Computer Security. ESORICS 2021 International Workshops: CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE, Darmstadt, Germany, October 4–8, ... Selected Papers (Security and Cryptology)

✍ Scribed by Sokratis Katsikas (editor), Costas Lambrinoudakis (editor), Nora Cuppens (editor), John Mylopoulos (editor), Christos Kalloniatis (editor), Weizhi Meng (editor), Steven Furnell (editor), Frank Pallas (editor), Jörg Pohle (editor)

Publisher: Springer
Year: 2022
Tongue: English
Leaves: 577
Category: Library

⬇ Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

This book constitutes the refereed proceedings of six International Workshops that were held in conjunction with the 26th European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-6, 2021. The conference was initially planned to take place in Darmstadt, Germany, but changed to an online event due to the COVID-19 pandemic.

The 32 papers included in these proceedings stem from the following workshops:

the 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, which accepted 7 papers from 16 submissions;
the 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, which accepted 5 papers from 8 submissions;
the 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, which accepted 6 full and 1 short paper out of 15 submissions;
the 3rd Workshop on Security, Privacy, Organizations, andSystems Engineering, SPOSE 2021, which accepted 5 full and 1 short paper out of 13 submissions.
the 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021, which accepted 3 full and 1 short paper out of 6 submissions; and
the 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT & SECOMANE 2021, which accepted 3 papers out of 7 submissions.

The following papers are available open access under a Creative Commons Attribution 4.0 International License via link.springer.com:

Why IT Security Needs Therapy by Uta Menges, Jonas Hielscher, Annalina Buckmann, Annette Kluge, M. Angela Sasse, and Imogen Verret

Transferring Update Behavior from Smartphones to Smart Consumer Devices by Matthias Fassl, Michaela Neumayr, Oliver Schedler, and Katharina Krombholz

Organisational Contexts of Energy Cybersecurity by Tania Wallis, Greig Paul, and James Irvine

SMILE - Smart eMaIl Link domain Extractor by Mattia Mossano, Benjamin Berens, Philip Heller, Christopher Beckmann, Lukas Aldag, Peter Mayer, and Melanie Volkamer

A Semantic Model for Embracing Privacy as Contextual Integrity in the Internet of Things by Salatiel Ezennaya-Gomez, Claus Vielhauer, and Jana Dittmann

Data Protection Impact Assessments in Practice - Experiences from Case Studies by Michael Friedewald, Ina Schiering, Nicholas Martin, and Dara Hallinan

