Computer Security. ESORICS 2021 International Workshops CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT&SECOMANE, Darmstadt, Germany, October 4-8, 2021, Revised Selected Papers
This book constitutes the refereed proceedings of six International Workshops that were held in conjunction with the 26th European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-6, 2021. The conference was initially planned to take place in Darmstadt, Ger...
Saved in:
| Main Authors | , , , , , , , , , |
|---|---|
| Format | eBook |
| Language | English |
| Published |
Netherlands
Springer Nature
2022
Springer International Publishing AG Springer International Publishing |
| Edition | 1 |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 3030954846 9783030954840 9783030954833 3030954838 |
Cover
Table of Contents:
- 4 Evaluation Setup -- 4.1 ASR Selection -- 4.2 Adversarial and Benign Command Generation -- 4.3 Experiment Setup -- 4.4 Evaluation Metrics -- 5 Evaluation Results -- 5.1 Decoding Results of Normal Speech -- 5.2 Decoding Results of Adversarial Commands -- 5.3 Adversarial Command Detection (ACD) -- 6 Discussion -- 6.1 Observations -- 6.2 Limitations -- 7 Related Work -- 8 Conclusion -- References -- Security Measuring System for IoT Devices -- 1 Introduction -- 2 Related Research -- 3 Security Measuring System -- 4 Implementation and Test Case -- 5 Discussion and Conclusion -- References -- Battery Depletion Attacks on NB-IoT Devices Using Interference -- 1 Introduction -- 2 Related Work -- 3 NB-IoT Battery Depletion Attacks -- 3.1 NB-IoT -- 3.2 Threat Model -- 3.3 Degradation of Quality of Signal (DQS) Attack -- 3.4 Random Access Procedure (RAP) Attack -- 4 Evaluation Setup -- 4.1 Evaluation Scenario -- 4.2 Evaluation Metrics -- 4.3 Simulation Environment -- 4.4 Jammer -- 5 Evaluation Results -- 5.1 Baseline -- 5.2 Jamming -- 5.3 Evaluation Discussions -- 5.4 Countermeasure -- 6 Conclusion -- References -- Security- and Privacy-Aware IoT Application Placement and User Assignment -- 1 Introduction -- 2 A Motivating Example -- 3 Problem Formulation -- 3.1 Inputs -- 3.2 Outputs -- 3.3 Constraints -- 3.4 Discussion -- 4 Algorithm Using Mixed Integer Programming -- 5 Evaluation -- 5.1 Example Application -- 5.2 Scalability -- 5.3 Impact of Security and Privacy Constraints -- 5.4 Summary -- 6 Related Work -- 7 Conclusions and Future Work -- References -- Room Identification with Personal Voice Assistants (Extended Abstract) -- 1 Introduction -- 2 Related Work -- 3 System Overview -- 4 Room Identification -- 5 Evaluation -- 5.1 Dataset -- 5.2 ThinResNet -- 5.3 VGGVox -- 6 Conclusion -- References
- A.8 Finding Providers -- A.9 Result of the ``Finding Providers'' Query -- References -- Integrated Design Framework for Facilitating Systems-Theoretic Process Analysis -- 1 Introduction -- 2 Related Work -- 2.1 Security and Safety Engineering -- 2.2 Safety and Human Factors Engineering -- 2.3 Human Factors and Security Engineering -- 3 Approach -- 4 Case Study - Cambrian Incident Investigation -- 5 Discussion and Conclusion -- References -- Attack Path Analysis and Cost-Efficient Selection of Cybersecurity Controls for Complex Cyberphysical Systems -- 1 Introduction -- 2 Related Work -- 3 Background -- 3.1 Risk Analysis -- 3.2 Risk Propagation -- 4 Attack Path Analysis -- 5 Optimal Control Set Selection -- 5.1 Cybersecurity