140 research outputs found
A formal approach for network security policy validation
Network security is a crucial aspect for administrators due to increasing network size and number of functions and controls (e.g.firewall, DPI, parental control).
Errors in configuring security controls may result in serious security breaches and vulnerabilities (e.g. blocking legitimate traffic or permitting unwanted traffic) that must be absolutely detected and addressed.
This work proposes a novel approach for validating network policy enforcement, by checking the network status and configuration, and detection of the possible causes in case of misconfiguration or software attacks.
Our contribution exploits formal methods to model and validate the packet processing and forwarding behaviour of security controls, and to validate the trustworthiness of the controls by using remote attestation.
A prototype implementation of this approach is proposed to validate different scenarios
High-Fidelity Provenance:Exploring the Intersection of Provenance and Security
In the past 25 years, the World Wide Web has disrupted the way news are disseminated and consumed. However, the euphoria for the democratization of news publishing was soon followed by scepticism, as a new phenomenon emerged: fake news. With no gatekeepers to vouch for it, the veracity of the information served over the World Wide Web became a major public concern. The Reuters Digital News Report 2020 cites that in at least half of the EU member countries, 50% or more of the population is concerned about online fake news. To help address the problem of trust on information communi- cated over the World Wide Web, it has been proposed to also make available the provenance metadata of the information. Similar to artwork provenance, this would include a detailed track of how the information was created, updated and propagated to produce the result we read, as well as what agents—human or software—were involved in the process. However, keeping track of provenance information is a non-trivial task. Current approaches, are often of limited scope and may require modifying existing applications to also generate provenance information along with thei regular output. This thesis explores how provenance can be automatically tracked in an application-agnostic manner, without having to modify the individual applications. We frame provenance capture as a data flow analysis problem and explore the use of dynamic taint analysis in this context. Our work shows that this appoach improves on the quality of provenance captured compared to traditonal approaches, yielding what we term as high-fidelity provenance. We explore the performance cost of this approach and use deterministic record and replay to bring it down to a more practical level. Furthermore, we create and present the tooling necessary for the expanding the use of using deterministic record and replay for provenance analysis. The thesis concludes with an application of high-fidelity provenance as a tool for state-of-the art offensive security analysis, based on the intuition that software too can be misguided by "fake news". This demonstrates that the potential uses of high-fidelity provenance for security extend beyond traditional forensics analysis
Recommended from our members
Transforming U.S. Energy Innovation
The United States and the world need a revolution in energy technology—a revolution that would improve the performance of our energy systems to face the challenges ahead. A dramatic increase in the pace of energy innovation is crucial to meet the challenges of:
• Energy and national security, to address the dangers of undue reliance on dwindling supplies of oil increasingly concentrated in some of the most volatile regions of the world, and to limit the connection between nuclear energy and the spread of nuclear weapons;
• Environmental sustainability, to reduce the wide range of environmental damages due to energy production and use, from fine particulate emissions at coal plants, to oil spills, to global climate disruption; and
• Economic competitiveness, to seize a significant share of the multi-trillion-dollar clean energy technology market and improve the balance of payments by increasing exports, while reducing the hundreds of billions of dollars spent every year on importing oil.
In an intensely competitive and interdependent global landscape, and in the face of large climate risks from ongoing U.S. reliance on a fossil-fuel based energy system, it is important to maintain and expand long-term investments in the energy future of the U.S. even at a time of budget stringency. It is equally necessary to think about how to improve the efficiency of those investments, through strengthening U.S. energy innovation institutions, providing expanded incentives for private-sector innovation, and seizing opportunities where international cooperation can accelerate innovation. The private sector role is key: in the United States the vast majority of the energy system is owned by private enterprises, whose innovation and technology deployment decisions drive much of the country’s overall energy systems. Efficiently utilizing government investments in energy innovation requires understanding the market incentives that drive private firms to invest in advanced energy technologies, including policy stability and predictability.
