security analysis of the ﬁrmware update mechanisms adopted by IoT devices via their companion apps. First, we deﬁne a threat model for IoT ﬁrmware updates, and we categorize the different potential security issues affecting them. Then, we analyze 23 popular IoT devices (and corresponding companion apps) to identify vulnerable devices and the SDKs that such devices use to implement the update functionality. Our analysis reveals that 6 popular SDKs present dangerous security ﬂaws. Additionally, we ﬁngerprint each vulnerable SDK and we leverage our ﬁngerprints to perform a largescale analysis of companion apps from the Google Play Store. Our results show that 61 popular devices and 1,356 apps rely on vulnerable SDKs, thus, they potentially adopt an insecure ﬁrmware update mechanism.},\n\tlanguage = {en},\n\tauthor = {Ibrahim, Muhammad and Continella, Andrea and Bianchi, Antonio},\n\tyear = {2023},\n}\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Privacy-Preserving Multi-Party Access Control for Third-Party UAV Services.\n \n \n \n \n\n\n \n George, D. R.; Sciancalepore, S.; and Zannone, N.\n\n\n \n\n\n\n In Proceedings of the 28th ACM Symposium on Access Control Models and Technologies, pages 19–30, Trento Italy, May 2023. ACM\n \n\n\n\n
\n\n\n\n \n \n $\"Privacy-Preserving$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{george_privacy-preserving_2023,\n\taddress = {Trento Italy},\n\ttitle = {Privacy-{Preserving} {Multi}-{Party} {Access} {Control} for {Third}-{Party} {UAV} {Services}},\n\tisbn = {9798400701733},\n\turl = {https://dl.acm.org/doi/10.1145/3589608.3593837},\n\tdoi = {10.1145/3589608.3593837},\n\tlanguage = {en},\n\turldate = {2023-05-31},\n\tbooktitle = {Proceedings of the 28th {ACM} {Symposium} on {Access} {Control} {Models} and {Technologies}},\n\tpublisher = {ACM},\n\tauthor = {George, Dominik Roy and Sciancalepore, Savio and Zannone, Nicola},\n\tmonth = may,\n\tyear = {2023},\n\tpages = {19--30},\n}\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2022\n \n \n (7)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Cyber Resilience for the Internet of Things: Implementations with Resilience Engines and Attack Classifications.\n \n \n \n \n\n\n \n Alvarenga, E.; Brands, J. R.; Doliwa, P.; Den Hartog, J.; Kraft, E.; Medwed, M.; Nikov, V.; Renes, J.; Rosso, M.; Schneider, T.; and Veshchikov, N.\n\n\n \n\n\n\n IEEE Transactions on Emerging Topics in Computing,1–16. 2022.\n \n\n\n\n
\n\n\n\n \n \n $\"Cyber$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@article{alvarenga_cyber_2022,\n\ttitle = {Cyber {Resilience} for the {Internet} of {Things}: {Implementations} with {Resilience} {Engines} and {Attack} {Classifications}},\n\tissn = {2168-6750, 2376-4562},\n\tshorttitle = {Cyber {Resilience} for the {Internet} of {Things}},\n\turl = {https://ieeexplore.ieee.org/document/10003259/},\n\tdoi = {10.1109/TETC.2022.3231692},\n\tabstract = {Recently, the number of publicized attacks on IoT devices has noticeably grown. This is in part due to the increasing deployment of embedded systems into various domains, including critical infrastructure, which makes them a valuable asset and a compromise can cause significant damages. In this case, it is often required to send an engineer to manually recover the devices, as the attack leaves them out of reach of standard remote management solutions. To avoid this costly process, the concept of cyber resilience has gained traction in recent years in both academia and industry. Its core idea is to enable compromised devices to recover themselves to a trusted state without human intervention. Initial guidelines and architectures to realize cyber resilience have been published by standardization entities like NIST and TCG, and in multiple academic papers. While the initial works focused on guaranteed recovery, recent proposals included attack detection to speed up the recovery process. In this work, we build on top of these ideas and present an extended resilience architecture. We present new implementations of resilience engines with a focus on secure and reliable data acquisition for attack detection and classification. Our attack classification engine enables tailored, more efficient recovery responses.},\n\turldate = {2024-02-03},\n\tjournal = {IEEE Transactions on Emerging Topics in Computing},\n\tauthor = {Alvarenga, Eduardo and Brands, Jan R. and Doliwa, Peter and Den Hartog, Jerry and Kraft, Erik and Medwed, Marcel and Nikov, Ventzislav and Renes, Joost and Rosso, Martin and Schneider, Tobias and Veshchikov, Nikita},\n\tyear = {2022},\n\tpages = {1--16},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n PRM - Private Interference Discovery for IEEE 802.15. 4 Networks.\n \n \n \n \n\n\n \n George, D. R.; and Sciancalepore, S.\n\n\n \n\n\n\n In 2022 IEEE Conference on Communications and Network Security (CNS), pages 136–144, 2022. \n \n\n\n\n
\n\n\n\n \n \n $\"PRM$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{george_prm_2022,\n\ttitle = {{PRM} - {Private} {Interference} {Discovery} for {IEEE} 802.15. 4 {Networks}},\n\turl = {https://doi.org/10.1109/CNS56114.2022.9947236},\n\tdoi = {10.1109/CNS56114.2022.9947236},\n\tabstract = {Due to the mobile and pervasive nature of IoT networks, even more frequently, multiple IoT networks managed by different network administrators share the same spectrum and operate in the same area, leading to packet losses and degradation of the Quality of Service (QoS). Assuming the use of the widespread IEEE 802.15.4 communication technology, the most straightforward solution would be to allow the networks to share the local Radio Scheduling Table (RST) to optimize channel access. However, exchanging the RST can leak several key information, such as the topology of the network, the number of devices, and the channel access patterns. To address such problems, we present PRM, the first scheme for discovering in advance potential interferences among IEEE 802.15.4 networks, without exposing the whole RST to untrusted parties. Our solution adapts a protocol for Private Set Intersection, while combining it with an innovative iterative set division algorithm, making the whole solution feasible on constrained devices of the IoT domain. Our experimental performance assessment, carried out on heterogeneous devices, shows that PRM can discover colliding channel assignments in less than 1 sec. on more capable embedded devices (e.g., the Raspberry PI), while also being feasible for more constrained platforms (e.g., the ESPCopter), depending on the amount of used radio resources.},\n\tbooktitle = {2022 {IEEE} {Conference} on {Communications} and {Network} {Security} ({CNS})},\n\tauthor = {George, Dominik Roy and Sciancalepore, Savio},\n\tyear = {2022},\n\tkeywords = {IEEE 802.15 Standard, Interference, IoT Security, Network topology, Packet loss, Performance evaluation, Privacy-Enhancing Technologies, Private Set Intersection, Protocols, Quality of service},\n\tpages = {136--144},\n}\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n Privacy-Preserving Trajectory Matching on Autonomous Unmanned Aerial Vehicles.\n \n \n \n\n\n \n Sciancalepore, S.; and George, D. R.\n\n\n \n\n\n\n In Proceedings of the 38th Annual Computer Security Applications Conference, 2022. \n \n\n\n\n
\n\n\n\n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{sciancalepore_privacy-preserving_2022,\n\ttitle = {Privacy-{Preserving} {Trajectory} {Matching} on {Autonomous} {Unmanned} {Aerial} {Vehicles}},\n\tdoi = {https://doi.org/10.1145/3564625.3564626},\n\tbooktitle = {Proceedings of the 38th {Annual} {Computer} {Security} {Applications} {Conference}},\n\tauthor = {Sciancalepore, Savio and George, Dominik Roy},\n\tyear = {2022},\n}\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behaviour profiles.\n \n \n \n \n\n\n \n Luca Morgese Zangrandi; Thijs van Ede; Tim Booij; Savio Sciancalepore; Luca Allodi; and Andrea Continella\n\n\n \n\n\n\n In 2022. Association for Computing Machinery\n \n\n\n\n
