25/11/2024, 21:06 (PDF) Security and Privacy
Search for publications, researchers, or questions or Discover by subject area Recruit researchers Join for free Login
Download full-text PDF Read full-text Download cit
Home Computer Security and Reliability Privacy
Chapter PDF Available
Security and Privacy
December 2023
DOI:10.1007/978-3-031-41264-6_5
LicenseCC BY 4.0
In book: Multidisciplinary Perspectives on Artificial Intelligence and the Law (pp.81-101)
Authors:
Miguel Correia Luís Rodrigues
Instituto Superior Técnico University of Li…
References (63)
Abstract
Discover the world's
Computer security or cybersecurity is concerned with the proper functioning of computer
systems despite the actions of adversaries. Privacy is about a person or group ability to
research
control how, when, and to what extent their personally identifiable information is shared. The
25+ million members
chapter starts by defining security and privacy and explaining why they are problems. Then, it
presents some of the scientific and technological achievements in the two areas, highlighting 160+ million publication pages
some research trends. Afterwards, the chapter relates security and privacy to the main topics
of the book: machine learning as part of artificial intelligence. Finally, the chapter illustrates 2.3+ billion citations
the relevance of ML in the area using censorship resistance as an example.
Join for free
Public Full-text 1
Available via license: CC BY 4.0
Content may be subject to copyright.
Security and Privacy
Miguel Correia and Luís Rodrigues
https://www.researchgate.net/publication/376852706_Security_and_Privacy 1/9
�25/11/2024, 21:06 (PDF) Security and Privacy
Abstract Computer security or cybersecurity is concerned with the proper func-
tioning of computer systems despite the actions of adversaries. Privacy is about
a person or group ability to control how, when, and to what extent their personally
identifiable information isshared. The chapter starts by definingsecurity and privacy
and explaining why they are problems. Then, it presents some of the scientific and
technological achievements in the two areas, highlighting some research trends.
Afterwards, the chapter relates security and privacy to the main topics of the book:
machine learning as part of artificial intelligence. Finally, the chapter illustrates the
relevance of ML in the area using censorship
Download resistance as an example.
full-text PDF Read full-text Download cit
1 Introduction
Computer security, also designated cybersecurity, is concerned with the proper
functioning of computer systems despite the actions of adversaries (hackers,
cybercriminals, etc.). This proper functioning is expressed in terms of properties
such as confidentiality, integrity, and availability. The discipline emerged in the late
1960s in the US defense context with concerns about the confidentiality of classified
information stored in computers. A 1970 report of the Defense Science Board (Ware
1970) stated that:
With the advent of resource-sharing computer systems that distribute the capabilities and
components of the machine configuration among several users or several tasks, a new
dimension has been added to the problem of safeguarding computer resident classified
information.
Privacy is an old term with related but different meanings. Privacy can be defined
as a person’s (or a group of persons’) ability to control how, when, and to what
M. Correia () · L. Rodrigues
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal
e-mail:
[email protected];
[email protected] © The Author(s) 2024 81
H. Sousa Antunes et al. (eds.), Multidisciplinary Perspectives on Artificial
Intelligence and the Law, Law, Governance and Technology Series 58,
https://doi.org/10.1007/978-3-031-41264-6_5
82 M. Correia and L. Rodrigues
extent his (their) personally identifiable information is communicated to others (Van
Tilborg and Jajodia 2014). The original definition speaks of personal information,
but today the broader term personally identifiable information (PII) is used instead
to denote that some data that is not strictly personal can be used directly or
indirectly to identify a person (e.g., an IP address or data about colleagues)
(McCallister et al. 2010). Relevant properties include anonymity, unobservability,
and PII confidentiality. Privacy in the context of computer systems also emerged in
the 1960s or 1970s (Miller 1971). The area gained much relevance recently with the
European General Data Protection1 Regulation (GDPR) (European Parliament and
European Council 2016) and similar legislation in other countries.
Security and privacy are tightly related disciplines. Privacy to some extend
is about the security, mostly confidentiality, of personal identifiers and personal
information. However, privacy includes aspects that are barely related to classical
security. Two examples are statistical disclosure control (Dalenius 1977) and differ-
ential privacy (Dwork 2006). The oldest, and one of the top, scientific conferences
in the area, shows the connection between the two topics starting with its name:
IEEE Symposium on Security and Privacy.
A note has to be made on how security and privacy should be presented today.
Traditionally these topics have been presented in a negative way: bad things can
happen (and they indeed happen as seen in the news) so we must struggle to prevent
them from happening. However, we argue that they should be presented in a positive
way: the digitalization (digital transformation) of our society requires people and
organizations to be able to use computer-based systems with peace of mind, without
excessive concerns about security and privacy. These are the goals of the security
and privacy scientific and technical areas.
