DOCSLIB.ORG

Enhancing Security and Privacy in the Social Web: a User-Centered Approach for the Protection of Minors WP2 – Requirements An

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Enhancing Security and Privacy in the Social Web: a User-Centered Approach for the Protection of Minors WP2 – Requirements An Marie Sklodowska Curie, Ref. Ares(2016)7203956 - 31/12/2016 Research and Innovation Staff Exchange (RISE) ENhancing seCurity and privAcy in the Social wEb: a user-centered approach for the protection of minors WP2 – Requirements and System Architecture Deliverable D2.2 “System Requirements and Software Architecture” Editor(s): Michael Sirivianos (CUT) Author(s): Michael Sirivianos, Kostantinos Papadamou, Antigoni Parmaxi, Panagiotis Zaphiris (CUT), Rig Das (ROMA3), Pantelis Nicolaou, George Sielis (CYRIC), Thanassis Lekkas, Demetris Soukaras (INNO), Antonia Gogoglou, Despoina Chatzakou (AUTH), Emiliano De Cristofaro, Gianluca Stringhini (UCL), Jeremy Blackburn (TID) Dissemination Level: Public Nature: Report Version: 2.3 PROPRIETARY RIGHTS STATEMENT This document contains information, which is proprietary to the ENCASE Consortium. Neither this document nor the information contained herein shall be used, duplicated or communicated by any means to any third party, in whole or in parts, except with prior written consent of the ENCASE consortium. Deliverable D2.2 “System Requirements and Software Architecture” ENCASE Project Profile Contract Number 691025 Acronym ENCASE Title ENhancing seCurity and privacy in the Social wEb: a user-centered approach for the protection of minors Start Date Jan 1st, 2016 Duration 48 Months Partners Cyprus University of Cyprus Technology Telefonica Investigacion Y Spain Desarrollo SA University College London United Kingdom Cyprus Research and Cyprus Innovation Center, Ltd SignalGenerix Ltd Cyprus Aristotle University Greece Innovators, AE Greece Universita Degli Studi, Roma Italy Tre 2 Deliverable D2.2 “System Requirements and Software Architecture” Document History AUTHORS (CUT) Michael Sirivianos, Kostantinos Papadamou, Antigoni Parmaxi, Panagiotis Zaphiris (ROMA3) Rig Das (CYRIC) Pantelis Nikolaou, George Sielis (INNO) Thanassis Lekkas, Demetris Soukaras (AUTH) Antonia Gogoglou, Despoina Chatzakou (UCL) Emiliano De Cristofaro, Gianluca Stringhini (TID) Jeremy Blackburn VERSIONS Version Date Author Remarks 0.1 15.11.2016 CUT Initial Table of Contents 0.2 18.11.2016 CUT, INNO Update of the related web-based tools 0.3 15.11.2016 CUT Update of initial literature review 0.4 20.11.2016 CUT, CYRIC Revised use cases 0.5 28.11.2016 CUT Addition and update of user stories 0.6 30.11.2016 ROMA3 Added dataset description for sexually abusive behaviour detection 0.7 02.12.2016 AUTH, TID Added dataset description for abusive behaviour and hate speech detection 0.8 02.12.2016 UCL Added dataset description for cyber bullying and hate speech detection 0.9 04.12.2016 AUTH Added dataset description for early malicious activity detection 1.0 06.12.2016 CUT, CYRIC, ROMA3 Added the reference architecture description 1.1 08.12.2016 CYRIC, ROMA3 Added established architectures section 1.2 12.12.2016 CUT, CYRIC, ROMA3, INNO Added the description of the architectural components 1.3 13.12.2016 ROMA3, CYRIC Added architectural components diagrams 1.4 14.12.2016 ΙΝΝΟ Added infrastructure design 1.5 15.12.2016 CUT Updated architectural components diagrams 1.6 17.12.2016 CUT, CYRIC Added Front-end technical requirements 1.7 19.12.2016 CUT Added Web-proxy server 3 Deliverable D2.2 “System Requirements and Software Architecture” technical requirements 1.8 21.12.2016 CUT Added Middleware technical requirements 1.9 23.12.2016 CUT Added Back-end technical requirements 2.0 24.12.2016 CUT, CYRIC Revision of use cases and technical requirements 2.1 26.06.2016 CUT, CYRIC, ROMA3 Comments and corrections 2.2 29.06.2016 CUT Document layout and format check 2.3 30.06.2016 CUT, CYRIC, ROMA3 Proof reading – Final version 4 Deliverable D2.2 “System Requirements and Software Architecture” Executive Summary The overall aim of the ENCASE project is to leverage the latest advances in usable security and privacy of minors (age 10-18) in order to design and implement a user-centric architecture for the protection of minors from malicious actors in Online Social Networks (OSNs). This deliverable, “System Requirements and Software Architecture”, is a revision of D2.1, which was an initial specification of the system’s requirements and the software architecture. In order to identity the magnitude of the problem, we have also surveyed the existing security and privacy enhancing web-based tools and performed a research state-of-art on cyber security risks and on security in OSNs. Moreover, we further investigated the problem by collecting data from various OSNs and through our own measurements we intended to verify the results of the literature review provided in D2.1. According to the use cases requirements