Filters








28 Hits in 2.5 sec

CAPTCHuring Automated (Smart) Phone Attacks

Iasonas Polakis, Georgios Kontaxis, Sotiris Ioannidis
2011 2011 First SysSec Workshop  
As the Internet has entered everyday life and become tightly bound to telephony, both in the form of Voice over IP technology as well as Internet-enabled cellular devices, several attacks have emerged  ...  In that light, we conduct an excessive study of Phone CAPTCHA usage for preventing attacks that render telephone devices unusable, and provide information on the design and implementation of our system  ...  Iasonas Polakis, Georgios Kontaxis and Sotiris Ioannidis are also with the University of Crete.  ... 
doi:10.1109/syssec.2011.21 dblp:conf/dimva/PolakisKI11 fatcat:tymmwxytzvaq7ldn5o3tovzc5m

Outsourcing Malicious Infrastructure to the Cloud

Georgios Kontaxis, Iasonas Polakis, Sotiris Ioannidis
2011 2011 First SysSec Workshop  
Finally, we discuss how the nature of the Cloud may shape future security monitoring and enhance defenses against such practices.  ...  Furthermore, we outline the traits and features of Cloud services in facilitating malicious activities.  ...  Georgios Kontaxis, Iasonas Polakis and Sotiris Ioannidis are also with the University of Crete.  ... 
doi:10.1109/syssec.2011.25 dblp:conf/dimva/KontaxisPI11 fatcat:xnb56bwu3rds5cche3vi6nkxsq

Unity in Diversity: Phylogenetic-inspired Techniques for Reverse Engineering and Detection of Malware Families

Wei Ming Khoo, Pietro Lio
2011 2011 First SysSec Workshop  
Using context-sensitive procedure analysis, we found that 100% of a set of memory management procedures used by the FakeAV-DO and "Skyhoo" malware families were uniquely identifiable.  ...  We developed a framework for abstracting, aligning and analysing malware execution traces and performed a preliminary exploration of state of the art phylogenetic methods, whose strengths lie in pattern  ...  ACKNOWLEDGEMENTS We would like to thank Sophos Plc. and Richard Clayton for kindly providing the malware samples, and also to our anonymous reviewers and our shepherd, Marco Cova, for providing extremely  ... 
doi:10.1109/syssec.2011.24 dblp:conf/dimva/KhooL11 fatcat:u2djfmzqljaxne2t4djlbjt36y

Why cyber security does not depend just on IT developments?

Zlatogor Minchev
2012 Journal of Defense Management  
: Security, Privacy and Trust in Global Networks & Services, SySSec European Network of Excellence in Managing Threats and Vulnerabilities in the Future Internet: Europe for the World, DCAF Horizon 2015  ...  research papers on the cyber security topics in the OMICS Journal of Defense Management for the new 2012!  ... 
doi:10.4172/2167-0374.1000e112 fatcat:rwrewzqpwbhe5m6sylrgm3smiq

Supply Chain Cyber Security – Potential Threats

Luca Urciuoli, Toni Männistö, Juha Hintsa, Tamanna Khan
2013 Information & Security An International Journal  
Past events have revealed the vulnerability of global supply chains to crime and terrorism.  ...  Finally, implications for managers and EU agencies are discussed.  ...  This publication reflects only the authors' views and the Union is not liable for any use that may be made of the information contained therein.  ... 
doi:10.11610/isij.2904 fatcat:dbe2ve7dcbcvvmhklyynp4ysbm

Security and Trustworthiness Threats to Composite Services: Taxonomy, Countermeasures, and Research Directions [chapter]

Per Håkon Meland, Muhammad Asim, Dhouha Ayed, Fabiano Dalpiaz, Edith Félix, Paolo Giorgini, Susana Gonzáles, Brett Lempereur, John Ronan
2014 Lecture Notes in Computer Science  
Our main contributions are a taxonomy of threats for composite services in the Future Internet, which organises thirty-two threats within seven categories, and a corresponding taxonomy of thirty-three  ...  This chapter studies not only how traditional threats may affect composite services, but also some of the new challenges that arise from the emerging Future Internet.  ...  and Vulnerabilities in the Future Internet.  ... 
doi:10.1007/978-3-319-13518-2_2 fatcat:eesnlt2pwja35kmszjzei4rofy

Memory Errors: The Past, the Present, and the Future [chapter]

Victor van der Veen, Nitish dutt-Sharma, Lorenzo Cavallaro, Herbert Bos
2012 Lecture Notes in Computer Science  
Given the host of security measures on modern machines, are we less vulnerable than before, and can we expect to eradicate memory error problems in the near future?  ...  A historical overview provides insights in past trends and developments, while an investigation of real-world vulnerabilities and exploits allows us to answer on the significance of memory errors in the  ...  prove on the state-of-the-art detection and mitigation techniques against memory error attacks [15] , showing their concrete commitment towards a long-standing battle against memory error vulnerabilities  ... 
doi:10.1007/978-3-642-33338-5_5 fatcat:ixcwu2djbrctbcjs5sd6l7uupe

