Academic

Courses

Information Security.  This course provides an introduction to information security. It is designed to help students develop the foundations and skills necessary to understand the vulnerabilities and threats affecting the digital environment. Additionally, it aims to cover the methods and models used for the protection of important information. The course entails the following high-level content:

  • The Digital Environment
  • Objectives for Information Security
  • Models for Threat and Risk Analysis
  • Models for Information Security
  • Protection mechanisms and Security Policies
  • Ethical perspectives on Information Security

More information: https://edu.mah.se/sv/Course/DA351A


Publications

An Analysis of Malicious Threat Agents for the Smart Connected Home

Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson

Abstract Smart connected home systems aim to enhance the comfort, convenience, security, entertainment, and health of the householders and their guests. Despite their advantages, their interconnected characteristics make smart home devices and services prone to various cybersecurity and privacy threats. In this paper, we analyze six classes of malicious threat agents for smart connected homes. We also identify four different motives and three distinct capability levels that can be used to group the different intruders. Based on this, we propose a new threat model that can be used for threat profiling. Both hypothetical and real- life examples of attacks are used throughout the paper. In reflect- ing on this work, we also observe motivations and agents that are not covered in standard agent taxonomies.

Full paper: http://ieeexplore.ieee.org/document/7917623/


On Privacy and Security Challenges in Smart Connected Homes

Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson

Abstract Smart homes have become increasingly popular for IoT products and services with a lot of promises for improving the quality of life of individuals. Nevertheless, the heterogeneous, dynamic, and Internet-connected nature of this environment adds new concerns as private data becomes accessible, often without the householders’ awareness. This accessibility alongside with the rising risks of data security and privacy breaches, makes smart home security a critical topic that deserves scrutiny. In this paper, we present an overview of the privacy and security challenges directed towards the smart home domain. We also identify constraints, evaluate solutions, and discuss a number of challenges and research issues where further investigation is required.

Full paper: http://ieeexplore.ieee.org/document/7870217/


A Pragmatic, Policy Driven Framework for Protection Against Cross-Site Scripting

Joseph Bugeja and Geraint Price

Abstract — As many companies are still struggling to introduce security components such as antivirus, firewalls and spam filters, the security threat landscape has evolved into a much more sophisticated and dangerous environment questioning the effectiveness of traditional protection measures. Cross-Site Scripting (XSS) —according to OWASP—are the most “prevalent and pernicious” Web application security vulnerability. In this paper, we  describe XSS attacks and suggest ways how they can be mitigated.

Full paper: http://cdn.ttgtmedia.com/rms/pdf/Framework.pdf


Manuscripts Reviewed

International Journal of Information Security and Privacy

  • Analysis and text classification of privacy policies from rogue and top-100 Fortune Global companies;
  • Structure Based Analysis of Different Categories of Cyberbullying in Dynamic Social Network;
  • Blind Image Source Device Identification – Practicality and Challenges;
  • Two-stage Automobile Insurance Fraud Detection by Using Optimized Fuzzy C-Means Clustering and Supervised Learning;
  • An Adaptive Privacy Protection Method for Smart Home Environments Using Supervised Learning.

International Symposium on Intelligent Distributed Computing

  • Modeling and Analysis of IoT Energy Resource Exhaustion Attacks.
Advertisements