Controls -- 5.2 Selection of the Optimal Set -- 6 DELTA System Use Case -- 6.1 The DELTA System -- 6.2 Risk Analysis -- 6.3 Attack Path Analysis -- 6.4 Selection of the Optimal Security Controls -- 7 Conclusions -- References -- Analysis of Cyber Security Features in Industry 4.0 Maturity Models -- 1 Introduction -- 2 Theoretical Background -- 2.1 Small and Medium-Sized Enterprises (SMEs) -- 2.2 Cyber Security -- 2.3 Industry 4.0 -- 2.4 Maturity Models -- 3 Methodology -- 4 Validation of the Selected Publications -- 5 Analysis -- 5.1 Industry 4.0 Maturity Model -- 5.2 Impuls - VDMA -- 5.3 The Connected Enterprise Maturity Model -- 5.4 Industry 4.0/Digital Operations Self-assessment -- 5.5 Industrie 4.0 Maturity Index -- 5.6 Cyber Security Maturity Models -- 6 Conclusion -- References -- Cybersafety Analysis of a Natural Language User Interface for a Consumer Robotic System -- 1 Introduction -- 2 Cybersafety Analysis -- 2.1 Adversarial System Modeling with Control Loops -- 2.2 Related Work -- 3 Target System -- 4 Cybersafety Analysis of Target System -- 4.1 Basis for Analysis -- 4.2 Control Structure -- 4.3 Unsafe Control Actions
- 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE 2021)
- 4.4 Loss Scenario -- 5 Discussion -- References -- 5th International Workshop on Security and Privacy Requirements Engineering (SECPRE 2021) -- SECPRE 2021 Preface -- chPart2 -- SECPRE 2021 Organization -- General Chairs -- Program Committee Chairs -- Program Committee -- Integrating Privacy-By-Design with Business Process Redesign -- 1 Introduction -- 2 Background Analysis -- 3 Α Method for Integrating DPIA and Business Process Management -- 4 Discussion -- 5 Conclusions -- References -- Disclosing Social and Location Attributes on Social Media: The Impact on Users' Privacy -- 1 Introduction -- 2 The Social Aspects of Privacy -- 2.1 Privacy and Self-determination -- 2.2 Privacy and Self-disclosure -- 3 Privacy Implications on SM Due to Self-determination and Self-disclosure -- 4 Case Study -- 4.1 Preparing the Case Study -- 4.2 Setting the Case Study -- 4.3 The Normativity Line -- 4.4 Outside the Normativity Line -- 4.5 Privacy Requirements, Social and Location Attributes -- 5 Conclusion -- References -- BioPrivacy: Development of a Keystroke Dynamics Continuous Authentication System -- 1 Introduction -- 2 Background -- 2.1 Keystroke Dynamics -- 2.2 Multi-layer Perceptron (MLP) -- 2.3 Evaluation Metrics -- 3 Related Work -- 4 Experimental Setup -- 4.1 Bioprivacy's Collection Tool -- 4.2 BioPrivacy System Architecture -- 5 Methodology -- 6 Results -- 7 Discussion -- 7.1 Contribution -- 7.2 Limitations -- 8 Conclusions and Further Research -- References -- Privacy and Informational Self-determination Through Informed Consent: The Way Forward -- 1 Introduction -- 2 Informational Self-determination Through Notice and Consent: Origins and Criticism -- 3 Problem Statement and Research Questions -- 4 A Model for Informed Consent -- 5 A Proposed Architecture for Usable Informational Self-determination -- 6 Conclusions and Future Work -- References
