Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, Revised Selected Papers

As the complexity of applications and software frameworks increases, cybersecurity becomes more challenging.The potential attack surface keeps expanding while each product has its own peculiarities and requirements leading to tailor-made solutions per case.These are the primary reasons which render security solutions expensive, highly complex and with significant deployment delay. This technical survey intends to reveal the pillars of today’s cybersecurity market, as well as identify emerging trends,key players and functional aspects. Such an insight will allow all interested parties to optimize the design process of a contemporary and future-proof cybersecurity framework for end-to-end protection.

[1]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[2]  Zachary N. J. Peterson,et al.  Security through play , 2013, IEEE Security & Privacy.

[3]  Ken Allen,et al.  CyberCIEGE: Gaming for Information Assurance , 2005, IEEE Secur. Priv..

[4]  Vitaly Shmatikov,et al.  Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[5]  Fabio Martinelli,et al.  Preventing the Drop in Security Investments for Non-competitive Cyber-Insurance Market , 2017, CRiSIS.

[6]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[7]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[8]  Zoya Dyka,et al.  Horizontal DPA Attacks against ECC: Impact of Implemented Field Multiplication Formula , 2019, 2019 14th International Conference on Design & Technology of Integrated Systems In Nanoscale Era (DTIS).

[9]  Wenliang Du,et al.  Fine-Grained Access Control for HTML5-Based Mobile Applications in Android , 2013, ISC.

[10]  George Neville-Neil,et al.  The Design and Implementation of the FreeBSD Operating System , 2014 .

[11]  Vadim Okun,et al.  Evaluating Bug Finders -- Test and Measurement of Static Code Analyzers , 2015, 2015 IEEE/ACM 1st International Workshop on Complex Faults and Failures in Large Software Systems (COUFLESS).

[12]  Vincenzo Croce,et al.  Blockchain Technology for Financial Services Facilitation in RES Investments , 2018, 2018 IEEE 4th International Forum on Research and Technology for Society and Industry (RTSI).

[13]  Shrawan Kumar,et al.  Static program analysis of large embedded code base: an experience , 2011, ISEC.

[14]  Zoya Dyka,et al.  Horizontal Attacks Against ECC: From Simulations to ASIC , 2019, IOSec/MSTEC/FINSEC@ESORICS.

[15]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[16]  Abdullah Saad,et al.  A Survey on Software Security Testing Techniques , 2013 .

[17]  Panos Kampanakis,et al.  Security Automation and Threat Information-Sharing Options , 2014, IEEE Security & Privacy.

[18]  Arvind Narayanan,et al.  I never signed up for this! Privacy implications of email tracking , 2018, Proc. Priv. Enhancing Technol..

[19]  Heng Yin,et al.  Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation , 2014, CCS.

[20]  Claude Castelluccia,et al.  Selling Off Privacy at Auction , 2014, NDSS 2014.

[21]  Kazuo Ohta,et al.  Improved countermeasure against Address-bit DPA for ECC scalar multiplication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[22]  S. Sreejith,et al.  Learning Cyber Security Through Gamification , 2015 .

[23]  Daniel W. Woods,et al.  Policy Measures and Cyber Insurance: A Framework , 2017 .

[24]  Pierangela Samarati Data Security and Privacy in the Cloud , 2014, ISPEC.

[25]  Amit Saxena,et al.  Detecting Input Validation Attacks in Web Application , 2015 .

[26]  Andrew B. Whinston,et al.  P2P Networking: An Information-Sharing Alternative , 2001, Computer.

[27]  Kazim Hussain,et al.  Big Data in the Finance and Insurance Sectors , 2016, New Horizons for a Data-Driven Economy.

[28]  Nick Nikiforakis,et al.  Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms , 2016, Proc. Priv. Enhancing Technol..

[29]  Charalampos Manifavas,et al.  DSAPE - Dynamic Security Awareness Program Evaluation , 2014, HCI.

[30]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[31]  Therese Jones,et al.  Content analysis of cyber insurance policies: how do carriers price cyber risk? , 2019, J. Cybersecur..

[32]  Arif Sasongko,et al.  Simple power analysis attack against elliptic curve cryptography processor on FPGA implementation , 2011, Proceedings of the 2011 International Conference on Electrical Engineering and Informatics.

[33]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[34]  Phi Tuong Lau Scan Code Injection Flaws in HTML5-Based Mobile Applications , 2018, 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[35]  Éliane Jaulmes,et al.  Horizontal collision correlation attack on elliptic curves , 2014, Cryptography and Communications.

