51 research outputs found
Bring your own device: an overview of risk assessment
As organizations constantly strive to improve strategies for ICT management, one of the major challenges they must tackle is bring your own device (BYOD). BYOD is a term that collectively refers to the related technologies, concepts, and policies in which employees are allowed to access internal corporate IT resources, such as databases and applications, using their personal mobile devices like smartphones, laptop computers, and tablet PCs [1]. It is a side effect of the consumerization of IT, a term used to describe the growing tendency of the new information technologies to emerge first in the consumer market and then spread into business and government organizations [2]. Basically, employees want to act in an any-devices, anywhere work style, performing personal activities during work and working activities during personal time [2]. There are several risks associated with BYOD [3, p. 63], and the big gaps in BYOD policies adopted by today\u27s organizations [4, p. 194] show that the solution to BYOD is not well understood. This article establishes a background to understand BYOD risks by considering conditions that increase the occurrence of these risks and the consequences of the risks occurring. It then aims to present the most commonly adopted BYOD solutions, their limitations, and remedies, as well as important policy considerations for successfully implementing them
BYOD-Insure: A Security Assessment Model for Enterprise BYOD
As organizations continue allowing employees to use their personal mobile devices to access the organizations’ networks and the corporate data, a phenomenon called ‘Bring Your Own Device’ or BYOD, proper security controls need to be adopted not only to secure the corporate data but also to protect the organizations against possible litigation problems. Until recently, current literature and research have been focused on specific areas or solutions regarding BYOD. The information associated with BYOD security issues in the areas of Management, IT, Users and Mobile Device Solutions is fragmented. This research is based on a need to provide a holistic approach to securing BYOD environments. This dissertation puts forth design science research methods to develop a comprehensive security assessment model, BYOD-Insure, to assess the security posture of an organization’s BYOD environment. BYOD-Insure aims to identify security vulnerabilities in organizations that allow (or are planning to adopt) BYODs. The main questions this research aims to answer are: 1) In order to protect the enterprise and its corporate data, how can an organization identify and mitigate the security risks associated with BYOD? 2) How can a holistic approach to security strengthen the security posture of BYOD environments? BYOD-Insure is composed of 5 modules that, in tandem, use a holistic approach to assess the security posture of the four domains of BYOD environments: assessment of management (BYOD-Insure-Management), assessment of IT (BYOD-Insure-IT), assessment of users’ behavior/security (BYOD-Insure-User), and assessment of the mobile device security adopted by the organization (BYOD-Insure-Mobile). The combined results of the 4 domains provide the overall security posture of the organization (BYOD-Insure-Global). The evaluation process for this model is based on a design science method for artifact evaluation. For BYOD-Insure, this process involves the use of descriptive scenarios to describe different types of BYOD security postures. This entails a detailed description of scenarios that depict low, moderate and high security postures with respect to BYOD. The results, for a particular organization, show the security controls that need to be strengthened, and the safeguards recommended. The BYOD-Insure assessment model helps answer the research questions raised in this study
Recommendation of a security architecture for data loss prevention
Data and people are the most important assets of any organization. The amount of
information that is generated increases exponentially due to the number of new devices
that create information. On the other hand, more and more organizations are covered by
some type of regulation, such as the General Data Protection Regulation.
Organizations implement several security controls, however, they do not focus on
protecting the information itself and information leakage is a reality and a growing
concern. Based on this problem, there is a need to protect confidential information, such
as clinical data, personal information, among others. In this regard, data loss prevention
solutions (DLP – Data Loss Prevention) that have the ability to identify, monitor and act
on data considered confidential, whether at the endpoint, data repositories or in the
network, should be part of the information security strategy of organizations in order to
mitigate these risks.
This dissertation will study the topic of data loss prevention and evaluate several
existing solutions in order to identify the key components of this type of solutions. The
contribution of this work will be the recommendation of a security architecture that
mitigates the risk of information leakage and that can be easily adaptable to any DLP
solution to be implemented by organizations. In order to prove the efficiency of the
architecture, it was implemented and tested to mitigate the risk of information leakage in
specific proposed scenarios.A informação e as pessoas são os ativos mais importantes de qualquer organização. A
quantidade de informação que é gerada aumenta exponencialmente devido à quantidade
de novos dispositivos que produzem informação. Por outro lado, cada vez mais
organizações são abrangidas por algum tipo de regulamento, como o Regulamento Geral
de Proteção de Dados.
As organizações implementam vários controlos de segurança, no entanto, não se focam
na proteção da informação em si e a fuga da informação é uma realidade e uma
preocupação crescente. Com base neste problema, existe a necessidade de proteger a
informação confidencial, como dados clínicos, informação pessoal, entre outros. Neste
sentido, as soluções de prevenção da fuga de informação (DLP – Data Loss Prevention)
que têm a capacidade de identificar, monitorizar e atuar em dados considerados
confidenciais, seja ao nível do endpoint, repositório de dados ou na rede, devem fazer
parte da estratégia da segurança da informação das organizações por forma a mitigar estes
riscos.
