Endre søk
Link to record
Permanent link

Direct link
Publikasjoner (10 av 117) Visa alla publikasjoner
Wairimu, S., Iwaya, L. H., Fritsch, L. & Lindskog, S. (2024). On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review. IEEE Access, 12, 19625-19650
Åpne denne publikasjonen i ny fane eller vindu >>On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review
2024 (engelsk)Inngår i: IEEE Access, E-ISSN 2169-3536, Vol. 12, s. 19625-19650Artikkel, forskningsoversikt (Fagfellevurdert) Published
Abstract [en]

Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidence-based practices. 

sted, utgiver, år, opplag, sider
IEEE, 2024
Emneord
Privacy impact assessment, data protection impact assessment, general data protection regulation, privacy by design, privacy, review, threat modeling, privacy risks, validity, maturity.
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-98433 (URN)10.1109/access.2024.3360864 (DOI)001161062400001 ()2-s2.0-85184332904 (Scopus ID)
Prosjekter
Digital Health Innovation (DHINO) ProjectDigitalWell Arena Project
Forskningsfinansiär
Region Värmland, RUN/220266Vinnova, 2018-03025
Tilgjengelig fra: 2024-02-09 Laget: 2024-02-09 Sist oppdatert: 2024-09-25bibliografisk kontrollert
Myklebust, T., Onshus, T., Lindskog, S., Vatshaug Ottermo, M. & Bodsberg, L. (2021). Data Safety, Sources, and Data Flow in the Offshore Industry. In: Bruno Castanier; Marko Cepin; David Bigaud; Christophe Berenguer (Ed.), Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021): 19 – 23 September 2021. Angers, France.. Paper presented at 31st European Safety and Reliability Conference, Angers, France, September 19-23, 2021 (pp. 1538-1545). Singapore: Research Publishing
Åpne denne publikasjonen i ny fane eller vindu >>Data Safety, Sources, and Data Flow in the Offshore Industry
Vise andre…
2021 (engelsk)Inngår i: Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021): 19 – 23 September 2021. Angers, France. / [ed] Bruno Castanier; Marko Cepin; David Bigaud; Christophe Berenguer, Singapore: Research Publishing , 2021, s. 1538-1545Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Digitization may provide increased access to and more efficient use of real-time and historical data, internally as well as externally in an organization. However, when information from industrial control systems (ICS) becomes more available in office IT systems and in the “cloud”, ICS systems may become more vulnerable and attractive targets for cyberattacks. We have investigated data safety in ICS in the Norwegian offshore sector when data is processed from ICS to the office network. The work is mainly based on document review and nine interviews with selected oil companies, rig companies and service providers of operational data. The paper addresses strengths and threats related to data safety with emphasis on (1) Data sources and data flow, (2) Safety and security of data, (3) Data cleaning and processing, (4) Contextualization, (5) Validation, and (6) Quality assurance. We also discuss shortcomings for functional safety in current standards such as IEC 61508 and IEC 61511 and standard series for security, IEC 62443. It is a major challenge for the industry that there are no good international standards and guidelines that define the relevant terminology across IT systems and ICS. Future work should address data safety challenges when applying artificial intelligence and machine learning in ICS systems.

sted, utgiver, år, opplag, sider
Singapore: Research Publishing, 2021
Emneord
Data, safety, data flow, data sources, security
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-98457 (URN)978-981-18-2016-8 (ISBN)
Konferanse
31st European Safety and Reliability Conference, Angers, France, September 19-23, 2021
Merknad

10.3850/978-981-18-2016-8 099-cd

Tilgjengelig fra: 2024-02-12 Laget: 2024-02-12 Sist oppdatert: 2024-03-07bibliografisk kontrollert
Myklebust, T., Onshus, T., Lindskog, S., Vatshaug Ottermo, M. & Lundteigen, M. A. (2021). Datakvalitet ved digitalisering i petroleumssektoren: IKT-sikkerhet – Robusthet i petroleumssektoren 2020. Trondheim, Norge: SINTEF
Åpne denne publikasjonen i ny fane eller vindu >>Datakvalitet ved digitalisering i petroleumssektoren: IKT-sikkerhet – Robusthet i petroleumssektoren 2020
Vise andre…
2021 (norsk)Rapport (Annet vitenskapelig)
Abstract [no]

Formålet med denne rapporten er å undersøke hvilke datakilder og data som benyttes iindustrielle IKT-systemer og hvordan data behandles og prosesseres før de gjørestilgjengelig i kontornettet. Styrker og sårbarheter knyttet til datakvalitet og sikring av datablir diskutert.