[36]  Kouichi Itoh,et al.  A Practical Countermeasure against Address-Bit Differential Power Analysis , 2003, CHES.

[37]  Moin Uddin,et al.  Challenges in Privacy and Security in Banking Sector and Related Countermeasures , 2016 .

[38]  Konstantinos Psounis,et al.  Will cyber-insurance improve network security? A market analysis , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[39]  George Hatzivasilis,et al.  Password-Hashing Status , 2017, Cryptogr..

[40]  Dimitris Gritzalis,et al.  Securing Transportation-Critical Infrastructures: Trends and Perspectives , 2011, ICGS3/e-Democracy.

[41]  Inger Anne Tøndel,et al.  Mitigating Risk with Cyberinsurance , 2015, IEEE Security & Privacy.

[42]  George Perkovich,et al.  Toward a global norm against manipulating the integrity of financial data , 2017 .

[43]  Pablo Rodriguez,et al.  If you are not paying for it, you are the product: how much do advertisers pay to reach you? , 2017, Internet Measurement Conference.

[44]  Katerina Goseva-Popstojanova,et al.  On the capability of static code analysis to detect security vulnerabilities , 2015, Inf. Softw. Technol..

[45]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[46]  M.I.P. Salas,et al.  Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security , 2014, CLEI Selected Papers.

[47]  Mohamed Shehab,et al.  Reducing Attack Surface on Cordova-based Hybrid Mobile Apps , 2014, MobileDeLi '14.

[48]  Kurt Manske An Introduction to Social Engineering , 2000, Inf. Secur. J. A Glob. Perspect..

[49]  Kristian Beckers,et al.  A Serious Game for Eliciting Social Engineering Security Requirements , 2016, 2016 IEEE 24th International Requirements Engineering Conference (RE).

[50]  Andrew C. Myers,et al.  End-to-end availability policies and noninterference , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[51]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[52]  Larry Peterson,et al.  Defensive programming: using an annotation toolkit to build DoS-resistant software , 2002, OSDI '02.

[53]  Olaf Owe,et al.  An evaluation of interaction paradigms for active objects , 2019, J. Log. Algebraic Methods Program..

[54]  Per Håkon Meland,et al.  When to Treat Security Risks with Cyber Insurance , 2018, 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA).

[55]  Ahmad Adamu Galadima,et al.  Arduino as a learning tool , 2014, 2014 11th International Conference on Electronics, Computer and Computation (ICECCO).

[56]  Audrey A. Gendreau,et al.  Survey of Intrusion Detection Systems towards an End to End Secure Internet of Things , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[57]  Nur Haryani Zakaria,et al.  Social engineering awareness game (SEAG): an empirical evaluation of using game towards improving information security awareness , 2015 .

[58]  Laurie A. Williams,et al.  Protection Poker: The New Software Security "Game"; , 2010, IEEE Security & Privacy.

[59]  Qusay H. Mahmoud,et al.  Evaluation of static analysis tools for software security , 2014, 2014 10th International Conference on Innovations in Information Technology (IIT).

[60]  Michael Newbould,et al.  Playing Safe: A Prototype Game For Raising Awareness of Social Engineering , 2009 .

[61]  Sotiris Ioannidis,et al.  Review of Security and Privacy for the Internet of Medical Things (IoMT) , 2019, 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS).

[62]  Thomas Shaw,et al.  Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events , 2017, ASE @ USENIX Security Symposium.

[63]  Peter Mularien Spring Security 3 , 2010 .

[64]  Basel Katt,et al.  Source Code Patterns of Cross Site Scripting in PHP Open Source Projects , 2018 .

[65]  J. Initiative SP 800-39. Managing Information Security Risk: Organization, Mission, and Information System View , 2011 .

[66]  Xavier Masip-Bruin,et al.  Towards a Fog-to-Cloud control topology for QoS-aware end-to-end communication , 2017, 2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS).

[67]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[68]  Per M. Gustavsson,et al.  Gamified Training for Cyber Defence : Methods and Automated Tools for Situation and Threat Assessment , 2013 .

[69]  Hong Li,et al.  A survey of intrusion detection on industrial control systems , 2018, Int. J. Distributed Sens. Networks.

[70]  B. Preneel,et al.  Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem , 2005, EUROCON 2005 - The International Conference on "Computer as a Tool".

[71]  Wouter Joosen,et al.  Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting , 2013, 2013 IEEE Symposium on Security and Privacy.