✦ Table of Contents

Preface
Contents
7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2021)
CyberICPS 2021 Preface
chPart1
CyberICPS 2021 Organization
General Chairs
Program Committee Chairs
Program Committee
Communication and Cybersecurity Testbed for Autonomous Passenger Ship
1 Introduction
2 Background and Related Work
3 Testbed Architecture
3.1 Concepts and Processes
3.2 Tools and Equipment
4 Evaluation
4.1 APS Communication and Cybersecurity Architecture
4.2 NMEA Security
4.3 Relevance to the State-of-the-Art
5 Challenges and Future Work
6 Conclusion
References
A Cybersecurity Ontology to Support Risk Information Gathering in Cyber-Physical Systems
1 Introduction
2 Related Work
3 Security Ontology
3.1 Architecture
3.2 Data Sources and Challenges
4 Knowledge Graph Implementation
4.1 Implementation Architecture
4.2 Building Custom Blocks Based on Machine Learning
4.3 Deducing Relationships Between Existing Blocks
5 Application Scenarios – Validation
5.1 Using the Ontology to Predict CVSS Scores
5.2 Using the Ontology to Correlate Threat Agents with Attacks and Vulnerabilities
6 Conclusions
References
GLASS: Towards Secure and Decentralized eGovernance Services Using IPFS
1 Introduction
2 Background and Related Literature
2.1 Kademlia
2.2 IPFS
2.3 Distributed Ledger
3 Architecture
3.1 Threat Landscape
4 Methodology and Implementation
5 Evaluation
6 Conclusions
A Appendices
A.1 Libp2p Node Initialisation
A.2 Random Walk PeerId Creation
A.3 Transforming Content to a CID
A.4 A Node Providing Content
A.5 Distributing Content to the Closest Peers
A.6 Creation of the Datastore
A.7 Calculating the Closest Peers Using the XOR Metric
A.8 Finding Providers
A.9 Result of the Finding Providers'' Query References Integrated Design Framework for Facilitating Systems-Theoretic Process Analysis 1 Introduction 2 Related Work 2.1 Security and Safety Engineering 2.2 Safety and Human Factors Engineering 2.3 Human Factors and Security Engineering 3 Approach 4 Case Study - Cambrian Incident Investigation 5 Discussion and Conclusion References Attack Path Analysis and Cost-Efficient Selection of Cybersecurity Controls for Complex Cyberphysical Systems 1 Introduction 2 Related Work 3 Background 3.1 Risk Analysis 3.2 Risk Propagation 4 Attack Path Analysis 5 Optimal Control Set Selection 5.1 Cybersecurity Controls 5.2 Selection of the Optimal Set 6 DELTA System Use Case 6.1 The DELTA System 6.2 Risk Analysis 6.3 Attack Path Analysis 6.4 Selection of the Optimal Security Controls 7 Conclusions References Analysis of Cyber Security Features in Industry 4.0 Maturity Models 1 Introduction 2 Theoretical Background 2.1 Small and Medium-Sized Enterprises (SMEs) 2.2 Cyber Security 2.3 Industry 4.0 2.4 Maturity Models 3 Methodology 4 Validation of the Selected Publications 5 Analysis 5.1 Industry 4.0 Maturity Model 5.2 Impuls - VDMA 5.3 The Connected Enterprise Maturity Model 5.4 Industry 4.0/Digital Operations Self-assessment 5.5 Industrie 4.0 Maturity Index 5.6 Cyber Security Maturity Models 6 Conclusion References Cybersafety Analysis of a Natural Language User Interface for a Consumer Robotic System 1 Introduction 2 Cybersafety Analysis 2.1 Adversarial System Modeling with Control Loops 2.2 Related Work 3 Target System 4 Cybersafety Analysis of Target System 4.1 Basis for Analysis 4.2 Control Structure 4.3 Unsafe Control Actions 4.4 Loss Scenario 5 Discussion References 5th International Workshop on Security and Privacy Requirements Engineering (SECPRE 2021) SECPRE 2021 Preface chPart2 SECPRE 2021 Organization General Chairs Program Committee Chairs Program Committee Integrating Privacy-By-Design with Business Process Redesign 1 Introduction 2 Background Analysis 3 Α Method for Integrating DPIA and Business Process Management 4 Discussion 5 Conclusions References Disclosing Social and Location Attributes on Social Media: The Impact on Users’ Privacy 1 Introduction 2 The Social Aspects of Privacy 2.1 Privacy and Self-determination 2.2 Privacy and Self-disclosure 3 Privacy Implications on SM Due to Self-determination and Self-disclosure 4 Case Study 4.1 Preparing the Case Study 4.2 Setting the Case Study 4.3 The Normativity Line 4.4 Outside the Normativity Line 4.5 Privacy Requirements, Social and Location Attributes 5 Conclusion References BioPrivacy: Development of a Keystroke Dynamics Continuous Authentication System 1 Introduction 2 Background 2.1 Keystroke Dynamics 2.2 Multi-layer Perceptron (MLP) 2.3 Evaluation Metrics 3 Related Work 4 Experimental Setup 4.1 Bioprivacy’s Collection Tool 4.2 BioPrivacy System Architecture 5 Methodology 6 Results 7 Discussion 7.1 Contribution 7.2 Limitations 8 Conclusions and Further Research References Privacy and Informational Self-determination Through Informed Consent: The Way Forward 1 Introduction 2 Informational Self-determination Through Notice and Consent: Origins and Criticism 3 Problem Statement and Research Questions 4 A Model for Informed Consent 5 A Proposed Architecture for Usable Informational Self-determination 6 Conclusions and Future Work References Building a Privacy Testbed: Use Cases and Design