Investigating the Agility Bias in DNS Graph Mining

The concept of agile domain name system (DNS) refers to dynamic and rapidly changing mappings between domain names and their Internet protocol (IP) addresses. This empirical paper evaluates the bias from this kind of agility for DNS-based graph theoretical data mining applications. By building on two conventional metrics for observing malicious DNS agility, the agility…

Business modeling facilitated Cyber Preparedness

Cyber criminality being one of the key threats in modern era lacks attention from academic perspective. In this paper, we display how to apply core business conceptual tool like business model to help improve organizational cyber preparedness. This paper offers a literature review and further analysis to find synergies among the study context and concept….

Classifying Web Exploits with Topic Modeling

This short empirical paper investigates how well topic modeling and database meta-data characteristics can classify web and other proof-of-concept (PoC) exploits for publicly disclosed software vulnerabilities. By using a dataset comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is obtained in the empirical experiment. Text mining and topic modeling are a…

Enhanced Security for Mobile User Authentication and Single Sign-On

Single Sign-on (SSO) systems simplify user authentication for the many online services that we need to access every day. Solutions exist for both intra-organizational use and for the open web. While SSO systems meet their main goal of reducing the number of passwords that a user needs to memorize, many other aspects can still be…

NFV: Security Threats and Best Practices

Network function virtualization (NFV) yields numerous benefits, particularly the possibility of a cost-efficient transition of telco hardware functionalities on the software platform to break the vendor lock-in problem. These benefits come at the price of some security flaws. Indeed, with NFV, virtual mobile networks become vulnerable to a number of security threats. These threats can…

Securing VNF communication in NFVI

n a modern telco cloud, network functions are performed by groups of single or interconnected virtual machines (VMs), which form virtualized network functions (VNFs). Securing these VNFs is both important and challenging, since the VNFs might be performing some mission critical operations and exchanging sensitive information among each other. The problem lies in the implementation…

Incorporating trust in NFV: Addressing the challenges

Network Functions Virtualization (NFV) helps in reducing the dependency on hardware equipments by virtualizing the telecommunication network functions. While the current works have considered different frameworks for NFV and various challenges associated with it, only a few have considered trust as an aspect of NFV. In this paper, we discuss the challenges of incorporating trust…

Private Membership Test Protocol with Low Communication Complexity

We introduce a practical method to perform private membership test. In this method, clients are able to test whether an item is in a set controlled by the server, without revealing their query items to the server. After executing the queries, the content of server’s set remains secret. We apply Bloom filter and Cuckoo filter…

Mind Your Right to Know: On De-anonymization Auditability in V2X Communications

Intelligent transportation systems are getting close to wide deployments. Vehicle to everything (V2X) communication as enabler for safer and more convenient transportation has attracted growing attention from industry and academia. However, security and privacy concerns of such communication must be addressed before reaching to a wide adoption. In this paper we analyze the security and…

Cybersecurity situational awareness taxonomy

Ensuring cost-efficient cybersecurity for a networked system is a challenging task. In this task, cybersecurity situational awareness is a cornerstone to ensure that systems are protected in a meaningful way. However, cybersecurity situational awareness can be built in various ways. Firstly, several monitoring and analysing techniques can be applied, and secondly, a time window for…

Flooding DDoS mitigation and traffic management with software defined networking

Mitigating distributed denial-of-service attacks can be a complex task due to the wide range of attack types, attacker adaptation, and defender constraints. We propose a defense mechanism which is largely automated and can be implemented on current software defined networking (SDN)-enabled networks. Our mechanism combines normal traffic learning, external blacklist information, and elastic capacity invocation…

Experiences in the Development and Usage of a Privacy Requirements Framework

Any reasonable implementation of privacy requirements can not be made through legal compliance alone. The belief that a software system can be developed without privacy being an integral concept, or that a privacy policy is sufficient as requirements or compliance check is at best dangerous for the users, customers and business involved. While requirements frameworks…

Tor De-anonymisation Techniques

Tor offers a censorship-resistant and distributed platform that can provide easy-to-implement anonymity to web users, websites, and other web services. Tor enables web servers to hide their location, and Tor users can connect to these authenticated hidden services while the server and the user both stay anonymous. However, throughout the years of Tor’s existence, some…

Towards Dependably Detecting Geolocation of Cloud Servers

Every physical data center is located somewhere on the globe. A cloud service can be delivered from a set of data centers in several locations, depending on their workload situation. Responsibilities of the service provider include ensuring that legal and agreed constraints are respected also by its subcontractors, for example, those providing cloud computing resources….