\n\n\n\n \n \n $\"Stepping$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{luca_morgese_zangrandi_stepping_2022,\n\ttitle = {Stepping out of the {MUD}: {Contextual} threat information for {IoT} devices with manufacturer-provided behaviour profiles},\n\turl = {https://vm-thijs.ewi.utwente.nl/static/homepage/papers/mudscope.pdf},\n\tpublisher = {Association for Computing Machinery},\n\tauthor = {{Luca Morgese Zangrandi} and {Thijs van Ede} and {Tim Booij} and {Savio Sciancalepore} and {Luca Allodi} and {Andrea Continella}},\n\tyear = {2022},\n}\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n On proportionality in the data protection jurisprudence of the CJEU.\n \n \n \n \n\n\n \n Dalla Corte, L.\n\n\n \n\n\n\n International Data Privacy Law,ipac014. July 2022.\n \n\n\n\n
\n\n\n\n \n \n $\"On$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@article{dalla_corte_proportionality_2022,\n\ttitle = {On proportionality in the data protection jurisprudence of the {CJEU}},\n\tissn = {2044-3994},\n\turl = {https://doi.org/10.1093/idpl/ipac014},\n\tdoi = {10.1093/idpl/ipac014},\n\turldate = {2022-07-27},\n\tjournal = {International Data Privacy Law},\n\tauthor = {Dalla Corte, Lorenzo},\n\tmonth = jul,\n\tyear = {2022},\n\tpages = {ipac014},\n}\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Cybercrime on the menu? Examining cafeteria-style offending among financially motivated cybercriminals.\n \n \n \n \n\n\n \n Leukfeldt, E. R.; and Holt, T. J.\n\n\n \n\n\n\n Computers in Human Behavior, 126: 106979. January 2022.\n \n\n\n\n
\n\n\n\n \n \n $\"Cybercrime$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@article{leukfeldt_cybercrime_2022,\n\ttitle = {Cybercrime on the menu? {Examining} cafeteria-style offending among financially motivated cybercriminals},\n\tvolume = {126},\n\tissn = {0747-5632},\n\tshorttitle = {Cybercrime on the menu?},\n\turl = {https://www.sciencedirect.com/science/article/pii/S0747563221003022},\n\tdoi = {10.1016/j.chb.2021.106979},\n\tabstract = {Criminologists have frequently debated whether offenders are specialists, in that they consistently perform either one offense or similar offenses, or versatile by performing any crime based on opportunities and situational provocations. Such foundational research has yet to be developed regarding cybercrimes, or offenses enabled by computer technology and the Internet. This study address this issue using a sample of 37 offender networks. The results show variations in the offending behaviors of those involved in cybercrime. Almost half of the offender networks in this sample appeared to be cybercrime specialists, in that they only performed certain forms of cybercrime. The other half performed various types of crimes on and offline. The relative equity in specialization relative to versatility, particularly in both on and offline activities, suggests that there may be limited value in treating cybercriminals as a distinct offender group. Furthermore, this study calls to question what factors influence an offender's pathway into cybercrime, whether as a specialized or versatile offender. The actors involved in cybercrime networks, whether as specialists or generalists, were enmeshed into broader online offender networks who may have helped recognize and act on opportunities to engage in phishing, malware, and other economic offenses.},\n\tlanguage = {en},\n\turldate = {2022-01-26},\n\tjournal = {Computers in Human Behavior},\n\tauthor = {Leukfeldt, Eric Rutger and Holt, Thomas J.},\n\tmonth = jan,\n\tyear = {2022},\n\tkeywords = {Cafeteria-style offending, Criminal network, Cybercrime, Malware, Organized crime, Phishing},\n\tpages = {106979},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information.\n \n \n \n \n\n\n \n Sciancalepore, S.; and Zannone, N.\n\n\n \n\n\n\n The 37th ACM/SIGAPP Symposium on Applied Computing (SAC ’22),10. January 2022.\n \n\n\n\n
\n\n\n\n \n \n $\"PICO:$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@article{sciancalepore_pico_2022,\n\ttitle = {{PICO}: {Privacy}-{Preserving} {Access} {Control} in {IoT} {Scenarios} through {Incomplete} {Information}},\n\turl = {https://intersct.nl/wp-content/uploads/2022/01/iot_ac_uncertainty-1.pdf},\n\tabstract = {Internet of Things (IoT) platforms typically require IoT devices and users to provide fine-grained information to determine whether access to resources and services can be granted. However, this information can be sensitive for users and its disclosure can lead to severe privacy threats, forcing users to decide between receiving a service or protecting their privacy. To close this gap, this work proposes PICO, a framework for privacy-preserving access control in IoT scenarios through incomplete information. PICO allows IoT devices to evaluate the privacy risks of disclosing the information needed to access a service and determine at which level of granularity such information can be disclosed. At the same time, PICO empowers IoT platforms to evaluate access control policies even when incomplete information is provided and possibly grant access to services based on a customized service-dependent risk factor. Through simulations using data from real IoT devices, we show the existence of a trade-off between privacy and energy consumption on IoT devices running PICO, and that more privacy can be achieved for such devices only by sacrificing a consistent portion of the overall energy capacity.},\n\tlanguage = {en},\n\tjournal = {The 37th ACM/SIGAPP Symposium on Applied Computing (SAC ’22)},\n\tauthor = {Sciancalepore, Savio and Zannone, Nicola},\n\tmonth = jan,\n\tyear = {2022},\n\tpages = {10},\n}\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2021\n \n \n (18)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n The thing doesn't have a name.\n \n \n \n \n\n\n \n Bouwmeester, B.; Turcios Rodriguez, E.; Gañán, C.; van Eeten, M.; and Parkin, S.\n\n\n \n\n\n\n Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021,493–512. 2021.\n Publisher: USENIX Association\n\n\n\n
\n\n\n\n \n \n $\"The$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@article{bouwmeester_thing_2021,\n\tseries = {Proceedings of the 17th {Symposium} on {Usable} {Privacy} and {Security}, {SOUPS} 2021},\n\ttitle = {The thing doesn't have a name},\n\tshorttitle = {“{The} thing doesn't have a name”},\n\turl = {http://www.scopus.com/inward/record.url?scp=85114464267&partnerID=8YFLogxK},\n\tabstract = {Many consumer Internet-of-Things (IoT) devices are, and will remain, subject to compromise, often without the owner's knowledge. Internet Service Providers (ISPs) are among the actors best-placed to coordinate the remediation of these problems. They receive infection data and can notify customers of recommended remediation actions. There is insufficient understanding of what happens in peoples' homes and businesses during attempts to remediate infected IoT devices. We coordinate with an ISP and conduct remote think-aloud observations with 17 customers who have an infected device, capturing their initial efforts to follow best-practice remediation steps. We identify real, personal consequences from wide-scale interventions which lack situated guidance for applying advice. Combining observations and thematic analysis, we synthesize the personal stories of the successes and struggles of these customers. Most participants think they were able to pinpoint the infected device; however, there were common issues such as not knowing how to comply with the recommended actions, remediations regarded as requiring excessive effort, a lack of feedback on success, and a perceived lack of support from device manufacturers. Only 4 of 17 participants were able to successfully complete all remediation steps. We provide recommendations relevant to various stakeholders, to focus where emergent interventions can be improved.},\n\turldate = {2022-01-26},\n\tjournal = {Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021},\n\tauthor = {Bouwmeester, Brennen and Turcios Rodriguez, E.R. and Gañán, Carlos and van Eeten, Michel and Parkin, Simon},\n\tyear = {2021},\n\tnote = {Publisher: USENIX Association},\n\tpages = {493--512},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Superspreaders: Quantifying the Role of IoT Manufacturers in Device Infections.\n \n \n \n \n\n\n \n Rodríguez, E.; Noroozian, A.; van Eeten, M.; and Gañán, C.\n\n\n \n\n\n\n Annual Workshop on the Economics on Information Security,18. 2021.\n \n\n\n\n
