Zero Trust Architectures have recently attracted a lot of interest in the network community. However, access control is often not extending into client devices. In this paper, we propose an extension of Zero Trust Policy Enforcement Points that integrates a device agent to expand the zero trust security model to client devices. We have developed a generalized framework that integrates with multiple compartmentalization technologies, ensuring the isolation of processes and enforcement of network policies while maintaining application and user authentication. This approach minimizes the attack surface of malicious processes, as our Zero Trust Device Agent manages compartment lifecycles based on their behaviour within the network and integrates into the global access control framework, thereby improving the overall security of zero trust architectures.

Context The R programming language has a huge and active community, especially in the area of statistical computing. Its interpreted nature allows for several interesting constructs, like the manipulation of functions at run-time, that hinder the static analysis of R programs. At the same time, there is a lack of existing research regarding how these features, or even the R language as a whole are used in practice. Objective In this paper, we conduct a large-scale, static analysis of more than 50 million lines of real-world R programs and packages to identify their characteristics and the features that are actually used. Moreover, we compare the similarities and differences between the scripts of R users and the implementations of package authors. We provide insights for static analysis tools like the lintr package as well as potential interpreter optimizations and uncover areas for future research. Method We analyze 4 230 R scripts submitted alongside publications and the sources of 19 450 CRAN packages for over 350 000 R files, collecting and summarizing quantitative information for features of interest. Results We find a high frequency of name-based indexing operations, assignments, and loops, but a low frequency for most of R's reflective functions. Furthermore, we find neither testing functions nor many calls to R's foreign function interface (FFI) in the publication submissions. Conclusion R scripts and package sources differ, for example, in their size, the way they include other packages, and their usage of R's reflective capabilities. We provide features that are used frequently and should be prioritized by static analysis tools, like operator assignments, function calls, and certain reflective functions like load.

Motivated by the need to combat manipulative practices that trick users into sharing more personal data than intended, this thesis investigates the evolution of privacy dark patterns. As data collection becomes more central online, this study conducts a systematic literature review to categorize these patterns, identify countermeasures, and analyze how they have changed in response to legal regulations and shifting public awareness.

Publishing datasets is a common practice in empirical research. However, the risk of de-anonymization of individuals in these datasets is a significant concern, especially when the data is highly sensitive. This thesis aims to investigate the presence of privacy related vulnerabilities in a large collection of datasets. The thesis will focus on quantifying the extent of vulnerabilities and attempt to categorize them into distinct types.

This thesis investigates the effectiveness of various anonymization techniques against de-anonymization attacks. Recognizing the difficulty of evaluating these attacks with real-world data due to the lack of "ground truth", the work proposes using synthetically generated datasets where all information is known, allowing for objective measurement of attack success rates. The research will compare k-anonymity, l-diversity, and t-closeness against different attack models, including linkage attacks, to understand their robustness in practical data protection scenarios.