Measuring the value of privacy and the efficacy of PETs

Privacy is a very active subject of research and also of debate in the political circles. In order to make good decisions about privacy, we need measurement systems for privacy. Most of the traditional measures such as k-anonymity lack expressiveness in many cases. We present a privacy measuring framework, which can be used to measure…

Concealing IMSI in 5G Network Using Identity Based Encryption

Subscription privacy of a user has been a historical concern with all the previous generation mobile networks, namely, GSM, UMTS, and LTE. While a little improvement have been achieved in securing the privacy of the long-term identity of a subscriber, the so called IMSI catchers are still in existence even in the LTE and advanced…

Situational Awareness for security adaptation in Industrial Control Systems

Situational Awareness (SA) offers an analysed view of system’s security posture. Securing Industrial Control Systems (ICSs) and critical infrastructures requires timely and correct SA. System administrators make decisions and modify security mechanisms based on SA information. In this paper, we envision how security adaptation can facilitate administrators’ work in the ICS protection. Security adaptation is…

Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks

With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, and targets and become more complex by using advantages provided by cloud computing. Modern cloud computing environments can benefit from moving towards Software-Defined Networking (SDN) technology,…

IPsec and IKE as Functions in SDN Controlled Network

Currently IPsec performance in high-speed networks is problematic. Traditionally the connections are established between some multifunction network devices which are typically inefficient already in 10 Gbps packet delivery and do not have high-availability nor scalability features. In the Software-Defined Networking, packets only travel through the desired dedicated networking devices. However, few high-speed stand-alone IPsec solutions exists…

Experiences in Trusted Cloud Computing

While trusted computing is a well-known technology, its role has been relatively limited in scope and typically limited to single machines. The advent of cloud computing, its role as critical infrastructure and the requirement for trust between the users of computing resources combines to form a perfect environment for trusted and high-integrity computing. Indeed, the…

Anonymous Secure Framework in Connected Smart Home Environments

The smart home is an environment, where heterogeneous electronic devices and appliances are networked together to provide smart services in a ubiquitous manner to the individuals. As the homes become smarter, more complex, and technology dependent, the need for an adequate security mechanism with minimum individual’s intervention is growing. The recent serious security attacks have…

Formalisation-Driven Development of Safety-Critical Systems

The use of formal modelling and verification is recommended by several standards in the development of highly critical systems. However, the standards do not prescribe a process that enables a seamless integration of formalisation activities into the development process. In this paper, we propose a model and an automated tool support for an iterative formalisation-driven…

SynAPTIC: Secure and Persistent Connectivity for Containers

Cloud virtualization technology is shifting towards light-weight containers, which provide isolated environments for running cloud-based services. The emerging trends such as container-based micro-service architectures and hybrid cloud deployments result in increased traffic volumes between the micro-services, mobility of the communication endpoints, and some of the communication taking place over untrusted networks. Yet, the services are…

Mining social networks of open source CVE coordination

Coordination is one central tenet of software engineering practices and processes. In terms of software vulnerabilities, coordination is particularly evident in the processes used for obtaining Common Vulnerabilities and Exposures (CVEs) identifiers for discovered and disclosed vulnerabilities. As the central CVE tracking infrastructure maintained by the non-profit MITRE Corporation has recently been criticized for time…

The Formal Derivation of Mode Logic for Autonomous Satellite Flight Formation

Satellite formation flying is an example of an autonomous distributed system that relies on complex coordinated mode transitions to accomplish its mission. While the technology promises significant economical and scientific benefits, it also poses a major verification challenge since testing the system on the ground is impossible. In this paper, we experiment with formal modelling…

Secure communication channel architecture for Software Defined Mobile Networks

A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility, and scalability of today’s telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecommunication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and…