\n\n\n\n \n \n $\"Superspreaders:$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n \n \n 1 download\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@article{rodriguez_superspreaders_2021,\n\ttitle = {Superspreaders: {Quantifying} the {Role} of {IoT} {Manufacturers} in {Device} {Infections}},\n\turl = {https://weis2021.econinfosec.org/wp-content/uploads/sites/9/2021/06/weis21-rodriguez.pdf},\n\tabstract = {The inﬂux of insecure IoT devices into the consumer market can only be stemmed if manufacturers adopt more secure practices. It is unlikely that this will happen without government involvement. Developing effective regulation takes years. In the meantime, governments have an urgent need to engage manufacturers directly to stop the damage from getting worse. The problem is that there are many thousands of companies that produce IoT devices. Where to start? In this paper, we focus on identifying the most urgent class: the manufacturers of IoT devices that get compromised in the wild. To identify the manufacturers of infected IoT, we conducted active scanning of Mirai-infected devices. Over a period of 2 months, we collected Web-UI images and banners to identify device types and manufacturers. We identiﬁed 31,950 infected IoT devices in 68 countries produced by 70 unique manufacturers. We found that 9 vendors share almost 50\\% of the infections. This pattern is remarkably consistent across countries, notwithstanding the enormous variety of devices across markets. In terms of supporting customers, 53\\% of the 70 identiﬁed manufacturers offer ﬁrmware or software downloads on their websites, 43\\% provide some password changing procedure, and 26\\% of the manufacturers offer some advice to protect devices from attacks. Our ﬁndings suggest that targeting a small number of manufacturers can have a major impact on overall IoT security and that governments can join forces in these efforts, as they are often confronted with the same manufacturers.},\n\tlanguage = {en},\n\tjournal = {Annual Workshop on the Economics on Information Security},\n\tauthor = {Rodríguez, Elsa and Noroozian, Arman and van Eeten, Michel and Gañán, Carlos},\n\tyear = {2021},\n\tpages = {18},\n}\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Architecting System of Systems Solutions with Security and Data-Protection Principles.\n \n \n \n \n\n\n \n Khashooei, B. A.; Vasenev, A.; Kocademir, H. A.; and Mathijssen, R.\n\n\n \n\n\n\n In 2021 16th International Conference of System of Systems Engineering (SoSE), pages 43–48, June 2021. \n \n\n\n\n
\n\n\n\n \n \n $\"Architecting$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{khashooei_architecting_2021,\n\ttitle = {Architecting {System} of {Systems} {Solutions} with {Security} and {Data}-{Protection} {Principles}},\n\turl = {https://ieeexplore.ieee.org/document/9497461},\n\tdoi = {10.1109/SOSE52739.2021.9497461},\n\tabstract = {The rapid advancement of communication technology realized the dream of interconnected systems. In addition to enabling scalability and flexibility of solutions, this paradigm created new system design challenges. One such challenge is to holistically address security and privacy concerns of solutions early in design while respecting the system of systems context. This paper proposes a method for the concept design phase on how to create design alternatives with the help of security and data-protection principles. The outcome is a set of design concepts that reflect stakeholders' concerns and best practices.},\n\tbooktitle = {2021 16th {International} {Conference} of {System} of {Systems} {Engineering} ({SoSE})},\n\tauthor = {Khashooei, Behnam Asadi and Vasenev, Alexandr and Kocademir, Hasan Alper and Mathijssen, Roland},\n\tmonth = jun,\n\tyear = {2021},\n\tkeywords = {Best practices, Communications technology, Interconnected systems, Privacy, Scalability, Security, System of systems, security engineering, system architecting, system of systems},\n\tpages = {43--48},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Structured Traceability of Security and Privacy Principles for Designing Safe Automated Systems.\n \n \n \n \n\n\n \n Asadi Khashooei, B.; Vasenev, A.; and Kocademir, H. A.\n\n\n \n\n\n\n In Habli, I.; Sujan, M.; Gerasimou, S.; Schoitsch, E.; and Bitsch, F., editor(s), Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops, of Lecture Notes in Computer Science, pages 52–62, Cham, 2021. Springer International Publishing\n \n\n\n\n
\n\n\n\n \n \n $\"Structured$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{asadi_khashooei_structured_2021,\n\taddress = {Cham},\n\tseries = {Lecture {Notes} in {Computer} {Science}},\n\ttitle = {Structured {Traceability} of {Security} and {Privacy} {Principles} for {Designing} {Safe} {Automated} {Systems}},\n\tisbn = {978-3-030-83906-2},\n\turl = {https://link.springer.com/chapter/10.1007/978-3-030-83906-2_4},\n\tdoi = {10.1007/978-3-030-83906-2_4},\n\tabstract = {Creating modern safe automated systems like vehicles demands making them secure. With many diverse components addressing different needs, it is hard to trace and ensure the contributions of components to the overall security of systems. Principles, as high-level statements, can be used to reason how components contribute to security (and privacy) needs. This would help to design systems and products by aligning security and privacy concerns. The structure proposed in this positioning paper helps to make traceable links from stakeholders to specific technologies and system components. It aims at informing holistic discussions and reasoning on security approaches with stakeholders involved in the system development process. Ultimately, the traceable links can help to assist in aligning developers, create test cases, and provide certification claims - essential activities to ensure the final system is secure and safe.},\n\tlanguage = {en},\n\tbooktitle = {Computer {Safety}, {Reliability}, and {Security}. {SAFECOMP} 2021 {Workshops}},\n\tpublisher = {Springer International Publishing},\n\tauthor = {Asadi Khashooei, Behnam and Vasenev, Alexandr and Kocademir, Hasan Alper},\n\teditor = {Habli, Ibrahim and Sujan, Mark and Gerasimou, Simos and Schoitsch, Erwin and Bitsch, Friedemann},\n\tyear = {2021},\n\tkeywords = {Design traceability, Security analysis, System architecture, System security},\n\tpages = {52--62},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Can ISPs Help Mitigate IoT Malware? A Longitudinal Study of Broadband ISP Security Efforts.\n \n \n \n \n\n\n \n Noroozian, A.; Rodriguez, E. T.; Lastdrager, E.; Kasama, T.; Van Eeten, M.; and Gañán, C. H.\n\n\n \n\n\n\n In 2021 IEEE European Symposium on Security and Privacy (EuroS P), pages 337–352, 2021. \n \n\n\n\n
