2014 IEEE Security and Privacy Workshops

17-18 May 2014

Filter Results

Displaying Results 1 - 25 of 49
  • [Title page i]

    Publication Year: 2014, Page(s): i
    Request permission for commercial reuse | |PDF file iconPDF (19 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2014, Page(s): iii
    Request permission for commercial reuse | |PDF file iconPDF (80 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2014, Page(s): iv
    Request permission for commercial reuse | |PDF file iconPDF (130 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2014, Page(s):v - ix
    Request permission for commercial reuse | |PDF file iconPDF (140 KB)
    Freely Available from IEEE
  • Message from the General Chair

    Publication Year: 2014, Page(s): x
    Request permission for commercial reuse | |PDF file iconPDF (70 KB) | HTML iconHTML
    Freely Available from IEEE
  • CREDS 2014: Cyber-Security Research Ethics Dialog and Strategy

    Publication Year: 2014, Page(s):xi - xii
    Request permission for commercial reuse | |PDF file iconPDF (106 KB) | HTML iconHTML
    Freely Available from IEEE
  • DUMA 2014: 5th International Workshop on Data Usage Management

    Publication Year: 2014, Page(s):xiii - xiv
    Request permission for commercial reuse | |PDF file iconPDF (76 KB) | HTML iconHTML
    Freely Available from IEEE
  • IWCC 2014: International Workshop on Cyber Crime

    Publication Year: 2014, Page(s):xv - xvi
    Request permission for commercial reuse | |PDF file iconPDF (107 KB) | HTML iconHTML
    Freely Available from IEEE
  • LangSec 2014: Workshop on Language-Theoretic Security

    Publication Year: 2014, Page(s):xvii - xviii
    Request permission for commercial reuse | |PDF file iconPDF (78 KB) | HTML iconHTML
    Freely Available from IEEE
  • WRIT 2014: Workshop on Research for Insider Threat

    Publication Year: 2014, Page(s):xix - xx
    Request permission for commercial reuse | |PDF file iconPDF (108 KB) | HTML iconHTML
    Freely Available from IEEE
  • A Case Study in Malware Research Ethics Education: When Teaching Bad is Good

    Publication Year: 2014, Page(s):1 - 4
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (90 KB) | HTML iconHTML

    There is a growing interest in the research of malware in the context of cyber-security. In this paper I will present a case study that will outline the curriculum used to teach malware ethics within the context of a computer science course that teaches students malware programming techniques. Issues from computer and information ethics that apply most closely to ethical malware research will be h... View full abstract»

    Open Access
  • Ethics in Data Sharing: Developing a Model for Best Practice

    Publication Year: 2014, Page(s):5 - 9
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (214 KB) | HTML iconHTML

    As an outcome of a seminar on the 'Ethics in Data Sharing', we sketch a model of best practice for sharing data in research. We illustrate this model with two current and timely real-life cases from the context of computer and network security. View full abstract»

    Open Access
  • Gringotts: Securing Data for Digital Evidence

    Publication Year: 2014, Page(s):10 - 17
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (373 KB) | HTML iconHTML

    As digital storage and cloud processing become more common in business infrastructure and security systems, maintaining the provable integrity of accumulated institutional data that may be required as legal evidence also increases in complexity. Since data owners may have an interest in a proposed lawsuit, it is essential that any digital evidence be guaranteed against both outside attacks and int... View full abstract»

    Open Access
  • P2U: A Privacy Policy Specification Language for Secondary Data Sharing and Usage

    Publication Year: 2014, Page(s):18 - 22
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (339 KB) | HTML iconHTML

    Within the last decade, there are growing economic social incentives and opportunities for secondary use of data in many sectors, and strong market forces currently drive the active development of systems that aggregate user data gathered by many sources. This secondary use of data poses privacy threats due to unwanted use of data for the wrong purposes such as discriminating the user for employme... View full abstract»

    Open Access
  • Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud

    Publication Year: 2014, Page(s):23 - 30
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (488 KB) | HTML iconHTML

    This paper deals with the problem of continuous usage control of multiple copies of data objects in distributed systems. This work defines an architecture, a set of workflows, a set of policies and an implementation for the distributed enforcement. The policies, besides including access and usage rules, also specify the parties that will be involved in the decision process. Indeed, the enforcement... View full abstract»

    Open Access
  • Resilience as a New Enforcement Model for IT Security Based on Usage Control

    Publication Year: 2014, Page(s):31 - 38
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (532 KB) | HTML iconHTML

    Security and privacy are not only general requirements of a society but also indispensable enablers for innovative IT infrastructure applications aiming at increased, sustainable welfare and safety of a society. A critical activity of these IT applications is spontaneous information exchange. This information exchange, however, creates inevitable, unknown dependencies between the participating IT ... View full abstract»