[72]  Tobby Simon,et al.  Critical Infrastructure and the Internet of Things , 2017 .

[73]  Pierangelo Rosati,et al.  Blockchain Beyond Cryptocurrencies , 2018, Disrupting Finance.

[74]  Wouter Joosen,et al.  PriVaricator: Deceiving Fingerprinters with Little White Lies , 2015, WWW.

[75]  George Spanoudakis,et al.  Cloud Certification Process Validation Using Formal Methods , 2017, ICSOC.

[76]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[77]  Yves Roudier,et al.  Static Code Analysis for Software Security Verification: Problems and Approaches , 2014, 2014 IEEE 38th International Computer Software and Applications Conference Workshops.

[78]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[79]  Xavier Masip-Bruin,et al.  Securing combined Fog-to-Cloud system Through SDN Approach , 2017, CCB@EuroSys.

[80]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[81]  Maria Papadaki,et al.  A Practical Assessment of Social Engineering Vulnerabilities , 2008, HAISA.

[82]  Nils Gruschka,et al.  A survey of attacks on web services , 2009, Computer Science - Research and Development.

[83]  Sergio Caltagirone,et al.  The Diamond Model of Intrusion Analysis , 2013 .

[84]  Frank L. Greitzer,et al.  Cognitive science implications for enhancing training effectiveness in a serious gaming context , 2007, JERC.

[85]  Rossouw von Solms,et al.  An information security knowledge sharing model in organizations , 2016, Comput. Hum. Behav..

[86]  Babu M. Mehtre,et al.  Static Malware Analysis Using Machine Learning Methods , 2014, SNDS.

[87]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[88]  Bill Fitzgerald,et al.  Tracking the Trackers , 2016 .

[89]  Bernard Ferguson,et al.  National Cyber Range Overview , 2014, 2014 IEEE Military Communications Conference.

[90]  Niki A. Rahimi Trusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module , 2004, USENIX Annual Technical Conference, FREENIX Track.

[91]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[92]  Wenhua Wang,et al.  A combinatorial approach to detecting buffer overflow vulnerabilities , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[93]  Olaf Owe,et al.  On detecting over-eager concurrency in asynchronously communicating concurrent object systems , 2017, J. Log. Algebraic Methods Program..

[94]  Konstantinos Psounis,et al.  Security Pricing as Enabler of Cyber-Insurance A First Look at Differentiated Pricing Markets , 2016, IEEE Transactions on Dependable and Secure Computing.

[95]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[96]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[97]  Einar Broch Johnsen,et al.  An Asynchronous Communication Model for Distributed Concurrent Objects , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[98]  Henny B. Sipma,et al.  Synthesis of Linear Ranking Functions , 2001, TACAS.

[99]  Steven Furnell Vulnerability management: not a patch on where we should be? , 2016, Netw. Secur..

[100]  Zoya Dyka,et al.  Horizontal Address-Bit DEMA against ECDSA , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[101]  George Spanoudakis,et al.  Towards Hybrid Cloud Service Certification Models , 2014, 2014 IEEE International Conference on Services Computing.

[102]  Robert LaRose,et al.  Online safety begins with you and me: Convincing Internet users to protect themselves , 2015, Comput. Hum. Behav..

[103]  Mick Bauer Paranoid penguin: Introduction to seLinux , 2007 .

[104]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[105]  Angelo Gargantini,et al.  A semantic framework for metamodel-based languages , 2009, Automated Software Engineering.

[106]  Tadayoshi Kohno,et al.  Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 , 2016, USENIX Security Symposium.

[107]  Robert N. M. Watson,et al.  Jails: confining the omnipotent root , 2000 .

[108]  Kristian Beckers,et al.  PERSUADED: Fighting Social Engineering Attacks with a Serious Game , 2018, TrustBus.

[109]  Sotiris Ioannidis,et al.  WARDOG: Awareness detection watchbog for Botnet infection on the host device , 2019 .

[110]  Sebastian Pape,et al.  Social engineering defence mechanisms and counteracting training strategies , 2017, Inf. Comput. Secur..

[111]  Zoya Dyka,et al.  Horizontal address-bit DPA against montgomery kP implementation , 2017, 2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[112]  Yue Chen,et al.  Detecting injected behaviors in HTML5-based Android applications , 2016, J. High Speed Networks.

[113]  Gabriel Díaz,et al.  Static analysis of source code security: Assessment of tools against SAMATE tests , 2013, Inf. Softw. Technol..

