Daniel Bastos

Topic: 
Multi-Staged Attacks & Advanced Malware
Research work: 

To develop techniques that improve the likelihood of detecting evasions unfolding of potentially long periods of time. To develop new defence mechanisms for general classes of malware including as-yet unseen variants of current examples and defences that combine protection against binary-exploits with likely use of social engineering and other mechanisms (such as privilege escalation) in multi-stage attacks.

ESRs Publications

Description:

Starting on May 25th of 2018 all EU countries begin to apply the General Data Protection Regulation (GDPR). This aims to protect and regulate data privacy and applies to any organization that holds or processes data on EU citi-zens, regardless of where it is headquartered. The penalties for non-compliance can be as high as 4% of global revenue for companies. As a result, compliance with GDPR is a must for companies who deal with users’ data. The hallmark for data collection nowadays is Internet of Things devices. With sensors capturing every piece of information from the surrounding environment, concerns about privacy and data breaches have never been so vital. This document introduces GDPR concepts and principles, analyses the challenges of data protection in IoT systems, discusses the privacy implications and potential issues, presents some mitigation approaches and draws conclusions and future steps.

Description:

With the introduction of the Amazon Echo family and Google devices like Chromecast and Home the adoption of IoT devices in the household is bound to increase exponentially this year. While usability is at the front and centre of the experience to facilitate the adoption and use of these new devices, security and privacy are often an afterthought. As a consequence, a dangerous environment of opportunity is available for malicious actors to exploit vulnerable devices sitting in domestic houses. Recent history shows that an attack on IoT devices can be both easy and have destructive consequences, with Internet services like Dyn suffering huge DDoS attacks that affected millions of Internet users. In addition, lots of cheap devices are being released in the market with little to zero security features. Therefore, it’s of paramount importance to address the security issues in the IoT space, especially in home and city environments. Privacy and individual safety are at risk given how personal these devices are and how they are going to shape the future of society. This paper presents a comprehensive survey of current IoT technologies and security issues with a focus on the Smart Home and City environments. We discuss possible solutions for improving IoT security that not only focus on today’s endpoint device security issues, but also the anticipated future attacks on data protocols and connectivity.