Computer Security. ESORICS 2023 International Workshops

Name: Computer Security. ESORICS 2023 International Workshops | CyberICS, DPM, CBT, and SECPRE, The Hague, The Netherlands, September 25-29, 2023, Revised Selected Papers, Part I
Brand: Springer
Price: 74.89 EUR
Availability: OnlineOnly

CyberICS, DPM, CBT, and SECPRE, The Hague, The Netherlands, September 25-29, 2023, Revised Selected Papers, Part I

Sokratis Katsikas Frédéric Cuppens Nora Cuppens-Boulahia Costas Lambrinoudakis Joaquin Garcia-Alfaro Guillermo Navarro-Arribas Pantaleone Nespoli Christos Kalloniatis John Mylopoulos Annie Antón Stefanos Gritzalis(Editor)

Springer (Publisher)

Published on 29. February 2024

XV, 510 pages

E-Book

PDF with digital watermarking

System requirements

978-3-031-54204-6 (ISBN)

€74.89incl. 7% vat

System requirements

for PDF with digital watermarking

E-Book Single Licence

Available for download

Description

Alles über E-Books | Antworten auf Fragen rund um E-Books, Kopierschutz und Dateiformate finden Sie in unserem Info- & Hilfebereich.

Alles über E-Books, Kopierschutz & Dateiformate finden Sie in unserem Info- & Hilfebereich.

This two-volume set LNCS 14398 and LNCS 14399 constitutes the refereed proceedings of eleven International Workshops which were held in conjunction with the 28th European Symposium on Research in Computer Security, ESORICS 2023, in The Hague, The Netherlands, during September 25-29, 2023.
The 22 regular papers included in these proceedings stem from the following workshops:

9th International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2023, which accepted 8 papers from 18 submissions;

18th International Workshop on Data Privacy Management, DPM 2023, which accepted 11 papers from 18 submissions;

7th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2023, which accepted 6 papers from 20 submissions;

7th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2023, which accepted 4 papers from 7 submissions.

4th International Workshop onCyber-Physical Security for Critical Infrastructures Protection, CSPS4CIP 2023, which accepted 11 papers from 15 submissions.

6th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2023, which accepted 6 papers from 10 submissions;

Second International Workshop on System Security Assurance, SecAssure 2023, which accepted 5 papers from 8 submissions;

First International Workshop on Attacks and Software Protection, WASP 2023, which accepted 7 papers from 13 submissions

International Workshop on Transparency, Accountability and User Control for a Responsible Internet, TAURIN 2023, which accepted 3 papers from 4 submissions;

International Workshop on Private, Secure, and Trustworthy AI, PriST-AI 2023, which accepted 4 papers from 8 submissions;

International Workshop on Security and Artificial Intelligence, SECAI 2023, which accepted 11 papers from 31 submissions.

