Abstract
Honeynets are unconventional security tools to study techniques, methods, and goals of attackers. It is very important to consider issues affecting the deployment and usage of these security tools. This paper discusses the legal issues of honeynets taking into account their evolution. Paper focuses on legal issues of core elements of honeynets, namely data control, data capture, data collection and data analysis. This paper also draws attention to the issues pertaining privacy, liability, jurisdiction, applicable law and digital evidence. The analysis of legal issues is based on the EU law.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Pouget, F., Dacier, M., Debar, H.: White paper: honeypot, honeynet, honeytoken: terminological issues. Rapp. Tech. EURECOM. 1–26 (2003)
Spitzner, L.: Honeypots: Catching the insider threat. In: Computer Security Applications Conference, 2003, pp. 170–179. IEEE (2003)
The Honeynet project: Know Your Enemy: Learning about Security Threats, 2nd edn. Addison Wesley (2004)
Mairh, A., Barik, D., Verma, K., Jena, D.: Honeypot in network security: a survey. In: Proceedings of the 2011 International Conference on Communication, Computing & Security. pp. 600–605. ACM, ODISHA, India (2011)
Joshi, R.C., Sardana, A.: Honeypots: A New Paradigm to Information Security. Science Publishers, USA (2011)
Spitzner, L.: The honeynet project: trapping the hackers. IEEE Secur. Priv. Mag. 1, 15–23 (2003)
Mokube, I.: Honeynets—concepts, approaches and challenges. In: Proceedings of the 45th Annual Southeast Regional Conference on—ACM-SE, vol. 45, pp. 321–326 (2007)
Scottberg, B., Yurcik, W., Doss, D.: Internet honeypots: Protection or entrapment? In: IEEE 2002 International Symposium Technology and Society (ISTAS’02), pp. 387–391 (2002)
Dornseif, M., Gärtner, F.C., Holz, T.: Vulnerability assessment using honeypots. Praxis der Informationsverarbeitung und Kommunikation 27, 195–201 (2004)
Sokol, P.: Legal issues of honeynet’s generations. Electronics, Computers and Artificial Intelligence (ECAI), 6th International Conference on 2014, pp. 63–69 (2014)
Sokol, P., Andrejko, M.: Deploying Honeypots and Honeynets: Issues of Liability. Computer Networks. pp. 92–101. Springer (2015)
Sokol, P. Husák, M., Lipták, F.: Deploying Honeypots and Honeynets: Issue of Privacy. Availability, Reliability and Security (ARES) (2015)
Kumar, S., Singh, P., Sehgal, R., Bhatia, J.S.: Distributed honeynet system using gen III virtual honeynet. Int. J. Comput. Theory Eng. 4, 537–541 (2012)
Abbasi, F., Harris, R.: Experiences with a generation III virtual honeynet. In: Telecommunication Networks and Applications Conference, ATNAC 2009. pp. 1–6. IEEE (2009)
Misra, R., Renu, D.: Cyber crime investigation and network forensic system using honeypot. Int. J. Latest Trends Eng. Technol. 34–40 (2012)
Law, J.: A Dictionary Of Law. Oxford University Press (2015)
Black, H.C., Garner, B.A.: Black’s law dictionary. West Publishing Company (1999)
Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley Longman Publishing Co. Inc., Boston (2002)
Opinion of the European Data Protection Supervisor on net neutrality, traffic management and the protection of privacy and personal data (2012/C 34/01)
Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Secur. Priv. 5, 32–39 (2007)
Cuckoo Sandbox project. http://www.cuckoosandbox.org (2015)
Ustaran, E.: The Scope of Application of EU Data Protection Law and Its Extraterritorial Reach. Beyond Data Protection. pp. 135–156. Springer, Berlin, Heidelberg (2013)
Svantesson, D.J.B.: A “layered approach” to the extraterritoriality of data privacy laws. Int. Data Priv. Law 3, 278–286 (2013)
Bowen J.A.: Legal issues in cloud computing. In: Buyya, R., Broberg, J., Goscinski, A. (eds) Cloud Computing: Principles and Paradigms. pp. 593–613. Wiley, Hoboken (2011)
Fawcett, J., Carruthers, J.M., North, P.: Private International Law. Oxford University Press (2008)
Balas, E., Viecco, C.: Towards a third generation data capture architecture for honeynets. In: IAW’05. Proceedings from the Sixth Annual IEEE SMC. pp. 21–28 (2005)
Shi-wei, Y., Xiu-shuang, M., Wei-dong, W.: Core functions analysis and example deployment of virtual honeynet. Comput. Sci. 3, 21 (2012)
Pang, R., Allman, M., Paxson, V., Lee, J.: The devil and packet trace anonymization. SIGCOMM Comput. Commun. Rev. 36, 29–38 (2006)
Coull, S.E., Collins, M.P., Wright, C.V., Monrose, F., Reiter, M.K., et al.: On web browsing privacy in anonymized NetFlows. USENIX Security (2007)
Burstein, A.: Conducting cybersecurity research legally and ethically. In: LEET’08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 1–8. San Francisco (2008)
Oxford Dictionaries Online—English Dictionary and Language Reference. Online: http://oxforddictionaries.com (2015)
Davidoff, S., Ham, J.: Network Forensics: Tracking Hackers Through Cyberspace. Prentice hall (2012)
Carrier, B.D., Spafford, E.H.: Defining event reconstruction of digital crime scenes. J. Forensic Sci. 49 (2004)
Karyda, M., Mitrou, L.: Internet forensics: legal and technical issues. Work. Digital Forensics Incident Anal. Int. 0, 3–12 (2007) (IEEE)
Acknowledgments
We would like to thank our colleagues from the Czech chapter of The Honeynet Project for their comments and valuable input. This paper is funded by the Slovak Grant Agency for Science (VEGA) grant under contract No. 1/0142/15, VVGS project under contract No. VVGS-PF-2015-472 and Slovak APVV project under contract No. APVV-14-0598.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Sokol, P., Host, J. (2016). Evolution of Legal Issues of Honeynets. In: Pricop, E., Stamatescu, G. (eds) Recent Advances in Systems Safety and Security. Studies in Systems, Decision and Control, vol 62. Springer, Cham. https://doi.org/10.1007/978-3-319-32525-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-32525-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-32523-1
Online ISBN: 978-3-319-32525-5
eBook Packages: EngineeringEngineering (R0)