engineering methodology that ENCASE has opted for, the user stories are the next step. This deliverable provides more sophisticated use cases and the usage scenarios has been transformed into user stories - first person narrative stories - that essentially provide another level of detail, addressing each user role individually and from a first person perspective. The benefit using this approach is that enables you to produce accurate technical requirements without taking into account the limitations imposed by the technology at hand. Based on the aforementioned we were in position to design the reference architecture of the ENCASE ecosystem and to define and describe the various components that consist this architecture and the interactions between them. This architecture comprises three browser add-ons, a web- proxy service that in collaboration with a middleware service will be responsible to detect malicious behaviour, fake identities and activity, and sensitive content in OSNs based on sophisticated machine learning detection rules generated by a data analytics software stack, which is the back-end of our architecture. Lastly, this document relies on the above efforts and mainly in the user stories in order to produce a list of specific technical requirements. The requirements are classified according to the four components and services that will together form the ENCASE platform. These are: 1. Front-End 2. Web-proxy Server 3. Middleware Service 4. Data Analytics Software Stack (Back-End) The requirements description for each component is then subdivided into Functional requirements, Security and privacy requirements, and Operational requirements. 5 Deliverable D2.2 “System Requirements and Software Architecture” Table of Contents Executive Summary ................................................................................................................................. 5 List of Figures ........................................................................................................................................ 10 List of Tables ......................................................................................................................................... 10 1. Introduction .................................................................................................................................. 11 1.1. Purpose of the document ..................................................................................................... 11 1.2. Structure of the document ................................................................................................... 11 1.3. User Stories Methodology .................................................................................................... 11 1.4. User Story template .............................................................................................................. 12 2. State-of-the-art ............................................................................................................................. 12 2.1. Benefits and risks of Web 2.0 tools ...................................................................................... 13 2.2. Security and privacy enhancing web-based tools review ..................................................... 13 2.3. Research state-of-the-art on cyber security risks for minors ............................................... 18 2.3.1. Minors’ access to the Internet and use of OSN ............................................................ 18 2.3.2. A taxonomy of online risks for minors .......................................................................... 19 2.3.3. Summary ....................................................................................................................... 23 2.4. Research state-of-the-art on security/e-safety in online environments .............................. 23 2.4.1. Introduction .................................................................................................................. 23 2.4.2. Methodology ................................................................................................................. 24 2.4.3. Development of Security corpus ................................................................................... 24 2.4.4. Corpus refinement ........................................................................................................ 24 2.4.5. Synthesis ....................................................................................................................... 24 2.4.6. Findings ......................................................................................................................... 25 2.4.7. Implications for researchers and practitioners ............................................................. 28 3. Measurements and Test Data Preparation ..................................................................................
