DOCSLIB.ORG

The Red Book

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Red Book SEVENTH FRAMEWORK PROGRAMME THE RED BOOK A Roadmap for Systems Security Research Managing Threats and Vulnerabilities in the Future Internet SEVENTH FRAMEWORK PROGRAMME Information & Communication Technologies Trustworthy ICT NETWORK OF EXCELLENCE Grant Agreement No. 257007 A European Network of Excellence in Managing Threats and Vulnerabilities in the Future Internet: Europe for the World The Red Book: A Roadmap for Systems Security Research Abstract: The Red Book presents a roadmap in the area of systems security, as prepared by the SysSec consortium and its constituency in the first half of 2013. Contractual Date of Delivery August 2013 Actual Date of Delivery August 2013 Dissemination Level Public Editor Evangelos Markatos, Davide Balzarotti Contributors All SysSec partners Quality Assurance M. Almgren, E. Athanasopoulos, H. Bos, D. Balzarotti, L. Cavallaro, S. Ioannidis, M. Lin- dorfer, F. Maggi, E. Markatos, F. Moradi, C. Platzer, I. Polakis, M. Polychronakis, A. Slowin- ska, P. Tsigas, S. Zanero The SysSec consortium consists of: FORTH-ICS Coordinator Greece Politecnico Di Milano Principal Contractor Italy Vrije Universiteit Amsterdam Principal Contractor The Netherlands Institut Eurécom Principal Contractor France IICT-BAS Principal Contractor Bulgaria Technical University of Vienna Principal Contractor Austria Chalmers University Principal Contractor Sweden TUBITAK-BILGEM Principal Contractor Turkey The Red Book. ©2013 The SysSec Consortium. Images ©2013 iStockphoto LP. All Rights Reserved. The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under Grant Agreement Number 257007. This work would not have been possible without the contributions of the SysSec Working Groups, the SysSec Advisory Board, and the broader SysSec community in general. We deeply thank them all. www.syssec-project.eu SYSSEC TASK FORCE for the ROADMAP on SYSTEMS SECURITY RESEARCH CO-CHAIRS Evangelos Markatos Davide Balzarotti SysSec Project Manager SysSec WP4 Leader Foundation for Research and Eurecom Technology - Hellas MEMBERS Elias Athanasopoulos Lorenzo Cavallaro Columbia University Royal Holloway University of London Federico Maggi Michalis Polychronakis Politecnico di Milano Columbia University and FORTH Asia Slowinska Iason Polakis Vrije Universiteit FORTH and University of Crete Magnus Almgren Herbert Bos Chalmers Vrije Universiteit Sotiris Ioannidis Christian Platzer FORTH TUV Philippas Tsigas Stefano Zanero Chalmers Politecnino di Milano CONTRIBUTORS Dennis Andriesse Martina Lindorfer Vrije Universiteit TU Vienna Farnaz Moradi Zlatogor Minchev Chalmers University Bulgarian Academy of Sciences Simin Nadjm-Tehrani Christian Rossow Linköping University Vrije Universiteit Preface fter the completion of its second year of operation, the SysSec Network of Excellence produced this “Red Book of Cybersecurity” A to serve as a Roadmap in the area of Systems Security. To realize this book, SysSec put together a “Task Force” of top-level young researchers in the area steered by the advice of SysSec WorkPackage Leaders. The Task Force had vibrant consultations (i) with the Working Groups of SysSec, (ii) with the Associated members of SysSec, and (iii) with the broader Systems Security Community. Capturing their feedback in an on-line questionnaire and in forward-looking “what if” questions, the Task Force was able to distill their knowledge, their concerns, and their vision for the future. The result of this consultation has been captured in this Red Book which we hope will serve as a Road Map of Systems Security Research and as an advisory document for policy makers and researchers who would like to have an impact on the Security of the Future Internet. How to Read this Book Policy Makers may want to focus on Chapter 1 at page 3 which provides a short Executive Summary of the book and on Chapter 14 in page 103 which describes Grand Challenge Research Problems in the area which can be solved only with the collaboration of several Research Organiza- tions and the support of leading funding Agencies. Related work may be found in the second part of the book in page 107, which provides a good overview of other Research Roadmaps from Europe and from the States. Young Researchers who are interested in doing a Ph.D. in systems security should read the first part of the book, and especially the final section of each chapter, which describes problems that are appropriate to be solved within the context of a Ph.D. thesis. Experienced Researchers may want to focus on the first part of the book, which provides an in-depth treatment of various research problems and in Chapter 14 in page 103, which describes Grand Challenge Research Problems in the area. Journalists may want to focus on sections *.2 and *.3 of the first part, which paint a picture of the