Denne rapporten er en av seks SINTEF-rapporter fra prosjektet: "IKT-sikkerhet – Robustheti petroleumssektoren 2020". Prosjektet har innhentet kunnskap om risiko, sårbarheter ogIKT-sikkerhet for industrielle IKT-systemer.

sted, utgiver, år, opplag, sider
Trondheim, Norge: SINTEF, 2021. s. 63
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-98458 (URN)978-82-14-06477-3 (ISBN)
Tilgjengelig fra: 2024-02-12 Laget: 2024-02-12 Sist oppdatert: 2024-05-10bibliografisk kontrollert
Bartnes, M. & Lindskog, S. (2021). Innlegg: Det neste hackerangrepet kan ramme Norge. Dagens Næringsliv, 13 maj
Åpne denne publikasjonen i ny fane eller vindu >>Innlegg: Det neste hackerangrepet kan ramme Norge
2021 (norsk)Inngår i: Dagens Næringsliv, ISSN 0803-9372, Vol. 13 majArtikkel i tidsskrift, News item (Annet (populærvitenskap, debatt, mm)) Published
sted, utgiver, år, opplag, sider
NHST Media Group, 2021
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-98459 (URN)
Tilgjengelig fra: 2024-02-12 Laget: 2024-02-12 Sist oppdatert: 2024-05-07bibliografisk kontrollert
Afzal, Z., Brunström, A. & Lindskog, S. (2021). Using Features of Encrypted Network Traffic to Detect Malware. In: Mikael Asplund; Simin Nadjm-Tehrani (Ed.), Secure IT Systems: 25th Nordic Conference, NordSec 2020, Virtual Event, November 23–24, 2020, Proceedings. Paper presented at The 25th Nordic Conference on Secure IT Systems (NordSec 2020). Springer Publishing Company
Åpne denne publikasjonen i ny fane eller vindu >>Using Features of Encrypted Network Traffic to Detect Malware
2021 (engelsk)Inngår i: Secure IT Systems: 25th Nordic Conference, NordSec 2020, Virtual Event, November 23–24, 2020, Proceedings / [ed] Mikael Asplund; Simin Nadjm-Tehrani, Springer Publishing Company, 2021Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Encryption on the Internet is as pervasive as ever. This hasprotected communications and enhanced the privacy of users. Unfortu-nately, at the same time malware is also increasingly using encryptionto hide its operation. The detection of such encrypted malware is cru-cial, but the traditional detection solutions assume access to payloaddata. To overcome this limitation, such solutions employ traffic decryp-tion strategies that have severe drawbacks. This paper studies the usageof encryption for malicious and benign purposes using large datasets andproposes a machine learning based solution to detect malware using con-nection and TLS metadata without any decryption. The classification isshown to be highly accurate with high precision and recall rates by usinga small number of features. Furthermore, we consider the deployment as-pects of the solution and discuss different strategies to reduce the falsepositive rate.

sted, utgiver, år, opplag, sider
Springer Publishing Company, 2021
Serie
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 12556
Emneord
malware, encryption, TLS, detection, machine learning
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-81466 (URN)10.1007/978-3-030-70852-8_3 (DOI)2-s2.0-85103538148 (Scopus ID)978-3-030-70851-1 (ISBN)978-3-030-70852-8 (ISBN)
Konferanse
The 25th Nordic Conference on Secure IT Systems (NordSec 2020)
Prosjekter
High Quality Networked Services in a Mobile WorldHITS
Forskningsfinansiär
Knowledge Foundation, 20140037
Merknad

Artikeln ingick som manuskript i Afzals (2020) doktorsavhandling Life of a Security Middlebox: Challenges with Emerging Protocols and Technologies

Tilgjengelig fra: 2020-11-24 Laget: 2020-11-24 Sist oppdatert: 2021-06-07bibliografisk kontrollert
Voronkov, A., Martucci, L. & Lindskog, S. (2020). Measuring the Usability of Firewall Rule Sets. IEEE Access, 8, 27106-27121
Åpne denne publikasjonen i ny fane eller vindu >>Measuring the Usability of Firewall Rule Sets
2020 (engelsk)Inngår i: IEEE Access, E-ISSN 2169-3536, Vol. 8, s. 27106-27121Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Firewalls are computer systems that assess the network traffic using an ideally coherentand manageable set of rules. This study aims to provide means to measure the usability of firewall rulesets in terms of how easily IT professionals can understand and manage them. First, we conductedsemi-structured interviews with system administrators wherein we obtained the usability challenges relatedto the management of firewall rule sets. This was followed by the analysis of related work. The interviewresults were combined with the findings from the related work. Accordingly, we acquired four usabilityattributes related to the manageability of firewalls; these were formally defined. We tested and measured thecognitive aspects related to the structure and ordering of the rules through a user study. A third user studywith system administrators validated our metrics. It exhibited a very strong correlation between the metricsand how the administrators characterized usability.

sted, utgiver, år, opplag, sider
IEEE, 2020
Emneord
Firewall rule set, iptables, formalization, metrics, usability, user study
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-64702 (URN)10.1109/ACCESS.2020.2971093 (DOI)000525466900049 ()2-s2.0-85081103052 (Scopus ID)
Prosjekter
HITS, 4707
Merknad

Artikeln publicerad som manuskript i Voronkovs lic.uppsats.