\n\n\n\n \n \n $\"Can$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{noroozian_can_2021,\n\ttitle = {Can {ISPs} {Help} {Mitigate} {IoT} {Malware}? {A} {Longitudinal} {Study} of {Broadband} {ISP} {Security} {Efforts}},\n\tshorttitle = {Can {ISPs} {Help} {Mitigate} {IoT} {Malware}?},\n\turl = {https://ieeexplore.ieee.org/document/9581172},\n\tdoi = {10.1109/EuroSP51992.2021.00031},\n\tabstract = {For the mitigation of compromised Internet of Things (IoT) devices we rely on Internet Service Providers (ISPs) and their users. Given that devices are in the hands of their subscribers, what can ISPs realistically do? This study examines the effects of ISP countermeasures on infections caused by variants of the notorious Mirai family of IoT malware, still among the dominant families. We collect and analyze more than 4 years of longitudinal darknet data tracking Mirai-like infections in conjunction with threat intelligence data on various other IoT and non-IoT botnets across the globe from January 2016 to May 2020. We measure the effect of two ISP countermeasures on Mirai variant infection numbers: (i) reducing the attack surface (i.e., closing ports that are used by the malware for propagation) and (ii) ISPs increasing their general network hygiene and malware removal efforts (as observed by proxy of the remediation of infections of other families of IoT and non-IoT malware and reductions in the number of DDoS amplifiers in their networks). We map our infection data to 342 broadband providers that have the bulk of the broadband market share in their respective 83 countries. We find that the number of infections correlates strongly with the number of ISP subscribers (\\$R{\\textasciicircum}2=0.55\\$). Yet, infection numbers can still vary by three orders of magnitude even for ISPs with comparable subscriber numbers. We observe that many ISPs, together with their subscribers, have reduced their attack surface for IoT compromise by blocking traffic to commonly-exploited infection vectors such as Telnet and FTP. We statistically estimate the impact of these reductions on infection levels and, counter-intuitively, find no significant impact. In contrast, we do find a significant impact for improving general network hygiene and best malware mitigation practices. ISPs that were more successful in reducing DDoS amplifiers and non-Mirai malware infections in their networks also end up with significantly lower Mirai infection rates. In other words, rather than investing in IoT-specific countermeasures like reducing the attack surface, our findings suggest that ISPs might be better off investing in general security efforts to improve network hygiene and clean up abuse.},\n\tbooktitle = {2021 {IEEE} {European} {Symposium} on {Security} and {Privacy} ({EuroS} {P})},\n\tauthor = {Noroozian, Arman and Rodriguez, Elsa Turcios and Lastdrager, Elmer and Kasama, Takahiro and Van Eeten, Michel and Gañán, Carlos H.},\n\tyear = {2021},\n\tkeywords = {Botnet, Broadband amplifiers, Countermeasure, ISP, Internet of Things, IoT, Malware, Mirai, Remediation, Security, Surface cleaning, Web and internet services},\n\tpages = {337--352},\n}\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n

\n For the mitigation of compromised Internet of Things (IoT) devices we rely on Internet Service Providers (ISPs) and their users. Given that devices are in the hands of their subscribers, what can ISPs realistically do? This study examines the effects of ISP countermeasures on infections caused by variants of the notorious Mirai family of IoT malware, still among the dominant families. We collect and analyze more than 4 years of longitudinal darknet data tracking Mirai-like infections in conjunction with threat intelligence data on various other IoT and non-IoT botnets across the globe from January 2016 to May 2020. We measure the effect of two ISP countermeasures on Mirai variant infection numbers: (i) reducing the attack surface (i.e., closing ports that are used by the malware for propagation) and (ii) ISPs increasing their general network hygiene and malware removal efforts (as observed by proxy of the remediation of infections of other families of IoT and non-IoT malware and reductions in the number of DDoS amplifiers in their networks). We map our infection data to 342 broadband providers that have the bulk of the broadband market share in their respective 83 countries. We find that the number of infections correlates strongly with the number of ISP subscribers ($R{\\textasciicircum}2=0.55$). Yet, infection numbers can still vary by three orders of magnitude even for ISPs with comparable subscriber numbers. We observe that many ISPs, together with their subscribers, have reduced their attack surface for IoT compromise by blocking traffic to commonly-exploited infection vectors such as Telnet and FTP. We statistically estimate the impact of these reductions on infection levels and, counter-intuitively, find no significant impact. In contrast, we do find a significant impact for improving general network hygiene and best malware mitigation practices. ISPs that were more successful in reducing DDoS amplifiers and non-Mirai malware infections in their networks also end up with significantly lower Mirai infection rates. In other words, rather than investing in IoT-specific countermeasures like reducing the attack surface, our findings suggest that ISPs might be better off investing in general security efforts to improve network hygiene and clean up abuse.\n

\n\n\n

\n \n\n \n \n \n \n \n \n Dark and Bright Patterns in Cookie Consent Requests.\n \n \n \n \n\n\n \n Graßl, P.; Schraffenberger, H.; Borgesius, F. Z.; and Buijzen, M.\n\n\n \n\n\n\n Journal of Digital Social Research, 3(1): 1–38. August 2021.\n Number: 1\n\n\n\n
\n\n\n\n \n \n $\"Dark$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n\n\n\n

@article{grasl_dark_2021,\n\ttitle = {Dark and {Bright} {Patterns} in {Cookie} {Consent} {Requests}},\n\tvolume = {3},\n\tcopyright = {Copyright (c) 2021 Paul Graßl, Hanna Schraffenberger, Frederik Zuiderveen Borgesius, Moniek Buijzen},\n\tissn = {2003-1998},\n\turl = {https://jdsr.se/ojs/index.php/jdsr/article/view/54},\n\tdoi = {10.33621/jdsr.v3i1.54},\n\tabstract = {Dark patterns are (evil) design nudges that steer people’s behaviour through persuasive interface design. Increasingly found in cookie consent requests, they possibly undermine principles of EU privacy law. In two preregistered online experiments we investigated the effects of three common design nudges (default, aesthetic manipulation, obstruction) on users’ consent decisions and their perception of control over their personal data in these situations. In the first experiment (N = 228) we explored the effects of design nudges towards the privacy-unfriendly option (dark patterns). The experiment revealed that most participants agreed to all consent requests regardless of dark design nudges. Unexpectedly, despite generally low levels of perceived control, obstructing the privacy-friendly option led to more rather than less perceived control. In the second experiment (N = 255) we reversed the direction of the design nudges towards the privacy-friendly option, which we title “bright patterns”. This time the obstruction and default nudges swayed people effectively towards the privacy-friendly option, while the result regarding perceived control stayed the same compared to Experiment 1. Overall, our findings suggest that many current implementations of cookie consent requests do not enable meaningful choices by internet users, and are thus not in line with the intention of the EU policymakers. We also explore how policymakers could address the problem.},\n\tlanguage = {en},\n\tnumber = {1},\n\turldate = {2022-01-26},\n\tjournal = {Journal of Digital Social Research},\n\tauthor = {Graßl, Paul and Schraffenberger, Hanna and Borgesius, Frederik Zuiderveen and Buijzen, Moniek},\n\tmonth = aug,\n\tyear = {2021},\n\tnote = {Number: 1},\n\tkeywords = {ePrivacy Regulation},\n\tpages = {1--38},\n}\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Toward a Secure Crowdsourced Location Tracking System.\n \n \n \n \n\n\n \n Garg, C.; Machiry, A.; Continella, A.; Kruegel, C.; and Vigna, G.\n\n\n \n\n\n\n In 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pages 311–322, June 2021. \n \n\n\n\n
\n\n\n\n \n \n $\"Toward$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{garg_toward_2021,\n\ttitle = {Toward a {Secure} {Crowdsourced} {Location} {Tracking} {System}},\n\turl = {https://research.utwente.nl/en/publications/toward-a-secure-crowdsourced-location-tracking-system},\n\tdoi = {10.1145/3448300.3467821},\n\tlanguage = {English},\n\turldate = {2022-01-26},\n\tbooktitle = {14th {ACM} {Conference} on {Security} and {Privacy} in {Wireless} and {Mobile} {Networks} ({WiSec})},\n\tauthor = {Garg, Chinmay and Machiry, Aravind and Continella, Andrea and Kruegel, Christopher and Vigna, Giovanni},\n\tmonth = jun,\n\tyear = {2021},\n\tpages = {311--322},\n}\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory.\n \n \n \n \n\n\n \n Meijaard, Y.; Meiler, P.; and Allodi, L.\n\n\n \n\n\n\n In pages 178–190, 2021. IEEE Computer Society\n \n\n\n\n
