paper review 1
play

Paper review 1 Privacy is a Process, not a PET A Theory for - PowerPoint PPT Presentation

Jun 07, 2023 •316 likes •515 views

Paper review 1 Privacy is a Process, not a PET A Theory for Effective Privacy Practice Accepted at New Security Paradigms Workshop 2012 Paper review 2 Too Close for Comfort: A Study of the Effectiveness and Acceptability of

  1. Paper review 1 • Privacy is a Process, not a PET – A Theory for Effective Privacy Practice • Accepted at New Security Paradigms Workshop 2012

  2. Paper review 2 • Too Close for Comfort: A Study of the Effectiveness and Acceptability of Rich-Media Personalized Advertising • Accepted at 2012 ACM annual conference on Human Factors in Computing Systems

  3. Paper review 3 • ’My privacy when adopting a technology – I know what’s important to me’ – An Exploratory Focus Group Study” • Rejected from Workshop on Privacy in the Electronic Society 2012

  4. Paper review 4 • Would You Sell Your Mother‘s Data? Personal Data Disclosure in a Simulated Credit Card Application • Average rejection but accepted to Workshop on Economics in Information Security (WEIS) 2012

  5. Vulnerability disclosure • Don’t forget overall goal: improve software safety • Consider incentives for researchers, software vendors, customers • Supply chain can be complex • Software component developers • Open source • Resellers • White-label software

  6. Initial attempts were chaotic • Researchers would sometimes tell vendors of vulnerabilities • Vendors would sometimes threaten researchers • Bugs would sometimes get fixed

  7. Full Disclosure Policy (RFPolicy) • “This policy states the 'guidelines' that an individual intends to follow. You basically have 5 days (read below for the definitions and semantics of what is considered a 'day') to return contact to the individual, and must keep in contact with them at least every 5 days. Failure to do so will discourage them from working with you and encourage them to publicly disclose the security problem.”

  8. Full Disclosure Policy (RFPolicy) • “First and foremost, a wake-up call to the software maintainer: the researcher has chosen to NOT immediately disclose the problem, but rather make an effort to work with you. This is a choice they did not have to make, and a choice that hopefully you will respect and accept accordingly.”

  9. Full Disclosure Policy (RFPolicy) • “Compensation is meant to include credit for discovery of the ISSUE, and perhaps in some cases, encouragement from the vendor to continue research, which might include product updates, premier technical subscriptions, etc. Monetary compensation, or any situation that could be misconstrued as extortion, is highly discouraged.”

  10. CERT/CC Vulnerability Disclosure Policy • “Vulnerabilities reported to the CERT/CC will be disclosed to the public 45 days after the initial report, regardless of the existence or availability of patches or workarounds from affected vendors. Extenuating circumstances, such as active exploitation, threats of an especially serious (or trivial) nature, or situations that require changes to an established standard may result in earlier or later disclosure. Disclosures made by the CERT/CC will include credit to the reporter unless otherwise requested by the reporter. We will apprise any affected vendors of our publication plans and negotiate alternate publication schedules with the affected vendors when required.”

  11. Responsible Vulnerability Disclosure Process (rejected RFC) • “The Reporter SHOULD grant time extensions to the Vendor if the Vendor is acting in good faith to resolve the vulnerability. “

  12. Microsoft Coordinated Vulnerability Disclosure • “We ask the security research community to give us an opportunity to correct a vulnerability before publicly disclosing it, as we ourselves do when we discover vulnerabilities in other vendors' products. This serves everyone's best interests by ensuring that customers receive comprehensive, high-quality updates for security vulnerabilities but are not exposed to malicious attacks while the update is being developed. After customers are protected, public discussion of the vulnerability helps the industry at large improve its products.”

  13. Facebook Whitehat • If you comply with the policies below when reporting a security issue to Facebook, we will not initiate a lawsuit or law enforcement investigation against you in response to your report. We ask that: • You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others. • You do not interact with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.

  14. Facebook Whitehall • You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services. • You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.) • You do not violate any other applicable laws or regulations.

  15. Facebook refusal • “Recently, a researcher tried to tell us about a bug that would allow users to post on the timeline of another user who was not their friend. He made headlines when he got frustrated with us and used that vulnerability to post on the wall of a real user.” • “He tried to report the bug responsibly, and we failed in our communication with him. We get hundreds of submissions a day, and only a tiny percent of those turn out to be legitimate bugs.” • “We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users. It is never acceptable to compromise the security or privacy of other people”

  16. Vulnerability markets • TippingPoint/ZDI • Funded through intrusion detection systems • Support disclosure to vendors • No-rules markets • Probably used to develop malware

  17. The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting • “It is thus possible that vulnerability hunting can result in a more secure product and can provide a social benefit. Patch announcements and vulnerability reports are also used to quantitatively (albeit roughly) demonstrate that vulnerabilities are often independently rediscovered within a relatively short time span.”

