Extending the Exposure Score of Web Browsers by Incorporating CVSS

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Yet its content differs from one browser to another. Despite the privacy and security risks of User-Agent strings, very few works have tackled this problem. Our previous work proposed giving Internet browsers exposure relative scores to aid users to choose less intrusive ones. Thus, the objective of this work is to extend our previous work through: first, conducting a user study to identify its limitations. Second, extending the exposure score via incorporating data from the NVD. Third, providing a full implementation, instead of a limited prototype. The proposed system: assigns scores to users’ browsers upon visiting our website. It also suggests alternative safe browsers, and finally it allows updating the back-end database with a click of a button. We applied our method to a data set of more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available here [4].</p

SLA-based risk analysis in cloud computing environments

The cloud computing has been evolved in recent years which led many customers to utilize the cloud computing technologies. The research work in this area has spread due to many issues that have coincided with the vast growth of the cloud computing technologies. On the other hand, the cloud security concern has become one of the important issues that cloud computing introduces. One of the main components of cloud services is the service level agreement (SLA) that works as a contractual document between the cloud providers and their customers and states some metrics and parameters that must be enforced by the cloud providers or consumers. Despite various issues of the SLA in cloud computing, there is one issue that has not been discussed frequently in cloud computing security, which is the SLA in term of risk management. This research tends to perform SLA-based risk analysis in cloud computing environments. Moreover, it evaluates different SLA parameters such the risk factor, the response time factor, and the service cost factor. This paper also designates the importance of considering risk management as an SLA parameter in the negotiation stage between the provider and the consumer. However, it looks for the relation between those SLA metrics and risk factor associated with the cloud services

Evaluating the Resiliency of Industrial Internet of Things Process Control Using Protocol Agnostic Attacks

Improving and defending our nation\u27s critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT can be a security concern, forcing ICS processes to rely on network based devices for process management. In this research, the attack surface of a testbed is evaluated using protocol-agnostic attacks and the SANS ICS Cyber Kill Chain. This highlights the widening of ICS attack surface due to reliance on IIoT, but also provides a solution which demonstrates one technique an ICS can use to securely rely on IIoT

Narcotics trafficking in West Africa: a governance challenge

This repository item contains a single issue of The Pardee Papers, a series papers that began publishing in 2008 by the Boston University Frederick S. Pardee Center for the Study of the Longer-Range Future. The Pardee Papers series features working papers by Pardee Center Fellows and other invited authors. Papers in this series explore current and future challenges by anticipating the pathways to human progress, human development, and human well-being. This series includes papers on a wide range of topics, with a special emphasis on interdisciplinary perspectives and a development orientation.West Africa is one of the most impoverished, underdeveloped, and instability-prone regions in the world. Many of the nation-states in the region are empirically weak: they lack the capacity to deliver public goods and services to their citizens, do not claim effective control over their territories, are marked by high levels of official corruption and are plagued by political instability and violent conflict. Since 2004, the region has faced an unprecedented surge in illicit narcotics (primarily cocaine) trafficking, raising fears within the international community that foreign (largely South American) trafficking groups would engender escalated corruption and violence across the region. This paper examines the effect that the surge in narcotics trafficking has had on governance and security in the region, paying particular attention to the experience of Guinea-Bissau and neighboring Republic of Guinea (Guinea-Conakry), two West African states that have been particularly affected by the illicit trade. The central argument presented is that narcotics trafficking is only one facet of the overall challenge of state weakness and fragility in the region. The profound weakness of many West African states has enabled foreign trafficking groups to develop West Africa into an entrepôt for cocaine destined for the large and profitable European market, sometimes with the active facilitation of high-level state actors. Thus, simply implementing counter-narcotics initiatives in the region will have a limited impact without a long-term commitment to strengthening state capacity, improving political transparency and accountability, and tackling poverty alleviation and underdevelopment. Without addressing the root issues that allowed for the penetration of trafficking groups into the states of the region in the first place, West Africa will remain susceptible to similar situations in the future, undermining the region’s nascent progress in the realms of governance, security and development. Peter L. McGuire graduated from Boston University in 2010 with a master’s degree in International Relations, with a certificate in African Studies. His current research interests include armed conflict, political corruption, and state failure in sub-Saharan Africa. Peter wrote “Narcotics Trafficking in West Africa: A Governance Challenge” while he was a 2009 Pardee Center Graduate Summer Fellow. This paper is part of the Africa 2060 Project, a Pardee Center program of research, publications, and symposia exploring African futures in various aspects related to development on continental and regional scales. For more information, visit www-staging.bu.edu/pardee/research