Tilgjengelig fra: 2017-10-17 Laget: 2017-10-17 Sist oppdatert: 2024-07-23bibliografisk kontrollert
Voronkov, A., Martucci, L. & Lindskog, S. (2019). System Administrators Prefer Command Line Interfaces, Don’t They?: An Exploratory Study of Firewall Interfaces. In: Proceedings of the fifteenth symposium on usable privacy and security (Soups 2019): . Paper presented at 15th Symposium on Usable Privacy and Security, Santa Clara, CA. AUG 12-13, 2019 (pp. 259-271). Berkeley, USA: USENIX - The Advanced Computing Systems Association
Åpne denne publikasjonen i ny fane eller vindu >>System Administrators Prefer Command Line Interfaces, Don’t They?: An Exploratory Study of Firewall Interfaces
2019 (engelsk)Inngår i: Proceedings of the fifteenth symposium on usable privacy and security (Soups 2019), Berkeley, USA: USENIX - The Advanced Computing Systems Association, 2019, s. 259-271Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

A graphical user interface (GUI) represents the most common option for interacting with computer systems. However, according to the literature system administrators often favor command line interfaces (CLIs). The goal of our work is to investigate which interfaces system administrators prefer, and which they actually utilize in their daily tasks. We collected experiences and opinions from 300 system administrators with the help of an online survey. All our respondents are system administrators, who work or have worked with firewalls. Our results show that only 32% of the respondents prefer CLIs for managing firewalls, while the corresponding figure is 60%for GUIs. We report the mentioned strengths and limitations of each interface and the tasks for which they are utilized by the system administrators. Based on these results, we provide design recommendations for firewall interfaces.

sted, utgiver, år, opplag, sider
Berkeley, USA: USENIX - The Advanced Computing Systems Association, 2019
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-76774 (URN)000527571900015 ()2-s2.0-85076095048 (Scopus ID)978-1-939133-05-2 (ISBN)
Konferanse
15th Symposium on Usable Privacy and Security, Santa Clara, CA. AUG 12-13, 2019
Prosjekter
HITS, 4707
Forskningsfinansiär
Knowledge Foundation
Tilgjengelig fra: 2020-02-16 Laget: 2020-02-16 Sist oppdatert: 2021-01-21bibliografisk kontrollert
Afzal, Z., Garcia, J., Lindskog, S. & Brunström, A. (2019). Using Partial Signatures in Intrusion Detection for Multipath TCP. In: Aslan Askarov, René Rydhof Hansen, Willard Rafnsson (Ed.), Secure IT-systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings. Paper presented at NordSec2019: 24th Nordic Conference on Secure IT Systems, 18-20 November, 2019, Aalborg, Denmark, (pp. 71-86). Cham, Switzerland: Springer
Åpne denne publikasjonen i ny fane eller vindu >>Using Partial Signatures in Intrusion Detection for Multipath TCP
2019 (engelsk)Inngår i: Secure IT-systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings / [ed] Aslan Askarov, René Rydhof Hansen, Willard Rafnsson, Cham, Switzerland: Springer, 2019, s. 71-86Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Traditional security mechanisms such as signature basedintrusion detection systems (IDSs) attempt to find a perfect match of aset of signatures in network traffic. Such IDSs depend on the availabilityof a complete application data stream. With emerging protocols such asMultipath TCP (MPTCP), this precondition cannot be ensured, result-ing in false negatives and IDS evasion. On the other hand, if approximatesignature matching is used instead in an IDS, a potentially high numberof false positives make the detection impractical. In this paper, we showthat, by using a specially tailored partial signature matcher and knowl-edge about MPTCP semantics, the Snort3 IDS can be empowered withpartial signature detection. Additionally, we uncover the type of Snort3rules suitable for the task of partial matching. Experimental results withthese rules show a low false positive rate for benign traffic and highdetection coverage for attack traffic.

