Formalizing GDPR provisions in rei ed I/O logic: the DAPRECO knowledge base

By

Interdisciplinary Research Group in Socio-technical CybersecurityFormalizing GDPR provisions in rei ed I/O logic: the DAPRECO knowledge baseRobaldo Livio, Bartolini Cesare, Lenzini Gabriele, Rossi Arianna, Palmirani Monica, Martoni Michele Abstract:The DAPRECO knowledge base is the main outcome of the interdisciplinary project bearing the same name (https://www.fnr.lu/projects/data-protection-regulation-compliance). It is a repository of rules written in LegalRuleML, an … Continued

Dark Patterns: Deception or Simply Bad Design?

By

Interdisciplinary Research Group in Socio-technical CybersecurityDark Patterns: Deception or Simply Bad Design?Rossi Arianna, Lenzini Gabriele, Koenig Vincent, Bongard KerstinAbstract: Lately, researchers, journalists, and regulators are devoting attention to dark patterns, defined as "design choices that benefit an online service by coercing, steering or deceiving users into making decisions that, if fully informed and capable of … Continued

Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique

By

Interdisciplinary Research Group in Socio-technical CybersecurityCase Study: Analysis and Mitigation of a Novel Sandbox-Evasion TechniqueZiya Alper Genç, Gabriele Lenzini, Daniele SgandurraAbstract:Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples by hand to … Continued

On Deception-Based Protection Against Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityOn Deception-Based Protection Against Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Daniele SgandurraAbstract:In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While this approach raises the bar against current ransomware, as any access to a … Continued

Sistemi Medici e Conformità Legale

By

Interdisciplinary Research Group in Socio-technical CybersecuritySistemi Medici e Conformità LegaleBartolini Cesare, Lenzini GabrieleAbstract:The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes, mainly with respect to EU law. The work briefly overviews the applicable laws … Continued

An Agile Approach to Validate a Formal Representation of the GDPR

By

Interdisciplinary Research Group in Socio-technical CybersecurityAn Agile Approach to Validate a Formal Representation of the GDPRCesare Bartolini, Gabriele Lenzini, Cristiana SantosAbstract:Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the legal meaning of the … Continued

NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityNoCry: No More Secure Encryption Keys for Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have … Continued

A Game of “Cut and Mouse”: Bypassing Antivirus by Simulating User Inputs

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Game of “Cut and Mouse”: Bypassing Antivirus by Simulating User InputsZiya Alper Genç, Gabriele Lenzini, Daniele Sgandurra Abstract: To protect their digital assets from malware attacks, most users and companies rely on anti-virus (AV) software. But AVs' protection is a full-time task and AVs are engaged in a cat-and-mouse … Continued

A Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption AttackZiya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan, Itzel Vazquez SandovalAbstract:Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file … Continued

A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted EmailVazquez Sandoval Itzel, Lenzini GabrieleAbstract:To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome … Continued