More details

Other editions

Persons

Content

Intro
Preface
Contents - Part I
Contents - Part II
Effects of Organizational Cyber Security Culture Across the Energy Sector Supply Chain
1 Introduction
2 Related Work
2.1 Supply Chain Cyber Security
2.2 Cyber Security Culture
3 Method
3.1 Problem Identification and Literature Review
3.2 Data Collection and Analysis
3.3 Data Interpretation and Reporting
4 Results
4.1 Governance
4.2 Preparedness and Incident Response
4.3 Supply Chain Challenges
4.4 Trust
4.5 Looking Towards Others and Propagation of Trust
4.6 The Impact of Organization Size
5 Discussion
5.1 Discussion of Main Research Questions
5.2 Exploration of Additional Findings
6 Conclusion and Future Work
References
METRICS: A Methodology for Evaluating and Testing the Resilience of Industrial Control Systems to Cyberattacks
1 Introduction
2 Cybersecurity Research for ICSs
2.1 Testbeds
2.2 Datasets
2.3 Related Work
2.4 Toward a Cross-Domain ICS Evaluation
3 METRICS: A Cybersecurity Evaluation Methodology for ICSs
3.1 Exchangeable Evaluation Environment
3.2 Adversaries and Responses
3.3 Cross-Domain Metrics
3.4 Evaluation Control
4 Use Case: METRICS for Power Grids
4.1 Evaluation Phases
4.2 Discussion
5 Toward Cross-Domain Resilience
6 Conclusion
A Environment Description File Example
B Scenario Description File Example
References
Threat Analysis in Dairy Farming 4.0
1 Introduction
2 Related Work
3 CPSs of a Dairy Farm 4.0
4 Threat Modeling and Risk Assessment
4.1 Methodology
4.2 Threats and Risks in the Dairy Farm 4.0
5 Conclusions
References
Overview of Social Engineering Protection and Prevention Methods
1 Introduction
2 Method Selection Methodology
3 Analysis
3.1 Overview of Protection Method Categories
3.2 Criteria for Method Evaluation
3.3 Evaluation Results
3.4 Analysis of Evaluation Results
4 Conclusion
References
Skade - A Challenge Management System for Cyber Threat Hunting
1 Introduction
2 Related Work
3 Hypotheses Concerning Threat Hunting Training
3.1 Ensuring Constructive Alignment
3.2 Supporting Motivating Setting
3.3 Providing Feedback and Assessment
3.4 Covering Multiple Learning Dimensions
4 Realization of the Challenge Manager Skade
4.1 Features
4.2 Functions
4.3 Example Based on the Nordic-US Exercise of 2023
5 Discussion
5.1 Skade as a Design Science Effort
5.2 Trainees and Requirements on Challenges
5.3 Interaction with Emulators
5.4 Learning Objectives and Learning Activities
5.5 Experiment Plan and Tests of Hypotheses
6 Conclusion
References
On the Usage of NLP on CVE Descriptions for Calculating Risk
1 Introduction
2 Cybersecurity Related Background
2.1 Common Vulnerabilities and Exposures (CVE)
2.2 Common Platform Enumeration (CPE)
2.3 Common Weakness Enumeration (CWE)
2.4 Common Attack Pattern Enumeration and Classification (CAPEC)
2.5 National Vulnerability Database (NVD)
2.6 Common Vulnerability Scoring System (CVSS)
3 Related Work
4 Natural Language Processing Background
4.1 Text Classification
4.2 spaCy
5 Implementation
6 Conclusion
References
Evaluation of an OPC UA-Based Access Control Enforcement Architecture
1 Introduction
2 Related Work
3 Architecture
3.1 Protocol Modeling
4 Implementation
5 Experiment
6 Results
6.1 Results on Connection Experiments
6.2 Results on Access Resource Experiments
6.3 Results on Different Token Expiry Times
6.4 Result on Different Token Sizes
6.5 Results on Lowering the CPU Clock Frequency of the Resource Server
7 Suggestions on Optimizations of Session Activation
8 Discussion
8.1 Recommendations
8.2 Limitations and Impact
9 Conclusions
References
HoneyEVSE: An Honeypot to Emulate Electric Vehicle Supply Equipments
1 Introduction
2 Background
2.1 Internet Exchange Point
2.2 Honeypot
2.3 Vehicle-to-Grid (V2G)
3 Related Work
4 HoneyEVSE Honeypot
4.1 Architecture
4.2 Physical Process
4.3 Services and Interaction
4.4 Data Logging
5 Results
5.1 Interactions Analysis
5.2 Interactions Origin
6 Conclusion
References
DPM 2023
Foreword from the DPM 2023 Program Chairs
18th International Workshop on Data Privacy Management - DPM 2023
PC Chairs
Program Committee
Steering Committee
Additional Reviewers
Not Only Security and Privacy: The Evolving Ethical and Legal Challenges of E-Commerce
1 Introduction
2 Background
3 Methodology and Research Strategy
3.1 Research Questions
4 Results
4.1 The `old' Ethical Dilemmas of E-Commerce
4.2 The `New' Ethical Dilemmas of E-Commerce
5 Conclusions
References
