Filters








9 Hits in 1.0 sec

Privacy Risks from Public Data Sources [article]

Zacharias Tzermias, Panagiotis Papadopoulos, Sotiris Ioannidis, Vassilis Prevelakis
2017 arXiv   pre-print
In the fight against tax evaders and other cheats, governments seek to gather more information about their citizens. In this paper we claim that this increased transparency, combined with ineptitude, or corruption, can lead to widespread violations of privacy, ultimately harming law-abiding individuals while helping those engaged in criminal activities such as stalking, identity theft and so on. In this paper we survey a number of data sources administrated by the Greek state, offered as web
more » ... vices, to investigate whether they can lead to leakage of sensitive information. Our study shows that we were able to download significant portions of the data stored in some of these data sources (scraping). Moreover, for those data sources that were not amenable to scraping we looked at ways of extracting information for specific individuals that we had identified by looking at other data sources. The vulnerabilities we have discovered enable the collection of personal data and, thus, open the way for a variety of impersonation attacks, identity theft, confidence trickster attacks and so on. We believe that the lack of a big picture which was caused by the piecemeal development of these data sources hides the true extent of the threat. Hence, by looking at all these data sources together, we outline a number of mitigation strategies that can alleviate some of the most obvious attack strategies. Finally, we look at measures that can be taken in the longer term to safeguard the privacy of the citizens.
arXiv:1711.09260v2 fatcat:2gkja7kitfcgldsswbqgy3urme

Privacy Risks from Public Data Sources [chapter]

Zacharias Tzermias, Vassilis Prevelakis, Sotiris Ioannidis
2014 IFIP Advances in Information and Communication Technology  
In the fight against tax evaders and other cheats, governments seek to gather more information about their citizens. In this paper we claim that this increased transparency, combined with ineptitude, or corruption, can lead to widespread violations of privacy, ultimately harming law-abiding individuals while helping those engaged in criminal activities such as stalking, identity theft and so on. In this paper we survey a number of data sources administrerd by the Greek state, offered as web
more » ... ices, to investigate whether they can lead to leakage of sensitive information. Our study shows that we were able to download significant portions of the data stored in some of these data sources (scraping). Moreover, for those datasources that were not ammenable to scraping we looked at ways of extracting information for specific individuals that we had identified by looking at other data sources. The vulnerabilities we have discovered enable the collection of personal data and, thus, open the way for a variety of impersonation attacks, identity theft, confidence trickster attacks and so on. We believe that the lack of a big picture which was caused by the piecemeal development of these datasources hides the true extent of the threat. Hence, by looking at all these data sources together, we outline a number of mitigation strategies that can alleviate some of the most obvious attack strategies. Finally, we look at measures that can be taken in the longer term to safeguard the privacy of the citizens.
doi:10.1007/978-3-642-55415-5_13 fatcat:ax3hajkbibcp7fzwdps7kgpgni

TRACER: A Platform for Securing Legacy Code [chapter]

Kostantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, Panagiotis Katsaros
2014 Lecture Notes in Computer Science  
A security vulnerability is a programming error that introduces a potentially exploitable weakness into a computer system. Such a vulnerability can severely affect an organization's infrastructure and cause significant financial damage to it. Hence, one of the basic pursuits in every new software release should be to mitigate such defects. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms. One of the most
more » ... mmon approaches to identify software vulnerabilities is static analysis [1]. This kind of analysis is performed by automated tools either on the program's source or object code and without actually executing it. However, since the formats in which static analysis tools store and present their results vary wildly, it is typically difficult to utilize many of them in the scope of a project. By automating the process of running a variety of vulnerability detectors and collecting their results in an efficient manner during development, the task of tracking security defects throughout the evolution history of software projects can be simplified. In this paper we present tracer, a framework to support the development of secure applications by constantly monitoring software projects for vulnerabilities. tracer simplifies the integration of existing tools that detect software vulnerabilities and promotes their use during development and maintenance. Instead of designing and implementing tracer from the ground up, we built it on top of the open source Alitheia Core [2] platform, which is designed for facilitating large scale quantitative software engineering studies. While Alitheia Core aims for efficient estimation of the quality of software projects, tracer
doi:10.1007/978-3-319-08593-7_20 fatcat:cklnuijjtngbbixrqb62i3xi3u