Esta dissertação vai analisar a temática da prevenção da fuga de informação e avaliar
várias soluções existentes com o propósito de identificar as componentes chave deste tipo
de soluções. A principal contribuição deste trabalho será a recomendação de uma
arquitetura de segurança que mitigue o risco da fuga da informação e que poderá ser
facilmente adaptável a qualquer solução de DLP a ser implementada pelas organizações.
Por forma a comprovar a eficiência da arquitetura, a mesma foi implementada e testada
para mitigar o risco de fuga da informação em cenários específicos que foram definidos
Mining structural and behavioral patterns in smart malware
Mención Internacional en el título de doctorFuncas. Premio Enrique Fuentes Quintana 2016.Smart devices equipped with powerful sensing, computing and networking capabilities
have proliferated lately, ranging from popular smartphones and tablets
to Internet appliances, smart TVs, and others that will soon appear (e.g., watches,
glasses, and clothes). One key feature of such devices is their ability to incorporate
third-party apps from a variety of markets. This poses strong security and privacy issues
to users and infrastructure operators, particularly through software of malicious
(or dubious) nature that can easily get access to the services provided by the device
and collect sensory data and personal information.
Malware in current smart devices—mostly smartphones and tablets—has rocketed
in the last few years, supported by sophisticated techniques (e.g., advanced
obfuscation and targeted infection and activation engines) purposely designed to
overcome security architectures currently in use by such devices. This phenomenon
is known as the proliferation of smart malware. Even though important advances
have been made on malware analysis and detection in traditional personal computers
during the last decades, adopting and adapting those techniques to smart devices
is a challenging problem. For example, power consumption is one major constraint
that makes unaffordable to run traditional detection engines on the device, while
externalized (i.e., cloud-based) techniques raise many privacy concerns.
This Thesis examines the problem of smart malware in such devices, aiming at designing and developing new approaches to assist security analysts and end users in
the analysis of the security nature of apps. We first present a comprehensive analysis
on how malware has evolved over the last years, as well as recent progress made to
analyze and detect malware. Additionally, we compile a suit of the most cutting-edge
open source tools, and we design a versatile and multipurpose research laboratory for
smart malware analysis and detection.
Second, we propose a number of methods and techniques aiming at better analyzing
smart malware in scenarios with a constant and large stream of apps that
require security inspection. More precisely, we introduce Dendroid, an effective system
based on text mining and information retrieval techniques. Dendroid uses static
analysis to measures the similarity between malware samples, which is then used to
automatically classify them into families with remarkably accuracy. Then, we present
Alterdroid, a novel dynamic analysis technique for automatically detecting hidden or
obfuscated malware functionality. Alterdroid introduces the notion of differential fault
analysis for effectively mining obfuscated malware components distributed as parts
of an app package.
Next, we present an evaluation of the power-consumption trade-offs among different
strategies for off-loading, or not, certain security tasks to the cloud. We develop
a system for testing several functional tasks and metering their power consumption
called Meterdroid. Based on the results obtained in this analysis, we then propose a
cloud-based system, called Targetdroid, that addresses the problem of detecting targeted
malware by relying on stochastic models of usage and context events derived
from real user traces. Based on these models, we build an efficient automatic testing
system capable of triggering targeted malware. Finally, based on the conclusions extracted from this Thesis, we propose a number
of open research problems and future directions where there is room for researchLos dispositivos inteligentes se han posicionado en pocos años como aparatos
altamente populares con grandes capacidades de cómputo, comunicación y
sensorización. Entre ellos se encuentran dispositivos como los teléfonos móviles inteligentes
(o smartphones), las televisiones inteligentes, o más recientemente, los
relojes, las gafas y la ropa inteligente. Una característica clave de este tipo de dispositivos
es su capacidad para incorporar aplicaciones de terceros desde una gran
variedad de mercados. Esto plantea fuertes problemas de seguridad y privacidad para
sus usuarios y para los operadores de infraestructuras, sobre todo a través de software
de naturaleza maliciosa (o malware), el cual es capaz de acceder fácilmente a los
servicios proporcionados por el dispositivo y recoger datos sensibles de los sensores
e información personal.
En los últimos años se ha observado un incremento radical del malware atacando
a estos dispositivos inteligentes—principalmente a smartphones—y apoyado por sofisticadas
técnicas diseñadas para vencer los sistemas de seguridad implantados por
los dispositivos. Este fenómeno ha dado pie a la proliferación de malware inteligente.
Algunos ejemplos de estas técnicas inteligentes son el uso de métodos de ofuscación,
de estrategias de infección dirigidas y de motores de activación basados en el contexto.
A pesar de que en las últimos décadas se han realizado avances importantes
en el análisis y la detección de malware en los ordenadores personales, adaptar y
portar estas técnicas a los dispositivos inteligentes es un problema difícil de resolver. En concreto, el consumo de energía es una de las principales limitaciones a las que
están expuestos estos dispositivos. Dicha limitación hace inasequible el uso de motores
tradicionales de detección. Por el contrario, el uso de estrategias de detección
externalizadas (es decir, basadas en la nube) suponen una gran amenaza para la
privacidad de sus usuarios.
