Q2. What are the future works in "Data exfiltration: a review of external attack vectors and countermeasures" ?
Fig. 14. Future Research Challenges in Defence against Data Exfiltration
Q3. What is the direct method of data exfiltration for a remote attacker?
Perhaps the most direct method of data exfiltration for a remote attacker is manipulating a public-facing server into disclosing non-public information, such as through the well-known category of SQL injection attacks.
Q4. What are the common physical attack vectors?
Physical attack vectors include those attacks that get unauthorized and illegal physical access to data and move it to a new physical location.
Q5. What is the importance of ensuring that only legitimate users can access the data?
It is important to enforce authentication and authorization mechanisms for ensuring that only legitimate users with the required credentials can access the data.
Q6. What is the main reason why organizations may be reluctant to adopt such an approach?
Intelligent and planned outsourcing of data to several clouds seems a good idea for reducing the risk of data leakage in cloud environments, however, organizations may be reluctant in adopting such an approach due to the extra storage cost and complexity of data management.
Q7. What are the three possible approaches to handling encrypted communications?
They discuss three possible approaches to handling encrypted communications within this system: detecting misuse of the encryption protocols, altering protocols to allow packet payload analysis, and finally statistical approaches, which examine packet sizes and time intervals.
Q8. What is the proposed approach to preventing access to user’s profile?
The proposed approach can help in preventing the access of a hacker, who had stolen the credentials (username and password) of a user or website admin using an attack vector such as phishing, spyware, or XSS, to personal information resided in the rest state in a cloud.
Q9. Why do the authors believe that it is quite risky not to adopt encrypted traffic?
Apart from their wide-scale adoption, the authors also believe that it is quite risky not to adopt encrypted traffic transmission approach because it leaves open the option of data exfiltration via passive monitoring.
Q10. What makes the countermeasures expensive to be incorporated by enterprises?
The high-level dependency on human experts and hardware devices make these countermeasures very expensive to be incorporated by enterprises.
Q11. Why did the authors not evaluate the efficiency of the proposed approach?
Due to the unavailability of the required SGX hardware, even the authors could not evaluate the efficiency of the proposed approach.
Q12. What are the limitations of the proposed approach to ensuring controlled access in a system?
The high processing and storage capability (8 core processor and 32 GB main memory) may hinder the adaptation of the proposed approach to ensuring controlled access in a system.
Q13. What is the labelling process used to find whether a sample is a malware?
This labelling is done using VirusTotal that runs around 55 malware engines over the samples to find whether a sample is a malware or not.