[114]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[115]  Frank Piessens,et al.  FPDetective: dusting the web for fingerprinters , 2013, CCS.

[116]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[117]  Keke Gai,et al.  An Investigation on Cyber Security Threats and Security Models , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[118]  Brij Bhooshan Gupta,et al.  Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art , 2017, Int. J. Syst. Assur. Eng. Manag..

[119]  Zoya Dyka,et al.  FPGA Implementation of ECC: Low-Cost Countermeasure against Horizontal Bus and Address-Bit SCA , 2018, 2018 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[120]  Ioannis Papaefstathiou,et al.  AmbISPDM - Managing embedded systems in ambient environments and disaster mitigation planning , 2018, Applied intelligence (Boston).

[121]  Nineta Polemi,et al.  S-PORT: "A Secure, Collaborative Environment for the Security Management of Port Information Systems" , 2010, 2010 Fifth International Conference on Internet and Web Applications and Services.

[122]  Alexander Dekhtyar,et al.  Information Retrieval , 2018, Lecture Notes in Computer Science.

[123]  Christophe Clavier,et al.  Horizontal Correlation Analysis on Exponentiation , 2010, ICICS.

[124]  Balachander Krishnamurthy,et al.  Privacy leakage vs . Protection measures : the growing disconnect , 2011 .

[125]  Ioannis Papaefstathiou,et al.  Real-time management of railway CPS secure administration of IoT and CPS infrastructure , 2017, 2017 6th Mediterranean Conference on Embedded Computing (MECO).

[126]  Stefan Fenz,et al.  Automated Risk and Utility Management , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[127]  Ioannis G. Askoxylakis,et al.  CloudNet Anti-malware Engine: GPU-Accelerated Network Monitoring for Cloud Services , 2018, IOSec@RAID.

[128]  Thomas Johnson,et al.  Computer Security Incident Handling Guide , 2005 .

[129]  Kristian Beckers,et al.  A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology , 2016, HAISA.

[130]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[131]  Eduardo Gómez-Sánchez,et al.  Cloud computing and education: A state-of-the-art survey , 2015, Comput. Educ..

[132]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[133]  Muneer Bani Yassein,et al.  Internet of Things: Survey and open issues of MQTT protocol , 2017, 2017 International Conference on Engineering & MIS (ICEMIS).

[134]  Cuong Pham,et al.  CyRIS: a cyber range instantiation system for facilitating security training , 2016, SoICT.

[135]  Olaf Owe,et al.  A sound and complete reasoning system for asynchronous communication with shared futures , 2014, J. Log. Algebraic Methods Program..

[136]  Fabio Martinelli,et al.  Cyber-insurance survey , 2017, Comput. Sci. Rev..

[137]  A. G. Kleppe,et al.  A Language Description is More than a Metamodel , 2007 .

[138]  Frank S. de Boer,et al.  A Survey of Active Object Languages , 2017, ACM Comput. Surv..

[139]  Roberto Baldoni,et al.  Malware Triage Based on Static Features and Public APT Reports , 2017, CSCML.

[140]  Sotiris Ioannidis,et al.  TALON: An Automated Framework for Cross-Device Tracking Detection , 2018, RAID.

[141]  Sotiris Ioannidis,et al.  The CE-IoT Framework for Green ICT Organizations: The interplay of CE-IoT as an enabler for green innovation and e-waste management in ICT , 2019, 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS).

[142]  Carlisle M. Adams,et al.  Lightweight protection against brute force login attacks on Web applications , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[143]  Robert N. M. Watson,et al.  A taste of Capsicum , 2012, Commun. ACM.

[144]  Reiner Hähnle,et al.  ABS: A Core Language for Abstract Behavioral Specification , 2010, FMCO.

[145]  Balachander Krishnamurthy,et al.  On the leakage of personally identifiable information via online social networks , 2009, CCRV.

[146]  Ana Ferreira,et al.  Principles of Persuasion in Social Engineering and Their Use in Phishing , 2015, HCI.

[147]  Suresh Damodaran,et al.  Model based verification of cyber range event environments , 2016, SpringSim.

[148]  Georg Carle,et al.  Traffic Anomaly Detection Using K-Means Clustering , 2007 .

[149]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[150]  C. Manifavas,et al.  Software Security, Privacy, and Dependability: Metrics and Measurement , 2016, IEEE Software.

[151]  Eric L. McCorkle A Trust Infrastructure for FreeBSD , 2018 .