Considerations 1 Introduction 2 Use Cases 2.1 Contact Tracing Applications 2.2 Privacy Preserving Peer to Peer (P2P) File Sharing Systems 2.3 Privacy Preserving Browsers Using Privacy Preserving Networks 3 Design 4 Prototype Implementation 5 Reflection and Evaluation with Example Deployments 6 Conclusion References 4th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT 2021) ADIoT 2021 Preface chPart3 ADIoT 2021 Organization General Chairs Program Committee Chairs Program Committee Additional Reviewer Assessing Vulnerabilities and IoT-Enabled Attacks on Smart Lighting Systems 1 Introduction 2 Related Work 2.1 Security Frameworks and Requirements for IoT 2.2 Attacks on Lighting Systems 3 Security Analysis on a Smart Lighting System 3.1 Methodology Overview 3.2 Security Analysis of the Smart Lighting Control Device 4 Analyzing Applicable Attack Vectors on Smart Lighting Systems 5 Conclusions References TAESim: A Testbed for IoT Security Analysis of Trigger-Action Environment 1 Introduction 2 Related Work and Motivation 2.1 Related Work 2.2 Motivation 3 Challenges in Testbed Simulation 4 TAPSim: A Simulation Testbed 4.1 Overview 4.2 Devices 4.3 Channels 4.4 Apps 4.5 Unexpected Factors 5 Evaluation and Case Study 5.1 Evaluation 5.2 Case Study 6 Conclusion References Adversarial Command Detection Using Parallel Speech Recognition Systems 1 Introduction 2 Preliminaries 2.1 Personal Voice Assistant (PVA) 2.2 Hidden Commands 2.3 Obfuscated and Adversarial Commands 2.4 Adversarial Command Generation 3 Adversarial Command Detection (ACD) 3.1 Threat Model 3.2 ACD Approach 3.3 ACD and Protection ASR Properties 4 Evaluation Setup 4.1 ASR Selection 4.2 Adversarial and Benign Command Generation 4.3 Experiment Setup 4.4 Evaluation Metrics 5 Evaluation Results 5.1 Decoding Results of Normal Speech 5.2 Decoding Results of Adversarial Commands 5.3 Adversarial Command Detection (ACD) 6 Discussion 6.1 Observations 6.2 Limitations 7 Related Work 8 Conclusion References Security Measuring System for IoT Devices 1 Introduction 2 Related Research 3 Security Measuring System 4 Implementation and Test Case 5 Discussion and Conclusion References Battery Depletion Attacks on NB-IoT Devices Using Interference 1 Introduction 2 Related Work 3 NB-IoT Battery Depletion Attacks 3.1 NB-IoT 3.2 Threat Model 3.3 Degradation of Quality of Signal (DQS) Attack 3.4 Random Access Procedure (RAP) Attack 4 Evaluation Setup 4.1 Evaluation Scenario 4.2 Evaluation Metrics 4.3 Simulation Environment 4.4 Jammer 5 Evaluation Results 5.1 Baseline 5.2 Jamming 5.3 Evaluation Discussions 5.4 Countermeasure 6 Conclusion References Security- and Privacy-Aware IoT Application Placement and User Assignment 1 Introduction 2 A Motivating Example 3 Problem Formulation 3.1 Inputs 3.2 Outputs 3.3 Constraints 3.4 Discussion 4 Algorithm Using Mixed Integer Programming 5 Evaluation 5.1 Example Application 5.2 Scalability 5.3 Impact of Security and Privacy Constraints 5.4 Summary 6 Related Work 7 Conclusions and Future Work References Room Identification with Personal Voice Assistants (Extended Abstract) 1 Introduction 2 Related Work 3 System Overview 4 Room Identification 5 Evaluation 5.1 Dataset 5.2 ThinResNet 5.3 VGGVox 6 Conclusion References 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE 2021) SPOSE 2021 Preface chPart4 SPOSE 2021 Organization Program Committee Chairs Program Committee Why IT Security Needs Therapy 1 Introduction 2 Background 2.1 ITS Relationships in Organisations 2.2 The Curse of theWeakest Link''
2.3 Indicators of Dysfunctional Relationships
3 Method
4 Results
4.1 Security Vendor Statements
4.2 Employee Survey Results
5 Data Analysis – Dysfunctional Relationship
6 Therapy Framework
7 Discussion and Conclusions
A Prolific Survey Questions
B Security Vendor Statements with Sources
C Statement Clouds
References
Transferring Update Behavior from Smartphones to Smart Consumer Devices
1 Introduction
2 Methodology
2.1 Formative Field Study
2.2 Online Survey
3 Results
3.1 Automatic Update Settings and Reasons for (De)activation
3.2 Automatic Updates and Their Effect on Update Decisions
3.3 Transferring Update Behavior to Smart Consumer Devices
3.4 Contradicting User Requirements
4 Discussion
4.1 Automatic Update Settings
4.2 Transferring Update Behavior
4.3 Implications for Design
5 Related Work
6 Conclusion and Future Work
A Instructions on Finding Update Settings
A.1 Android
A.2 iOS
B Formative Field Study: Questionnaire
C Formative Field Study: Demographics, Codebooks, and Update Settings
D Online Survey: Questionnaire, Demographics, Reasons for (De)activation, and Update Avoidance Behavior
E Online Survey: Update Notifications
F Online Survey: Codebook
References
Organisational Contexts of Energy Cybersecurity
1 Introduction
1.1 Approach
2 Preparing for Future Energy Scenarios
2.1 Setting the Context
3 Industry Review
3.1 Accessing Multiple Sites
3.2 Securing Legacy Equipment and Future Networks
3.3 Network Monitoring
3.4 Building Incident Response Capability
3.5 Knowledge of Threats
3.6 Electricity Sector Specifics
3.7 Organisational Culture
3.8 Recognising the Shared Context
