Skip to main content
main-content

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

2018 | OriginalPaper | Buchkapitel

Deception in Information Security: Legal Considerations in the Context of German and European Law

verfasst von: Daniel Fraunholz, Christoph Lipps, Marc Zimmermann, Simon Duque Antón, Johannes Karl Martin Mueller, Hans Dieter Schotten

Erschienen in: Foundations and Practice of Security

Verlag: Springer International Publishing

share
TEILEN

Abstract

Deception systems have produced promising results in protecting networks from recent attack campaigns. Their development and operation, however, is regulated by technical and legal circumstances. There are several aspects to be considered when operating a deception system, such as privacy, entrapment and liability. In addition to these general aspects, domain specific law that, for example, applies to research or government, needs to be accounted for. In this work German and European law was investigated with respect to deception systems focusing on the aspects listed above and others. The findings are applied to the design, operation of a Honeypot, as well as the generation and publication of information. We found that it is not forbidden to use deception systems in general but several facets have to be considered in the technical implementation.
Literatur
1.
Zurück zum Zitat Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus. In: International Conference on Malicious and Unwanted Software, vol. 8, pp. 116–123 (2013) Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus. In: International Conference on Malicious and Unwanted Software, vol. 8, pp. 116–123 (2013)
2.
Zurück zum Zitat Bundesgerichtshof: Bundesgerichtshof zur zulässigkeit der speicherung von dynamischen ip-adressen (2017) Bundesgerichtshof: Bundesgerichtshof zur zulässigkeit der speicherung von dynamischen ip-adressen (2017)
3.
Zurück zum Zitat Edwards, S., Profetis, I.: Hajime: Analysis of a decentralized worm for IoT devices Edwards, S., Profetis, I.: Hajime: Analysis of a decentralized worm for IoT devices
4.
Zurück zum Zitat Fraunholz, D., Pohl, F.: Towards basic design principles for high- and medium-interaction honeypots. In: European Conference on Cyber Warfare and Security, vol. 16 (2017) Fraunholz, D., Pohl, F.: Towards basic design principles for high- and medium-interaction honeypots. In: European Conference on Cyber Warfare and Security, vol. 16 (2017)
5.
Zurück zum Zitat Fraunholz, D., Zimmermann, M., Duque Anton, S., Schneider, J., Schotten, H.D.: Distributed and highly-scalable WAN network attack sensing and sophisticated analysing framework based on honeypot technology. In: International Conference on Cloud Computing, Data Science & Engineering, vol. 7 (2017) Fraunholz, D., Zimmermann, M., Duque Anton, S., Schneider, J., Schotten, H.D.: Distributed and highly-scalable WAN network attack sensing and sophisticated analysing framework based on honeypot technology. In: International Conference on Cloud Computing, Data Science & Engineering, vol. 7 (2017)
6.
Zurück zum Zitat Gerichtshof der Europäischen Union: Urteil in der rechtssache c-582/14 (2016) Gerichtshof der Europäischen Union: Urteil in der rechtssache c-582/14 (2016)
8.
Zurück zum Zitat Koch, A.: Die rechtlichen rahmenbedingungen von hackback (2008) Koch, A.: Die rechtlichen rahmenbedingungen von hackback (2008)
9.
Zurück zum Zitat Mokube, I., Adams, M.: Honeypots: Concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference (2007) Mokube, I., Adams, M.: Honeypots: Concepts, approaches, and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference (2007)
11.
Zurück zum Zitat Radcliffe, J.: Cyberlaw 101: A primer on us laws related to honeypot deployments. In: Information Security Reading Room (2007) Radcliffe, J.: Cyberlaw 101: A primer on us laws related to honeypot deployments. In: Information Security Reading Room (2007)
12.
Zurück zum Zitat Scottberg, B., Yurcik, W., Doss, D.: Internet honeypots: Protection or entrapment? In: International Symposium on Technology and Society (2002) Scottberg, B., Yurcik, W., Doss, D.: Internet honeypots: Protection or entrapment? In: International Symposium on Technology and Society (2002)
13.
Zurück zum Zitat Sokol, P., Misek, J., Husak, M.: Honeypots and honeynets: Issues of privacy. EURASIP J. Inform. Secur. (2017) Sokol, P., Misek, J., Husak, M.: Honeypots and honeynets: Issues of privacy. EURASIP J. Inform. Secur. (2017)
Metadaten
Titel
Deception in Information Security: Legal Considerations in the Context of German and European Law
verfasst von
Daniel Fraunholz
Christoph Lipps
Marc Zimmermann
Simon Duque Antón
Johannes Karl Martin Mueller
Hans Dieter Schotten
Copyright-Jahr
2018
DOI
https://doi.org/10.1007/978-3-319-75650-9_17

Premium Partner