  18. Black market • Unregulated and dubious legality • Proposals to regulate through munitions control • Several vendors involved • Buyers often governments http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

White Paper TIP Review White Paper Board Direction (August 2015 Meeting) to address

White Paper TIP Review White Paper Board Direction (August 2015 Meeting) to address

2016-2021 TIP Review White Paper TIP Review White Paper Board Direction (August 2015 Meeting) to address TIP process, funding allocation and any other criteria mentioned by this Board, including looking at other MPOs around the

681 views • 18 slides
A brief review of similar attempts .. In the paper Using very deep autoencoders for

A brief review of similar attempts .. In the paper Using very deep autoencoders for

A brief review of similar attempts .. In the paper Using very deep autoencoders for content-based image retrieval A. Krizhevsky and Geoffrey Hinton proposed autoencoder can be used to map images to binary codes. The paper

369 views • 9 slides
Paper Review Laser & Photonics Reviews, 2009 I. Photodiode review II. Motivations III.

Paper Review Laser & Photonics Reviews, 2009 I. Photodiode review II. Motivations III.

Paper Review Laser & Photonics Reviews, 2009 I. Photodiode review II. Motivations III. Principle of UTC PD IV. Design of UTC PD V. Applications Special Topics in Optical Engineering II (15/1) Minkyu Kim Photodetection

407 views • 12 slides
Ho How w to re to review view a sci a scien entif tific ic pape paper? r? By Dr. S.

Ho How w to re to review view a sci a scien entif tific ic pape paper? r? By Dr. S.

Ho How w to re to review view a sci a scien entif tific ic pape paper? r? By Dr. S. Zahra Bathaie Department of Clinical Biochemistry, Faculty of Medical Sciences, Tarbiat Modares University 1396 How t to p peer r review? Although

1.04k views • 45 slides
Anonymous Paper-Review System Reporter: Group: Peer

Anonymous Paper-Review System Reporter: Group: Peer

Anonymous Paper-Review System Reporter: Group: Peer review of scholarly papers is seen to be a critical step in the publication of high quality outputs in reputable journals. Defects with the mechanism:

501 views • 20 slides
Custom Writing Service - Special Prices Literature review website research paper writing research

Custom Writing Service - Special Prices Literature review website research paper writing research

Custom Writing Service - Special Prices Literature review website research paper writing research papers macmillan buy research paper of ieee ? help with a research paper parts help me write my thesis with latex electricity research paper about

188 views • 4 slides
AND AGROECOLOGICAL 1 Lets write te a a But What review iew paper per on on does es

AND AGROECOLOGICAL 1 Lets write te a a But What review iew paper per on on does es

Picture: www.fromquarkstoquasars.com YOU WILL BE MULTIDISCIPLINARY AND AGROECOLOGICAL 1 Lets write te a a But What review iew paper per on on does es it it mean?? ?? Agroecolo roecology ! 2 Incorporate Agroecology within

387 views • 21 slides
Be Enthusiastic About Your Topic and Run With It Main Pages/Areas of the Manuscript

Be Enthusiastic About Your Topic and Run With It Main Pages/Areas of the Manuscript

APA Literature Review Research Paper, 6th ed. A Critical Summary of What Scientific Literature Says About a Specific Topic (a Non-APA Experimental Report Research Paper) The following are only highlights of what should be done in your paper, you

562 views • 22 slides
Review of regulatory tax approach AER Public Forum Response to AER Discussion Paper and Expert

Review of regulatory tax approach AER Public Forum Response to AER Discussion Paper and Expert

Review of regulatory tax approach AER Public Forum Response to AER Discussion Paper and Expert Reports Garth Crawford, General Manager Economic Regulation 7 November 2018 Outline 1. Context for review 2. Key issues and principles 3.

528 views • 16 slides
The STARS Paper The Paper and the Process Part 2 The Paper Components of the Paper Abstract:

The STARS Paper The Paper and the Process Part 2 The Paper Components of the Paper Abstract:

The STARS Paper The Paper and the Process Part 2 The Paper Components of the Paper Abstract: Typically 100-250 words. Consists of purpose, method, results and conclusion. Introduction: Introduces topic and issue. Summarizes relevant

1.13k views • 11 slides
Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin

Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin

Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin paper Published on The Cryptography Mailing list, in 2008 By Satoshi Nakamoto Identity unknown, but probably not a single person, but a

312 views • 9 slides
1 4 characteristics of peer 2 things to remember w hen review ers preparing a review

1 4 characteristics of peer 2 things to remember w hen review ers preparing a review

Department of Epidemiology Welch Center for Prevention, Epidemiology, and Clinical Research Review ing a paper for a scientific publication p for dummies Eliseo Guallar, MD, DrPH eguallar@jhsph.edu Objectives of peer review 3 types of

507 views • 3 slides
Paper Review Optics Express, 2007 I. Review of Analog-to-Digital Converters II. Motivations

Paper Review Optics Express, 2007 I. Review of Analog-to-Digital Converters II. Motivations

Paper Review Optics Express, 2007 I. Review of Analog-to-Digital Converters II. Motivations III. Photonic Assisted ADCs IV. Photonic Sampled ADCs V. Conclusion Special Topics in Optical Engineering II (15/1) Minkyu Kim Analog-to-Digital

