Research

Why don’t employees follow security policy ?

Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness Burcu Bulgurcu and researchers from the Saunders School of Business at the University of British Colombia looked into the problem of employees not complying with security policy.  Security policy is (generally) put in place to protect the company from attacks directed …

Science, Security, and the Elusive Goal of Security as a Scientific Pursuit

Cormac Herley presents work done with Paul van Oorshot on some historic ideas that might help us work towards a common science for information security.  This is something that we all need in order to progress the field. “Claims that uniques aspects of security exempt it from a scientific approach are unhelpful.”  There has been …

Why would a criminal videotape their crimes? Crime and Punishment in the Age of the Selfie

Criminals documenting themselves doing something illegal seems counterproductive. Creating a video that could prove their guilt seems bizarre.  Even though it is illogical, it still happens.  Sveinung Sandberg and Thomas Ugelvik looked into this phenomenon.  They analyzed 51 Norwegian higher court decisions involving the use of a camera as an integrated part of an offence.  …

Image-Centric Social Discovery Using Neural Network under Anonymity Constraint

A common part of social networks is sharing images. Storing and processing these images to provide engaging services to customers is resource intensive and social networks often rely on cloud services to provide these resources. This creates a potential security risk for the users of the social network platform. Simply encrypting the images before uploading …

Benjamin Fung – Kam1n0 Assembly Clone Search for Reverse Engineering

Presented at the Spring 2016 SERENE-RISC Workshop. Assembly code analysis is one of the critical processes for mitigating the exponentially increasing threats from malicious software. It is also a common practice for detecting and justifying software plagiarism and software patent infringements when the source code is unavailable. However, it is a manually intensive and time-consuming …

Privacy Loss in Apple’s Implementation of Differential Privacy on MacOS 10.12

Differential privacy (DP) provides a way to quantify privacy. A privacy budget quantitatively measures by how much the risk to an individual’s privacy may increase due to the inclusion of certain data. The higher the value, the less privacy protection is provided. This paper by Jun Tang, Aleksandra Korolova, Xiaolong Bai, Xueqiang Wang, and Xiaofeng Wang identifies the components …

Mining the Networks of Telecommunication Fraud Groups using Social Network Analysis

Telecommunications fraud groups, the ones running scams over the telephone are a problem around the world. Taiwan is no exception with a number of related arrests in the past decade.  Telecom fraud group. Yi-Chun Chang, Kuan-Ting Lai, Seng-Cho T. Chou and Ming-Syan Chen wanted to learn more about how these fraud groups operate through Social …