[152]  Marc Stevens,et al.  The First Collision for Full SHA-1 , 2017, CRYPTO.

[153]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[154]  Sotiris Ioannidis,et al.  You Shall Not Register! Detecting Privacy Leaks Across Registration Forms , 2019, IOSec/MSTEC/FINSEC@ESORICS.

[155]  George Spanoudakis,et al.  Monitoring-Based Certification of Cloud Service Security , 2015, OTM Conferences.

[156]  Roy T. Fielding,et al.  The Apache HTTP Server Project , 1997, IEEE Internet Comput..

[157]  Toktam Ramezanifarkhani,et al.  A Language-Based Approach to Prevent DDoS Attacks in Distributed Object Systems ∗ , 2017 .

[158]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[159]  Qun Li,et al.  A Survey of Fog Computing: Concepts, Applications and Issues , 2015, Mobidata@MobiHoc.

[160]  Xuemin Shen,et al.  Securing Fog Computing for Internet of Things Applications: Challenges and Solutions , 2018, IEEE Communications Surveys & Tutorials.

[161]  Bartolomeo Sapio Certification infrastrUcture for MUlti-Layer cloUd Services , 2013 .

[162]  Charalampos Manifavas,et al.  How Effective Is Your Security Awareness Program? An Evaluation Methodology , 2012, Inf. Secur. J. A Glob. Perspect..

[163]  Sotiris Ioannidis,et al.  Clash of the Trackers: Measuring the Evolution of the Online Tracking Ecosystem , 2019, TMA.

[164]  Sumit Gulwani,et al.  A Numerical Abstract Domain Based on Expression Abstraction and Max Operator with Application in Timing Analysis , 2008, CAV.

[165]  Mario Jino,et al.  Analysis of the effect of Java software faults on security vulnerabilities and their detection by commercial web vulnerability scanner tool , 2010, 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W).

[166]  Silvio Ranise,et al.  MQTTSA: A Tool for Automatically Assisting the Secure Deployments of MQTT Brokers , 2019, 2019 IEEE World Congress on Services (SERVICES).

[167]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[168]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[169]  Kristian Beckers,et al.  HATCH: Hack And Trick Capricious Humans - A Serious Game on Social Engineering , 2016, BCS HCI.

[170]  Sotiris Ioannidis,et al.  The Long-Standing Privacy Debate: Mobile Websites vs Mobile Apps , 2017, WWW.

[171]  Patrick Lardieri,et al.  National Cyber Range (NCR) automated test tools: Implications and application to network-centric support tools , 2010, 2010 IEEE AUTOTESTCON.

[172]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[173]  Vitaly Shmatikov,et al.  Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks , 2014, NDSS.

[174]  Xavier Masip-Bruin,et al.  Foggy clouds and cloudy fogs: a real need for coordinated management of fog-to-cloud computing systems , 2016, IEEE Wireless Communications.

[175]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[176]  Xavi Masip-Bruin,et al.  Securing Combined Fog-to-Cloud Systems: Challenges and Directions , 2019 .

[177]  Zoya Dyka,et al.  Evaluation of resistance of ECC designs protected by different randomization countermeasures against horizontal DPA attacks , 2017, 2017 IEEE East-West Design & Test Symposium (EWDTS).

[178]  Emlyn Butterfield,et al.  Gamification for Teaching and Learning Computer Security in Higher Education , 2016, ASE @ USENIX Security Symposium.

[179]  John K. Zao,et al.  OpenFog security requirements and approaches , 2017, 2017 IEEE Fog World Congress (FWC).

[180]  Tudor Dumitras,et al.  Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI , 2017, CCS.

[181]  Adi Shamir,et al.  Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs , 2008, CHES.

[182]  Éliane Jaulmes,et al.  Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations , 2013, CT-RSA.

[183]  Eva Marín-Tordera,et al.  Balancing Security Guarantees vs QoS Provisioning in Combined Fog-to-Cloud Systems , 2019, 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[184]  Ye Guo,et al.  Blockchain application and outlook in the banking industry , 2016, Financial Innovation.

[185]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[186]  Frank Stajano,et al.  Understanding scam victims , 2011, Commun. ACM.

[187]  Xenofontas A. Dimitropoulos,et al.  Histogram-based traffic anomaly detection , 2009, IEEE Transactions on Network and Service Management.

[188]  Song Li,et al.  (Cross-)Browser Fingerprinting via OS and Hardware Level Features , 2017, NDSS.