sted, utgiver, år, opplag, sider
Cham, Switzerland: Springer, 2019
Serie
Lecture Notes in Computer Science, ISSN 0302-9743 ; 11875
HSV kategori
Forskningsprogram
Datavetenskap; Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-75755 (URN)10.1007/978-3-030-35055-0_5 (DOI)
Konferanse
NordSec2019: 24th Nordic Conference on Secure IT Systems, 18-20 November, 2019, Aalborg, Denmark,
Prosjekter
HITS, 4707
Forskningsfinansiär
Knowledge Foundation
Tilgjengelig fra: 2019-11-14 Laget: 2019-11-14 Sist oppdatert: 2020-06-18bibliografisk kontrollert
Afzal, Z., Garcia, J., Lindskog, S. & Brunström, A. (2018). Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications. In: Proceedings of NTMS 2018 Conference and Workshop: . Paper presented at 9th IFIP International Conference on New Technologies, Mobility and Security, 26-28 February 2018, Paris, France (pp. 1-5). New York: IEEE
Åpne denne publikasjonen i ny fane eller vindu >>Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications
2018 (engelsk)Inngår i: Proceedings of NTMS 2018 Conference and Workshop, New York: IEEE, 2018, s. 1-5Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Levenshtein distance is well known for its use in comparing two strings for similarity. However, the set of considered edit operations used when comparing can be reduced in a number of situations. In such cases, the application of the generic Levenshtein distance can result in degraded detection and computational performance. Other metrics in the literature enable limiting the considered edit operations to a smaller subset. However, the possibility where a difference can only result from deleted bytes is not yet explored. To this end, we propose an insert-only variation of the Levenshtein distance to enable comparison of two strings for the case in which differences occur only because of missing bytes. The proposed distance metric is named slice distance and is formally presented and its computational complexity is discussed. We also provide a discussion of the potential security applications of the slice distance.

sted, utgiver, år, opplag, sider
New York: IEEE, 2018
Emneord
Measurement, Pattern matching, Time complexity, Transforms, Security, DNA
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-67012 (URN)10.1109/NTMS.2018.8328718 (DOI)000448864200049 ()978-1-5386-3662-6 (ISBN)978-1-5386-3663-3 (ISBN)
Konferanse
9th IFIP International Conference on New Technologies, Mobility and Security, 26-28 February 2018, Paris, France
Prosjekter
HITS, 4707
Forskningsfinansiär
Knowledge Foundation, 4707
Tilgjengelig fra: 2018-04-17 Laget: 2018-04-17 Sist oppdatert: 2020-01-14bibliografisk kontrollert
Voronkov, A., Iwaya, L. H., Martucci, L. & Lindskog, S. (2018). Systematic Literature Review on Usability of Firewall Configuration. ACM Computing Surveys, 50(6), Article ID 87.
Åpne denne publikasjonen i ny fane eller vindu >>Systematic Literature Review on Usability of Firewall Configuration
2018 (engelsk)Inngår i: ACM Computing Surveys, ISSN 0360-0300, E-ISSN 1557-7341, Vol. 50, nr 6, artikkel-id 87Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Firewalls are network security components that handle incoming and outgoing network traffic based on a set of rules. The process of correctly configuring a firewall is complicated and prone to error, and it worsens as the network complexity grows. A poorly configured firewall may result in major security threats; in the case of a network firewall, an organization’s security could be endangered, and in the case of a personal firewall, an individual computer’s security is threatened. A major reason for poorly configured firewalls, as pointed out in the literature, is usability issues. Our aim is to identify existing solutions that help professional and non-professional users to create and manage firewall configuration files, and to analyze the proposals in respect of usability. A systematic literature review with a focus on the usability of firewall configuration is presented in the article. Its main goal is to explore what has already been done in this field. In the primary selection procedure, 1,202 articles were retrieved and then screened. The secondary selection led us to 35 articles carefully chosen for further investigation, of which 14 articles were selected and summarized. As main contributions, we propose a taxonomy of existing solutions as well as a synthesis and in-depth discussion about the state of the art in firewall usability. Among the main findings, we perceived that there is a lack (or even an absence) of usability evaluation or user studies to validate the proposed models. Although all articles are related to the topic of usability, none of them clearly defines it, and only a few actually employ usability design principles and/or guidelines.

sted, utgiver, år, opplag, sider
New York, NY, USA: Association for Computing Machinery (ACM), 2018
Emneord
usability, Firewall, systematic literature review, visualization
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-65622 (URN)10.1145/3130876 (DOI)000419881700010 ()
Prosjekter
HITS, High Quality Networked Services in a Mobile World (4707)
Forskningsfinansiär
Knowledge Foundation
Tilgjengelig fra: 2018-01-18 Laget: 2018-01-18 Sist oppdatert: 2020-02-27bibliografisk kontrollert
Organisasjoner
Identifikatorer
ORCID-id: ORCID iD iconorcid.org/0000-0003-0778-4736