average and worst-case consequences of the emerg- ing threats studied. All should read Chapter 2 in page 7, which lists the identified threats, assets and security domains. Contents 1 Executive Summary 3 2 Introduction 7 Part I: Threats Identified 21 3 In Search of Lost Anonymity 21 4 Software Vulnerabilities 27 5 Social Networks 35 6 Critical Infrastructure Security 41 7 Authentication and Authorization 51 8 Security of Mobile Devices 59 9 Legacy Systems 67 10 Usable Security 73 11 The Botnet that Would not Die 81 12 Malware 87 13 Social Engineering and Phishing 93 14 Grand Challenges 103 Part II: Related Work 107 15 A Crisis of Prioritization 107 Contents 16 Forward 109 17 Federal Plan for Cyber Security 113 18 EffectsPlus 117 19 Digital Government 121 20 Horizon2020 123 21 RISEPTIS Report 127 22 ENISA Threat Landscape 131 23 Cyber Security Research Workshop 137 24 Cyber Security Strategy 141 25 The Dutch National Cyber Security Research Agenda 145 A Methodologies 157 B SysSec Threats Landscape Evolution 159 2 1 Executive Summary ased on published results, it is considered larger than the black mar- ket of marijuana, heroin, and cocaine combined [13]. Its size was B recently estimated to exceed one trillion dollars [243]. It adversely af- fected more then 88% of Europeans last year [53]. What is it? It is the Global Market of Cyber Crime. As we embraced the convenience and effectiveness of the Internet into our lives, homes, retirement plans, and even wallets, we also opened the door to a new breed of attackers determined to gain profit from this wonderful new cyberworld. Motivated by fun, profit, and even political motives, cyberattackers have now impacted, or threaten to impact, most realms of our lives. Understanding the dangers we have subjected ourselves to and predicting the threats that are going to materialize, is one of the major tasks of the SysSec Network of Excellence. A four-year project, SysSec has mobilized the top cybersecurity researchers in Europe and challenged them to think ahead, think disruptively, and finally predict what should be the important emerging research areas in cyber security and privacy. This book summarizes the Emerging Threats identified during the third year of the project and proposes Grand Challenges that, if addressed, will significantly boost the safety and security of the Internet for the years to come. 1.1 Emerging Threats SysSec, along with its constituency, has identified a number of research issues on which we should focus our efforts. The issues are organized in two groups: Threats, which correspond to dangers that may exploit vulnerabilities and cause harm, and Domains, which correspond to emerging application areas made possible (i) by advancements in technology, and (ii) by major shifts in society. The major threats identified are: Malware, Botnets, Insider Threats, Targeted Attacks - Advanced Persistent Threats, Web Vulnerabilities, Software Vulnerabilities, SPAM, Malicious Hardware, Data Breaches, Social Engineering - Phishing, Passive/Active Eavesdropping, On-line behavior tracking, and Spoofing - Impersonation. 1. Executive Summary The major domains identified are: Social Networks, On-line Games, e-commerce, e-banking, Sensors - Drones, Embedded Systems, SmartEnvironments, Legacy Sys- tems, Critical Infrastructures, Mobile Systems, Wireless Networks, Implantable Devices, and The Cloud. The Important Ones We have asked our constituency to select the threats and domains that they feel are most important of all. The three most important threats selected were: • Malware • Targeted Attacks • Social Engineering - Phishing The three most important domains selected were: • Mobile Devices • Social Networks • Critical Infrastructures 1.2 Grand Challenges In addition to emerging threats, SysSec has identified a few grand challenge problems. Solving them will be a major step towards creating a trusted and safe cyberspace. These challenges include: • No Device Should Be Compromisable: Develop the necessary hard- ware and software support to make it impossible for attackers to com- promise a computer or communication device for that matter, including smartphones and tablets. • Give Users Control Over Their Data: Provide the necessary mecha- nisms so that users 1. will be able to know which data they have created (such as text, photos, videos, cookies, web requests, etc.), 2. will be able to know what data they have given to third parties (such as text, photos, cookies, web requests, IP addresses, etc.) 3. will have the capability to refuse disclosure of some data (such as cookies and IP addresses) and still expect a decent level of service, 4 1.2. Grand Challenges 4. will have the capability to delete their
Load more

Recommended publications
  • Rethinking Documentary Photography