Synthetic Is All You Need: Removing the Auxiliary Data Assumption for Membership Inference Attacks Against Synthetic Data
1 Introduction
2 Background and Related Work
2.1 Synthetic Data Generation
2.2 Membership Inference Attacks Against Synthetic Tabular Data
3 Attack Scenarios
3.1 (S0) Auxiliary
3.2 (S1) Black Box
3.3 (S2) Published
3.4 (S3) Upper Bound
4 Experimental Setup
4.1 Synthetic Data Generators
4.2 Real World Datasets
4.3 Meta-classifier Methods
4.4 Parameters of the Attack
5 Results
5.1 Query Based Attack
5.2 Target Attention Attack
5.3 Robustness Analysis for Number of Synthetic Records m
6 Future Work
6.1 Impact of Releasing Less Synthetic Records
6.2 Differentially Private Synthetic Generation Methods
6.3 Bridging the Gap with the Upper Bound
7 Conclusion
References
Patient-Centric Health Data Sovereignty: An Approach Using Proxy Re-Encryption
1 Introduction
2 Proxy Re-Encryption
2.1 Syntax and Basic Definitions
2.2 Umbral's PRE Scheme
3 Related Work
4 Patient-Centric Health Data Sovereignty
4.1 Proposed Solution
4.2 Authentication/Authorisation
4.3 Access Delegation Scenario
4.4 Break-Glass Approach
5 Performance Analysis
6 Conclusion
References
PrivacySmart: Automatic and Transparent Management of Privacy Policies
1 Introduction
1.1 Related Work
1.2 Contribution and Plan of This Paper
2 Proposal Description
2.1 System Architecture Overview
2.2 User Privacy Preferences
2.3 Pop-Up Interaction Module
2.4 Consent Smart Contract
2.5 Workflow
3 Discussion
3.1 Implementation
3.2 Evaluation
4 Conclusions and Future Work
References
Try On, Spied On?: Privacy Analysis of Virtual Try-On Websites and Android Apps
1 Introduction
2 Related Work
3 Methodology
3.1 Collection of VTO Providers, Websites and Apps
3.2 Analyzing the Sharing of Users' Images on VTO Websites/Apps
3.3 Analyzing Privacy Policies w.r.t VTO Feature
3.4 Measurement of Trackers
3.5 Analysing VTO Service Providers
4 Results
4.1 Sharing of Users' Images on VTO Featuring Websites
4.2 Privacy Policy Analysis w.r.t VTO Feature on Websites
4.3 Sharing of Users' Images on VTO Featuring Apps
4.4 Privacy Policy Analysis w.r.t VTO Feature on Apps
4.5 Measurement of Trackers
4.6 Analysis of VTO Service Providers
5 Conclusion
References
Integrally Private Model Selection for Support Vector Machine
1 Introduction
2 Preliminaries
2.1 Support Vector Machine (SVM)
2.2 Model Comparison Attack for SVM and Integral Privacy
3 Methodology
3.1 Overview
3.2 Datasets
3.3 Creation of Partitions
3.4 Integrally Private SVM (IPSVM)
4 Results
4.1 Drawbacks
5 Conclusion and Future Work
References
Differentially Private Traffic Flow Prediction Using Transformers: A Federated Approach
1 Introduction
2 Preliminaries
2.1 Federated Learning
2.2 Differential Privacy
2.3 Temporal Fusion Transformers
3 Related Work
4 Differentially Private Federated Traffic Flow Prediction Using Temporal Fusion Transformers
4.1 Client-Side Training
4.2 Model Perturbation
4.3 Aggregation Algorithm
5 Dataset and Experimental Settings
6 Results and Analysis
7 Conclusion and Future Works
References
Analyzing Continuous Ks-Anonymization for Smart Meter Data
1 Introduction
2 Problem Statement and Related Work
3 ks-Anonymity and CASTLE
4 Evaluation
5 Conclusion
References
Towards Real-World Private Computations with Homomorphic Encryption: Current Solutions and Open Challenges
1 Introduction
2 Industrial Context
3 Background
4 Available Libraries
4.1 HElib
4.2 SEAL
4.3 PALISADE
4.4 OpenFHE
4.5 TFHE
4.6 Concrete
4.7 LATTIGO
5 Towards Real-World HE Applications: HELT
6 Related Work
7 Conclusion
References
AddShare: A Privacy-Preserving Approach for Federated Learning
1 Introduction
2 Background and Related Work
2.1 Federated Learning Attacks
2.2 Privacy in Federated Learning
3 The AddShare Approach
3.1 Threat Models
3.2 AddShare Algorithm
3.3 Implemented AddShare Variants
4 Empirical Evaluation
5 Results and Discussion
6 Conclusion
References
Secure Multiparty Sampling of a Biased Coin for Differential Privacy
1 Introduction
1.1 Other Background and Related Works
1.2 Contribution
2 Preliminaries
2.1 Setting, Basic Notation and Complexity
2.2 Known Primitives
3 The Sampling Technique
3.1 Computing "464A671 X "564B679
3.2 The Protocol and Overall Complexity Analysis
4 Comparison
5 Summary
References
CBT 2023
Foreword from the CBT 2023 Program Chairs
7th International Workshop on Cryptocurrencies and Blockchain Technology - CBT 2023
PC Chairs
Program Committee
Steering Committee
