Making the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual Indicators

Interdisciplinary Research Group in Socio-technical CybersecurityMaking the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual IndicatorsRossi Arianna, Lenzini GabrieleAbstract:Lately, icons have witnessed a growing wave of interest in the view of enhancing transparency and clarity of data processing practices in mandated disclosures. Although benefits in terms of comprehensibility, noticeability, navigability of the … Continued

Systematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant

Interdisciplinary Research Group in Socio-technical CybersecuritySystematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instantSymeonidis Iraklis, Lenzini GabrieleAbstract:Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, … Continued

Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

Interdisciplinary Research Group in Socio-technical CybersecuritySecurity Analysis of Key Acquiring Strategies Used by Cryptographic RansomwareGenç Ziya Alper, Lenzini Gabriele, Ryan Peter Abstract:To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding … Continued

A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System

Interdisciplinary Research Group in Socio-technical CybersecurityA Security Analysis, and a Fix, of a Code-Corrupted Honeywords SystemGenç Ziya Alper, Lenzini Gabriele, Ryan Peter Abstract:In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable decoy words … Continued

No Random, No Ransom: A Key to Stop Cryptographic Ransomware

Interdisciplinary Research Group in Socio-technical CybersecurityNo Random, No Ransom: A Key to Stop Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number … Continued

Next Generation Cryptographic Ransomware

Interdisciplinary Research Group in Socio-technical CybersecurityNext Generation Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports … Continued

Cholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and Architecture

Interdisciplinary Research Group in Socio-technical CybersecurityCholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and ArchitectureMathew Schwartz, Gabriele Lenzini, Yong Geng, Peter B. Rønne, Peter Y. A. Ryan, Jan P. F. LagerwallAbstract:The responsive and dynamic character of liquid crystals (LCs), arising from their ability to self‐organize into long‐range ordered structures while maintaining fluidity, has … Continued

Experience report: How to extract security protocols’ specifications from C libraries

Interdisciplinary Research Group in Socio-technical CybersecurityExperience report: How to extract security protocols’ specifications from C librariesItzel Vazquez Sandoval, Gabriele LenziniAbstract:Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little … Continued

An Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPR

Interdisciplinary Research Group in Socio-technical CybersecurityAn Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPRCesare Bartolini, Gabriele Lenzini, Cristiana SantosAbstract:The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal interpretation … Continued

Formalizing GDPR provisions in rei ed I/O logic: the DAPRECO knowledge base

Interdisciplinary Research Group in Socio-technical CybersecurityFormalizing GDPR provisions in rei ed I/O logic: the DAPRECO knowledge baseRobaldo Livio, Bartolini Cesare, Lenzini Gabriele, Rossi Arianna, Palmirani Monica, Martoni Michele Abstract:The DAPRECO knowledge base is the main outcome of the interdisciplinary project bearing the same name (https://www.fnr.lu/projects/data-protection-regulation-compliance). It is a repository of rules written in LegalRuleML, an … Continued