SACM - United Kingdom
Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9667
Browse
7 results
Search Results
Item Restricted AI-Driven Approaches for Privacy Compliance: Enhancing Adherence to Privacy Regulations(Univeristy of Warwick, 2024-02) Alamri, Hamad; Maple, CarstenThis thesis investigates and explores some inherent limitations within the current privacy policy landscape, provides recommendations, and proposes potential solutions to address these issues. The first contribution of this thesis is a comprehensive study that addresses a significant gap in the literature. This study provides a detailed overview of the current landscape of privacy policies, covering both their limitations and proposed solutions, with the aim of identifying the most practical and applicable approaches for researchers in the field. Second, the thesis tackles the challenge of privacy policy accessibility in app stores by introducing the App Privacy Policy Extractor (APPE) system. The APPE pipeline consists of various components, each developed to perform a specific task and provide insightful information about the apps' privacy policies. By analysing over two million apps in the iOS App Store, APPE offers unprecedented and comprehensive store-wide insights into policy distribution and can act as a mechanism for enforcing privacy policy requirements in app stores automatically. Third, the thesis investigates the issue of privacy policy complexity. By establishing generalisability across app categories and drawing attention to associated matters of time and cost, the study demonstrates that the current situation requires immediate and effective solutions. It suggests several recommendations and potential solutions. Finally, to enhance user engagement with privacy policies, a novel framework utilising a cost-effective unsupervised approach, based on the latest AI innovations, has been developed. The comparison of the findings of this study with state-of-the-art methods suggests that this approach can produce outcomes that are on par with those of human experts, or even surpass them, yet in a more efficient and automated manner.21 0Item Restricted Verification of Smart Contracts using the Interactive Theorem Prover Agda(Swansea University, 2024-07-25) Alhabardi, Fahad; Setzer, AntonThe goal of this thesis is to verify smart contracts in Blockchain. In particular, we focus on smart contracts in Bitcoin and Solidity. In order to specify the correctness of smart contracts, we use weakest preconditions. For this, we develop a model of smart contracts in the interactive theorem prover and dependent type programming language Agda and prove the correctness of smart contracts in it. In the context of Bitcoin, our verification of Bitcoin scripts consists of non-conditional and conditional scripts. For Solidity, we refer to programs using object- oriented features of Solidity, such as calling of other contracts, full recursion, and the use of gas in order to guarantee termination while having a Turing-complete language. We have developed a simulator for Solidity-style smart contracts. As a main example, we executed a reentrancy attack in our model. We have verified smart contracts in Bitcoin and Solidity using weakest precondition in Agda. Furthermore, Agda, combined with the fact that it is a theorem prover and programming language, allows the writing of verified programs, where the verification takes place in the same language in which the program is written, avoiding the problem of translation from one language to another (with possible translation mistakes).7 0Item Restricted Verification of Smart Contracts using the Interactive Theorem Prover Agda(Swansea University, 2024-07-25) Alhabardi, Fahad Faleh; Setzer, AntonThe goal of this thesis is to verify smart contracts in Blockchain. In particular, we focus on smart contracts in Bitcoin and Solidity. In order to specify the correctness of smart contracts, we use weakest preconditions. For this, we develop a model of smart contracts in the interactive theorem prover and dependent type programming language Agda and prove the correctness of smart contracts in it. In the context of Bitcoin, our verification of Bitcoin scripts consists of non-conditional and conditional scripts. For Solidity, we refer to programs using object- oriented features of Solidity, such as calling of other contracts, full recursion, and the use of gas in order to guarantee termination while having a Turing-complete language. We have developed a simulator for Solidity-style smart contracts. As a main example, we executed a reentrancy attack in our model. We have verified smart contracts in Bitcoin and Solidity using weakest precondition in Agda. Furthermore, Agda, combined with the fact that it is a theorem prover and programming language, allows the writing of verified programs, where the verification takes place in the same language in which the program is written, avoiding the problem of translation from one language to another (with possible translation mistakes).11 0Item Restricted CROSS-CULTURAL UNDERSTANDING OF HOW PEOPLE USE SECURE GROUP CHAT TOOLS IN THE UNITED KINGDOM AND SAUDI ARABIA(King’s College London, 2023-08-15) Alrabeah, Ghada; Abu-Salma, RubaGroup communication tools have gained widespread popularity, attracting over a billion users. However, questions arise, how closely are our messages being watched by external parties? Is end-to-end encryption implemented by the application? Many group communication tools either do not offer enough security features to protect their users or make it challenging for them to understand and use these features. This research discusses how users perceive and use secure group communication tools, focusing on users in the United Kingdom and Saudi Arabia. A mixed-methods approach involving interviews with 20 participants and a survey with 204 respondents was conducted. The study reveals key factors driving users' choices, their understanding of security and privacy, their willingness to adopt or not adopt secure group communication tools, and cultural differences. The findings underline the priority factors like popularity, usability, and being free, as influential in tool selection. Users express willingness to use secure tools, yet gaps arise between intention and practice, attributed to misconceptions, motivation, and trust concerns. Privacy practices vary between cultures, with Saudi participants showing more caution. On the other hand, the UK displays higher trust levels in communication tools compared to Saudi Arabia. These cultural influences shape communication priorities, with Saudis leaning toward group communication and the UK prioritizing individual communications. Despite these differences, the study suggests the potential for universally secure applications catering to diverse user needs. The study offers recommendations for tool design that help improve the adoption of secure group communication.5 0Item Restricted Security Countermeasures