    RETHINKING DOCUMENTARY PHOTOGRAPHY: DOCUMENTARY AND POLITICS IN TIMES OF RIOTS AND UPRISINGS —————————————————— A Thesis Presented to The Honors Tutorial College Ohio University —————————————————— In Partial Fulfillment of the Requirements for Graduation from the Honors Tutorial College with the degree of Bachelor of Arts in Art History —————————————————— by Jack Opal May 2013 Introduction I would like to think about documentary photography. In particular, I would like to rethink the limits of documentary photography for the contemporary. Documentary, traditionally, concerns itself with the (re)presentation of factual information, constitutes a record.1 For decades, documentary – and especially social documentary – has been under siege; its ability to capture and convey and adequately represent “truth” thrown into question, victim to the aestheticization of the objects, fading trust in their authors, and technological development. So much so that the past three decades have prompted photographer, documentarian, and art historian Martha Rosler to question first its utility, then its role, and finally its future in society. All of this has opened up the possibility and perhaps the need to reconsider the conditions and purpose of documentary practice, and to consider the ways in which it has been impacted by recent technological and historical developments. The invention of the internet and the refinement of the (video) camera into ever more portable devices and finally into the smartphone, and the rise to ubiquity within society of these inventions, signifies a major shift in documentary. So, too, have certain events of the past two decades – namely, the beating of Rodney King (and the circulation of the video of that event) and the development and adoption of the occupation as a major tactic within the political left.
    [Show full text]
  • Private Browsing
    Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University https://www.usenix.org/conference/soups2018/presentation/habib-prying This paper is included in the Proceedings of the Fourteenth Symposium on Usable Privacy and Security. August 12–14, 2018 • Baltimore, MD, USA ISBN 978-1-939133-10-6 Open access to the Proceedings of the Fourteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor Carnegie Mellon University {htq, jcolnago, vidyag, spearman, thomasjm, acquisti, nicolasc, lorrie}@andrew.cmu.edu ABSTRACT Prior user studies have examined different aspects of private Previous research has suggested that people use the private browsing, including contexts for using private browsing [4, browsing mode of their web browsers to conduct privacy- 10, 16, 28, 41], general misconceptions of how private brows- sensitive activities online, but have misconceptions about ing technically functions and the protections it offers [10,16], how it works and are likely to overestimate the protections and usability issues with private browsing interfaces [41,44]. it provides. To better understand how private browsing is A major limitation of much prior work is that it is based used and whether users are at risk, we analyzed browsing on self-reported survey data, which may not always be reli- data collected from over 450 participants of the Security able.
    [Show full text]
  • Deterring Iran After the Nuclear Deal
    MARCH 2017 COVER PHOTO NIEL HESTER | FLICKR 1616 Rhode Island Avenue NW Washington, DC 20036 202 887 0200 | www.csis.org Lanham • Boulder • New York • London 4501 Forbes Boulevard Lanham, MD 20706 301 459 3366 | www.rowman.com Deterring Iran After the Nuclear Deal PROJECT DIRECTORS AND EDITORS Kathleen H. Hicks Melissa G. Dalton CONTRIBUTING AUTHORS Melissa G. Dalton Thomas Karako Jon B. Alterman J. Matthew McInnis Michael Connell Hijab Shah Michael Eisenstadt Michael Sulmeyer ISBN 978-1-4422-7993-3 Farideh Farhi Ian Williams Kathleen H. Hicks 1616 Rhode Island Avenue NW Washington,Ë|xHSLEOCy279933z DC 20036v*:+:!:+:! 202-887-0200 | www.csis.org Blank MARCH 2017 Deterring Iran after the Nuclear Deal PROJ ECT DIRECTORS AND EDITORS Kathleen H. Hicks Melissa G. Dalton CONTRIBUTING AUTHORS Melissa G. Dalton Thomas Karako Jon B. Alterman J. Matthew McInnis Michael Connell Hijab Shah Michael Eisenstadt Michael Sulmeyer Farideh Farhi Ian Williams Kathleen H. Hicks Lanham • Boulder • New York • London 594-68742_ch00_6P.indd 1 3/13/17 7:13 AM About CSIS For over 50 years, the Center for Strategic and International Studies (CSIS) has worked to develop solutions to the world’s greatest policy challenges. T oday, CSIS scholars are providing strategic insights and bipartisan policy solutions to help decisionmakers chart a course toward a better world. CSIS is a nonprofit organ ization headquartered in Washington, D.C. The Center’s 220 full- time staff and large network of affiliated scholars conduct research and analy sis and develop policy initiatives that look into the future and anticipate change. Founded at the height of the Cold War by David M.