Fast Transmission Mechanism for Secure VPLS Architectures

Ethernet based secure VPLS (Virtual Private LAN Services) networks require to establish full mesh of VPLS tunnels between the customer sites. However, the tunnel establishment between geographically distant customer sites introduces a significantly high delay to the user traffic transportation. In this article, we propose a novel fast transmission mechanism for secure VPLS architectures to…

An interface diversified honeypot for malware analysis

Defending information systems against advanced attacks is a challenging task; even if all the systems have been properly updated and all the known vulnerabilities have been patched, there is still the possibility of previously unknown zero day attack compromising the system. Honeypots offer a more proactive tool for detecting possible attacks. What is more, they…

Obfuscation and Diversification for Securing Cloud Computing

The evolution of cloud computing and advancement of its services has motivated the organizations and enterprises to move towards the cloud, in order to provide their services to their customers, with greater ease and higher efficiency. Utilizing the cloud-based services, on one hand has brought along numerous compelling benefits and, on the other hand, has…

Software Security Considerations for IoT

Internet of Things (IoT) is a swiftly growing technology and business domain that is expected to revolutionize the modern trade. Nonetheless, shortcomings in security are common in this new domain and security issues are the Achilles’ heel of the new technology. In this study, we analyze different security solutions for IoT devices and propose suitable…

A Proxy-Based Solution for Asynchronous Telemedical Systems

Asynchronous telemedicine systems face many challenges related to information security as the patient’s sensitive information and data on medicine dosage is transmitted over a network when monitoring patients and controlling asynchronous telemedical IoT devices. This information may be modified or spied on by a malicious adversary. To make asynchronous telemedicine systems more secure, the authors…

Case Study of Agile Security Engineering: Building Identity Management for a Government Agency

Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security arrangements for development processes, product release, maintenance and hosting, and specific security-oriented processes and governance. Integrating the security engineering processes into agile development methods can have the effect of mitigating…

Introducing Trust into the Digabi Platform

The use of students’ personal devices makes prop- erly securing electronic matriculation examination a particularly difficult challenge. How to make sure that the examinees do not have access to unauthorized materials, when they have unlimited physical access to the hardware? In this proposal, we provide an overview on how trusted computing based techniques could be…

Security in container-based virtualization through vTPM

Cloud computing is a wide-spread technology that enables the enterprises to provide services to their customers with a lower cost, higher performance, better availability and scalability. However, privacy and security in cloud computing has always been a major challenge to service providers and a concern to its users. Trusted computing has led its way in…

Malware distributions and graph structure of the Web

Knowledge about the graph structure of the Web is important for understanding this complex socio-technical system and for devising proper policies supporting its future development. Knowledge about the differences between clean and malicious parts of the Web is important for understanding potential treats to its users and for devising protection mechanisms. In this study, we…

Programming Model Perspective on Security and Privacy of Social Cyber-Physical Systems

Both number and diversity of computer-enabled physical objects in our surroundings is rapidly increasing. Such objects offer connectivity and are programmable, which forms basis for new kinds of cyber-physical computing environments. This has inspired us to propose a programming model called Action-Oriented Programming (AcOP), where focus is at simplifying the creation of applications that build…

Towards Self-aware Approach for Mobile Devices Security

We present conceptual design of self-aware security for mobile devices. The design is envisioned to bring self-awareness into the mobile devices security for optimal protection by regulating application activities. The proposed design contains three subsystems: meta-levelenables self-awareness, extended meta-level extends protections to the base-level components through security mechanisms and base-level comprises of resources that are…

SMS and one-time-password interception in LTE networks

The Interconnection network connects the communication networks themselves to each other enabling features such as roaming and data services between those said networks. It has been known since 2014 that using the legacy SS7 (Signaling System No. 7) protocol SMS based traffic can be intercepted. Network providers are now moving towards diameter based LTE networks…

Providing for Privacy in a Network Infrastructure Protection Context

Machine Learning and Big Data Analysis are seen as the silver bullet to detect and counteract attacks on critical communication infrastructure. Every message is analysed and is to some degree under suspicion. The principle of innocent until proven guilty does not seem to apply to modern communication usage. On the other hand, criminals would gain…

