Cyber threats are ever increasing. Adversaries are getting more sophisticated and cyber criminals are infiltrating companies in a variety of sectors. In today's landscape, organizations need to acquire and develop effective security tools and mechanisms - not only to keep up with cyber criminals, but also to stay one step ahead. Cyber-Vigilance and Digital Trust develops cyber security disciplines that serve this double objective, dealing with cyber security threats in a unique way. Specifically, the book reviews recent advances in cyber threat intelligence, trust management and risk analysis,…mehr
Cyber threats are ever increasing. Adversaries are getting more sophisticated and cyber criminals are infiltrating companies in a variety of sectors. In today's landscape, organizations need to acquire and develop effective security tools and mechanisms - not only to keep up with cyber criminals, but also to stay one step ahead. Cyber-Vigilance and Digital Trust develops cyber security disciplines that serve this double objective, dealing with cyber security threats in a unique way. Specifically, the book reviews recent advances in cyber threat intelligence, trust management and risk analysis, and gives a formal and technical approach based on a data tainting mechanism to avoid data leakage in Android systemsHinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Wiem Tounsi, PhD, is Head of the Managed Security Services and R&D division at Axians Cybersecurity Paris, France. Her research interests include network security and privacy issues, mainly policies management, threat analysis and lightweight cryptography. She has authored several research papers in high-level international journals and conferences, and has been an invited keynote speaker at several major scientific conferences.
Inhaltsangabe
Introduction ix Wiem TOUNSI Chapter 1. What Is Cyber Threat Intelligence and How Is It Evolving? 1 Wiem TOUNSI 1.1. Introduction 1 1.2. Background 3 1.2.1. New Generation Threats 3 1.2.2. Analytical Frameworks 6 1.3. Cyber Threat Intelligence 9 1.3.1. Cyber Threat Intelligence Sources 9 1.3.2. Cyber Threat Intelligence Sub-Domains 11 1.3.3. Technical Threat Intelligence (TTI) 13 1.4. Related Work 14 1.5. Technical Threat Intelligence Sharing Problems 16 1.5.1. Benefits of CTI Sharing for Collective Learning 16 1.5.2. Reasons for Not Sharing 17 1.6. Technical Threat Intelligence Limitations 21 1.6.1. Quantity Over Quality 21 1.6.2. IOC-Specific Limitations 22 1.7. Cyber Threat Intelligent Libraries or Platforms 25 1.7.1. Benefits of CTI Libraries Based In the Cloud 26 1.7.2. Reluctance to Use Cloud Services 26 1.8. Discussion 27 1.8.1. Sharing Faster Is Not Sufficient 27 1.8.2. Reducing the Quantity of Threat Feeds 28 1.8.3. Trust to Share Threat Data and to Save Reputation Concerns 30 1.8.4. Standards for CTI Representation and Sharing 31 1.8.5. Cloud-Based CTI Libraries for Collective Knowledge and Immunity 34 1.9. Evaluation of Technical Threat Intelligence Tools 36 1.9.1. Presentation of Selected Tools 37 1.9.2. Comparative Discussion 38 1.10. Conclusion and Future Work 39 1.11. References 40 Chapter 2. Trust Management Systems: A Retrospective Study on Digital Trust 51 Reda YAICH 2.1. Introduction 51 2.2. What Is Trust? 52 2.3. Genesis of Trust Management Systems 54 2.3.1. Access Control Model 54 2.3.2. Identity-Based Access Control 55 2.3.3. Lattice-Based Access Control 57 2.3.4. Role-Based Access Control 58 2.3.5. Organization-Based Access Control 59 2.3.6. Attribute-Based Access Control 61 2.4. Trust Management 62 2.4.1. Definition 62 2.4.2. Trust Management System 64 2.4.3. Foundations 65 2.4.4. Automated Trust Negotiation 70 2.5. Classification of Trust Management Systems 72 2.5.1. Authorization-Based TMSs 73 2.5.2. Automated Trust Negotiation Systems 81 2.6. Trust Management In Cloud Infrastructures 90 2.6.1. Credentials-Based Trust Models 90 2.6.2. SLA-Based Trust Models 90 2.6.3. Feedback-Based Trust Models 91 2.6.4. Prediction-Based Trust Models 92 2.7. Conclusion 93 2.8. References 94 Chapter 3. Risk Analysis Linked to Network Attacks 105 Kamel KAROUI 3.1. Introduction 105 3.2. Risk Theory 107 3.2.1. Risk Analysis Terminology 107 3.2.2. Presentation of the Main Risk Methods 109 3.2.3. Comparison of the Main Methods 116 3.3. Analysis of IS Risk In the Context of IT Networks 120 3.3.1. Setting the Context 120 3.3.2. Risk Assessment 127 3.3.3. Risk Treatment 133 3.3.4. Acceptance of Risks 136 3.3.5. Risk Communication 137 3.3.6. Risk Monitoring 138 3.4. Conclusion 138 3.5. References 138 Chapter 4. Analytical Overview on Secure Information Flow In Android Systems: Protecting Private Data Used By Smartphone Applications 141 Mariem GRAA 4.1. Introduction 142 4.2. Information Flow 143 4.2.1. Explicit Flows 143 4.2.2. Implicit Flows 143 4.2.3. Covert Channels 144 4.3. Data Tainting 145 4.3.1. Interpreter Approach 145 4.3.2. Architecture-Based Approach 146 4.3.3. Static Taint Analysis 146 4.3.4. Dynamic Taint Analysis 147 4.4. Protecting Private Data In Android Systems 149 4.4.1. Access Control Approach 149 4.4.2. Preventing Private Data Leakage Approach 153 4.4.3. Native Libraries Approaches 157 4.5. Detecting Control Flow 160 4.5.1. Technical Control Flow Approaches 160 4.5.2. Formal Control Flow Approaches 162 4.6. Handling Explicit and Control Flows In Java and Native Android Apps Code 164 4.6.1. Formal Specification of the Under-Tainting Problem 164 4.6.2. Formal Under-Tainting Solution 166 4.6.3. System Design 175 4.6.4. Handling Explicit and Control Flows In Java Android Apps Code 176 4.6.5. Handling Explicit and Control Flows In Native Android Apps Code 180 4.6.6. Evaluation 184 4.6.7. Discussion 187 4.7. Protection Against Code Obfuscation Attacks Based on Control Dependencies In Android Systems 188 4.7.1. Code Obfuscation Definition 188 4.7.2. Types of Program Obfuscations 189 4.7.3. Obfuscation Techniques 189 4.7.4. Code Obfuscation In Android System 190 4.7.5. Attack Model 191 4.7.6. Code Obfuscation Attacks 192 4.7.7. Detection of Code Obfuscation Attacks 194 4.7.8. Obfuscation Code Attack Tests 195 4.8. Detection of Side Channel Attacks Based on Data Tainting In Android Systems 198 4.8.1. Target Threat Model 199 4.8.2. Side Channel Attacks 200 4.8.3. Propagation Rules for Detecting Side Channel Attacks 203 4.8.4. Implementation 205 4.8.5. Evaluation 207 4.9. Tracking Information Flow In Android Systems Approaches Comparison: Summary 210 4.10. Conclusion and Highlights 215 4.11. References 216 List of Authors 227 Index 229