    Open Access
  • Structure Matters - A New Approach for Data Flow Tracking

    Publication Year: 2014, Page(s):39 - 43
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (384 KB) | HTML iconHTML

    Usage control (UC) is concerned with how data may or may not be used after initial access has been granted. UC requirements are expressed in terms of data (e.g. a picture, a song) which exist within a system in forms of different technical representations (containers, e.g. files, memory locations, windows). A model combining UC enforcement with data flow tracking across containers has been propose... View full abstract»

    Open Access
  • Hurdles for Genomic Data Usage Management

    Publication Year: 2014, Page(s):44 - 48
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (435 KB) | HTML iconHTML

    Our genome determines our appearance, gender, diseases, reaction to drugs, and much more. It not only contains information about us but also about our relatives, past generations, and future generations. This creates many policy and technology challenges to protect privacy and manage usage of genomic data. In this paper, we identify various features of genomic data that make its usage management v... View full abstract»

    Open Access
  • RAPPD: A Language and Prototype for Recipient-Accountable Private Personal Data

    Publication Year: 2014, Page(s):49 - 56
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (391 KB) | HTML iconHTML

    Often communicate private data in informal settings such as email, where we trust that the recipient shares our assumptions regarding the disposition of this data. Sometimes we informally express our desires in this regard, but there is no formal means in such settings to make our wishes explicit, nor to hold the recipient accountable. Here we describe a system and prototype implementation called ... View full abstract»

    Open Access
  • DF-C2M2: A Capability Maturity Model for Digital Forensics Organisations

    Publication Year: 2014, Page(s):57 - 60
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (416 KB) | HTML iconHTML

    The field of digital forensics has emerged as one of the fastest changing and most rapidly developing investigative specialisations in a wide range of criminal and civil cases. Increasingly there is a requirement from the various legal and judicial authorities throughout the world, that any digital evidence presented in criminal and civil cases should meet requirements regarding the acceptance and... View full abstract»

    Open Access
  • Asset Risk Scoring in Enterprise Network with Mutually Reinforced Reputation Propagation

    Publication Year: 2014, Page(s):61 - 64
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (626 KB) | HTML iconHTML

    Cyber security attacks are becoming ever more frequent and sophisticated. Enterprises often deploy several security protection mechanisms, such as anti-virus software, intrusion detection prevention systems, and firewalls, to protect their critical assets against emerging threats. Unfortunately, these protection systems are typically "noisy", e.g., regularly generating thousands of alerts every da... View full abstract»

    Open Access
  • Collusion and Fraud Detection on Electronic Energy Meters - A Use Case of Forensics Investigation Procedures

    Publication Year: 2014, Page(s):65 - 68
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (587 KB) | HTML iconHTML

    Smart meters (gas, electricity, water, etc.) play a fundamental role on the implementation of the Smart Grid concept. Nevertheless, the rollout of smart meters needed to achieve the foreseen benefits of the integrated network of devices is still slow. Among the reasons for the slower pace is the lack of trust on electronic devices and new kinds of frauds based on clever tampering and collusion. Th... View full abstract»

    Open Access
  • Towards Forensic Analysis of Attacks with DNSSEC

    Publication Year: 2014, Page(s):69 - 76
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (437 KB) | HTML iconHTML

    DNS cache poisoning is a stepping stone towards advanced (cyber) attacks, and can be used to monitor users' activities, for censorship, to distribute malware and spam, and even to subvert correctness and availability of Internet networks and services. The DNS infrastructure relies on challenge-response defences, which are deemed effective for thwarting attacks by (the common) off-path adversaries.... View full abstract»

    Open Access
  • The Tricks of the Trade: What Makes Spam Campaigns Successful?

    Publication Year: 2014, Page(s):77 - 83
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (476 KB) | HTML iconHTML

    Spam is a profitable business for cyber criminals, with the revenue of a spam campaign that can be in the order of millions of dollars. For this reason, a wealth of research has been performed on understanding how spamming botnets operate, as well as what the economic model behind spam looks like. Running a spamming botnet is a complex task: the spammer needs to manage the infected machines, the s... View full abstract»

    Open Access
  • Constructing and Analyzing Criminal Networks

    Publication Year: 2014, Page(s):84 - 91
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (609 KB) | HTML iconHTML

    Analysis of criminal social graph structures can enable us to gain valuable insights into how these communities are organized. Such as, how large scale and centralized these criminal communities are currently? While these types of analysis have been completed in the past, we wanted to explore how to construct a large scale social graph from a smaller set of leaked data that included only the crimi... View full abstract»

    Open Access