In practice, securityand privacy arenot 100% achievablein a certain environment
or system. This is no surprise, as theft or murder were never erradicated in our
society. Therefore, the goal is never to achieve 100% security or privacy, but an
adequate level of risk. Risk takes into account two factors: the probability of some
property being violated and the impact of such violation. The probability depends
https://www.researchgate.net/publication/376852706_Security_and_Privacy 2/9
�25/11/2024, 21:06 (PDF) Security and Privacy
on the level of vulnerability and the level of threat.
The efforts to increase security and privacy are substantial, both from academia
and industry. Today, there are many academic journals and conferences devoted to
the matter, including top conferences such as the IEEE Symposium on Security and
Privacy, ACM Conference on Computer and Communications Security, Network
and Distributed System Security Symposium (NDSS), and Usenix Security. The
industry in thearea is also large. Forinstance, recently Gartner forecasted aspending
of $150.4 billion in security in 2021, with an increase of 12.4% in relation to 2020
(Whitney 2021). Another indicator is the existence of many industrial fairs world-
wide. The largest is probably the RSA Conference, organized in several countries
Download full-text PDF Read full-text Download cit
1 The title suggests the regulation is about data protection, but in fact it is about personal data
protection, i.e., about privacy.
Security and Privacy 83
yearly, and that attracts more than 40,000 participants only in the USA (Government
Technology 2019).
After more than 50 years, security and privacy are vast research areas, with
many facets. Therefore, this chapter provides a necessarily limited summary. It
provides an overview of important topics and recent developments, with a focus
on technology. Other angles such as governance, legal, risk management, security
operations, incident management, and digital forensics are not covered.
The chapter is organized as follows. Section 2 defines security and privacy.
Section 3 explains why security and privacy are problems. Section 4 presents some
of the scientific and technological achievements in the area, highlighting some
research trends. Section 5 relate security and privacy to the main topics of the book:
machine learning aspart of artificial intelligence. Section 6 illustrate therelevance of
ML in the area using censorship resistance as an example. Finally, Sect. 7 concludes
the chapter.
2 Defining Security and Privacy
Expressions like “system X is secure” or “system Y ensures user privacy” are too
vague to be useful. What is useful is to state which set of security and privacy
properties a system satisfies if correctly implemented and configured, given a set of
assumptions about theenvironment (e.g., the computational powerof the adversary).
Security is often expressed in terms derived from trust (Veríssimo et al. 2003).
Trust is the accepted dependence of a person or (sub)system on a set of properties
of another (sub)system. These properties can be of several types, including security
and privacy. The trustworthiness of a (sub)system is the measure in which it meets
the set of properties.
2.1 Security Properties
The three core security properties are confidentiality, integrity, and availability
(CIA):
– Confidentiality: absence of unauthorized data disclosure;
– Integrity: absence of unauthorized data or (sub)system modification;
– Availability: readiness of a (sub)system to provide its service.
Notice two aspects. First, security is concerned with guaranteeing these properties
in the presence of malicious actions of an adversary. This is expressed by the
term unauthorized. Second, these properties are related to the impact of malicious
actions on data (or information) and (sub)systems, but not necessarily on both.
Confidentiality is about data, availability about (sub)systems, and integrity about
both.
https://www.researchgate.net/publication/376852706_Security_and_Privacy 3/9
�25/11/2024, 21:06 (PDF) Security and Privacy
Download full-text PDF Read full-text Download cit
https://www.researchgate.net/publication/376852706_Security_and_Privacy 4/9
�25/11/2024, 21:06 (PDF) Security and Privacy
Download full-text PDF Read full-text Download cit
https://www.researchgate.net/publication/376852706_Security_and_Privacy 5/9
�25/11/2024, 21:06 (PDF) Security and Privacy
Download full-text PDF Read full-text Download cit
Citations (0) References (63)
Sanare: Pluggable Intrusion Recovery for Web Applications
Preprint Full-text available Feb 2021
David R. Matos Miguel Correia Miguel Pardal
View Show abstract
FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications
Conference Paper Full-text available Feb 2021
Diogo Barradas Nuno Santos Luís RodriguesAndré Madeira
View Show abstract
Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC
Conference Paper Full-text available Nov 2020
Diogo Barradas Nuno Santos Luís RodriguesVítor Nunes
View Show abstract
Effective Detection of Multimedia Protocol Tunneling using Machine Learning
Conference Paper Full-text available Aug 2018
Diogo Barradas Nuno Santos Luís Rodrigues
@
View Show abstract
https://www.researchgate.net/publication/376852706_Security_and_Privacy 6/9
�25/11/2024, 21:06 (PDF) Security and Privacy
