Bibliography[350] S. Sidiroglou and A. D. Keromytis. Countering network worms through automatic patchgeneration. IEEE Security and Privacy, 3(6):41–49, 2005.[351] G. Sinclair, C. Nunnery, and B. Kang. The Waledac Protocol: The How and Why, 2009.Technical Report by Infrastructure Systems Research Lab/University of North Carolina.[352] K. Singh, S. Bhola, and W. Lee. x<strong>book</strong>: Redesigning privacy control in social networkingplatforms. In Proceedings of the 18th USENIX Security Symposium, 2009.[353] M. Sirivianos, K. Kim, and X. Yang. SocialFilter: Introducing social trust to collaborativespam mitigation. 2011 Proceedings IEEE INFOCOM, pages 2300–2308, Apr. 2011.[354] A. Slowinska and H. Bos. The Age of Data: Pinpointing Guilty Bytes in PolymorphicBuffer Overflows on Heap or Stack. In Proceedings of the 23rd Annual Computer SecurityApplications Conference, ACSAC’07, 2007.[355] A. Slowinska and H. Bos. Pointless tainting?: evaluating the practicality of pointer tainting.In EuroSys, pages 61–74, 2009.[356] A. Slowinska, T. Stancescu, and H. Bos. Howard: a dynamic excavator for reverse engineeringdata structures. In Proceedings of NDSS 2011, San Diego, CA, 2011.[357] A. Slowinska, T. Stancescu, and H. Bos. Body armor for binaries: preventing bufferoverflows without recompilation. In Proceedings of USENIX Annual Technical Conference,Boston, MA, June 2012.[358] M. Srivatsa and M. Hicks. Deanonymizing mobility traces. In Proceedings of the 2012 ACMconference on Computer and communications security - CCS ’12, page 628. ACM Press, 2012.[359] J. I. S. G. T. I. . I. P. Stamp. The SPIDERS project - Smart Power Infrastructure Demonstrationfor Energy Reliability and Security at US military facilities. Innovative Smart Grid Technologies(ISGT), 2012 IEEE PES, 2012.[360] G. Starnberger, C. Kruegel, and E. Kirda. Overbot: A Botnet Protocol Based on Kademlia.In Proceedings of the 4th International Conference on Security and Privacy in CommunicationNetworks, 2008.[361] A. Stefanov and . I. P. Chen-Ching Liu Innovative Smart Grid Technologies ISGT. Cyberpowersystem security in a smart grid environment. Innovative Smart Grid Technologies(ISGT), 2012 IEEE PES, 2012.[362] B. Stock, M. Engelberth, F. C. Freiling, and T. Holz. Walowdac – Analysis of a Peer-to-PeerBotnet. In Proceedings of the European Conference on Computer Network Defense, 2009.[363] B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel,and G. Vigna. Your Botnet is My Botnet: Analysis of a Botnet Takeover. In Proceedings ofthe 16th ACM Conference on Computer and Communications Security, 2009.[364] G. Stringhini, C. Kruegel, and G. Vigna. Detecting Spammers on Social Networks. InProceedings of the 26th Annual Computer Security Applications Conference, 2010.[365] Symantec. Spam report: Hacked personal email accounts used to scam contacts. http://www.symantec.com/articles/article.jsp?aid=20080729_spam_report.[366] Symantec. Stuxnet Using Three Additional Zero-Day Vulnerabilities.http://www.symantec.com/connect/blogs/stuxnet-using-three-additionalzero-day-vulnerabilities,September 2010.[367] Symantec Official Blog. Top 5 security p<strong>red</strong>ictions for 2013 from symantec. Internet.http://www.symantec.com/connect/blogs/top-5-security-p<strong>red</strong>ictions-2013-symantec-0, 2012.[368] P. Ször. The Art of Computer Virus Research and Defense. Addison-Wesley Professional,February 2005.[369] S. Tang, H. Mai, and S. King. Trust and Protection in the Illinois Browser Operating System.In Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation(OSDI). USENIX, 2010.182