Esta tesis analiza el problema del malware inteligente que adolece a estos dispositivos,
con el objetivo de diseñar y desarrollar nuevos enfoques que permitan ayudar a
los analistas de seguridad y los usuarios finales en la tarea de analizar aplicaciones. En
primer lugar, se presenta un análisis exhaustivo sobre la evolución que el malware ha
seguido en los últimos años, así como los avances más recientes enfocados a analizar
apps y detectar malware. Además, integramos y extendemos las herramientas de código
abierto más avanzadas utilizadas por la comunidad, y diseñamos un laboratorio
que permite analizar malware inteligente de forma versátil y polivalente.
En segundo lugar, se proponen una serie de técnicas dirigida a mejorar el análisis
de malware inteligente en escenarios dónde se requiere analizar importantes cantidad
de muestras. En concreto, se propone Dendroid, un sistema basado en minería de
textos que permite analizar conjuntos de apps de forma eficaz. Dendroid hace uso
de análisis estático de código para extraer una medida de la similitud entre distintas
las muestras de malware. Dicha distancia permitirá posteriormente clasificar cada
muestra en su correspondiente familia de malware de forma automática y con gran
precisión. Por otro lado, se propone una técnica de análisis dinámico de código,
llamada Alterdroid, que permite detectar automáticamente funcionalidad oculta y/o
ofuscada. Alterdroid introduce la un nuevo método de análisis basado en la inyección
de fallos y el análisis diferencial del comportamiento asociado. Por último, presentamos una evaluación del consumo energético asociado a diferentes
estrategias de externalización usadas para trasladar a la nube determinadas
tareas de seguridad. Para ello, desarrollamos un sistema llamado Meterdroid que permite
probar distintas funcionalidades y medir su consumo. Basados en los resultados
de este análisis, proponemos un sistema llamado Targetdroid que hace uso de la nube
para abordar el problema de la detección de malware dirigido o especializado. Dicho
sistema hace uso de modelos estocásticos para modelar el comportamiento del usuario
así como el contexto que les rodea. De esta forma, Targetdroid permite, además,
detectar de forma automática malware dirigido por medio de estos modelos.
Para finalizar, a partir de las conclusiones extraídas en esta Tesis, identificamos
una serie de líneas de investigación abiertas y trabajos futuros basados.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Francisco Javier López Muñoz.- Secretario: Jesús García Herrero.- Vocal: Nadarajah Asoka
Internet of Things From Hype to Reality
The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions
A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions
Security has become the primary concern in many telecommunications industries today as risks can have high consequences. Especially, as the core and enable technologies will be associated with 5G network, the confidential information will move at all layers in future wireless systems. Several incidents revealed that the hazard encountered by an infected wireless network, not only affects the security and privacy concerns, but also impedes the complex dynamics of the communications ecosystem. Consequently, the complexity and strength of security attacks have increased in the recent past making the detection or prevention of sabotage a global challenge. From the security and privacy perspectives, this paper presents a comprehensive detail on the core and enabling technologies, which are used to build the 5G security model; network softwarization security, PHY (Physical) layer security and 5G privacy concerns, among others. Additionally, the paper includes discussion on security monitoring and management of 5G networks. This paper also evaluates the related security measures and standards of core 5G technologies by resorting to different standardization bodies and provide a brief overview of 5G standardization security forces. Furthermore, the key projects of international significance, in line with the security concerns of 5G and beyond are also presented. Finally, a future directions and open challenges section has included to encourage future research.European CommissionNational Research Tomsk Polytechnic UniversityUpdate citation details during checkdate report - A
Securing Medical Devices and Protecting Patient Privacy in the Technological Age of Healthcare
The healthcare industry has been adopting technology at an astonishing rate. This technology has served to increase the efficiency and decrease the cost of healthcare around the country. While technological adoption has undoubtedly improved the quality of healthcare, it also has brought new security and privacy challenges to the industry that healthcare IT manufacturers are not necessarily fully prepared to address.
This dissertation explores some of these challenges in detail and proposes solutions that will make medical devices more secure and medical data more private. Compared to other industries the medical space has some unique challenges that add significant constraints on possible solutions to problems. For example, medical devices must operate reliably even in the face of attack. Similarly, due to the need to access patient records in an emergency, strict enforcement of access controls cannot be used to prevent unauthorized access to patient data. Throughout this work we will explore particular problems in depth and introduce novel technologies to address them.
Each chapter in this dissertation explores some aspect of security or privacy in the medical space. We present tools to automatically audit accesses in electronic medical record systems in order to proactively detect privacy violations; to automatically fingerprint network-facing protocols in order to non-invasively determine if particular devices are vulnerable to known attacks; and to authenticate healthcare providers to medical devices without a need for a password in a way that protects against all known attacks present in radio-based authentication technologies. We also present an extension to the widely-used beacon protocol in order to add security in the face of active attackers; and we demonstrate an overhead-free solution to protect embedded medical devices against previously unpreventable attacks that evade existing control- flow integrity enforcement techniques by leveraging insecure built-in features in order to maliciously exploit configuration vulnerabilities in devices
- …