Combining static and dynamic analysis for the detection of malicious documents

Zacharias Tzermias, Giorgos Sykiotakis, Michalis Polychronakis, Evangelos P. Markatos
2011 Proceedings of the Fourth European Workshop on System Security - EUROSEC '11  
The widespread adoption of the PDF format for document exchange has given rise to the use of PDF files as a prime vector for malware propagation. As vulnerabilities in the major PDF viewers keep surfacing, effective detection of malicious PDF documents remains an important issue. In this paper we present MDScan, a standalone malicious document scanner that combines static document analysis and dynamic code execution to detect previously unknown PDF threats. Our evaluation shows that MDScan can
more » ... etect a broad range of malicious PDF documents, even when they have been extensively obfuscated.
doi:10.1145/1972551.1972555 dblp:conf/eurosec/TzermiasSPM11 fatcat:2qsvoikwbjeddpbu3fojj3x4ie

Securing Legacy Code with the TRACER Platform

Kostantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, Panagiotis Katsaros
2014 Proceedings of the 18th Panhellenic Conference on Informatics - PCI '14  
Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project.
more » ... By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly monitoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use.
doi:10.1145/2645791.2645796 dblp:conf/pci/StroggylosMTPRSIK14 fatcat:vvctqvpowje27cbrvdnq3jwfty

Social Forensics: Searching for Needles in Digital Haystacks

Iasonas Polakis, Panagiotis Ilia, Zacharias Tzermias, Sotiris Ioannidis, Paraskevi Fragopoulou
2015 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)  
The use of online social networks and other digital communication services has become a prevalent activity of everyday life. As such, users' social footprints contain a massive amount of data, including exchanged messages, location information and photographic coverage of events. While digital forensics has been evolving for several years with a focus on recovering and investigating data from digital devices, social forensics is a relatively new field. Nonetheless, law enforcement agencies have
more » ... realized the significance of employing online user data for solving criminal investigations. However, collecting and analyzing massive amounts of data scattered across multiple services is a challenging task. In this paper, we present our modular framework designed for assisting forensic investigators in all aspects of these procedures. The data collection modules extract the data from a user's social network profiles and communication services, by taking advantage of stored credentials and session cookies. Next, the correlation modules employ various techniques for mapping user profiles from different services to the same user. The visualization component, specifically designed for handling data representing activities and interactions in online social networks, provides dynamic "viewpoints" of varying granularity for analyzing data and identifying important pieces of information. We conduct a case study to demonstrate the effectiveness of our system and find that our automated correlation process achieves significant coverage of users across services. Yahoo 390 Friends 512 Messages 234 Likes 27 Photos
doi:10.1109/badgers.2015.017 dblp:conf/badgers/PolakisITIF15 fatcat:uaaiz3zhqvghjffz747qkhzm5y

Malicious Pdf Document Detection Based on Feature Extraction and Entropy

Himanshu Pareek
2013 International Journal of Security Privacy and Trust Management  
Zacharias Tzermias et al. [3] designed and implemented MDScan which combines static and dynamic analysis for malicious PDF detection.  ... 
doi:10.5121/ijsptm.2013.2504 fatcat:g73jlkxebjdydj3rgrmivut6cu

Page 1940 of Mathematical Reviews Vol. 32, Issue Index [page]

Mathematical Reviews  
Sant’Anna) 2000g:81018 81P05 (81P15) Tzavalis, Elias (with Psaradakis, Zacharias) On regression-based tests for persistence in logarithmic volatility models.  ...  (Summary) 2000k:82002 82B03 (37N20, 82B20, 82B26) Tzermias, Pavlos (with Joshi, Kirti) On the Coleman-Chabauty bound. (English and French summaries) C. R. Acad. Sci.  ... 

Das Bild der weiblichen Aristokratie in der byzantinischen Kunst am Beispiel von Kleidung und Accessoires

Gertrude Gaul
2019 unpublished
Dabei handelt es sich um die venezianische Familie Zacharia, welche bereits ab dem 14. Jahrhundert auf der Insel ansässig war.  ...  Vom öströmischen Staats-und Reichsgedanken, Darmstadt 1956. 1991 Pavlos Tzermias, Das andere Byzanz.  ... 
doi:10.25365/thesis.60404 fatcat:4gcezx3ecveglg5lqd6hvrn6zu