\n\n\n\n \n \n $\"Modelling$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{meijaard_modelling_2021,\n\ttitle = {Modelling {Disruptive} {APTs} targeting {Critical} {Infrastructure} using {Military} {Theory}},\n\tisbn = {978-1-66541-012-0},\n\turl = {https://www.computer.org/csdl/proceedings-article/euros&pw/2021/999900a178/1y63lcSC3qU},\n\tdoi = {10.1109/EuroSPW54576.2021.00026},\n\tabstract = {Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender\\&\\#x2019;s critical infrastructure, processes and societal function.},\n\tlanguage = {English},\n\turldate = {2022-01-26},\n\tpublisher = {IEEE Computer Society},\n\tauthor = {Meijaard, Yoram and Meiler, Peter-Paul and Allodi, Luca},\n\tyear = {2021},\n\tpages = {178--190},\n}\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Dissecting Social Engineering Attacks Through the Lenses of Cognition.\n \n \n \n \n\n\n \n Burda, P.; Allodi, L.; and Zannone, N.\n\n\n \n\n\n\n In pages 149–160, 2021. IEEE Computer Society\n \n\n\n\n
\n\n\n\n \n \n $\"Dissecting$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{burda_dissecting_2021,\n\ttitle = {Dissecting {Social} {Engineering} {Attacks} {Through} the {Lenses} of {Cognition}},\n\tisbn = {978-1-66541-012-0},\n\turl = {https://www.computer.org/csdl/proceedings-article/euros&pw/2021/999900a149/1y63kTlpFpC},\n\tdoi = {10.1109/EuroSPW54576.2021.00024},\n\tabstract = {In this paper we present, showcase, and analize a novel framework to dissect Social Engineering (SE) attacks. The framework is based on extant theories in the cognitive sciences, and is meant as an instrument for researchers and practitioners alike to structure and analyze SE attacks of varying sophistication, isolating specific features and their effects at the cognitive level, and providing a common structure for comparisons across different attacks. We showcase the framework against attacks reproduced in the academic literature as well as against real (highly-targeted) SE attacks reported in the wild, isolating and relating effects and techniques adopted by the attackers to the target\\&\\#x2019;s cognitive process. We discuss implications for research and practice of the proposed framework.},\n\tlanguage = {English},\n\turldate = {2022-01-26},\n\tpublisher = {IEEE Computer Society},\n\tauthor = {Burda, Pavlo and Allodi, Luca and Zannone, Nicola},\n\tyear = {2021},\n\tpages = {149--160},\n}\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Combining Text and Visual Features to Improve the Identification of Cloned Webpages for Early Phishing Detection.\n \n \n \n \n\n\n \n van Dooremaal, B.; Burda, P.; Allodi, L.; and Zannone, N.\n\n\n \n\n\n\n In The 16th International Conference on Availability, Reliability and Security, of ARES 2021, pages 1–10, New York, NY, USA, August 2021. Association for Computing Machinery\n \n\n\n\n
\n\n\n\n \n \n $\"Combining$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{van_dooremaal_combining_2021,\n\taddress = {New York, NY, USA},\n\tseries = {{ARES} 2021},\n\ttitle = {Combining {Text} and {Visual} {Features} to {Improve} the {Identification} of {Cloned} {Webpages} for {Early} {Phishing} {Detection}},\n\tisbn = {978-1-4503-9051-4},\n\turl = {https://doi.org/10.1145/3465481.3470112},\n\tdoi = {10.1145/3465481.3470112},\n\tabstract = {Phishing attacks arrive in high numbers and often spread quickly, meaning that after-the-fact countermeasures such as domain blacklisting are limited in efficacy. Visual similarity-based approaches have the potential of detecting previously unseen phishing webpages. These approaches, however, require identifying the legitimate webpage(s) they reproduce. Existing approaches rely on textual feature analysis for target identification, with misclassification rates of approximately 1\\%; however, as most websites a user might visit are legitimate, additional research is needed to further reduce classification errors. In this work, we propose a novel method for target identification that relies on both visual features (extracted from a screenshot of the web page) and textual features (extracted from the DOM of the web page) to identify which website a phishing web page is replicating, and assess its effectiveness in detecting phishing websites using data from phishing aggregators such as OpenPhish, PhishTank and PhishStats. Compared to state-of-the-art text-based classifiers, our method reduces the phishing misclassification rate by 67\\% (from 1.02\\% to 0.34\\%), for an accuracy of 99.66\\%. This work provides a further step forwards toward semi-automated decision support systems for phishing detection.},\n\turldate = {2022-01-26},\n\tbooktitle = {The 16th {International} {Conference} on {Availability}, {Reliability} and {Security}},\n\tpublisher = {Association for Computing Machinery},\n\tauthor = {van Dooremaal, Bram and Burda, Pavlo and Allodi, Luca and Zannone, Nicola},\n\tmonth = aug,\n\tyear = {2021},\n\tkeywords = {Phishing Detection, Target Identification, Visual Features},\n\tpages = {1--10},\n}\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Heterogeneity in trajectories of cybercriminals: A longitudinal analyses of web defacements.\n \n \n \n \n\n\n \n van de Weijer, S. G. A.; Holt, T. J.; and Leukfeldt, E. R.\n\n\n \n\n\n\n Computers in Human Behavior Reports, 4: 100113. August 2021.\n \n\n\n\n
\n\n\n\n \n \n $\"Heterogeneity$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@article{van_de_weijer_heterogeneity_2021,\n\ttitle = {Heterogeneity in trajectories of cybercriminals: {A} longitudinal analyses of web defacements},\n\tvolume = {4},\n\tissn = {2451-9588},\n\tshorttitle = {Heterogeneity in trajectories of cybercriminals},\n\turl = {https://www.sciencedirect.com/science/article/pii/S2451958821000610},\n\tdoi = {10.1016/j.chbr.2021.100113},\n\tabstract = {Longitudinal criminological studies greatly improved our understanding of the longitudinal patterns of criminality. These studies, however, focused almost exclusively on traditional types of offending and it is therefore unclear whether results are generalizable to online types of offending. This study attempted to identify the developmental trajectories of active hackers who perform web defacements. The data for this study consisted of 2,745,311 attacks performed by 66,553 hackers and reported to Zone-H between January 2010 and March 2017. Semi-parametric group-based trajectory models were used to distinguish six different groups of hackers based on the timing and frequency of their defacements. The results demonstrated some common relationships to traditional types of crime, as a small population of defacers accounted for the majority of defacements against websites. Additionally, the methods and targeting practices of defacers differed based on the frequency with which they performed defacements generally.},\n\tlanguage = {en},\n\turldate = {2022-01-26},\n\tjournal = {Computers in Human Behavior Reports},\n\tauthor = {van de Weijer, Steve G. A. and Holt, Thomas J. and Leukfeldt, E. Rutger},\n\tmonth = aug,\n\tyear = {2021},\n\tkeywords = {Cybercrime, Hacking, Trajectories, Web defacements, Zone-H},\n\tpages = {100113},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n SoK: Enabling Security Analyses of Embedded Systems via Rehosting.\n \n \n \n \n\n\n \n Fasano, A.; Ballo, T.; Muench, M.; Leek, T.; Bulekov, A.; Dolan-Gavitt, B.; Egele, M.; Francillon, A.; Lu, L.; Gregory, N.; Balzarotti, D.; and Robertson, W.\n\n\n \n\n\n\n In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pages 687–701. Association for Computing Machinery, New York, NY, USA, May 2021.\n \n\n\n\n