4 Exploring Impact and Uncertainty
4.1 Impact Analysis
5 Resilience Efforts
6 Conclusions
References
SMILE - Smart eMaIl Link Domain Extractor
1 Introduction
2 Related Works
3 Background on Link-Types
4 SMILE: General Idea
5 SMILE: Algorithm
6 Discussion
7 Conclusion
References
A Semantic Model for Embracing Privacy as Contextual Integrity in the Internet of Things (Short Paper)
1 Introduction
2 Background
3 A CI Semantic Model
3.1 Knowledge Acquisition and identification of the Purpose of the Semantic Model
3.2 Modeling the Ontology, Defining the Classes and Relations
3.3 An Exemplary Use Case Application
4 Discussion and Conclusions
References
Data Protection Impact Assessments in Practice
1 Introduction
2 Related Work
3 Operationalization of DPIAA detailed description of the methodology can be found in ch25handbuch.
3.1 Initialization Phase
3.2 DPIA Preparation Phase
3.3 DPIA Execution Phase
3.4 DPIA Implementation Phase
3.5 Sustainability Phase
4 Methodology of the Case Studies
5 Experiences from the Case Study
5.1 General Aspects
5.2 In the Initialization Phase
5.3 In the DPIA Preparation Phase
5.4 In the DPIA Execution Phase
5.5 In the DPIA Implementation Phase
5.6 In the Sustainability Phase
6 Conclusions
References
2nd Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2021)
CPS4CIP 2021 Preface
chPart5
Organization
General Chairs
Program Committee Chairs
Program Committee
Resilience Quantification for Critical Infrastructure: Exemplified for Airport Operations
1 Introduction
2 Scenario and Model
2.1 Network Model
2.2 Agent-Based Model
3 Simulation Results
3.1 Resilience Curves
3.2 Resilience Indicators
3.3 Agent-Based Simulations
4 Conclusion
References
Severity Level Assessment from Semantically Fused Video Content Analysis for Physical Threat Detection in Ground Segments of Space Systems
1 Introduction
2 Methodological Framework for Physical Attack Detection and Response
2.1 Video-Based Object Detection and Activity Recognition
2.2 Face Detection and Recognition
2.3 Semantic Indexing and Linking
2.4 Crisis Classification and DSS Module
3 Experimental Validation and Evaluation
3.1 Evaluation of the Detection Layer
3.2 Validation of the Fusion Layer
3.3 Annotation Tool for the Validation of the Decision Layer
4 Conclusions
References
Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability
1 Introduction
2 Background
2.1 Intel TSX
2.2 LFB
2.3 TAA Vulnerability
3 Methodology
3.1 Scheduling
3.2 Detection
3.3 Mitigation
3.4 Mitigation-1 (SIGKILL to the Attacker's Process)
3.5 Mitigation-2 (Instruction Replacement)
4 Experimental Results
4.1 System Model
4.2 Detection Threshold
4.3 Results
5 Discussion
6 Conclusion
References
The Rise of ICS Malware: A Comparative Analysis
1 Introduction
2 Background
2.1 Cyber Threat Intelligence for Industrial Environment
2.2 Industrial Malware Analysis
3 A Framework for Comparative Analysis
3.1 ICS Malware Classification
3.2 Cyber Threat Intelligence Layer
3.3 Hybrid Analysis Layer
3.4 Comparative Analysis
4 Evaluation and Results
4.1 Experimental Industrial Malware
4.2 Cyber Threat Intelligence Layer Evaluation
4.3 Hybrid Analysis Layer Evaluation
4.4 Security Discussion
5 Conclusions
References
1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge (CDT&SECOMANE 2021)
CDT&SECOMANE 2021 Preface
chPart6
CDT&SECOMANE 2021 Organization
General Chairs
Program Committee
Framework Proposal to Measure the Stress as Adversarial Factor on Cyber Decision Making
1 Introduction
2 Background
2.1 The Stress as a Disease
2.2 Biometrics Systems to Measure the Stress
2.3 Evaluation Methodologies
3 Design Principles
4 Framework
4.1 Action Protocol
4.2 Framework Architecture
5 Case of Study
5.1 Validation Scenario
5.2 Vulnerabilities List
5.3 Methodology Application Proposal
6 Challenges and Opportunities
7 Conclusions
References
Measuring the Impact of Tactical Denial of Sustainability
1 Introduction
2 Background
2.1 Threatening the Sustainability of the Digital Tactical Edge
2.2 Assessment of Military Operations
3 Design Principles
3.1 Tactical Denial of Sustainability Threats
3.2 Research Objectives and Hypothesis
3.3 Premises and Operational Requirements
3.4 Assumed Limitations and Constraints
3.5 Overall Vision
4 Operational Measures for TDoS Assessment
4.1 Maintenance Related Factors
4.2 Deployment Related Factors
4.3 Energy Related Factors
5 Socio-cognitive Measures for TDoS Assessment
5.1 Individual Related Factors
5.2 Organization Related Factors
5.3 Enterprise Related Factors
6 Technical Measures for TDoS Assessment
6.1 Infrastructure Related Factors
6.2 Virtualized Platform Related Factors
6.3 Service-Related Factors
7 Considerations at Military Thinking
7.1 TDoS Assessment at Offensive Thinking
7.2 TDoS Assessment at Defensive Thinking
8 Conclusions
References
A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data
1 Introduction and Background
2 Methodology
2.1 Data Collection
2.2 Predicting Missing Ratings
2.3 PageRank
2.4 Statistical Analyses
3 Results
3.1 Results from Raw Data
3.2 Results from Populated Data
3.3 Overall Results
4 Discussion
A Appendix
References
Author Index

