Computer Security. ESORICS 2021 International Workshops: CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE, Darmstadt, Germany, October 4–8, ... Selected Papers (Security and Cryptology)
معرفی کتاب «Computer Security. ESORICS 2021 International Workshops: CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE, Darmstadt, Germany, October 4–8, ... Selected Papers (Security and Cryptology)» نوشتهٔ Sokratis Katsikas (editor), Costas Lambrinoudakis (editor), Nora Cuppens (editor), John Mylopoulos (editor), Christos Kalloniatis (editor), Weizhi Meng (editor), Steven Furnell (editor), Frank Pallas (editor), Jörg Pohle (editor)، منتشرشده توسط نشر Springer International Publishing AG در سال 2022. این کتاب در 3 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.
This book constitutes the refereed proceedings of six International Workshops that were held in conjunction with the 26th European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-6, 2021. The conference was initially planned to take place in Darmstadt, Germany, but changed to an online event due to the COVID-19 pandemic. The 32 papers included in these proceedings stem from the following workshops: the 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, which accepted 7 papers from 16 submissions; the 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, which accepted 5 papers from 8 submissions; the 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, which accepted 6 full and 1 short paper out of 15 submissions; the 3rd Workshop on Security, Privacy, Organizations, andSystems Engineering, SPOSE 2021, which accepted 5 full and 1 short paper out of 13 submissions. the 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021, which accepted 3 full and 1 short paper out of 6 submissions; and the 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT & SECOMANE 2021, which accepted 3 papers out of 7 submissions. The following papers are available open access under a Creative Commons Attribution 4.0 International License via link.springer.com: Why IT Security Needs Therapy by Uta Menges, Jonas Hielscher, Annalina Buckmann, Annette Kluge, M. Angela Sasse, and Imogen Verret Transferring Update Behavior from Smartphones to Smart Consumer Devices by Matthias Fassl, Michaela Neumayr, Oliver Schedler, and Katharina Krombholz Organisational Contexts of Energy Cybersecurity by Tania Wallis, Greig Paul, and James Irvine SMILE - Smart eMaIl Link domain Extractor by Mattia Mossano, Benjamin Berens, Philip Heller, Christopher Beckmann, Lukas Aldag, Peter Mayer, and Melanie Volkamer A Semantic Model for Embracing Privacy as Contextual Integrity in the Internet of Things by Salatiel Ezennaya-Gomez, Claus Vielhauer, and Jana Dittmann Data Protection Impact Assessments in Practice - Experiences from Case Studies by Michael Friedewald, Ina Schiering, Nicholas Martin, and Dara Hallinan Preface Contents 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2021) CyberICPS 2021 Preface chPart1 CyberICPS 2021 Organization General Chairs Program Committee Chairs Program Committee Communication and Cybersecurity Testbed for Autonomous Passenger Ship 1 Introduction 2 Background and Related Work 3 Testbed Architecture 3.1 Concepts and Processes 3.2 Tools and Equipment 4 Evaluation 4.1 APS Communication and Cybersecurity Architecture 4.2 NMEA Security 4.3 Relevance to the State-of-the-Art 5 Challenges and Future Work 6 Conclusion References A Cybersecurity Ontology to Support Risk Information Gathering in Cyber-Physical Systems 1 Introduction 2 Related Work 3 Security Ontology 3.1 Architecture 3.2 Data Sources and Challenges 4 Knowledge Graph Implementation 4.1 Implementation Architecture 