for Topology and Flooding Attacks in Low Power and Lossy Networks(University of Bristol, 2023-10-06) Algahtani, Fahad Mohammed F; Oikonomou, GeorgeInternet of Things have become an integral part in many industries such as health- care, home automation, automobile, and agriculture. Many applications of IoT use networks of unattended micro battery-operated devices with limited compu- tational power and unreliable communication systems. Such networks are called Low-Power and Lossy Network (LLN) which is based on a stack of protocols de- signed to prolong the life of an application by conserving battery power and mem- ory usage. Most commonly used routing protocol is the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). RPL suffers from vulnerabilities related to routing paths formation, network maintenance, and response to some of its control messages. Specifically, compro- mised nodes can advertise falsified routing information to form sub-optimised paths or trigger network reformations. Furthermore, they can flood a network with join- ing requests to trigger a massive number of replies. No standardised RPL solutions provide the security against such attacks. Moreover, existing literature works are mostly based on using monitoring architectures, public key infrastructure (PKI), or a blacklisting approach. Any monitoring devices must be physically secured and utilising only secure communications which is not easily scaleable. Using PKI in LLNs is still a challenge as certificates management is unsuitable for LLN devices. Blacklisting nodes using their advertise addresses is clearly vulnerable to identity spoofing. Moreover, attacks described in few sentences could miss details which transforms any discussion on impact analysis to be subject to interpretation. Therefore, the aim of this dissertation is to first implement attacks using a developed framework to launch multiple attacks simultaneously on different nodes during specified times. Second, to analyse the strategies of an adversary when launching the aforementioned attacks. Then, the impact of the instigated attacks in each strategy is analysed to establish a baseline for countermeasures evaluation. Finally, security countermeasures for the aforementioned attacks are proposed as well as their performances are evaluated. In countering the attack responsible for forming sub-optimised routing paths, preloading a minimum relative location in each node has filtered out any future attempts to accept false routing metrics. As for the attack causing unnecessary net- work reformations, nodes will only accept cryptographically authenticated routing information to trigger future network rebuilds. Lastly, any faster interarriving join- ing requests will be evaluated against thresholds with hysteresis to adjust RPL’s response to potential floods.28 0Item Restricted Analysing Security Risks in the Architecture of Blockchain-Based Systems and Smart Contracts(Saudi Digital Library, 2023-11-15) Ahmadjee, Sabreen; Rami, BahsoonBlockchain is a revolutionary technology that aims to provide secure, decentralised dis- tributed systems where users can share, store and verify transactional data without the need for a central authority to perform authentication or verification. However, the widespread use of this technology, especially after the emergence of smart contracts, the blockchain-based computer programs, has incentivised attackers to exploit its existing security challenges. Moreover, the distinguishing properties and internal complex structure of the technology in- crease the chance of making poorly informed architectural design decisions, which might in- troduce security weaknesses to the systems supported by blockchain. Malicious attacks with severe consequences result from weak designs in blockchain systems and smart contracts. For instance, in recent years, the decentralised finance (DeFi) sector experienced a series of high- profile attacks resulting in multi million-dollar losses. These concerns advocate the need for architecture-centric approaches to abstract the complexity of the blockchain components, address architectural-level security risks specific to smart contracts and blockchain-based systems, and make the development of such systems secure, easier, and more organised. Within this context, we propose architectural-centric analysis approaches for security risk assessment that allow security to be incorporated into blockchain-based systems from the ground up. We present a classification of the state-of-the-art that provides secure archi- tectural design approaches and supports blockchain security risk assessment methods. We also provide a taxonomy of blockchain architecture design decisions and map these decisions to related security attacks and threats. Additionally, we explore the use of the security technical debt metaphor to identify smart contracts’ security issues related to sub-optimal design decisions and to estimate the accumulation of the security risk ramifications. By leveraging security debt, we contribute to a technical debt-aware approach to design secure smart contracts, and we provide a decision support model to select a secure and cost-effective blockchain oracle platform. As part of the demonstration and evaluation, we use three case studies that represent blockchain-based systems and decentralised applications; we leverage a dataset of represen- tative vulnerable smart contracts; and we distribute a survey and conduct interviews with smart contract experts to assess and refine our approaches. The significance of this work is that it uses architecture-centric approaches that provide a systematic guide for blockchain systems and smart contract software engineers to make justifiable design decisions that result in more secure implementations and reduced security complications.16 0Item Restricted To What Extent Were US Intelligence Failures at Pearl Harbor and the Vietnam War a Result of Cultural Bias in Intelligence Analysis ?(Saudi Digital Library, 2022-09-05) AlSaud, Faisal; Wagner, StevenPearl Harbor and many aspects of the Vietnam War have been widely acknowledged as being riddled with intelligence failures on behalf of the US intelligence and military community. Yet, the role of cultural bias in these events has been underestimated. This study uses primary and secondary sources to argue that in both cases, the intelligence community miscalculated the enemy’s intentions and failed to provide an accurate cultural assessment of the situation, which led to poor strategic decisions. Cultural superiority, arrogance, Orientalism, mirror-imaging, and other characteristics of the intelligence community culture played a significant role in this intelligence miscalculation. Moreover, the dissertation reveals that no major changes have been made to eliminate or at least minimize pervasive cultural bias in the American intelligence agencies, despite gradual recognition of its role within the intelligence community.18 0