The U.S. government has already launched new efforts to accelerate energy innovation. In particular, the U.S. Department of Energy is undertaking a Quadrennial Technology Review to identify the most promising opportunities and provide increased coherence and stability. Our report offers analysis and recommendations designed to accelerate the pace at which better energy technologies are discovered, developed, and deployed, and is focused in four key areas:
• Designing an expanded portfolio of federal investments in energy research, development, demonstration (ERD&D), and complementary policies to catalyze the deployment of novel energy technologies;
• Increasing incentives for private-sector innovation and strengthening federal-private energy innovation partnerships;
• Improving the management of energy innovation institutions to maximize the results of federal investments; and
• Expanding and coordinating international energy innovation cooperation to bring ideas and resources together across the globe to address these global challenges
A Deep Review Of Sustainable Approaches For Hydrogen Production For Energy Generation
Fossil fuel energy sources such as coal, oil, and natural gas produce greenhouse gases upon combustion. Over time the greenhouse gases trap heat in the atmosphere and cause global temperatures to continually increase. This continued rise in global temperatures has led to severe climate conditions that have resulted in increasing environmental, financial, social, and medical issues. To mitigate the rise in global temperatures, and the negative effects associated with it, the carbon intensity of our energy sources must be substantially reduced or eliminated where possible. In addition, alternate sources of carbon-free energy sources must be pursued and implemented. Hydrogen is a viable energy carrier for electricity generation and transportation without the emission of greenhouse gases. It occurs in fossil fuels such as coal and natural gas, biomass, and in large bodies of water. This research explores the primary methods that are used to produce hydrogen from fossil fuels and biomass using technologies such as steam methane reforming and gasification, and production from water using electrolysis. With carbon capture and storage, hydrogen can be produced semi-sustainably from natural gas and coal with reduced greenhouse gas emissions. In the electrolysis process, electricity is used to split water into hydrogen and oxygen. The preferred source of electricity to minimize the emission of greenhouse gases is renewable energy technologies such as solar, wind, hydropower, and geothermal energy. The research demonstrates the sustainable production of hydrogen and the benefits that it affords. The main benefits are electricity generation, fuel for transportation, and raw materials for several industrial processes. Also, it will facilitate the transition to non-fossil fuel energy technologies and foster our energy security. In addition, it will be instrumental in limiting the global temperature increase to 1.5 degrees Celsius above pre-industrial levels in accordance with the 2015 Paris Agreement for net zero emissions by 2050
Recommended from our members
Review of the Usage of Security Mechanisms within the Android Operating System
The Android operating system was designed to afford users secure, but unrestricted use of their device. The crux of this solution is that the burden of system administrator has been, possibly unknowingly, placed upon each individual user. The goal of this paper is to identify the significant threats Android users are faced with, and recommend possible solutions. Through the course of this study, an Android application was developed and voluntarily downloaded, collecting a significant set of data from users. This data, combined with additional literary and product research, has identified multiple shortcomings in the existing Android security landscape. In particular, difficulty using the Permission mechanism, inconsistent communication regarding security patches and their distribution, and a general lack of usage of the user-controlled security features was identified
Principles of Security and Trust
This open access book constitutes the proceedings of the 8th International Conference on Principles of Security and Trust, POST 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conference on Theory and Practice of Software, ETAPS 2019. The 10 papers presented in this volume were carefully reviewed and selected from 27 submissions. They deal with theoretical and foundational aspects of security and trust, including on new theoretical results, practical applications of existing foundational ideas, and innovative approaches stimulated by pressing practical problems
Technical Communication Inclusionary Interventions Into Academic Spaces
While many efforts have been made to make higher education in the US more equitable, there are still academic spaces in which some knowledges and some knowledge makers are marginalized. In this dissertation, I identify three such spaces: technical editing, graduate instructor training, and online academic research in trans communities. When editors make revisions based solely in American Standard English, as most editing practices and teaching are currently based, they risk marginalizing non-heritage speakers of English and speakers of various dialects of English, like African American Vernacular English. I suggest that by shifting our focus of editing from grammar policing to editing for underrepresented audiences, we can make editing a more inclusive space for marginalized voices. I give examples of how to create these kinds of interventions both in the editing classroom and through workshops for faculty. Next, I address how programs can better support graduate student instructors’ sense of wellbeing. I suggest that one of the best ways to develop inclusive interventions in graduate instructor training is by inviting graduate students to help design the ways in which departments communicate student wellbeing. Finally, to intervene into the anti-trans violence that continues to scour the United States, I propose an intervention into the ways that academics study online trans communities. Through these kinds of interventions, I demonstrate that we can continue the work of creating more inclusive spaces in higher education
Computer Science 2019 APR Self-Study & Documents
UNM Computer Science APR self-study report and review team report for Spring 2019, fulfilling requirements of the Higher Learning Commission
Data Epistemologies / Surveillance and Uncertainty
Data Epistemologies studies the changing ways in which ‘knowledge’ is defined, promised, problematised, legitimated vis-á-vis the advent of digital, ‘big’ data surveillance technologies in early twenty-first century America. As part of the period’s fascination with ‘new’ media and ‘big’ data, such technologies intersect ambitious claims to better knowledge with a problematisation of uncertainty. This entanglement, I argue, results in contextual reconfigurations of what ‘counts’ as knowledge and who (or what) is granted authority to produce it – whether it involves proving that indiscriminate domestic surveillance prevents terrorist attacks, to arguing that machinic sensors can know us better than we can ever know ourselves.
The present work focuses on two empirical cases. The first is the ‘Snowden Affair’ (2013-Present): the public controversy unleashed through the leakage of vast quantities of secret material on the electronic surveillance practices of the U.S. government. The second is the ‘Quantified Self’ (2007-Present), a name which describes both an international community of experimenters and the wider industry built up around the use of data-driven surveillance technology for self-tracking every possible aspect of the individual ‘self’. By triangulating media coverage, connoisseur communities, advertising discourse and leaked material, I examine how surveillance technologies were presented for public debate and speculation.
This dissertation is thus a critical diagnosis of the contemporary faith in ‘raw’ data, sensing machines and algorithmic decision-making, and of their public promotion as the next great leap towards objective knowledge. Surveillance is not only a means of totalitarian control or a technology for objective knowledge, but a collective fantasy that seeks to mobilise public support for new epistemic systems. Surveillance, as part of a broader enthusiasm for ‘data-driven’ societies, extends the old modern project whereby the human subject – its habits, its affects, its actions – become the ingredient, the raw material, the object, the target, for the production of truths and judgments about them by things other than themselves
- …