    [Show full text]
  • Tracking Users Across the Web Via TLS Session Resumption
    Tracking Users across the Web via TLS Session Resumption Erik Sy Christian Burkert University of Hamburg University of Hamburg Hannes Federrath Mathias Fischer University of Hamburg University of Hamburg ABSTRACT modes, and browser extensions to restrict tracking practices such as User tracking on the Internet can come in various forms, e.g., via HTTP cookies. Browser fingerprinting got more difficult, as trackers cookies or by fingerprinting web browsers. A technique that got can hardly distinguish the fingerprints of mobile browsers. They are less attention so far is user tracking based on TLS and specifically often not as unique as their counterparts on desktop systems [4, 12]. based on the TLS session resumption mechanism. To the best of Tracking based on IP addresses is restricted because of NAT that our knowledge, we are the first that investigate the applicability of causes users to share public IP addresses and it cannot track devices TLS session resumption for user tracking. For that, we evaluated across different networks. As a result, trackers have an increased the configuration of 48 popular browsers and one million of the interest in additional methods for regaining the visibility on the most popular websites. Moreover, we present a so-called prolon- browsing habits of users. The result is a race of arms between gation attack, which allows extending the tracking period beyond trackers as well as privacy-aware users and browser vendors. the lifetime of the session resumption mechanism. To show that One novel tracking technique could be based on TLS session re- under the observed browser configurations tracking via TLS session sumption, which allows abbreviating TLS handshakes by leveraging resumptions is feasible, we also looked into DNS data to understand key material exchanged in an earlier TLS session.
    [Show full text]
  • The Android Animorphs #10 K.A
    THE ANDROID ANIMORPHS #10 K.A. Applegate Page set by Hebi no Me Chapter 1 Chapter 14 Chapter 2 Chapter 15 Chapter 3 Chapter 16 Chapter 4 Chapter 17 Chapter 5 Chapter 18 Chapter 6 Chapter 19 Chapter 7 Chapter 20 Chapter 8 Chapter 21 Chapter 9 Chapter 22 Chapter 10 Chapter 23 Chapter 11 Chapter 24 Chapter 12 Chapter 25 Chapter 13 Chapter 26 CHAPTER 1 My name is Marco. People call me Marco the Magnificent. Marvellous Marco. The Amazing Marco. And of course, all the girls just call me ... gorgeous. Okay, maybe I've never actually heard anyone call me gorgeous, but I am confident that someone, somewhere, must have called me gorgeous at some point. Or not. But definitely cute. I've heard "cute" with my own ears. And I'll soon be hearing it a lot more because I've made a major change. I've cut my hair. Or at least my stylist, Charise, cut it for me. That's right, Charise. And according to Charise, my cuteness quotient has risen from a nine to a definite ten. Anyway, where was I? Oh, yes. I was telling you that my name is Marco. I can't tell you my last name. I forgot it. No, not really, I'm kidding. I know my last name. I'm just not going to tell you. And I'm not going to tell you the complete names of my friends or where I live. What I will tell you is the truth. All except for that part about "magnificent" and "marvelous." Everything else I tell you will be true.