Take a bite - Finding the worm in the Apple

Martina Lindorfer, Bernhard Miller, Matthias Neugschwandtner, Christian Platzer
2013 2013 9th International Conference on Information, Communications & Signal Processing  
We further built a dynamic analysis environment and analyzed 148 malicious samples to gain insight into the current state of Mac OS X malware.  ...  To the best of our knowledge, we are the first to tackle this task.  ...  ACKNOWLEDGEMENTS The research leading to these results has received funding from the European Union Seventh Framework Programme under grant agreement n. 257007 (SysSec) and from the FFG -Austrian Research  ... 
doi:10.1109/icics.2013.6782846 dblp:conf/IEEEicics/LindorferMNP13 fatcat:tpqueydddzgjdopfogyhllir6e

SCION Five Years Later: Revisiting Scalability, Control, and Isolation on Next-Generation Networks [article]

David Barrera, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig
2015 arXiv   pre-print
This paper presents a retrospective of the SCION goals and design decisions, its attacker model and limitations, and research highlights of work conducted in the 5 years following SCION's initial publication  ...  Internet.  ...  Acknowledgements We thank the original SCION authors as well as current and past members of the ETH Zürich Network Security group and of the CMU Security group for their contributions to the project.  ... 
arXiv:1508.01651v1 fatcat:gbz5gefojzgk5febrvf55rc72u

Stakeholder perspectives and requirements on cybersecurity in Europe

Simone Fischer-Hübner, Cristina Alcaraz, Afonso Ferreira, Carmen Fernandez-Gago, Javier Lopez, Evangelos Markatos, Lejla Islami, Mahdi Akil
2021 Journal of Information Security and Applications  
This article presents an overview and analysis of the key cybersecurity problems, challenges and requirements to be addressed in the future, which we derived through 63 interviews with European stakeholders  ...  We show that common problems, challenges and requirements across these sectors exist in relation to building trust, implementing privacy and identity management including secure and useable authentication  ...  We want to thank all stakeholders that participated in the interviews.  ... 
doi:10.1016/j.jisa.2021.102916 fatcat:rn2xrjf2ozc4noesrk2cabgfba

The Effect of Security Education and Expertise on Security Assessments: the Case of Software Vulnerabilities [article]

Luca Allodi, Marco Cremonini, Fabio Massacci, Woohyun Shim
2018 arXiv   pre-print
In spite of the growing importance of software security and the industry demand for more cyber security expertise in the workforce, the effect of security education and experience on the ability to assess  ...  in cyber security are able to assess the severity of software vulnerabilities.  ...  2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet  ... 
arXiv:1808.06547v1 fatcat:5obhannxojebbguwffour5cj24

Measuring the accuracy of software vulnerability assessments: experiments with students and professionals

Luca Allodi, Marco Cremonini, Fabio Massacci, Woohyun Shim
2020 Empirical Software Engineering  
Acknowledgments This research has been partially supported by the European Union's 7th Frame-  ...  In the same vein, ENISA, the EU agency for information security, lists as priorities: risk management and governance, threat intelligence, and vulnerability testing (ENISA 2017).  ...  Threats to Validity We here identify and discuss Construct, Internal, and External threats to validity (Wohlin et al. 2012) of our study.  ... 
doi:10.1007/s10664-019-09797-4 fatcat:e4sl4zbnwrdaxhhd6gjcl4m45e

All your face are belong to us

Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis, Stefano Zanero
2012 Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12  
In this paper, we extend the threat model and study the attack surface of social authentication in practice, and show how any attacker can obtain the information needed to solve the challenges presented  ...  In this case, the accuracy of our attack greatly increases and reaches 100% when 120 faces per friend are accessible by the attacker, even though it is very accurate with as little as 10 faces.  ...  This paper was supported in part by the FP7 project SysSec funded by the EU Commission under grant agreement no 257007, the Marie Curie Reintegration Grant project PASS, the ForToo Project of the Directorate  ... 
doi:10.1145/2420950.2421008 dblp:conf/acsac/PolakisLKMIKZ12 fatcat:w46xurhvcjgz3en4xkns3mqcxq

Detecting Environment-Sensitive Malware [chapter]

Martina Lindorfer, Clemens Kolbitsch, Paolo Milani Comparetti
2011 Lecture Notes in Computer Science  
We implement the proposed techniques in a tool called Disarm, and demonstrate that it can accurately detect evasive malware, leading to the discovery of previously unknown evasion techniques.  ...  The execution of malware in an instrumented sandbox is a widespread approach for the analysis of malicious code, largely because it sidesteps the difficulties involved in the static analysis of obfuscated  ...  The research leading to these results has received funding from the European Union Seventh Framework Programme under grant agreement n. 257007 (SysSec), from the Prevention, Preparedness and Consequence  ... 
doi:10.1007/978-3-642-23644-0_18 fatcat:rdoo4fbc7bcnjk4wq6qznxrnwm

Security and Privacy Measurements in Social Networks: Experiences and Lessons Learned

Iasonas Polakis, Federico Maggi, Stefano Zanero, Angelos D. Keromytis
2014 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)  
From a technical point of view, partially connected to the logistics remarks, having a complex and large data-gathering and analysis framework may be counterproductive in terms of set-up and management  ...  Clearly, in cases where critical technical vulnerabilities are found during the research, the general recommendations for responsible disclosure should be followed.  ...  This work was supported in part by the FP7 project SysSec funded by the EU Commission under grant agreement no 257007, and by the MIUR under the FIRB2013 FACE grant.  ... 
doi:10.1109/badgers.2014.9 dblp:conf/badgers/PolakisMZK14 fatcat:mkb4zbvekvbnxgsuxcxa7k7hom
« Previous Showing results 1 — 15 out of 28 results