📜 SIMILAR VOLUMES

Computer Security: ESORICS 2019 Internat

📁 Computer Security: ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Luxembourg City, Luxembourg, September 26–27, 2019 Revised Selected Papers (Security and Cryptology)

✍ Sokratis Katsikas (editor), Frédéric Cuppens (editor), Nora Cuppens (editor), Co 📂 Library 📅 2020 🏛 Springer 🌐 English

This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First In

Computer Security. ESORICS 2022 Internat

📁 Computer Security. ESORICS 2022 International Workshops: CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022 Copenhagen, Denmark, September 26–30, 2022 Revised Selected Papers

✍ Sokratis Katsikas, Frédéric Cuppens, Christos Kalloniatis, John Mylopoulos, Fran 📂 Library 📅 2023 🏛 Springer 🌐 English

This book constitutes the refereed proceedings of seven International Workshops which were held in conjunction with the 27th European Symposium on Research in Computer Security, ESORICS 2022, held in hybrid mode, in Copenhagen, Denmark, during October 4-6, 2021. The 39 pap

Computer Security. ESORICS 2022 Internat

📁 Computer Security. ESORICS 2022 International Workshops. CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022 Copenhagen, Denmark, September 26–30, 2022 Revised Selected Papers

✍ Sokratis Katsikas, Frédéric Cuppens, Christos Kalloniatis, John Mylopoulos, Fran 📂 Library 📅 2023 🏛 Springer 🌐 English

Computer Security: ESORICS 2020 Internat

📁 Computer Security: ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14–18, 2020, Revised Selected Papers

✍ Sokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Christ 📂 Library 📅 2021 🏛 Springer 🌐 English

This book constitutes the refereed post-conference proceedings of the 6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and the Third Intern

Emerging Technologies for Authorization

📁 Emerging Technologies for Authorization and Authentication: 4th International Workshop, ETAA 2021, Darmstadt, Germany, October 8, 2021, Revised Selected Papers (Security and Cryptology)

✍ Andrea Saracino (editor), Paolo Mori (editor) 📂 Library 📅 2022 🏛 Springer 🌐 English

This book constitutes the proceedings of the 4th International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2021, held in Darmstadt, Germany, on October 8, 2021. The workshop was co-located with ESORICS 2021. The 11 full

Data Privacy Management, Cryptocurrencie

📁 Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Darmstadt, Germany, ... Selected Papers (Security and Cryptology)

✍ Joaquin Garcia-Alfaro (editor), Jose Luis Muñoz-Tapia (editor), Guillermo Navarr 📂 Library 📅 2022 🏛 Springer 🌐 English

This book constitutes the refereed proceedings and revised selected papers from the 16th International Workshop on Data Privacy Management, DPM 2021, and the 5th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2021, which were held online on October 8, 2021, in conjun