Share This Author
A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements
- Mina Deng, Kim Wuyts, R. Scandariato, B. Preneel, W. Joosen
- Computer ScienceRequirements Engineering
- 1 March 2011
This paper presents a comprehensive framework to model privacy threats in software-based systems and provides an extensive catalog of privacy-specific threat tree patterns that can be used to detail the threat analysis outlined above.
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
- Nick Nikiforakis, A. Kapravelos, W. Joosen, Christopher Krügel, F. Piessens, Giovanni Vigna
- Computer ScienceIEEE Symposium on Security and Privacy
- 19 May 2013
By analyzing the code of three popular browser-fingerprinting code providers, it is revealed the techniques that allow websites to track users without the need of client-side identifiers and how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques.
RIPE: runtime intrusion prevention evaluator
- John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, W. Joosen
- Computer ScienceACSAC '11
- 5 December 2011
RIPE is presented, an extension of Wilander's and Kamkar's testbed which covers 850 attack forms and provides a standard way of testing the coverage of a defense mechanism against buffer overflows, and shows that the most popular, publicly available countermeasures cannot prevent all of RIPE's buffer overflow attack forms.
Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation
- V. Pochat, Tom van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczyński, W. Joosen
- Computer ScienceNDSS
- 4 June 2018
It is found that it is trivial for an adversary to manipulate the composition of these lists, and the first to empirically validate that the ranks of domains in each of the lists are easily altered through as little as a single HTTP request.
Automated Website Fingerprinting through Deep Learning
- Vera Rimmer, D. Preuveneers, Marc Juárez, Tom van Goethem, W. Joosen
- Computer ScienceNDSS
- 21 August 2017
It is shown that an adversary can automate the feature engineering process, and thus automatically deanonymize Tor traffic by applying the novel method based on deep learning, which concludes that the ability to automatically construct the most relevant traffic features and perform accurate traffic recognition makes the deep learning based approach an efficient, flexible and robust technique for website fingerprinting.
Predicting Vulnerable Software Components via Text Mining
- R. Scandariato, J. Walden, A. Hovsepyan, W. Joosen
- Computer ScienceIEEE Transactions on Software Engineering
- 1 October 2014
In an exploratory validation with 20 Android applications, it is discovered that a dependable prediction model can be built and could be useful to prioritize the validation activities, e.g., to identify the components needing special scrutiny.
PriVaricator: Deceiving Fingerprinters with Little White Lies
In PriVaricator the power of randomization is used to "break" linkability by exploring a space of parameterized randomization policies, and renders all the fingerprinters tested ineffective, while causing minimal damage on a set of 1000 Alexa sites on which they were tested.
An Analysis of the Security Patterns Landscape
- Thomas Heyman, Koen Yskout, R. Scandariato, W. Joosen
- Computer ScienceThird International Workshop on Software…
- 20 May 2007
This paper analyzes an extensive set of published security patterns according to several dimensions and outlines the directions for improvement.
A system of security patterns
An extensive inventory in which security patterns are collected to form a coherent system is presented, which provides a uniform description and enhances the patterns by means of meta-information enabling and facilitating both the search for and the selection of the right pattern for the job.