Bibliography[370] T. Telegraph. Bogus’ ap tweet about explosion at the white house wipes billions off usmarkets. http://www.telegraph.co.uk/finance/markets/10013768/Bogus-AP-tweetabout-explosion-at-the-White-House-wipes-billions-off-US-markets.html.[371] M. Ter Louw and V. Venkatakrishnan. Blueprint: Precise Browser-neutral Prevention ofCross-site Scripting Attacks. In Proceedings of the 30th IEEE Symposium on Security & Privacy,Oakland, CA, May 2009.[372] The Honeynet Project. Droidbox. https://code.google.com/p/droidbox/.[373] The SysSec Consortium. Deliverable D7.1: Review of the state-of-the-art in cyberattacks,June 2011.[374] K. Theocharoulis, I. Papaefstathiou, and C. Manifavas. Implementing rainbow tables inhigh-end fpgas for super-fast password cracking. In Proceedings of the 2010 InternationalConference on Field Programmable Logic and Applications, pages 145–150, 2010.[375] K. Thomas, C. Grier, and V. Paxson. Adapting social spam infrastructure for politicalcensorship. In Proceedings of the USENIX Workshop on Large-Scale Exploits and EmergentThreats (LEET), 2012.[376] O. Thonnard, L. Bilge, G. O’Gorman, S. Kiernan, and M. Lee. Industrial espionage andtargeted attacks: understanding the characteristics of an escalating threat. In RAID’12:Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses.Springer-Verlag, Sept. 2012.[377] Tim Rains - Microsoft. Using the past to p<strong>red</strong>ict the future: Top 5 threat p<strong>red</strong>ictions for2013. Internet. http://blogs.technet.com/b/security/archive/2012/12/13/usingthe-past-to-p<strong>red</strong>ict-the-future-top-5-threat-p<strong>red</strong>ictions-for-2013.aspx?Redirected=true, 2012.[378] V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, and S. Barocas. Adnostic: Privacypreserving targeted advertising. In Proceedings of the 17th Network and Distributed SystemSecurity Symposium, 2010.[379] N. Tran, B. Min, J. Li, and L. Subramanian. Sybil-resilient online content voting. InProceedings of the 6th USENIX symposium on Networked systems design and implementation,pages 15–28, 2009.[380] C.-Y. Tseng and M.-S. Chen. Incremental SVM Model for Spam Detection on Dynamic EmailSocial Networks. 2009 International Conference on Computational Science and Engineering,pages 128–135, 2009.[381] K.-Y. Tseng, D. Chen, Z. Kalbarczyk, and R. K. Iyer. Characterization of the error resiliencyof power grid substation devices. In International Conference on Dependable Systems andNetworks. IEEE Computer Society, June 2012.[382] V. van der Veen, N. dutt Sharma, L. Cavallaro, and H. Bos. Memory Errors: The Past, thePresent, and the Future. In In Proceedings of the 15th International Symposium on Research inAttacks Intrusions and Defenses (RAID), September 2012.[383] R. Vigo. The Cyber-Physical Attacker. In dl.acm.org, pages 347–356. Springer BerlinHeidelberg, Berlin, Heidelberg, 2012.[384] B. Viswanath, M. Mondal, K. P. Gummadi, A. Mislove, and A. Post. Canal: scaling socialnetwork-based Sybil tolerance schemes. In Proceedings of the 7th ACM european conference onComputer Systems - EuroSys ’12, page 309. ACM Press, 2012.[385] B. Viswanath, A. Post, K. P. Gummadi, and A. Mislove. An Analysis of Social Network-Based Sybil Defenses. In Proceedings of the ACM SIGCOMM 2010 conference, page 363, NewYork, New York, USA, 2010. ACM Press.[386] P. Vreugdenhil. Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit. http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf.183
- Page 1:
SEVENTH FRAMEWORK PROGRAMMETHERED B
- Page 4 and 5:
The Red Book. ©2013 The SysSec Con
- Page 7 and 8:
PrefaceAfter the completion of its
- Page 9 and 10:
Contents1 Executive Summary 32 Intr
- Page 11 and 12:
1 Executive SummaryBased on publish
- Page 13:
1.2. Grand Challenges4. will have t
- Page 16 and 17:
2. Introductionwho want to get at t
- Page 18 and 19:
2. Introduction• Although conside
- Page 20 and 21:
2. Introductionfuture, where each a
- Page 22 and 23:
2. Introductiondrones), such sensor
- Page 24 and 25:
2. Introductioncover our energy nee
- Page 27:
Part I: Threats Identified
- Page 30 and 31:
3. In Search of Lost Anonymity3.2 W
- Page 32 and 33:
3. In Search of Lost Anonymityguide
- Page 35 and 36:
4 Software VulnerabilitiesExtending
- Page 37 and 38:
