EU data protection laws grant consumers the right to access personal that companies hold about them. In a first-of-its-kind longitudinal study, we examine how service providers have complied with subject requests over four years. three iterations between 2015 and 2019, sent vendors of 225 mobile apps popular in Germany. Throughout iterations, 19 26% were unreachable or did not reply at all. Our fulfilled 15 53% cases, an unexpected decline GDPR enforcement date end our study. The remaining...

Behavior-based tracking is an unobtrusive technique that allows observers to monitor user activities on the Internet over long periods of time -- in spite changing IP addresses. Previous work has employed supervised classifiers order link sessions individual users. However, need labeled training sessions, which are difficult obtain for observers. In this paper we show how limitation can be overcome with unsupervised learning technique. We present a modified k-means algorithm and evaluate it...

Virtualization offers the possibility of hosting services multiple customers on shared hardware. When more than one Virtual Machine (VM) run same host, memory deduplication can save physical by merging identical pages VMs. However, this comes at cost leaking information between Based that, we propose a novel timing-based side-channel attack that allows to identify software versions running in co-resident VMs or host. Our tests for existence are unique among all respective software....

Cloud computing is frequently being used to host online services. Abuse of cloud resources poses an important problem for service providers. If third parties are affected by abuse, bad publicity or legal liabilities may ensue the provider. There unsatisfactory level protection against abuse offerings at moment. In this paper, we analyse current state detection and prevention in IaaS computing. To establish what constitutes environment, a survey acceptable use policies providers was...

Integrity is a key protection objective in the context of system security. This holds for both hardware and software. Since cannot be changed after its manufacturing process, manufacturer must trusted to build it properly. However, completely different with Users computer are free run arbitrary software on even modify BIOS/UEFI, bootloader, or Operating System (OS).

Behavior-based tracking is an unobtrusive technique that allows observers on the Internet to monitor user activities over long periods of time - in spite changing IP addresses. Our uses semi-supervised machine learning, which track users without need for multiple labeled training sessions. We present evaluation results obtained a realistic dataset contains DNS traffic 3,800 users. Given one week, our simulated can link sessions up 87% with surprisingly little effort. indicate leverage...

Nowadays, hosting services of multiple customers on the same hardware via virtualiation techniques is very common. Memory deduplication allows to save physical memory by merging identical pages Virtual Machines (VMs) running host. However, this mechanism can leak information other. In paper, we propose a timing-based side-channel identify software versions in co-resident VMs. The attack tests whether that are unique specific version present We evaluate setting without background load and...

VMs in cloud environments are at threat of attacks from co-located on the same server, e. g. through side-channels. Reducing ability attackers to achieve co-location with specific can alleviate risk targeted attacks. This paper presents simulation framework VMPlaceSim, which allows evaluate resource utilisation and resistance against VM placement strategies. A new strategy based proportion known users servers is proposed evaluated real-world workload data alongside existing The evaluation...