Load more

Recommended publications
  • Monitoring Your Teenagersâ•Ž Online Activity: Why Consent Or Disclosure
    Seattle Journal for Social Justice Volume 15 Issue 1 Summer 2016 Article 15 2-1-2016 Monitoring Your Teenagers’ Online Activity: Why Consent or Disclosure Should be Required Christina Nguyen Seattle University School of Law, [email protected] Follow this and additional works at: https://digitalcommons.law.seattleu.edu/sjsj Part of the Law Commons Recommended Citation Nguyen, Christina (2016) "Monitoring Your Teenagers’ Online Activity: Why Consent or Disclosure Should be Required," Seattle Journal for Social Justice: Vol. 15 : Iss. 1 , Article 15. Available at: https://digitalcommons.law.seattleu.edu/sjsj/vol15/iss1/15 This Article is brought to you for free and open access by the Student Publications and Programs at Seattle University School of Law Digital Commons. It has been accepted for inclusion in Seattle Journal for Social Justice by an authorized editor of Seattle University School of Law Digital Commons. For more information, please contact [email protected]. 261 Monitoring Your Teenagers’ Online Activity: Why Consent or Disclosure Should be Required Christina Nguyen Parents and legal guardians are permitted to monitor the computer, smartphone, and other electronic devices of children they are responsible for.1 —Amy Williams of TeenSafe Author’s Note: For the purposes of this article, the terms “teen” and “teens” as used below refer to individuals aged 13 through 17. The purpose of focusing on this particular age range was based on the specified age range under the Children’s Online Privacy Protection Act of 1998 (COPPA), which provides protections only for those below the age of 13. 2 Since the Federal Trade Commission did not provide the same protections for those aged 13 and above, it suggests that those aged 13 and above hold some level of autonomy regarding their online activities.
    [Show full text]
  • Stealth Apps & Programs
    Stealth Apps & Programs 1234 This list has been developed for the sole purpose of providing information to parent groups and educators to monitor online information relating to their CHILDREN… this is not intended to promote use for adults and/or spouses. Keep in mind that the feds recently passed a law regarding downloading programs on phones to spy or keep track of adults. It is a federal crime without the other person’s consent. Consult with laws in your state regarding children as well. These are just recommendations and, as we all know can change without notice so do you own DUE DILIGENCE. You may want to consider advising your children as well since they are the authorized possessor of the devices. We DO NOT promote any of these apps, this is merely a resource. **NOTE** There are few FREE apps. Have parents read the fine print before they buy the apps… Most run around $50 annually. Most track location, texts, phone calls, emails, etc. **NOTE** Some of these require that the phone be JAILBROKEN so pay attention to what you are purchasing. #1 PhoneSheriff recommended By LE http://www.phonesheriff.com/ • Real Time GPS Tracking • Internet History • Monitoring Text Messages • Monitoring Call History • Monitoring Apps Installed • Monitoring Contacts and Calendar Activities • View Photo Logs • View Mobile Usage • Backup and Restore Phone Information in case Phone gets Lost or Stolen • Multiple Device Management • Restrict Calls, Text Messages and Internet Usage • Panic Alerts • Instant Alerts and Notifications Pricing: $49/6 months; $89/year NOTE: The iPhone, iPad and BlackBerry versions have been discontinued.
    [Show full text]
  • Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem
    Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem Xavier de Carné de Carnavalet A thesis in The Concordia Institute for Information Systems Engineering Presented in Partial Fulfillment of the Requirements For the Degree of Doctor of Philosophy (Information and Systems Engineering) at Concordia University Montréal, Québec, Canada July 2019 c Xavier de Carné de Carnavalet, 2019 CONCORDIA UNIVERSITY School of Graduate Studies This is to certify that the thesis prepared By: Mr. Xavier de Carné de Carnavalet Entitled: Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem and submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Information and Systems Engineering) complies with the regulations of this University and meets the accepted standards with re- spect to originality and quality. Signed by the final examining committee: Chair Dr. William Lynch External Examiner Dr. Carlisle Adams External to Program Dr. Wahab Hamou-Lhadj Examiner Dr. Amr Youssef Examiner Dr. Jeremy Clark Thesis Supervisor Dr. Mohammad Mannan Approved by Dr. Mohammad Mannan, Graduate Program Director July 24, 2019 Dr. Amir Asif, Dean Gina Cody School of Engineering and Computer Science Abstract Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem Xavier de Carné de Carnavalet, Ph.D. Concordia University, 2019 Transport Layer Security (TLS) is one of the most widely deployed cryptographic protocols on the Internet that provides confidentiality, integrity, and a certain degree of authenticity of the communications between clients and servers. Following Snowden’s revelations on US surveillance programs, the adoption of TLS has steadily increased.