\n\n\n\n \n \n $\"SoK:$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n \n \n 24 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@incollection{fasano_sok_2021,\n\taddress = {New York, NY, USA},\n\ttitle = {{SoK}: {Enabling} {Security} {Analyses} of {Embedded} {Systems} via {Rehosting}},\n\tisbn = {978-1-4503-8287-8},\n\tshorttitle = {{SoK}},\n\turl = {https://doi.org/10.1145/3433210.3453093},\n\tabstract = {Closely monitoring the behavior of a software system during its execution enables developers and analysts to observe, and ultimately understand, how it works. This kind of dynamic analysis can be instrumental to reverse engineering, vulnerability discovery, exploit development, and debugging. While these analyses are typically well-supported for homogeneous desktop platforms (e.g., x86 desktop PCs), they can rarely be applied in the heterogeneous world of embedded systems. One approach to enable dynamic analyses of embedded systems is to move software stacks from physical systems into virtual environments that sufficiently model hardware behavior. This process which we call "rehosting" poses a significant research challenge with major implications for security analyses. Although rehosting has traditionally been an unscientific and ad-hoc endeavor undertaken by domain experts with varying time and resources at their disposal, researchers are beginning to address rehosting challenges systematically and in earnest. In this paper, we establish that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and present rehosting as a firmware-centric alternative. Furthermore, we taxonomize preliminary rehosting efforts, identify the fundamental components of the rehosting process, and propose directions for future research.},\n\turldate = {2022-01-26},\n\tbooktitle = {Proceedings of the 2021 {ACM} {Asia} {Conference} on {Computer} and {Communications} {Security}},\n\tpublisher = {Association for Computing Machinery},\n\tauthor = {Fasano, Andrew and Ballo, Tiemoko and Muench, Marius and Leek, Tim and Bulekov, Alexander and Dolan-Gavitt, Brendan and Egele, Manuel and Francillon, Aurélien and Lu, Long and Gregory, Nick and Balzarotti, Davide and Robertson, William},\n\tmonth = may,\n\tyear = {2021},\n\tkeywords = {dynamic program analysis, embedded systems, emulation, firmware security, internet of things, rehosting, virtualization},\n\tpages = {687--701},\n}\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks.\n \n \n \n \n\n\n \n Ragab, H.; Barberis, E.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In pages 1451–1468, 2021. \n \n\n\n\n
\n\n\n\n \n \n $\"Rage$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 338 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@inproceedings{ragab_rage_2021,\n\ttitle = {Rage {Against} the {Machine} {Clear}: {A} {Systematic} {Analysis} of {Machine} {Clears} and {Their} {Implications} for {Transient} {Execution} {Attacks}},\n\tisbn = {978-1-939133-24-3},\n\tshorttitle = {Rage {Against} the {Machine} {Clear}},\n\turl = {https://www.usenix.org/conference/usenixsecurity21/presentation/ragab},\n\tlanguage = {en},\n\turldate = {2022-01-26},\n\tauthor = {Ragab, Hany and Barberis, Enrico and Bos, Herbert and Giuffrida, Cristiano},\n\tyear = {2021},\n\tpages = {1451--1468},\n}\n\n\n\n\n\n\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale.\n \n \n \n \n\n\n \n Pletinckx, S.; Borgolte, K.; and Fiebig, T.\n\n\n \n\n\n\n In Proc. of ACM Computer and Communication Security, pages 21–35, Virtual, November 2021. ACM\n \n\n\n\n
\n\n\n\n \n \n $\"Out$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n\n\n\n

@inproceedings{pletinckx_out_2021,\n\taddress = {Virtual},\n\ttitle = {Out of {Sight}, {Out} of {Mind}: {Detecting} {Orphaned} {Web} {Pages} at {Internet}-{Scale}},\n\turl = {https://dl.acm.org/doi/abs/10.1145/3460120.3485367},\n\tdoi = {https://doi.org/10.1145/3460120.3485367},\n\tabstract = {Security misconfigurations and neglected updates commonly lead\nto systems being vulnerable. Especially in the context of websites,\nwe often find pages that were forgotten, that is, they were left online after they served their purpose and never updated thereafter.\nIn this paper, we introduce new methodology to detect such forgotten or orphaned web pages. We combine historic data from the\nInternet Archive with active measurements to identify pages no\nlonger reachable via a path from the index page, yet stay accessible\nthrough their specific URL. We show the efficacy of our approach\nand the real-world relevance of orphaned web-pages by applying\nit to a sample of 100,000 domains from the Tranco Top 1M.\nLeveraging our methodology, we find 1,953 pages on 907 unique\ndomains that are orphaned, some of which are 20 years old. Analyzing their security posture, we find that these pages are significantly (𝑝 {\\textless} 0.01 using 𝜒\n2\n) more likely to be vulnerable to crosssite scripting (XSS) and SQL injection (SQLi) vulnerabilities than\nmaintained pages. In fact, orphaned pages are almost ten times as\nlikely to suffer from XSS (19.3\\%) than maintained pages from a random Internet crawl (2.0\\%), and maintained pages of websites with\nsome orphans are almost three times as vulnerable (5.9\\%). Concerning SQLi, maintained pages on websites with some orphans\nare almost as vulnerable (9.5\\%) as orphans (10.8\\%), and both are\nsignificantly more likely to be vulnerable than other maintained\npages (2.7\\%). Overall, we see a clear hierarchy: Orphaned pages\nare the most vulnerable, followed by maintained pages on websites\nwith orphans, with fully maintained sites being least vulnerable.\nWe share an open source implementation of our methodology to\nenable the reproduction and application of our results in practice.},\n\tbooktitle = {Proc. of {ACM} {Computer} and {Communication} {Security}},\n\tpublisher = {ACM},\n\tauthor = {Pletinckx, Stijn and Borgolte, Kevin and Fiebig, Tobias},\n\tmonth = nov,\n\tyear = {2021},\n\tkeywords = {INTERSCT},\n\tpages = {21--35},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Mitigating Energy Depletion Attacks in IoT via Random Time-Slotted Channel Access.\n \n \n \n \n\n\n \n Sciancalepore, S.; Tedeschi, P.; Riasat, U.; and Di Pietro, R.\n\n\n \n\n\n\n In Proc. of IEEE Conference on Computer and Communications Security, Virtual, October 2021. IEEE\n \n\n\n\n
\n\n\n\n \n \n $\"Mitigating$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n\n\n\n

@inproceedings{sciancalepore_mitigating_2021,\n\taddress = {Virtual},\n\ttitle = {Mitigating {Energy} {Depletion} {Attacks} in {IoT} via {Random} {Time}-{Slotted} {Channel} {Access}},\n\turl = {https://intersct.nl/wp-content/uploads/2021/11/2021_Sciancalepore_CNS.pdf},\n\tabstract = {Energy depletion attacks represent a challenging\nthreat towards the secure and reliable deployment of low-power\nInternet of Things (IoT) networks. Indeed, by simply transmitting\ncanning standard-compliant packets to a target IoT device, an\nadversary can quickly exhaust target devices’ available energy\nand reduce network lifetime, leading to extensive Denial-ofService (DoS). Current solutions to tackle energy depletion attacks\nmainly rely on ex-post detection of the attack and the adoption\nof follow-up countermeasures. Still, the cited approaches cannot\nprevent external adversaries from sending wireless packets to\ntarget devices and draining down their energy budget.\nIn this paper, we present RTSCA, a novel countermeasure to\nenergy depletion attacks in IoT networks, that leverages Random\nTime-Slotted Channel Access. RTSCA randomizes channel access\noperations executed by a couple of directly-connected IoT devices\noperating through the IEEE 802.15.4 MAC, significantly reducing\nthe time window of opportunity for the attacker, with little-to-none\nenergy cost on legitimate IoT devices. RTSCA also includes a detection mechanism targeted to the recently-introduced Truncateafter-Preamble (TaP) energy depletion attacks, that leverages\nthe observation of error patterns in the received packets. We\ncarried out an extensive performance assessment campaign on\nreal Openmote-b IoT nodes, showing that RTSCA forces the\nadversary to behave as a (sub-optimal) reactive jammer to achieve\nenergy depletion attacks. In such a setting, the adversary has to\nspend between 42.5\\% and 55\\% more energy to carry out the\nattack, while at the same time having no deterministic chances\nof success},\n\tbooktitle = {Proc. of {IEEE} {Conference} on {Computer} and {Communications} {Security}},\n\tpublisher = {IEEE},\n\tauthor = {Sciancalepore, Savio and Tedeschi, Pietro and Riasat, Usman and Di Pietro, Roberto},\n\tmonth = oct,\n\tyear = {2021},\n\tkeywords = {INTERSCT, WP3},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n ARID – Anonymous Remote Identication of Unmanned Aerial Vehicles.\n \n \n \n \n\n\n \n Tedeschi, P.; Sciancalepore, S.; and Di Pietro, R.\n\n\n \n\n\n\n In Proc. of ACM Annual Computer Security Applications Conference (ACSAC), Virtual, December 2021. ACM\n \n\n\n\n
