With the increasing concerns over privacy in software systems, there is a growing enthusiasm to develop methods to support the development of privacy aware software systems. Inadequate privacy in software system designs could result in users losing their sensitive data, such as health information and financial information, which may cause financial and reputation loss. Privacy Engineering Methodologies (PEMs) are introduced into the software development processes with the goal of guiding software developers to embed privacy into the systems they design. However, for PEMs to be successful it is imperative that software developers have a positive intention to use PEMs. Otherwise, developers may attempt to bypass the privacy methodologies or use them partially and hence develop software systems that may not protect user privacy appropriately. In order to investigate the factors that affect software developers' behavioural intention to follow PEMs, in this paper we conduct a study with 149 software developers. Findings of the study show that the compatibility of the PEM with the developers' existing work patterns to be the strongest determinant that affects software developers' intention to follow PEMs. Moreover, the usefulness of the PEM and how the PEM demonstrates its results when using were also found to be significant. These findings provide important insights in understanding the behaviour of software developers and how they perceive PEMs to support them in software development processes.
Voice-over-IP (VoIP) software are increasingly widespread, counting millions of monthly users. However, we argue that people ignore the drawbacks of transmitting information along with their voice, such as keystroke sounds -- as such sounds can reveal what someone is typing on a keyboard. In this paper, we present a new keyboard acoustic eavesdropping attack that involves VoIP, called Skype & Type (S&T). Unlike previous attacks, S&T assumes a weak adversary model that is practical in many real-world settings. Indeed, S&T is very feasible, as it does not require: (i) the attacker to be physically close to the victim; (ii) precise profiling of the victim's typing style and keyboard. Moreover, it can work with a very small amount of leaked keystrokes -- and leakage of keystrokes during a VoIP call is likely, as people often simultaneously "multi-task". As expected, VoIP software acquires and faithfully transmits all sounds, including keystrokes, which can include passwords and other sensitive information. We show that one very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim's input: S&T can attain up to top-5 accuracy of 91.7% in guessing a random key pressed by the victim. This work extends previous results on S&T, demonstrating that our attack is effective with different recording devices (such as laptop and headset microphones, and smartphones close to the target keyboard), typing styles, and speed, and is particularly threatening when the victim is typing in a known language.
A method for detecting remote data exfiltration from computer networks is described, capable of recognizing patterns of exfiltration occurring over days to weeks. Normal traffic flow data, in the form of egress and ingress bytes over time, is used to train an ensemble of semi-supervised learners. The detection ensemble is modular, with individual classifiers trained on different traffic features thought to characterize malicious data transfers. We select features that model the egress to ingress byte balance over time, periodicity, and short time-scale irregularity of the traffic. The features are most efficiently modeled in the frequency domain, which has the added benefit that variable duration flows are transformed to a fixed-size feature vector, and by sampling the frequency space appropriately, arbitrarily-long flows can be tested. When trained on days- or weeks-worth of internet traffic from individual hosts, our ensemble achieves a 1% false positive rate. When tested on simulated exfiltration samples with a variety of different timing and data egress characteristics, the ensemble was generally successful at detecting exfiltration that is not simultaneously ingress-heavy, connection-sparse, and short duration---a combination that is not optimal for attackers seeking to transfer large amounts of data. The method is tested on a variety of systems, performing best on client workstations and worst, and not recommended for, outward facing servers. The modular ensemble can be customized to target exfiltration of different types or sophistication, or even different kinds of anomalous traffic.