4.2 Building Custom Blocks Based on Machine Learning 4.3 Deducing Relationships Between Existing Blocks 5 Application Scenarios – Validation 5.1 Using the Ontology to Predict CVSS Scores 5.2 Using the Ontology to Correlate Threat Agents with Attacks and Vulnerabilities 6 Conclusions References GLASS: Towards Secure and Decentralized eGovernance Services Using IPFS 1 Introduction 2 Background and Related Literature 2.1 Kademlia 2.2 IPFS 2.3 Distributed Ledger 3 Architecture 3.1 Threat Landscape 4 Methodology and Implementation 5 Evaluation 6 Conclusions A Appendices A.1 Libp2p Node Initialisation A.2 Random Walk PeerId Creation A.3 Transforming Content to a CID A.4 A Node Providing Content A.5 Distributing Content to the Closest Peers A.6 Creation of the Datastore A.7 Calculating the Closest Peers Using the XOR Metric A.8 Finding Providers A.9 Result of the ``Finding Providers'' Query References Integrated Design Framework for Facilitating Systems-Theoretic Process Analysis 1 Introduction 2 Related Work 2.1 Security and Safety Engineering 2.2 Safety and Human Factors Engineering 2.3 Human Factors and Security Engineering 3 Approach 4 Case Study - Cambrian Incident Investigation 5 Discussion and Conclusion References Attack Path Analysis and Cost-Efficient Selection of Cybersecurity Controls for Complex Cyberphysical Systems 1 Introduction 2 Related Work 3 Background 3.1 Risk Analysis 3.2 Risk Propagation 4 Attack Path Analysis 5 Optimal Control Set Selection 5.1 Cybersecurity Controls 5.2 Selection of the Optimal Set 6 DELTA System Use Case 6.1 The DELTA System 6.2 Risk Analysis 6.3 Attack Path Analysis 6.4 Selection of the Optimal Security Controls 7 Conclusions References Analysis of Cyber Security Features in Industry 4.0 Maturity Models 1 Introduction 2 Theoretical Background 2.1 Small and Medium-Sized Enterprises (SMEs) 2.2 Cyber Security 2.3 Industry 4.0 2.4 Maturity Models 3 Methodology 4 Validation of the Selected Publications 5 Analysis 5.1 Industry 4.0 Maturity Model 5.2 Impuls - VDMA 5.3 The Connected Enterprise Maturity Model 5.4 Industry 4.0/Digital Operations Self-assessment 5.5 Industrie 4.0 Maturity Index 5.6 Cyber Security Maturity Models 6 Conclusion References Cybersafety Analysis of a Natural Language User Interface for a Consumer Robotic System 1 Introduction 2 Cybersafety Analysis 2.1 Adversarial System Modeling with Control Loops 2.2 Related Work 3 Target System 4 Cybersafety Analysis of Target System 4.1 Basis for Analysis 4.2 Control Structure 4.3 Unsafe Control Actions 4.4 Loss Scenario 5 Discussion References 5th International Workshop on Security and Privacy Requirements Engineering (SECPRE 2021) SECPRE 2021 Preface chPart2 SECPRE 2021 Organization General Chairs Program Committee Chairs Program Committee Integrating Privacy-By-Design with Business Process Redesign 1 Introduction 2 Background Analysis 3 Α Method for Integrating DPIA and Business Process Management 4 Discussion 5 Conclusions References Disclosing Social and Location Attributes on Social Media: The Impact on Users’ Privacy 1 Introduction 2 The Social Aspects of Privacy 2.1 Privacy and Self-determination 2.2 Privacy and Self-disclosure 3 Privacy Implications on SM Due to Self-determination and Self-disclosure 4 Case Study 4.1 Preparing the Case Study 4.2 Setting the Case Study 4.3 The Normativity Line 4.4 Outside the Normativity Line 4.5 Privacy Requirements, Social and Location Attributes 5 Conclusion References BioPrivacy: Development of a Keystroke Dynamics Continuous Authentication System 1 Introduction 2 Background 2.1 Keystroke Dynamics 2.2 Multi-layer Perceptron (MLP) 2.3 Evaluation Metrics 3 Related Work 4 Experimental