\n\n\n\n \n \n $\"ARID$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{tedeschi_arid_2021,\n\taddress = {Virtual},\n\ttitle = {{ARID} – {Anonymous} {Remote} {Identication} of {Unmanned} {Aerial} {Vehicles}},\n\turl = {https://intersct.nl/wp-content/uploads/2021/11/2021_Tedeschi_ACSAC.pdf},\n\tabstract = {To enable enhanced accountability of Unmanned Aerial Vehicles\n(UAVs) operations, the US-based Federal Avionics Administration\n(FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting\ntheir identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators,\nprimarily because of privacy issues derived by the indiscriminate\nbroadcast of the plain-text identity of the UAV on the wireless\nchannel.\nIn this paper, we propose ARID, a solution enabling RemoteIDcompliant Anonymous Remote Identification of UAVs. The adoption\nof ARID allows UAVs to broadcast RemoteID-compliant messages\nusing ephemeral pseudonyms that only a Trusted Authority, such\nas the FAA, can link to the long-term identifier of the UAV and its\noperator. Moreover, ARID also enforces UAV message authenticity,\nto protect UAVs against impersonation and spoofed reporting, while\nrequiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority,\nnot requiring the secure maintenance of any private database.\nWhile the security properties of ARID are thoroughly discussed\nand formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our\nsolution within the popular Poky Operating System, on top of the\nwidespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes\nonly ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ\nof energy. Finally, we also released the source code of ARID to foster\nfurther investigations and development by Academia, Industry, and practitioners},\n\tbooktitle = {Proc. of {ACM} {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC})},\n\tpublisher = {ACM},\n\tauthor = {Tedeschi, Pietro and Sciancalepore, Savio and Di Pietro, Roberto},\n\tmonth = dec,\n\tyear = {2021},\n\tkeywords = {INTERSCT, WP3, WP56},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Compromised through Compression – Privacy Implications of Smart Meter Traffic Analysis.\n \n \n \n \n\n\n \n Van Aubel, P.; and Poll, E.\n\n\n \n\n\n\n In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2021, volume 399, of LNICST, pages 317–337, Virtual, 2021. Springer\n \n\n\n\n
\n\n\n\n \n \n $\"Compromised$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{van_aubel_compromised_2021,\n\taddress = {Virtual},\n\tseries = {{LNICST}},\n\ttitle = {Compromised through {Compression} – {Privacy} {Implications} of {Smart} {Meter} {Traffic} {Analysis}},\n\tvolume = {399},\n\turl = {https://link.springer.com/chapter/10.1007%2F978-3-030-90022-9_16},\n\tdoi = {10.1007/978-3-030-90022-9_16},\n\tabstract = {Smart metering comes with risks to privacy. One concern is\nthe possibility of an attacker seeing the traffic that reports the energy use\nof a household and deriving private information from that. Encryption\nhelps to mask the actual energy measurements, but is not sufficient to\ncover all risks. One aspect which has yet gone unexplored – and where\nencryption does not help – is traffic analysis, i.e. whether the length of\nmessages communicating energy measurements can leak privacy-sensitive\ninformation to an observer. In this paper we examine whether using\nencodings or compression for smart metering data could potentially leak\ninformation about household energy use. Our analysis is based on the\nreal-world energy use data of ±80 Dutch households.\nWe find that traffic analysis could reveal information about the energy\nuse of individual households if compression is used. As a result, when\nmessages are sent daily, an attacker performing traffic analysis would\nbe able to determine when all the members of a household are away\nor not using electricity for an entire day. We demonstrate this issue by\nrecognizing when households from our dataset were on holiday. If messages are sent more often, more granular living patterns could likely be\ndetermined.\nWe propose a method of encoding the data that is nearly as effective as\ncompression at reducing message size, but does not leak the information\nthat compression leaks. By not requiring compression to achieve the best\npossible data savings, the risk of traffic analysis is eliminated.},\n\tbooktitle = {Lecture {Notes} of the {Institute} for {Computer} {Sciences}, {Social} {Informatics} and {Telecommunications} {Engineering} 2021},\n\tpublisher = {Springer},\n\tauthor = {Van Aubel, Pol and Poll, Erik},\n\tyear = {2021},\n\tkeywords = {INTERSCT, WP3, WP56},\n\tpages = {317--337},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n Similarity-Based Clustering For IoT Device Classification.\n \n \n \n\n\n \n Dupont, G.; Leite, C.; dos Santos, D. R.; Costante, E.; den Hartog, J.; and Etalle, S.\n\n\n \n\n\n\n In 2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS), pages 1–7, 2021. \n \n\n\n\n
\n\n\n\n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{dupont_similarity-based_2021,\n\ttitle = {Similarity-{Based} {Clustering} {For} {IoT} {Device} {Classification}},\n\tdoi = {10.1109/COINS51742.2021.9524201},\n\tabstract = {Classifying devices connected to an enterprise network is a fundamental security control that is nevertheless challenging due to the limitations of fingerprint-based classification and black-box machine learning. In this paper, we address such limitations by proposing a similarity-based clustering method. We evaluate our solution and compare it to a state-of-the-art fingerprint-based classification engine using data from 20,000 devices. The results show that we can successfully classify around half of the unclassified devices with a high accuracy. We also validate our approach with domain experts to demonstrate its usability in producing new fingerprinting rules.},\n\tbooktitle = {2021 {IEEE} {International} {Conference} on {Omni}-{Layer} {Intelligent} {Systems} ({COINS})},\n\tauthor = {Dupont, Guillaume and Leite, Cristoffer and dos Santos, Daniel Ricardo and Costante, Elisa and den Hartog, Jerry and Etalle, Sandro},\n\tyear = {2021},\n\tkeywords = {Classification, Clustering, Fingerprint recognition, INTERSCT, Internet of Things, Machine learning, Manuals, Performance evaluation, Process control, Reliability engineering, Semantics},\n\tpages = {1--7},\n}\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2020\n \n \n (5)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n The right to compensation of a competitor for a violation of the GDPR.\n \n \n \n \n\n\n \n Walree, T. F; and Wolters, P. T J\n\n\n \n\n\n\n International Data Privacy Law, 10(4): 346–355. November 2020.\n \n\n\n\n