4.1. What Is the Problem?infrastruc
- Page 39 and 40:
4.5. State of the Artparts of criti
- Page 41:
4.7. Example Problemstem mitigation
- Page 44 and 45:
5. Social Networks5.1 Who Is Going
- Page 46 and 47:
5. Social Networksby such an applic
- Page 48 and 49:
5. Social Networksdisasters. This r
- Page 50 and 51:
6. Critical Infrastructure Security
- Page 52 and 53:
6. Critical Infrastructure Security
- Page 54 and 55:
6. Critical Infrastructure Security
- Page 56 and 57:
6. Critical Infrastructure Security
- Page 59 and 60:
7 Authentication and AuthorizationH
- Page 61 and 62:
7.2. Who Is Going to Be Affected?so
- Page 63 and 64:
7.5. State of the ArtFinally, ident
- Page 65 and 66:
7.6. Research Gapshashes and evalua
- Page 67 and 68:
8 Security of Mobile DevicesIn an e
- Page 69 and 70:
8.3. What Is the Worst That Can Hap
- Page 71 and 72:
8.4. State of the ArtAll the other
- Page 73:
8.6. Example Problemserated anomaly
- Page 76 and 77:
9. Legacy Systemsthe execution of a
- Page 78 and 79:
9. Legacy Systemsparts of the progr
- Page 81 and 82:
10 Usable SecurityKeys, locks, and
- Page 83 and 84:
10.4. What Is the Worst That Can Ha
- Page 85 and 86:
10.6. Research Gaps10.6 Research Ga
- Page 87:
10.7. Example Problemsof value for
- Page 90 and 91:
11. The Botnet that Would not DieNu
- Page 92 and 93:
11. The Botnet that Would not Diefa
- Page 94 and 95:
11. The Botnet that Would not Dieti
- Page 96 and 97:
12. Malwarethan 128 million malware
- Page 98 and 99:
12. Malwareequipped with auto-updat
- Page 100 and 101:
12. Malwarethe introduction of App
- Page 102 and 103:
13. Social Engineering and Phishing
- Page 104 and 105:
13. Social Engineering and Phishing
- Page 106 and 107:
13. Social Engineering and Phishing
- Page 108 and 109:
13. Social Engineering and Phishing
- Page 111 and 112:
14 Grand ChallengesOne of the most
- Page 113:
Part II: Related Work
- Page 116 and 117:
15. A Crisis of Prioritization•
- Page 118 and 119:
16. Forwardare accessible from the
- Page 120 and 121:
16. ForwardRecommendation 4: “The
- Page 122 and 123:
17. Federal Plan for Cyber Security
- Page 124 and 125:
17. Federal Plan for Cyber Security
- Page 126 and 127:
18. EffectsPlus18.1 Roadmap Structu
- Page 128 and 129:
18. EffectsPlus18.6 Identified Prio
- Page 130 and 131:
19. Digital GovernmentThe roadmap o
- Page 132 and 133:
20. Horizon2020• “Making cyber
- Page 135 and 136:
21 Trust in the Information Society
- Page 137:
21.2. Recommendationsallows for the
- Page 140 and 141: 22. ENISA Threat Landscape2. Malwar
- Page 142 and 143: 22. ENISA Threat LandscapeSocial Te
- Page 144 and 145: 22. ENISA Threat Landscapewriters w
- Page 146 and 147: 23. Cyber Security Research Worksho
- Page 149 and 150: 24 Cyber Security Strategy of theEu
- Page 151 and 152: 24.2. Strategic PrioritiesProposed
- Page 153 and 154: 25 The Dutch National Cyber Securit
- Page 155 and 156: 25.1. ContextsInternet (e.g., smart
- Page 157 and 158: 25.1. Contextsdefensive approaches
- Page 159 and 160: 25.2. Research Themesand radio broa
- Page 161 and 162: 25.2. Research Themesconsists of se
- Page 163 and 164: 25.2. Research ThemesRisk managemen
- Page 165 and 166: AMethodologiesIn this appendix we o
- Page 167 and 168: BSysSec Threats Landscape Evolution
- Page 169 and 170: B.4. SysSec 2013 Threats LandscapeT
- Page 171 and 172: B.4. SysSec 2013 Threats LandscapeS
- Page 173 and 174: Bibliography[1] 10 Questions for Ke
- Page 175 and 176: Bibliography[45] SCADA & Security o
- Page 177 and 178: Bibliography[88] A. Avizienis, J.-C
- Page 179 and 180: Bibliography[130] G. Cluley. 600,00
- Page 181 and 182: Bibliography[172] D. Evans. Top 25
- Page 183 and 184: Bibliography[214] ICS-CERT. Monthly
- Page 185 and 186: Bibliography[253] C. Lever, M. Anto
- Page 187 and 188: Bibliography[291] Mozilla. Browseri
- Page 189: Bibliography[329] F. Raja, K. Hawke
- Page 193 and 194: Bibliography[407] W. Yang, N. Li, Y