Self-aware Access Control System for Android

We present the conceptual system design of self-aware access control system that enhance the security of Android platform. The objective of the self-awareness is to achieve optimal security through learning of application behaviors and then optimizing the access control policies accordingly. The self-configure, learn and optimize components of the self-aware agent are responsible for the…

Exploring the clustering of software vulnerability disclosure notifications across software vendors

This exploratory empirical paper investigates annual time delays between vulnerability disclosure notifications and acknowledgments by means of network analysis. These delays are approached through a potential clustering effect of vulnerabilities across software vendors. The analysis is based on a projection from bipartite vendor-vulnerability structures to one-mode vendor-vendor networks, while the hypothesized clustering effect is approached…

Tightroping between APT and BCI in small enterprises

The contemporary internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into…

Busting a Myth: Review of Agile Security Engineering Methods

Engineering methods are essential in software development, and form a crucial element in the design and implementation of software security. Security engineering processes and activities have a long and well-standardized history of integration with software development methods. The inception of iterative and incremental software development methods raised suspicions of an inherent incompatibility between the traditional…

EyeCloud: A BotCloud Detection System

Leveraging cloud services, companies and organizations can significantly improve their efficiency, as well as building novel business opportunities. A significant research effort has been put in protecting cloud tenants against external attacks. However, attacks that are originated from elastic, on-demand and legitimate cloud resources should still be considered seriously. The cloud-based botnet or botcloud is…

Applying Internal Interface Diversification to IoT Operating Systems

Internet of Things (IoT) currently covers billions of devices with identical internal software interfaces. This software monoculture exposes the systems to the same security vulnerabilities. Internal interface diversification, by introducing diverse and unique interfaces on each device, is a solution for this problem. In this paper, we discuss interface diversification in the context of IoT…

Obfuscation and Diversification for Securing Cloud Computing

The evolution of cloud computing and advancement of its services has motivated the organizations and enterprises to move towards the cloud, in order to provide their services to their customers, with greater ease and higher efficiency. Utilizing the cloud-based services, on one hand has brought along numerous compelling benefits and, on the other hand, has…

Battlefield Digital Forensics: Digital Intelligence and Evidence Collection in Special Operations

Troops in contact in the battlefield are very likely to be exposed to the enemy’s digital information. Digital media collection by Special Operation Forces (SOF) might provide the critical information needed to penetrate the enemy’s decision matrix and support legal actions against insurgents. Following up on Dr William G Perry’s ideas for ‘Assuring Digital Intelligence Collection’,…

Defending mobile devices for high level officials and decision-makers

Smartphones are an inevitable presence in everyday life. High-level officials and decision-makers use mobile devices to handle and store sensitive information that should be protected as well as possible. However, those mobile devices are fundamentally unsecurable – it is impossible to have absolutely secure systems, even if users follow security policies. In addition to possibly…

Counterfeiting and Defending the Digital Forensic Process

During the last years, criminals have become aware of how digital evidences that lead them to courts and jail are collected and analyzed. Hence, they have started to develop antiforensic techniques to evade, hamper, or nullify their evidences. Nowadays, these techniques are broadly used by criminals, causing the forensic analysis to be in a state…

Evaluation of user authentication methods in the gadget-free world

In an ideal gadget-free environment the user is interacting with the environment and the services through only “natural” means. This imposes restrictions on many aspects of the interaction. One key element in this is user authentication, because it assures the environment and related services of the legitimacy of user’s actions and empowers the user to…

Detection of Fake Profiles in Social Media – Literature Review

False identities play an important role in advanced persisted threats and are also involved in other malicious activities. The present article focuses on the literature review of the state-of-the-art research aimed at detecting fake profiles in social media. The approaches to detecting fake social media accounts can be classified into the approaches aimed on analysing…

Revealing Fake Profiles in Social Networks by Longitudinal Data Analysis

The goal of the current research is to detect fake identities among newly registered users of vk.com. Ego networks in vk.com for about 200.000 most recently registered profiles were gathered and analyzed longitudinally. The reason is that a certain percentage of new user accounts are faked, and the faked accounts and normal accounts have different…

Modeling the delivery of security advisories and CVEs

This empirical paper models three structural factors that are hypothesized to affect the turnaround times between the publication of security advisories and Common Vulnerabilities and Exposures (CVEs). The three structural factors are: (i) software product age at the time of advisory release; (ii) severity of vulnerabilities coordinated; and (iii) amounts of CVEs referenced in advisories….