Additional Reviewers
Transaction Fee Mechanism for Order-Sensitive Blockchain-Based Applications
1 Introduction
2 Related Works
3 System Model
4 Background
5 Theory
5.1 Order Oriented Private Value
5.2 Generalized TFM Modelling
5.3 Agents' Utilities and Incentive Compatibility
5.4 Off-Chain Agreements
6 Results
7 Discussion
8 Conclusion and Future Works
References
Comparison of Ethereum Smart Contract Analysis and Verification Methods
1 Introduction
1.1 Related Work
1.2 Contribution
1.3 Organization
2 Categorization of Methods
2.1 Automated Analysis Tools
2.2 Model Checking with Hoare-Style Annotation
3 Empirical Tool Comparison
4 Case Study: 2-Phase Commit Smart Contract
4.1 General Approach
4.2 Application
5 Discussion
6 Conclusion
References
Chaussette: A Symbolic Verification of Bitcoin Scripts
1 Introduction
2 Background
2.1 The Bitcoin Protocol
2.2 The Bitcoin Script Language
3 Data Collection Methodology
4 Non-standard Scripts as Attack Vector on Bitcoin
4.1 Chaussette: A Script Symbolic Execution Tool
4.2 Non-standard Output Scripts
4.3 Non-standard Redeem Scripts
5 Attempts to Secure Btc
5.1 Recommendations
5.2 Securing Published Scripts
6 Related Work
7 Conclusion
References
A Simple Single Slot Finality Protocol for Ethereum
1 Introduction and Related Work
2 Model and Preliminary Notions
2.1 System Model
2.2 Validator Internals
2.3 Security
3 Propose-vote-merge Protocols
4 Protocol Specification
4.1 Data Structures
4.2 Confirmation Rule
4.3 FFG Component
4.4 Voting
4.5 Protocol Execution
5 Analysis
5.1 Synchrony
5.2 Partial Synchrony
6 Single Slot Finality
7 Conclusions
References
Timely Identification of Victim Addresses in DeFi Attacks
1 Introduction
2 Background
2.1 DeFi and Smart Contracts
2.2 Attacker Model
2.3 Private Pools
3 Motivation
4 Methodology
4.1 Extracting Potential Victims' Addresses
4.2 Extracting Deployers' Addresses
4.3 Determining Actual Victims
5 Evaluation
5.1 Dataset
5.2 Results
6 Related Work
7 Conclusion
References
On the (Not So) Surprising Impact of Multi-Path Payments on Performance And Privacy in the Lightning Network
1 Introduction
2 Network Model
2.1 Performance Metrics
2.2 Privacy Metrics
2.3 Network Simulations
3 Impact on Performance
3.1 Success Rate
3.2 Transaction Fees
3.3 Path Length
3.4 Payment Attempts
3.5 Insights
4 Impact on Privacy
4.1 Observation Rate
4.2 Sender and Receiver Inference
4.3 Relationship Anonymity
4.4 Path Diversity
4.5 Insights
5 Related Work
6 Conclusion
References
SECPRE 2023
SECPRE 2023 Preface
Organization
General Chairs
Program Committee Chairs
Program Committee
Creating Privacy Policies from Data-Flow Diagrams
1 Introduction
2 Background
2.1 GDPR Terminology
2.2 LINDDUN
2.3 Data-Flow Diagrams
2.4 Privacy Policies
3 Methodology
3.1 Concept
3.2 Running Example
3.3 Validation Conditions
3.4 Annotated Data-Flow Diagram
3.5 Intermediate Policy
3.6 Privacy Policy Editor
4 Tool Support
4.1 Metamodel
4.2 Model Instance
4.3 Graphical Representations
4.4 Implemented Validation Conditions (VCs)
5 Related Work
6 Conclusion and Future Work
References
Up-to-Date Threat Modelling for Soft Privacy on Smart Cars
1 Introduction
1.1 Context and Motivation
1.2 Research Question and Contributions
1.3 Article Summary
2 Related Work
3 A Primer on (The New) LINDDUN
4 A Privacy Threat Modelling Methodology
4.1 The Combinatoric Approach
5 Demonstration in the Automotive Domain
5.1 Domain-Independent Threat Elicitation
5.2 Domain-Dependent Asset Collection
5.3 Domain-Dependent Threat Elicitation
5.4 Case Study
5.5 Evaluation
6 Conclusions
References
Security and Privacy for Mobile Crowdsensing: Improving User Relevance and Privacy
1 Introduction
2 System and Adversary Model
3 Security and Privacy Requirements
4 Related Work
5 Architecture Overview
6 Protocols
6.1 Preliminaries
6.2 High-Level Overview
6.3 Device Registration
6.4 Credential Acquisition
6.5 Task Release and Enrollment
6.6 Data Submission and Remuneration
6.7 User Revocation
7 Security and Privacy Analysis
8 Implementation and Evaluation
9 Conclusion
References
Review on Privacy and Trust Methodologies in Cloud Computing
1 Introduction
2 Methodology
3 Privacy Requirements Engineering Methods
4 Trust Methodologies
5 Discussion
6 Conclusion
References
Author Index

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Computer Security. ESORICS 2023 International Workshops

Description

More details

Other editions

Additional editions

Persons

Content

System requirements