173 views • 15 slides
The STARS Paper Summer 2017 The Paper and the Process Part 2 The Paper Components of the Paper

The STARS Paper Summer 2017 The Paper and the Process Part 2 The Paper Components of the Paper

The STARS Paper Summer 2017 The Paper and the Process Part 2 The Paper Components of the Paper Abstract: Typically 100-250 words. Consists of purpose, method, results and conclusion. Introduction: Introduces topic and issue. Summarizes

409 views • 11 slides
Ieee Paper Format For Paper Presentation 1 / 4 2 / 4 Ieee Paper Format For Paper Presentation 3

Ieee Paper Format For Paper Presentation 1 / 4 2 / 4 Ieee Paper Format For Paper Presentation 3

Ieee Paper Format For Paper Presentation 1 / 4 2 / 4 Ieee Paper Format For Paper Presentation 3 / 4 Get FREE study materials and notes shared by the faculty and students of aamec-anjalai ammal mahalingam engineering college. Download for

201 views • 4 slides
Regional Insights Paper Overview Presentation Purpose of the GB Regional Insights Paper

Regional Insights Paper Overview Presentation Purpose of the GB Regional Insights Paper

Goulburn Broken Regional Insights Paper Overview Presentation Purpose of the GB Regional Insights Paper Stimulate conversation Provides key insights from background info: RCS Review Socio-economic analysis Engagement with

310 views • 12 slides
Public view of computers in the 1970s in Sweden 1) Impowerish work tasks, 2) Be tools for

Public view of computers in the 1970s in Sweden 1) Impowerish work tasks, 2) Be tools for

Public view of computers in the 1970s in Sweden 1) Impowerish work tasks, 2) Be tools for government and big companies to control people, 3) In spite of these bad computer effects, we unfortunately have to have computers to keep up with

481 views • 9 slides
Understanding and Influencing Parliament Gary Hart Parliamentary Outreach www.parliament.uk

Understanding and Influencing Parliament Gary Hart Parliamentary Outreach www.parliament.uk

Understanding and Influencing Parliament Gary Hart Parliamentary Outreach www.parliament.uk @UKParlOutreach Session objectives By the end of this session, you will have a greater understanding of: Parliament's work and role The work

734 views • 29 slides
The Limits of Judicial Authority Professor Mark Elliott @ProfMarkElliott Public Law Project

The Limits of Judicial Authority Professor Mark Elliott @ProfMarkElliott Public Law Project

10/10/2016 The Limits of Judicial Authority Professor Mark Elliott @ProfMarkElliott Public Law Project Professor Mark Elliott Trends and Forecasts Conference 2016 University of Cambridge 1 10/10/2016 Judicial law-making Judiciary

201 views • 16 slides
Titus 1:5-9 It matters who you are as a leader and it matters what you do as a leader. God is

Titus 1:5-9 It matters who you are as a leader and it matters what you do as a leader. God is

Leadership Matters (Verb) I Titus 1:5-9 It matters who you are as a leader and it matters what you do as a leader. God is primarily interested in who you are and then what you do (Daniel Akin). The Pastoral Crucible I.

600 views • 23 slides
Complex manifolds of dimension 1 lecture 3 Misha Verbitsky IMPA, sala 232 January 10, 2020 1

Complex manifolds of dimension 1 lecture 3 Misha Verbitsky IMPA, sala 232 January 10, 2020 1

Riemann surfaces, lecture 3 M. Verbitsky Complex manifolds of dimension 1 lecture 3 Misha Verbitsky IMPA, sala 232 January 10, 2020 1 Riemann surfaces, lecture 3 M. Verbitsky Homogeneous spaces DEFINITION: A Lie group is a smooth manifold

575 views • 19 slides
4.3. Reinforcement learning for forming coalitions: the DFG algorithm Wei (1995) DFG:

4.3. Reinforcement learning for forming coalitions: the DFG algorithm Wei (1995) DFG:

4.3. Reinforcement learning for forming coalitions: the DFG algorithm Wei (1995) DFG: Dissolution and Formation of Groups Basic Problems tackled: n How can several agents learn what actions they can perform in parallel? n How can several

575 views • 15 slides
Social and political activism Permacultura Cantabria - Spain Governments should take the necessary

Social and political activism Permacultura Cantabria - Spain Governments should take the necessary

Social and political activism Permacultura Cantabria - Spain Governments should take the necessary decisions to guarantee the fundamental rights of citizens, including the right to enjoy an adequate environment. When these decisions are not taken

298 views • 5 slides
Reordering Philipp Koehn 5 March 2015 Philipp Koehn Machine Translation: Reordering 5 March

Reordering Philipp Koehn 5 March 2015 Philipp Koehn Machine Translation: Reordering 5 March

Reordering Philipp Koehn 5 March 2015 Philipp Koehn Machine Translation: Reordering 5 March 2015 Why Word Order? 1 Language has words to name things (nouns) actions (verbs) properties (adjectives, adverbs) Function words

600 views • 33 slides

More recommend