An outlook on the institutional evolution of the European Union cyber security apparatus

This paper observes the evolution of cyber security institutions recently established in the European Union. These institutions are based on older national, regional, and international Internet governance networks for voluntary transnational coordination of cyber security. The entry of the European Union in the cyber security domain caused a visible institutional change in the operational and…

Electronic Citizen Identities and Strong Authentication

Both public and commercial services in most countries depend on government-issued identity documents for citizen authentication. Traditionally such documents have been fairly uniform around the world, i.e. identity cards and passports. The dawn of strong electronic authentication, however, has created a much more diverse situation. New technologies such as tamper-proof microchips and cryptographic authentication are…

A Survey on Anti-honeypot and Anti-introspection Methods

Modern virtual machines, debuggers, and sandboxing solutions lend themselves towards more and more inconspicuous ways to run honeypots, and to observe and analyze malware and other malicious activity. This analysis yields valuable data for threat-assessment, malware identification and prevention. However, the use of such introspection methods has caused malware authors to create malicious programs with…

Security in Container-Based Virtualization through vTPM

Cloud computing is a wide-spread technology that enables the enterprises to provide services to their customers with a lower cost, higher performance, better availability and scalability. However, privacy and security in cloud computing has always been a major challenge to service providers and a concern to its users. Trusted computing has led its way in…

Security Risk Visualization with Semantic Risk Model

Understanding and analysing security risks is an essential task when designing and maintaining a systems’ security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge…

We Know Where You Are! – Utilising Telecom Core Network for User Tracking

Mobile network technologies require some degree of tracking of user location, specifically user equipment tracking, as part of their fundamental mechanism of working. Without this basic function, features such as hand-over between cells would not work. Since mobile devices are typically associated with a single person, this provides a potential mechanism for user location surveillance….

Deploying Software-Defined Networks: a Telco Perspective

Software-Defined Networking (SDN) proposes a new network architecture in which the control plane and forwarding plane are decoupled. SDN can improve network efficiency and ease of management through the centralization of the control and policy decisions. However, SDN deployments are currently limited to data-center and experimental environments. This thesis surveys the deployment of SDN from…

Honeypot utilization for analyzing cyber attacks

Honeypot systems are an effective method for defending production systems from security breaches and to gain detailed information about attackers’ motivation, tactics, software and infrastructure. In this paper we present how different types of honeypots can be employed to gain valuable information about attacks and attackers, and also outline new and innovative possibilities for future…

Improving the Sphinx Mix Network

Secure mix networks consider the presence of multiple nodes that relay encrypted messages from one node to another in such a way that anonymous communication can be achieved. We consider the Sphinx mix formatting protocol by Danezis and Goldberg (IEEE Security and Privacy 2009), and analyze its use of symmetric-key cryptographic primitives. We scrutinize the…

Security in container-based virtualization through vTPM

Cloud computing is a wide-spread technology that enables the enterprises to provide services to their customers with a lower cost, higher performance, better availability and scalability. However, privacy and security in cloud computing has always been a major challenge to service providers and a concern to its users. Trusted computing has led its way in…

Interface diversification in IoT operating systems

With the advancement of Internet in Things (IoT) more and more “things” are connected to each other through the Internet. Due to the fact that the collected information may contain personal information of the users, it is very important to ensure the security of the devices in IoT. Diversification is a promising technique that protects…

I accidentally malware – what should I do… is this dangerous? Overcoming inevitable risks of electronic communication

The aim of this study is to find mitigation techniques for a number of risks resulting from the usage of systems that will eventually become infected. The key results of this study are a set of threat descriptions related to various attack phases, existing mitigation mechanisms, proposed improvements for existing mitigation mechanisms, and novel mitigations….

