When Design Met Law: Design Patterns for Information Transparency

By

Interdisciplinary Research Group in Socio-technical CybersecurityWhen Design Met Law: Design Patterns for Information TransparencyRossi Arianna, Ducato Rossana, Haapio Helena, Passera Stefania Abstract:The problems of online disclosures, notices, and terms are well-known and documented. Research and experience tell us that consumers dislike and do not read them. Much less has been said and done about the … Continued

Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecuritySecurity Analysis of Key Acquiring Strategies Used by Cryptographic RansomwareGenç Ziya Alper, Lenzini Gabriele, Ryan Peter Abstract:To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding … Continued

No Random, No Ransom: A Key to Stop Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityNo Random, No Ransom: A Key to Stop Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number … Continued

Next Generation Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityNext Generation Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports … Continued

Cholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and Architecture

By

Interdisciplinary Research Group in Socio-technical CybersecurityCholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and ArchitectureMathew Schwartz, Gabriele Lenzini, Yong Geng, Peter B. Rønne, Peter Y. A. Ryan, Jan P. F. LagerwallAbstract:The responsive and dynamic character of liquid crystals (LCs), arising from their ability to self‐organize into long‐range ordered structures while maintaining fluidity, has … Continued

An Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPR

By

Interdisciplinary Research Group in Socio-technical CybersecurityAn Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPRCesare Bartolini, Gabriele Lenzini, Cristiana SantosAbstract:The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal interpretation … Continued

Formalizing GDPR provisions in rei ed I/O logic: the DAPRECO knowledge base

By

Interdisciplinary Research Group in Socio-technical CybersecurityFormalizing GDPR provisions in rei ed I/O logic: the DAPRECO knowledge baseRobaldo Livio, Bartolini Cesare, Lenzini Gabriele, Rossi Arianna, Palmirani Monica, Martoni Michele Abstract:The DAPRECO knowledge base is the main outcome of the interdisciplinary project bearing the same name (https://www.fnr.lu/projects/data-protection-regulation-compliance). It is a repository of rules written in LegalRuleML, an … Continued

Dark Patterns: Deception or Simply Bad Design?

By

Interdisciplinary Research Group in Socio-technical CybersecurityDark Patterns: Deception or Simply Bad Design?Rossi Arianna, Lenzini Gabriele, Koenig Vincent, Bongard KerstinAbstract: Lately, researchers, journalists, and regulators are devoting attention to dark patterns, defined as "design choices that benefit an online service by coercing, steering or deceiving users into making decisions that, if fully informed and capable of … Continued

Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique

By

Interdisciplinary Research Group in Socio-technical CybersecurityCase Study: Analysis and Mitigation of a Novel Sandbox-Evasion TechniqueZiya Alper Genç, Gabriele Lenzini, Daniele SgandurraAbstract:Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples by hand to … Continued

On Deception-Based Protection Against Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityOn Deception-Based Protection Against Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Daniele SgandurraAbstract:In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While this approach raises the bar against current ransomware, as any access to a … Continued