    [Show full text]
  • Parents' Ultimate Guide to Parental Controls
    10/18/2019 Parental Controls | Common Sense Media Parenting, Media, and Everything In Between Parents' Ultimate Guide to Parental Controls Do you need parental controls? What are the options? Do they really work? Here's everything you need to know about the wide array of parental control solutions, from OS settings to monitoring apps to network hardware. By Caroline Knorr 2/27/2019 Topics: Cellphone Parenting, Privacy and Internet Safety, Social Media Ver en español Even if you've talked to your kids about screen-time limits and responsible online behavior, it's still really tough to manage what they do when you're not there (and even when you are). Parental controls can support you in your efforts to keep your kids' internet experiences safe, fun, and productive. They work best when used openly and honestly in partnership with your kids -- not as a stealth spying method. Figuring out what kind of parental control is best is entirely based on your own family's needs. Some families can get by with simple, free browser settings to lter inappropriate content. Some families need help clamping down https://www.commonsensemedia.org/blog/parents-ultimate-guide-to-parental-controls#What are the best parental controls for setting limits and monitoring kids? 1/19 10/18/2019 Parental Controls | Common Sense Media on screen time. Some folks are cool with spot-checks on their kids' devices. Wherever you are in your search, this guide can help you make sense of the wide array of options for managing your family's devices. Find the answers to parents' most frequently asked questions about parental controls.
    [Show full text]
  • Parents' Ultimate Guide to Parental Controls
    Parenting, Media, and Everything In Between Parents' Ultimate Guide to Parental Controls Do you need parental controls? What are the options? Do they really work? Here's everything you need to know about the wide array of parental control solutions, from OS settings to monitoring apps to network hardware. By Caroline Knorr 2/27/2019 Topics: Cellphone Parenting, Privacy and Internet Safety, Social Media Ver en español Even if you've talked to your kids about screen-time limits and responsible online behavior, it's still really tough to manage what they do when you're not there (and even when you are). Parental controls can support you in your efforts to keep your kids' internet experiences safe, fun, and productive. They work best when used openly and honestly in partnership with your kids -- not as a stealth spying method. Figuring out what kind of parental control is best is entirely based on your own family's needs. Some families can get by with simple, free browser settings to lter inappropriate content. Some families need help clamping down on screen time. Some folks are cool with spot-checks on their kids' devices. Wherever you are in your search, this guide can help you make sense of the wide array of options for managing your family's devices. Find the answers to parents' most frequently asked questions about parental controls. What are the best parental controls for blocking websites? What are the best parental controls for blocking websites and ltering content? What are the best parental controls for setting limits and monitoring
    [Show full text]
  • Online Safety and Parental Controls
    Online Safety and Parental Controls Inevitably children are spending a lot of time on screens at the moment and although children have e-safety lessons, we thought it might be useful for parents to know some ways they can support their children in keeping safe online. Even if you talk to your children about screen-time limits and responsible online behaviour, it can still be really tough to manage and young children can inadvertently stumble onto a website or advert and see content which is inappropriate. Parental controls can support you in your efforts to keep their internet experiences safe, fun, and productive. They work best when used openly and honestly in partnership with your children. Figuring out what kind of parental control is best is entirely based on your own family's needs. Some families can get by with simple, free browser settings to filter inappropriate content. Some families need help clamping down on screen time. Some families are ok with spot-checks on their children's devices. Hopefully, this guide can help you make sense of the wide array of options for managing your family's devices. How can I block websites? If you just want to limit what your children can search for, you can enable Google SafeSearch in whichever browser or browsers you use. First, you need to make sure your browsers use Google as their default search engine, and then you need to turn on SafeSearch. This is a good precaution to take as soon as your children start going online and you want to make sure they don't accidentally stumble across something yucky.
    [Show full text]
  • Webwatcher Pc Download Webwatcher Pc Download
    webwatcher pc download Webwatcher pc download. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store. Cloudflare Ray ID: 66ac0586dae28498 • Your IP : 188.246.226.140 • Performance & security by Cloudflare. WebWatcher Review 2021: Pros, Cons, Verdict. 1In this review, we want to talk about the WebWatcher app. Let’s find out more about its functionality, the process of work and ups & downs. What is the WebWatcher app? The WebWatcher is a popular monitoring app for keeping kids safe. This tool not only allows parents to keep an eye on their kid’s online activities but also helps to figure out everything kids try to conceal from them. Parents can check kids’ texts, calls, Web history, locations, etc. It logs all the data from kid’s devices and remotely displays it on your WebWatcher account. WebWatcher is compatible with: Android: Android Version 2.1 or later iPhone: iOS 8.0 or later Windows: Windows 10 Windows 8 & 8.1 Windows 7 Windows Vista Windows XP Mac: OS X 10.12 Sierra OS X 10.11 El Capitan OS X 10.10 Yosemite OS X 10.9 Mavericks OS X 10.8 Mountain Lion.