Setup 4.1 Bioprivacy’s Collection Tool 4.2 BioPrivacy System Architecture 5 Methodology 6 Results 7 Discussion 7.1 Contribution 7.2 Limitations 8 Conclusions and Further Research References Privacy and Informational Self-determination Through Informed Consent: The Way Forward 1 Introduction 2 Informational Self-determination Through Notice and Consent: Origins and Criticism 3 Problem Statement and Research Questions 4 A Model for Informed Consent 5 A Proposed Architecture for Usable Informational Self-determination 6 Conclusions and Future Work References Building a Privacy Testbed: Use Cases and Design Considerations 1 Introduction 2 Use Cases 2.1 Contact Tracing Applications 2.2 Privacy Preserving Peer to Peer (P2P) File Sharing Systems 2.3 Privacy Preserving Browsers Using Privacy Preserving Networks 3 Design 4 Prototype Implementation 5 Reflection and Evaluation with Example Deployments 6 Conclusion References 4th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT 2021) ADIoT 2021 Preface chPart3 ADIoT 2021 Organization General Chairs Program Committee Chairs Program Committee Additional Reviewer Assessing Vulnerabilities and IoT-Enabled Attacks on Smart Lighting Systems 1 Introduction 2 Related Work 2.1 Security Frameworks and Requirements for IoT 2.2 Attacks on Lighting Systems 3 Security Analysis on a Smart Lighting System 3.1 Methodology Overview 3.2 Security Analysis of the Smart Lighting Control Device 4 Analyzing Applicable Attack Vectors on Smart Lighting Systems 5 Conclusions References TAESim: A Testbed for IoT Security Analysis of Trigger-Action Environment 1 Introduction 2 Related Work and Motivation 2.1 Related Work 2.2 Motivation 3 Challenges in Testbed Simulation 4 TAPSim: A Simulation Testbed 4.1 Overview 4.2 Devices 4.3 Channels 4.4 Apps 4.5 Unexpected Factors 5 Evaluation and Case Study 5.1 Evaluation 5.2 Case Study 6 Conclusion References Adversarial Command Detection Using Parallel Speech Recognition Systems 1 Introduction 2 Preliminaries 2.1 Personal Voice Assistant (PVA) 2.2 Hidden Commands 2.3 Obfuscated and Adversarial Commands 2.4 Adversarial Command Generation 3 Adversarial Command Detection (ACD) 3.1 Threat Model 3.2 ACD Approach 3.3 ACD and Protection ASR Properties 4 Evaluation Setup 4.1 ASR Selection 4.2 Adversarial and Benign Command Generation 4.3 Experiment Setup 4.4 Evaluation Metrics 5 Evaluation Results 5.1 Decoding Results of Normal Speech 5.2 Decoding Results of Adversarial Commands 5.3 Adversarial Command Detection (ACD) 6 Discussion 6.1 Observations 6.2 Limitations 7 Related Work 8 Conclusion References Security Measuring System for IoT Devices 1 Introduction 2 Related Research 3 Security Measuring System 4 Implementation and Test Case 5 Discussion and Conclusion References Battery Depletion Attacks on NB-IoT Devices Using Interference 1 Introduction 2 Related Work 3 NB-IoT Battery Depletion Attacks 3.1 NB-IoT 3.2 Threat Model 3.3 Degradation of Quality of Signal (DQS) Attack 3.4 Random Access Procedure (RAP) Attack 4 Evaluation Setup 4.1 Evaluation Scenario 4.2 Evaluation Metrics 4.3 Simulation Environment 4.4 Jammer 5 Evaluation Results 5.1 Baseline 5.2 Jamming 5.3 Evaluation Discussions 5.4 Countermeasure 6 Conclusion References Security- and Privacy-Aware IoT Application Placement and User Assignment 1 Introduction 2 A Motivating Example 3 Problem Formulation 3.1 Inputs 3.2 Outputs 3.3 Constraints 3.4 Discussion 4 Algorithm Using Mixed Integer Programming 5 Evaluation 5.1 Example Application 5.2 Scalability 5.3 Impact of Security and Privacy Constraints 5.4 Summary 6 Related Work 7 Conclusions and Future Work References Room Identification with Personal Voice Assistants (Extended Abstract) 1 Introduction 2 Related Work 3 System Overview 4 Room Identification 5 Evaluation 5.1 Dataset 5.2 ThinResNet 5.3 VGGVox 6 Conclusion References 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE 2021) SPOSE 2021 Preface chPart4 SPOSE 2021 Organization Program Committee Chairs Program Committee Why IT Security Needs Therapy 1 Introduction 2 Background 2.1 ITS Relationships in Organisations 2.2 The Curse of the ``Weakest Link'' 2.3 Indicators of Dysfunctional Relationships 3 Method 4 Results 4.1 Security Vendor Statements 4.2 Employee Survey Results 5 Data Analysis – Dysfunctional Relationship 6 Therapy Framework 7 Discussion and Conclusions A Prolific Survey Questions B Security Vendor Statements with Sources C Statement Clouds References Transferring Update Behavior from Smartphones to Smart Consumer Devices 1 Introduction 2 Methodology 2.1 Formative Field Study 2.2 Online Survey 3 Results 3.1 Automatic Update Settings and Reasons for (De)activation 3.2 Automatic Updates and Their Effect on Update Decisions 3.3 Transferring Update Behavior to Smart Consumer Devices 3.4 Contradicting User Requirements 4 Discussion 4.1 Automatic Update Settings 4.2 Transferring Update Behavior 4.3 Implications for Design 5 Related Work 6 Conclusion and Future Work A Instructions on Finding Update Settings A.1 Android A.2 iOS B Formative Field Study: Questionnaire C Formative Field Study: Demographics, Codebooks, and Update Settings D Online Survey: Questionnaire, Demographics, Reasons for (De)activation, and Update Avoidance Behavior E Online Survey: Update Notifications F Online Survey: Codebook References Organisational Contexts of Energy Cybersecurity 1 Introduction 1.1 Approach 2 Preparing for Future Energy Scenarios 2.1 Setting the Context 3 Industry Review 3.1 Accessing Multiple Sites 3.2 Securing Legacy Equipment and Future Networks 3.3 Network Monitoring 3.4 Building Incident Response Capability 3.5 Knowledge of Threats 3.6 Electricity Sector Specifics 3.7 Organisational Culture 3.8 Recognising the Shared Context 4 Exploring Impact and Uncertainty 4.1 Impact Analysis 5 Resilience Efforts 6 Conclusions References SMILE - Smart eMaIl Link Domain Extractor 1 Introduction 2 Related Works 3 Background on Link-Types 4 SMILE: General Idea 5 SMILE: Algorithm 6 Discussion 7 Conclusion References A Semantic Model for Embracing Privacy as Contextual Integrity in the Internet of Things (Short Paper) 1 Introduction 2 Background 3 A CI Semantic Model 3.1 Knowledge Acquisition and identification of the Purpose of the Semantic Model 3.2 Modeling the Ontology, Defining the Classes and Relations 3.3 An Exemplary Use Case Application 4 Discussion and Conclusions References Data Protection Impact Assessments in Practice 1 Introduction 2 Related Work 3 Operationalization of DPIAA detailed description of the methodology can be found in ch25handbuch. 3.1 Initialization Phase 3.2 DPIA Preparation Phase 3.3 DPIA Execution Phase 3.4 DPIA Implementation Phase 3.5 Sustainability Phase 4 Methodology of the Case Studies 5 Experiences from the Case Study 5.1 General Aspects 5.2 In the Initialization Phase 5.3 In the DPIA Preparation Phase 5.4 In the DPIA Execution Phase 5.5 In the DPIA Implementation Phase 5.6 In the Sustainability Phase 6 Conclusions References 2nd Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2021) CPS4CIP 2021 Preface chPart5 Organization General Chairs Program Committee Chairs Program Committee Resilience Quantification for Critical Infrastructure: Exemplified for Airport Operations 1 Introduction 2 Scenario and Model 2.1 Network Model 2.2 Agent-Based Model 3 Simulation Results 3.1 Resilience Curves 3.2 Resilience