\n\n\n\n \n \n $\"The$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@article{walree_right_2020,\n\ttitle = {The right to compensation of a competitor for a violation of the {GDPR}},\n\tvolume = {10},\n\tissn = {2044-3994},\n\turl = {https://doi.org/10.1093/idpl/ipaa018},\n\tdoi = {10.1093/idpl/ipaa018},\n\tabstract = {Key PointsAlthough the General Data Protection Regulation (GDPR) is primarily aimed at the protection of data subjects, competitors of the controller may also suffer damage due to an infringement.Article 82(1) of the GDPR stipulates that ‘any person’ shall have the right to receive compensation. It does not clarify whether a competitor can also invoke this right.At first sight, a right to compensation for competitors does not match the primary purpose of the GDPR.However, the GDPR also intends to advance the free movement of personal data, strengthen the protection of personal data, and harmonize data protection law. The right to compensation of competitors can make a meaningful contribution to these objectives.Furthermore, other provisions of European origin also allow enforcement by competitors.},\n\tnumber = {4},\n\turldate = {2022-01-26},\n\tjournal = {International Data Privacy Law},\n\tauthor = {Walree, Tim F and Wolters, Pieter T J},\n\tmonth = nov,\n\tyear = {2020},\n\tpages = {346--355},\n}\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n A Toolkit for Security Awareness Training Against Targeted Phishing.\n \n \n \n \n\n\n \n Pirocca, S.; Allodi, L.; and Zannone, N.\n\n\n \n\n\n\n In pages 137–159. December 2020.\n \n\n\n\n
\n\n\n\n \n \n $\"A$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n\n\n\n

@incollection{pirocca_toolkit_2020,\n\ttitle = {A {Toolkit} for {Security} {Awareness} {Training} {Against} {Targeted} {Phishing}},\n\tisbn = {978-3-030-65609-6},\n\turl = {https://www.researchgate.net/publication/347625933_A_Toolkit_for_Security_Awareness_Training_Against_Targeted_Phishing},\n\tabstract = {The attack landscape is evolving, and attackers are employing new techniques to launch increasingly targeted and sophisticated social engineering attacks that exploit human vulnerabilities. Many organizations provide their employees with security awareness training to counter and mitigate such threats. However, recent studies have shown that current embedded phishing training programs and tools are often ineffective or incapable of addressing modern, tailored social engineering attacks. This paper presents a toolkit for the deployment of sophisticated, tailored phishing campaigns at scale (e.g., to deploy specific training within an organization). We enable the use of highly customizable phishing email templates that can be instantiated with a large range of information about the specific target and a semi-automated process for the selection of the phishing domain name. We demonstrate our tool by showing how tailored phishing campaigns proposed in previous studies can be enhanced to increase the credibility of the phishing email, effectively addressing the very limitations identified in those studies.},\n\tauthor = {Pirocca, Simone and Allodi, Luca and Zannone, Nicola},\n\tmonth = dec,\n\tyear = {2020},\n\tdoi = {10.1007/978-3-030-65610-2_9},\n\tpages = {137--159},\n}\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers.\n \n \n \n \n\n\n \n Rosso, M.; Campobasso, M.; Gankhuyag, G.; and Allodi, L.\n\n\n \n\n\n\n In Annual Computer Security Applications Conference, of ACSAC '20, pages 141–153, New York, NY, USA, December 2020. Association for Computing Machinery\n \n\n\n\n
\n\n\n\n \n \n $\"SAIBERSOC:$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{rosso_saibersoc_2020,\n\taddress = {New York, NY, USA},\n\tseries = {{ACSAC} '20},\n\ttitle = {{SAIBERSOC}: {Synthetic} {Attack} {Injection} to {Benchmark} and {Evaluate} the {Performance} of {Security} {Operation} {Centers}},\n\tisbn = {978-1-4503-8858-0},\n\tshorttitle = {{SAIBERSOC}},\n\turl = {https://doi.org/10.1145/3427228.3427233},\n\tdoi = {10.1145/3427228.3427233},\n\tabstract = {In this paper we introduce SAIBERSOC, a tool and methodology enabling security researchers and operators to evaluate the performance of deployed and operational Security Operation Centers (SOCs) (or any other security monitoring infrastructure). The methodology relies on the MITRE ATT\\&CK Framework to define a procedure to generate and automatically inject synthetic attacks in an operational SOC to evaluate any output metric of interest (e.g., detection accuracy, time-to-investigation, etc.). To evaluate the effectiveness of the proposed methodology, we devise an experiment with n = 124 students playing the role of SOC analysts. The experiment relies on a real SOC infrastructure and assigns students to either a BADSOC or a GOODSOC experimental condition. Our results show that the proposed methodology is effective in identifying variations in SOC performance caused by (minimal) changes in SOC configuration. We release the SAIBERSOC tool implementation as free and open source software.},\n\turldate = {2022-01-26},\n\tbooktitle = {Annual {Computer} {Security} {Applications} {Conference}},\n\tpublisher = {Association for Computing Machinery},\n\tauthor = {Rosso, Martin and Campobasso, Michele and Gankhuyag, Ganduulga and Allodi, Luca},\n\tmonth = dec,\n\tyear = {2020},\n\tkeywords = {Cyber Security Operations Center, Evaluation, Performance, SOC},\n\tpages = {141--153},\n}\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale.\n \n \n \n \n\n\n \n Campobasso, M.; and Allodi, L.\n\n\n \n\n\n\n In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, of CCS '20, pages 1665–1680, New York, NY, USA, October 2020. Association for Computing Machinery\n \n\n\n\n
\n\n\n\n \n \n $\"Impersonation-as-a-Service:$ Paper\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{campobasso_impersonation-as--service_2020,\n\taddress = {New York, NY, USA},\n\tseries = {{CCS} '20},\n\ttitle = {Impersonation-as-a-{Service}: {Characterizing} the {Emerging} {Criminal} {Infrastructure} for {User} {Impersonation} at {Scale}},\n\tisbn = {978-1-4503-7089-9},\n\tshorttitle = {Impersonation-as-a-{Service}},\n\turl = {https://doi.org/10.1145/3372297.3417892},\n\tdoi = {10.1145/3372297.3417892},\n\tabstract = {In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by analysing the operation of a large, invite-only, Russian IMPaaS platform providing user profiles for more than 260,000 Internet users worldwide. Our findings suggest that the IMPaaS model is growing, and provides the mechanisms needed to systematically evade authentication controls across multiple platforms, while providing attackers with a reliable, up-to-date, and semi-automated environment enabling target selection and user impersonation against Internet users as scale.},\n\turldate = {2022-01-26},\n\tbooktitle = {Proceedings of the 2020 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}},\n\tpublisher = {Association for Computing Machinery},\n\tauthor = {Campobasso, Michele and Allodi, Luca},\n\tmonth = oct,\n\tyear = {2020},\n\tkeywords = {impersonation attacks, impersonation-as-a-service, threat modeling, user profiling},\n\tpages = {1665--1680},\n}\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Understanding the Knowledge Gap: How Security Awareness Influences the Adoption of Industrial IoT.\n \n \n \n \n\n\n \n Schrama, V.; Gañán, C. H; Aschenbrenner, D.; de Reuver, M.; Borgolte, K.; Fiebig, T.; Delft, T.; and Schrama, V C M\n\n\n \n\n\n\n In pages 17, 2020. \n \n\n\n\n
\n\n\n\n \n \n $\"Understanding$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n\n\n\n

@inproceedings{schrama_understanding_2020,\n\ttitle = {Understanding the {Knowledge} {Gap}: {How} {Security} {Awareness} {Influences} the {Adoption} of {Industrial} {IoT}},\n\turl = {https://weis2020.econinfosec.org/wp-content/uploads/sites/8/2020/06/weis20-final23.pdf},\n\tabstract = {The Internet-of-Things is no longer confined to endusers and private homes. Industrial IoT (IIoT) is supposed to improve industrial processes and make them more efficient. However, IIoT technologies may also pose (significant) security threats. Therefore, it is important to understand the balance between security awareness and willingness to adopt IIoT among manufacturing companies.},\n\tlanguage = {en},\n\tauthor = {Schrama, Verena and Gañán, Carlo H and Aschenbrenner, Doris and de Reuver, Mark and Borgolte, Kevin and Fiebig, Tobias and Delft, TU and Schrama, V C M},\n\tyear = {2020},\n\tkeywords = {INTERSCT},\n\tpages = {17},\n}\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

\n\n\n\n\n\n

\n\n\n\n\n

\n\n\n \n\n \n \n \n \n\n