    [Show full text]
  • A Framework for Parental Control of Mobile Devices in South Africa
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by South East Academic Libraries System (SEALS) A FRAMEWORK FOR PARENTAL CONTROL OF MOBILE DEVICES IN SOUTH AFRICA by Jacques Marais A FRAMEWORK FOR PARENTAL CONTROL OF MOBILE DEVICES IN SOUTH AFRICA by Jacques Marais Dissertation submitted in ful¯llment of the requirements for the degree Magister Technologiae in Information Technology in the Faculty of Engineering, the Built Environment and Information Technology of the Nelson Mandela Metropolitan University Promoter: Dr. Johan van Niekerk November 2012 Declaration I, Jacques Marais, hereby declare that: ² The work in this dissertation is my own work. ² All sources used or referred to have been documented and recognized. ² This dissertation has not previously been submitted in full or partial ful¯llment of the requirements for an equivalent or higher quali¯cation at any other recognized educational institute. Jacques Marais i Abstract Future generations are built on the children of today. Thus, children's well- being and safety is of paramount importance. Children are making use of mobile devices, such as smart phones, to gain access to the Internet and other data driven mobile services. Children and parents alike are unaware of the risks they are exposed to when accessing such services. A clear lack of parental control over or awareness of this mobile use has been identi- ¯ed in South Africa. Without adequate awareness and successful use of a comprehensive mobile parental control solution, South African children may be at risk. This risk may include exposure to potentially harmful content and/or individuals.
    [Show full text]
  • Parental Control Software Mac and Windows
    Parental control software mac and windows The internet can be a dangerous place. Check out our top picks for the best free parental control software. Free parental control software. Works on Windows, Mac OS X, Android, iOS, Kindle and Nook. With Qustodio, being a digital parent has never been easier. This article will talk about the Top 10 Best Parental Control Software both for Windows and for Mac. K9 Web Protection is a free Internet filter and parental control software for your home Windows or Mac computer. K9 puts YOU in control of the Internet so you. Parental controls can help monitor and restrict a child's online activities. Control website access, block inappropriate content, set time limits, and monitor. There are a handful of programs in our review that work on both Mac and Windows devices, ContentBarrier is designed by Intego, a leader in Mac With the best parental monitoring software, you can. Parental control software used to be something you'd install on the family PC, but these days things are a lot more complicated with phones. There are a number of free parental control software packages and some tools Windows has been offering parental control features (or some that are close to. I have the top five picks for the best overall parental control software options iOS devices, and Windows PC (but not on Mac OS computers).Number of licensed devices​: ​10 devices. Those who don't want their children to be exposed to early unattended lessons in the birds and the bees ought to use parental control software.
    [Show full text]
  • Dear Federal Communications Commissioners
    Dear Federal Communications Commissioners, I write in support of Network Neutrality. This comment includes a copy, appended below my signature, of my comment to the Federal Trade Commission on the same issue, after the FTC's 13-14 February 2007 FTC Workshop on Network Neutrality. Before considering either legislation or regulatory action, the FCC should understand clearly what the Net is, and how the Net differs from any bundle of services provided by any ISP. The Net is larger and more important, and the issue of Net Neutrality is an issue of fundamental rights, rights of privacy, free association, free speech, and free enterprise. My comment explains what the Net is, and what the Net is not. My comment is long because it incorporates the Internet Assigned Numbers Authority list of ports. My actual comment is about twenty pages long. I remain your fellow computer owner, fellow user of the Net, and fellow citizen of the United States of America, Jay Sulzberger. Comments on the definition of the Internet and the importance of distinguishing the Net from cable TV, and from lower level signal transport systems, after the FTC Workshop of 13 and 14 February 2007 on Network Neutrality I am Jay Sulzberger. I am a working member of New Yorkers for Fair Use, and I attended the 13-14 February 2007 FTC Workshop on Network Neutrality. This comment is not an official statement of New Yorkers for Fair Use. The full name of the FTC workshop on 13 and 14 February 2007 included the phrase "broadband competition". At the workshop, most of the discussions failed to address the real issue of Network Neutrality because no correct definition of the Net was presented.
    [Show full text]