- Intro -- Preface -- Contents -- 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2021) -- CyberICPS 2021 Preface -- chPart1 -- CyberICPS 2021 Organization -- General Chairs -- Program Committee Chairs -- Program Committee -- Communication and Cybersecurity Testbed for Autonomous Passenger Ship -- 1 Introduction -- 2 Background and Related Work -- 3 Testbed Architecture -- 3.1 Concepts and Processes -- 3.2 Tools and Equipment -- 4 Evaluation -- 4.1 APS Communication and Cybersecurity Architecture -- 4.2 NMEA Security -- 4.3 Relevance to the State-of-the-Art -- 5 Challenges and Future Work -- 6 Conclusion -- References -- A Cybersecurity Ontology to Support Risk Information Gathering in Cyber-Physical Systems -- 1 Introduction -- 2 Related Work -- 3 Security Ontology -- 3.1 Architecture -- 3.2 Data Sources and Challenges -- 4 Knowledge Graph Implementation -- 4.1 Implementation Architecture -- 4.2 Building Custom Blocks Based on Machine Learning -- 4.3 Deducing Relationships Between Existing Blocks -- 5 Application Scenarios - Validation -- 5.1 Using the Ontology to Predict CVSS Scores -- 5.2 Using the Ontology to Correlate Threat Agents with Attacks and Vulnerabilities -- 6 Conclusions -- References -- GLASS: Towards Secure and Decentralized eGovernance Services Using IPFS -- 1 Introduction -- 2 Background and Related Literature -- 2.1 Kademlia -- 2.2 IPFS -- 2.3 Distributed Ledger -- 3 Architecture -- 3.1 Threat Landscape -- 4 Methodology and Implementation -- 5 Evaluation -- 6 Conclusions -- A Appendices -- A.1 Libp2p Node Initialisation -- A.2 Random Walk PeerId Creation -- A.3 Transforming Content to a CID -- A.4 A Node Providing Content -- A.5 Distributing Content to the Closest Peers -- A.6 Creation of the Datastore -- A.7 Calculating the Closest Peers Using the XOR Metric
- Building a Privacy Testbed: Use Cases and Design Considerations -- 1 Introduction -- 2 Use Cases -- 2.1 Contact Tracing Applications -- 2.2 Privacy Preserving Peer to Peer (P2P) File Sharing Systems -- 2.3 Privacy Preserving Browsers Using Privacy Preserving Networks -- 3 Design -- 4 Prototype Implementation -- 5 Reflection and Evaluation with Example Deployments -- 6 Conclusion -- References -- 4th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT 2021) -- ADIoT 2021 Preface -- chPart3 -- ADIoT 2021 Organization -- General Chairs -- Program Committee Chairs -- Program Committee -- Additional Reviewer -- Assessing Vulnerabilities and IoT-Enabled Attacks on Smart Lighting Systems -- 1 Introduction -- 2 Related Work -- 2.1 Security Frameworks and Requirements for IoT -- 2.2 Attacks on Lighting Systems -- 3 Security Analysis on a Smart Lighting System -- 3.1 Methodology Overview -- 3.2 Security Analysis of the Smart Lighting Control Device -- 4 Analyzing Applicable Attack Vectors on Smart Lighting Systems -- 5 Conclusions -- References -- TAESim: A Testbed for IoT Security Analysis of Trigger-Action Environment -- 1 Introduction -- 2 Related Work and Motivation -- 2.1 Related Work -- 2.2 Motivation -- 3 Challenges in Testbed Simulation -- 4 TAPSim: A Simulation Testbed -- 4.1 Overview -- 4.2 Devices -- 4.3 Channels -- 4.4 Apps -- 4.5 Unexpected Factors -- 5 Evaluation and Case Study -- 5.1 Evaluation -- 5.2 Case Study -- 6 Conclusion -- References -- Adversarial Command Detection Using Parallel Speech Recognition Systems -- 1 Introduction -- 2 Preliminaries -- 2.1 Personal Voice Assistant (PVA) -- 2.2 Hidden Commands -- 2.3 Obfuscated and Adversarial Commands -- 2.4 Adversarial Command Generation -- 3 Adversarial Command Detection (ACD) -- 3.1 Threat Model -- 3.2 ACD Approach -- 3.3 ACD and Protection ASR Properties