    [Show full text]
  • Forensic Investigation of User's Web Activity on Google Chrome Using
    IJCSNS International Journal of Computer Science and Network Security, VOL.16 No.9, September 2016 123 Forensic Investigation of User’s Web Activity on Google Chrome using various Forensic Tools Narmeen Shafqat, NUST, Pakistan Summary acknowledged browsers like Internet Explorer, Google Cyber Crimes are increasing day by day, ranging from Chrome, Mozilla Firefox, Safari, Opera etc. but should confidentiality violation to identity theft and much more. The also have hands on experience of less popular web web activity of the suspect, whether carried out on computer or browsers like Erwise, Arena, Cello, Netscape, iCab, smart device, is hence of particular interest to the forensics Cyberdog etc. Not only this, the forensic experts should investigator. Browser forensics i.e forensics of suspect’s browser also know how to find artifacts of interest from older history, saved passwords, cache, recent tabs opened etc. , therefore supply ample amount of information to the forensic versions of well-known web browsers; Internet Explorer, experts in case of any illegal involvement of the culprit in any Chrome and Mozilla Firefox atleast, because he might activity done on web browsers. Owing to the growing popularity experience a case where the suspected person is using and widespread use of the Google Chrome web browser, this older versions of these browsers. paper will forensically analyse the said browser in windows 8 According to StatCounter Global market share for the web environment, using various forensics tools and techniques, with browsers (2015), Google Chrome, Mozilla Firefox and the aim to reconstruct the web browsing activities of the suspect. Microsoft’s Internet Explorer make up 90% of the browser The working of Google Chrome in regular mode, private usage.
    [Show full text]
  • Incognito (Private Browsing) for AHA Online Testing
    Incognito (private browsing) for AHA Online Testing Go Incognito on Google Chrome 1. Open Google Chrome and click the wrench icon in the top right corner. 2. Click ‘new incognito window’. 3. Alternatively, you can press Ctrl + Shift + N. *You can also open a link in a web page in Incognito Mode. 1. Right-click on the link you want to open in an Incognito window. 2. Click ’Open in new incognito window’ from the context menu. **You can tell if you’re browsing privately by looking for the logo of the person in disguise in the top-left corner of the window. He’s wearing sunglasses, a hat and a raincoat. Go Incognito on Mozilla Firefox 1. Open Firefox and click the hamburger Menu button – it looks like three parallel lines. 2. Click ‘New private window’. *You can also open a link in a web page in a private window. 1. Right-click on the link you want to open in a private window. 2. Click ’Open in New Private Window’ from the context menu. **You can tell if you’re browsing privately by looking for an icon of a purple mask in the top-right corner of the window. Go Incognito on Safari on the Mac 1. In Yosemite and later, open Safari and click on ‘File’. 2. Click ‘New Private Window’. 3. Alternatively, click Command + Shift + N. 4. In Mavericks 10.9 or older, open Safari and click Safari in the browser’s Menu bar and select ‘Private Browsing’. **Private browsing tabs in Safari are separated from non-private tabs.
    [Show full text]
  • An Analysis of Private Browsing Modes in Modern Browsers
    An Analysis of Private Browsing Modes in Modern Browsers Gaurav Aggarwal Elie Bursztein Collin Jackson Dan Boneh Stanford University CMU Stanford University Abstract Even within a single browser there are inconsistencies. We study the security and privacy of private browsing For example, in Firefox 3.6, cookies set in public mode modes recently added to all major browsers. We first pro- are not available to the web site while the browser is in pose a clean definition of the goals of private browsing private mode. However, passwords and SSL client cer- and survey its implementation in different browsers. We tificates stored in public mode are available while in pri- conduct a measurement study to determine how often it is vate mode. Since web sites can use the password man- used and on what categories of sites. Our results suggest ager as a crude cookie mechanism, the password policy that private browsing is used differently from how it is is inconsistent with the cookie policy. marketed. We then describe an automated technique for Browser plug-ins and extensions add considerable testing the security of private browsing modes and report complexity to private browsing. Even if a browser ad- on a few weaknesses found in the Firefox browser. Fi- equately implements private browsing, an extension can nally, we show that many popular browser extensions and completely undermine its privacy guarantees. In Sec- plugins undermine the security of private browsing. We tion 6.1 we show that many widely used extensions un- propose and experiment with a workable policy that lets dermine the goals of private browsing.