Security Testing SDN Controllers

Software-defined networking is a new paradigm that separates the network’s control plane from the data plane. Many SDN controllers have been implemented since this concept was first introduced. As with other network models, security becomes an important requirement because adversaries can launch various attacks to steal sen- sitive data, manipulate network’s state or cause denial…

Interface diversification in IoT operating systems

With the advancement of Internet in Things (IoT) more and more “things” are connected to each other through the Internet. Due to the fact that the collected information may contain personal information of the users, it is very important to ensure the security of the devices in IoT. Diversification is a promising technique that protects…

A Post-Mortem Empirical Investigation of the Popularity and Distribution of Malware Files in the Contemporary Web-Facing Internet

This empirical paper investigates a snapshot of about two million files from a continuously updated big data collection maintained by F-Secure for security intelligence purposes. By further augmenting the snapshot with open data covering about a half of a million files, the paper examines two questions: (a) what is the shape of a probability distribution…

Integrating Security Consideration Into a Safety Case Construction

Wide-spread reliance on networking in modern safety-critical control systems makes security increasingly interwoven with safety. Hence, we need novel methodologies integrating security consideration into the process of system development and safety case construction. Safety case is a structured argument justifying system safety. In this paper, we propose an approach that relies on the systems-theoretic analysis…

From Requirements Engineering to Safety Assurance: Refinement Approach

Formal modelling and verification are widely used in the development of safety-critical systems. They aim at providing a mathematically-grounded argument about system safety. In particular, this argument can facilitate construction of a safety case – a structured safety assurance document required for certification of safety-critical systems. However, currently there is no adequate support for using…

Implementation Experiences and Design Challenges for Resilient SDN Based Secure WAN Overlays

Mobile computing devices, industrial control sys-tems, and service provider clouds need to be connected toeach other over wide area networks. However, reliability,quality of services and confidentiality are challenging in suchsetups. Moreover, isolated appliances and physical equipmentface harsh environment conditions. While application specificgateways can be more secure alternative, their time to marketis typically high, and things…

“Make Sure DSA Signing Exponentiations Really are Constant-Time”

TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of these protocols rely on the cryptographic primitives provided in the OpenSSL library. In this work we disclose a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which…

OSLC-based Support for Integrated Development of Dependable Systems

Engineering of dependable systems is an inherently heterogenous field and involves the use of a wide range of techniques to analyse different aspects of the system behaviour and properties. Various standards typically prescribe a set of techniques to be used and a development process that should be followed to achieve a high degree of dependability…

Risk-driven security metrics development for an e-health IoT application

Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons’ day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for…

Recipient Privacy in Online Social Networks

Alongside the intensive growth of Online Social Networks (OSNs), privacy has become an important concept and requirement when sharing content online, leading users to enforce privacy often using encryption when sharing content with multiple recipients. Although cryptographic systems achieve common privacy goals such as confidentiality, key privacy, and recipient privacy, they have not been designed…

Steps Towards Fuzz Testing in Agile Test Automation

Including and automating secure software development activities into agile development processes is challenging. Fuzz testing is a practical method for finding vulnerabilities in software, but has some characteristics that do not directly map to existing processes. The main challenge is that fuzzing needs to continue to show value while requiring minimal effort. The authors present…

Towards security metrics-supported IP traceback

The threat of DDOS and other cyberattacks has increased during the last decade. In addition to the radical increase in the number of attacks, they are also becoming more sophisticated with the targets ranging from ordinary users to service providers and even critical infrastructure. According to some resources, the sophistication of attacks is increasing faster…

A Tool for Security Measuring and Probe Management

Designing and maintaining correct security countermeasures to support trustworthiness require comprehensive understanding of current security posture, i.e., Situational Awareness (SA). Security SA means that a decision maker is aware of protected assets, existing vulnerabilities, and risk mitigation techniques. Applying security metrics offers a holistic way to gain Situational Awareness. However, it is a challenge to…

A Study on the State of Practice in Security Situational Awareness

We present the results of an interview study on the state of practice for Situational Awareness (SA) in the cybersecurity industry. Representatives from four global companies providing cybersecurity monitoring and analysis services and products were interviewed to get a view into the current state of practice in SA. The interviews were performed as a form…

Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics

User authentication is a key tehnology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for users and the service providers. However, achieving all three properties…