Indicators 3.3 Agent-Based Simulations 4 Conclusion References Severity Level Assessment from Semantically Fused Video Content Analysis for Physical Threat Detection in Ground Segments of Space Systems 1 Introduction 2 Methodological Framework for Physical Attack Detection and Response 2.1 Video-Based Object Detection and Activity Recognition 2.2 Face Detection and Recognition 2.3 Semantic Indexing and Linking 2.4 Crisis Classification and DSS Module 3 Experimental Validation and Evaluation 3.1 Evaluation of the Detection Layer 3.2 Validation of the Fusion Layer 3.3 Annotation Tool for the Validation of the Decision Layer 4 Conclusions References Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability 1 Introduction 2 Background 2.1 Intel TSX 2.2 LFB 2.3 TAA Vulnerability 3 Methodology 3.1 Scheduling 3.2 Detection 3.3 Mitigation 3.4 Mitigation-1 (SIGKILL to the Attacker's Process) 3.5 Mitigation-2 (Instruction Replacement) 4 Experimental Results 4.1 System Model 4.2 Detection Threshold 4.3 Results 5 Discussion 6 Conclusion References The Rise of ICS Malware: A Comparative Analysis 1 Introduction 2 Background 2.1 Cyber Threat Intelligence for Industrial Environment 2.2 Industrial Malware Analysis 3 A Framework for Comparative Analysis 3.1 ICS Malware Classification 3.2 Cyber Threat Intelligence Layer 3.3 Hybrid Analysis Layer 3.4 Comparative Analysis 4 Evaluation and Results 4.1 Experimental Industrial Malware 4.2 Cyber Threat Intelligence Layer Evaluation 4.3 Hybrid Analysis Layer Evaluation 4.4 Security Discussion 5 Conclusions References 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge (CDT&SECOMANE 2021) CDT&SECOMANE 2021 Preface chPart6 CDT&SECOMANE 2021 Organization General Chairs Program Committee Framework Proposal to Measure the Stress as Adversarial Factor on Cyber Decision Making 1 Introduction 2 Background 2.1 The Stress as a Disease 2.2 Biometrics Systems to Measure the Stress 2.3 Evaluation Methodologies 3 Design Principles 4 Framework 4.1 Action Protocol 4.2 Framework Architecture 5 Case of Study 5.1 Validation Scenario 5.2 Vulnerabilities List 5.3 Methodology Application Proposal 6 Challenges and Opportunities 7 Conclusions References Measuring the Impact of Tactical Denial of Sustainability 1 Introduction 2 Background 2.1 Threatening the Sustainability of the Digital Tactical Edge 2.2 Assessment of Military Operations 3 Design Principles 3.1 Tactical Denial of Sustainability Threats 3.2 Research Objectives and Hypothesis 3.3 Premises and Operational Requirements 3.4 Assumed Limitations and Constraints 3.5 Overall Vision 4 Operational Measures for TDoS Assessment 4.1 Maintenance Related Factors 4.2 Deployment Related Factors 4.3 Energy Related Factors 5 Socio-cognitive Measures for TDoS Assessment 5.1 Individual Related Factors 5.2 Organization Related Factors 5.3 Enterprise Related Factors 6 Technical Measures for TDoS Assessment 6.1 Infrastructure Related Factors 6.2 Virtualized Platform Related Factors 6.3 Service-Related Factors 7 Considerations at Military Thinking 7.1 TDoS Assessment at Offensive Thinking 7.2 TDoS Assessment at Defensive Thinking 8 Conclusions References A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data 1 Introduction and Background 2 Methodology 2.1 Data Collection 2.2 Predicting Missing Ratings 2.3 PageRank 2.4 Statistical Analyses 3 Results 3.1 Results from Raw Data 3.2 Results from Populated Data 3.3 Overall Results 4 Discussion A Appendix References Author Index
دانلود کتاب Computer Security. ESORICS 2021 International Workshops: CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE, Darmstadt, Germany, October 4–8, ... Selected Papers (Security and Cryptology)