    [Show full text]
  • Features Guide [email protected] Table of Contents
    Features Guide [email protected] Table of Contents About Us .................................................................................. 3 Make Firefox Yours ............................................................... 4 Privacy and Security ...........................................................10 The Web is the Platform ...................................................11 Developer Tools ..................................................................13 2 About Us About Mozilla Mozilla is a global community with a mission to put the power of the Web in people’s hands. As a nonprofit organization, Mozilla has been a pioneer and advocate for the Web for more than 15 years and is focused on creating open standards that enable innovation and advance the Web as a platform for all. We are committed to delivering choice and control in products that people love and can take across multiple platforms and devices. For more information, visit www.mozilla.org. About Firefox Firefox is the trusted Web browser of choice for half a billion people around the world. At Mozilla, we design Firefox for how you use the Web. We make Firefox completely customizable so you can be in control of creating your best Web experience. Firefox has a streamlined and extremely intuitive design to let you focus on any content, app or website - a perfect balance of simplicity and power. Firefox makes it easy to use the Web the way you want and offers leading privacy and security features to help keep you safe and protect your privacy online. Mozilla continues to move the Web forward by pioneering new open source technologies such as asm.js, Emscripten and WebAPIs. Firefox also has a range of amazing built-in developer tools to provide a friction-free environment for building Web apps and Web content.
    [Show full text]
  • Cyberwar: the ISIL Threat & Resiliency in Operational Technology
    Cyberwar: The ISIL Threat & Resiliency in Operational Technology Thesis Presented to the Faculty of the Department of Information and Logistics Technology University of Houston In Partial Fulfillment of the Requirements for the Degree Master’s of Information Systems Security By Gregory S. Anderson May 2017 Cyberwar: The ISIL Threat & Resiliency in Operational Technology ____________________________________ Gregory S. Anderson Approved: Committee Chair: ____________________________________ Wm. Arthur Conklin, PhD Computer Information Systems and Information System Security Committee Member: ____________________________________ Chris Bronk, PhD Computer Information Systems and Information System Security Committee Member: ____________________________________ Paula deWitte, PhD Computer Information Systems and Information System Security ____________________________________ ____________________________________ Rupa Iyer, PhD Dan Cassler Associate Dean for Research and Graduate Interim Chair for Department of Information Studies, College of Technology and Logistics Technology THIS PAGE INTENTIONALLY LEFT BLANK Acknowledgments First, I would like to thank Dr. Chris Bronk and Dr. Art Conklin for their support and guidance throughout my time at the University of Houston. Their dedication to students is unparalleled for any other professor I have come across during my education. I would also like to thank my family for their ongoing encouragement and love. The fostering environment to peruse knowledge and “never settle for less” has been a constant inspiration throughout my life. Lastly, to my partner of 7 years, Lorelei. None of my achievements these past few years would have come to fruition without her continuous love, support, and willingness to sacrifice for the greater good is deeply appreciated. Thank you for being the most patient and steadfast person I have ever known, I love you.
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • Online Tracking: a 1-Million-Site Measurement and Analysis
    Online Tracking: A 1-million-site Measurement and Analysis Steven Englehardt Arvind Narayanan Princeton University Princeton University This is an extended version of our paper that appeared at ACM CCS 2016. ABSTRACT to resort to a stripped-down browser [31] (a limitation we explore in detail in Section 3.3). (2) We provide compre­ We present the largest and most detailed measurement of hensive instrumentation by expanding on the rich browser online tracking conducted to date, based on a crawl of the extension instrumentation of FourthParty [33], without re­ top 1 million websites. We make 15 types of measurements quiring the researcher to write their own automation code. on each site, including stateful (cookie-based) and stateless (3) We reduce duplication of work by providing a modular (fingerprinting-based) tracking, the effect of browser privacy architecture to enable code re-use between studies. tools, and the exchange of tracking data between different Solving these problems is hard because the web is not de­ sites (“cookie syncing”). Our findings include multiple so­ 2 signed for automation or instrumentation. Selenium, the phisticated fingerprinting techniques never before measured main tool for automated browsing through a full-fledged in the wild. browser, is intended for developers to test their own web­ This measurement is made possible by our open-source 1 sites. As a result it performs poorly on websites not con­ web privacy measurement tool, OpenWPM , which uses an trolled by the user and breaks frequently if used for large- automated version of a full-fledged consumer browser. It scale measurements. Browsers themselves tend to suffer supports parallelism for speed and scale, automatic recovery memory leaks over long sessions.
    [Show full text]