Big Data Security (Volume 3)

After a short description of the key concepts of big data the book explores on the secrecy and security threats posed especially by cloud based data storage. It delivers conceptual frameworks and models along with case studies of recent technology

National Security Space Launch

The United States Space Force’s National Security Space Launch (NSSL) program, formerly known as the Evolved Expendable Launch Vehicle (EELV) program, was first established in 1994 by President William J. Clinton’s National Space Transportation Policy. The policy assigned the responsibility for expendable launch vehicles to the Department of Defense (DoD), with the goals of lowering launch costs and ensuring national security access to space. As such, the United States Air Force Space and Missile Systems Center (SMC) started the EELV program to acquire more affordable and reliable launch capability for valuable U.S. military satellites, such as national reconnaissance satellites that cost billions per satellite. In March 2019, the program name was changed from EELV to NSSL, which reflected several important features: 1.) The emphasis on “assured access to space,” 2.) transition from the Russian-made RD-180 rocket engine used on the Atlas V to a US-sourced engine (now scheduled to be complete by 2022), 3.) adaptation to manifest changes (such as enabling satellite swaps and return of manifest to normal operations both within 12 months of a need or an anomaly), and 4.) potential use of reusable launch vehicles. As of August 2019, Blue Origin, Northrop Grumman Innovation Systems, SpaceX, and United Launch Alliance (ULA) have all submitted proposals. From these, the U.S. Air Force will be selecting two companies to fulfill approximately 34 launches over a period of five years, beginning in 2022. This paper will therefore first examine the objectives for the NSSL as presented in the 2017 National Security Strategy, Fiscal Year 2019, Fiscal Year 2020, and Fiscal Year 2021 National Defense Authorization Acts (NDAA), and National Presidential Directive No. 40. The paper will then identify areas of potential weakness and gaps that exist in space launch programs as a whole and explore the security implications that impact the NSSL specifically. Finally, the paper will examine how the trajectory of the NSSL program could be adjusted in order to facilitate a smooth transition into new launch vehicles, while maintaining mission success, minimizing national security vulnerabilities, and clarifying the defense acquisition process.No embargoAcademic Major: EnglishAcademic Major: International Studie

Churn prediction modeling comparison in the retail energy market

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Knowledge Management and Business IntelligenceMachine Learning algorithms are used in diverse business cases and different markets. This project has the goal of applying different training models with the purpose of predicting customer churn in a retail energy provider. Following CRISP-DM methodology, the dataset was analyzed, prepared and results were evaluated in order to achieve the best method of forecasting the likelihood of churning in an existent customer base. That information is essential in company’s business planning to maintain and increase its portfolio

Beyond Awareness: Using Business Intelligence to Create a Culture of Information Security

Employees, intentionally or not, cause a large percentage of security incidents. For an organization to be secure there must be a culture of information security, meaning that employees make good security-related decisions. Business intelligence (BI) systems, with their ability to promote change through goal-setting and accountability, could help create a culture of information security, if implemented appropriately. This paper provides an overview of information security culture and business intelligence, and explains what will be needed if BI is to be used to help organizations develop a security-aware culture

Cloud Computing Implementation Organizational Success in the Department of Defense

The DoD tends to implement user based IT systems without quantifying whether those systems would be properly utilized by the target populous. Focus is generally emphasized on mission enhancement rather than looking at how or if it will be utilized by organizations. There would appear to be no reason for cloud computing to be implemented with the same disregard for acceptance and success. The day of large amounts of data is here and needs to converge with what this thesis investigates, the factors that positively influence organization acceptance and success of cloud computing specifically in the DoD so that is can properly maintain, utilize and store that data. This research focused in depth on that utilization