NIST Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Technical Report Full-text available Apr 2010
Erika MccallisterTim Grance Karen Scarfone
View
DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning
Preprint Full-text available Aug 2018
Milad Nasr Alireza Bahramali Amir Houmansadr
Download full-text PDF Read full-text Download cit
View Show abstract
A Survey on Blockchain Interoperability: Past, Present, and Future Trends
Article Oct 2021
Rafael Belchior André Vasconcelos Sérgio Guerreiro Miguel Correia
View Show abstract
Machine Learning for Credit Card Fraud Detection
Conference Paper Jun 2021
Yuxin GaoShuoming ZhangJiapeng Lu
View
Censored Contagion: How Information on the Coronavirus is Managed on Chinese Social Media
Research Mar 2020
Lotus RuanMasashi Crete-NishihataJeffrey Knockel
View Show abstract
Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
Conference Paper Oct 2018
Payap SirinamMohsen ImaniMarc Juarez Matthew Wright
View Show abstract
Show more
https://www.researchgate.net/publication/376852706_Security_and_Privacy 7/9
�25/11/2024, 21:06 (PDF) Security and Privacy
Recommended publications Discover more about: Privacy
Article Full-text available Chapter
Comprehensive Artificial Intelligence Vulnerability Computer Security and Privacy: Principles and Practice
Taxonomy June 2023
June 2024 · European Conference on Cyber Warfare and Security
P. SathyarajK Kannan
Arttu Pispa Kimmo Halunen
Download full-text PDF This book, titled "Cutting-Edge Technologies in Innovations inRead
Computer
full-text Download cit
With the rise of artificial intelligence (AI) systems and machine learning (ML), Science and Engineering" is a comprehensive guide to the latest
there is a need for a comprehensive vulnerability framework that takes into advancements and trends in computer science and engineering. It is
account the specifics of AI systems. A review of the currently available intended to serve as a reference for students, researchers, and
frameworks shows that even though there have been some efforts to create professionals who are interested in exploring the rapidly evolving field of
AI specific frameworks, the end results have been flawed. Previous work computer science and engineering. The book includes ... [Show full abstract]
analysed for this paper ... [Show full abstract]
Read more
View full-text
Chapter Preprint Full-text available
Cybersecurity Landscape for Computer Systems Differential Degradation Vulnerabilities in Censorship
September 2023 Circumvention Systems
September 2024
Zhixin Pan Prabhat Mishra
Zhen SunVitaly Shmatikov
Computer systems consist of diverse hardware and software components to
enable us to interact with the digital world. Security and privacy of our digital Several recently proposed censorship circumvention systems use encrypted
interactions rely on the trustworthiness of the underlying computer systems.
network channels of popular applications to hide their communications. For
In order to design trustworthy computer systems, it is crucial to identify and example, a Tor pluggable transport called Snowflake uses the WebRTC data
mitigate both hardware and software attacks. In this chapter, we first look at channel, while a system called Protozoa substitutes content in a WebRTC
the source ... [Show full abstract] video-call application. By using the same channel as the cover application
and (in the case of Protozoa) ... [Show full abstract]
Read more
View full-text
Conference Paper Conference Paper
TorKameleon: Improving Tor’s Censorship Resistance POSTER: Traffic Splitting to Counter Website
with K-anonymization and Media-based Covert Chann... Fingerprinting
November 2023 November 2019
Afonso VilalongaJoão S. ResendeHenrique Domingos Wladimir De la CadenaAsya MitsevaJan Pennekamp[...]Andriy
Panchenko
Read more
Website fingerprinting (WFP) is a special type of traffic analysis, which aims
to infer the websites visited by a user. Recent studies have shown that WFP
targeting Tor users is notably more effective than previously expected.
Concurrently, state-of-the-art defenses have been proven to be less
effective. In response, we present a novel WFP defense that splits traffic
over multiple entry nodes to ... [Show full abstract]
Read more
Preprint Full-text available
WFDefProxy: Modularly Implementing and Empirically
Evaluating Website Fingerprinting Defenses
November 2021
Jiajun Gong Wuqi ZhangCharles ZhangTao Wang
Tor, an onion-routing anonymity network, has been shown to be vulnerable
to Website Fingerprinting (WF), which de-anonymizes web browsing by
analyzing the unique characteristics of the encrypted network traffic.
Although many defenses have been proposed, few have been implemented
and tested in the real world; others were only simulated. Due to its synthetic
nature, simulation may fail to capture ... [Show full abstract]
View full-text
Last Updated: 21 Nov 2024
Company Support Business solutions
About us Help Center Advertising
News Recruiting
Careers
© 2008-2024 ResearchGate GmbH. All rights reserved. TermsPrivacyCopyrightImprintConsent preferences
https://www.researchgate.net/publication/376852706_Security_and_Privacy 8/9
�25/11/2024, 21:06 (PDF) Security and Privacy
Download full-text PDF Read full-text Download cit
https://www.researchgate.net/publication/376852706_Security_and_Privacy 9/9
