Analysis of Security Vulnerabilities in Web Applications using Threat Modeling

Software security issues have been a major concern to the cyberspace community; therefore, a great deal of research on security testing has been performed, and various security testing techniques have been developed. A security process that is integrated into the application development cycle is required for creating a secure system. A part of this process is to create a threat profile for an application. The present project explains this process as a case study for analyzing a web application using Threat Modeling. This analysis can be used in the security testing approach that derives test cases from design level artifacts

Viiteraamistik turvariskide haldamiseks plokiahela abil

Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain näib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapõhiseid rakendusi peetakse vähem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hõbekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tõhusal käsitlemisel. Üldiselt käsitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapõhiste rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapõhine võrdlusmudel (PV), mis järgib TJ-e domeenimudelit. Järgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kõrgema taseme võrdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. Mõlemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapõhiste rakenduste TJ-es. Lisaks koostasime veebipõhise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapõhine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dünaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vähendab traditsiooniliste ja plokiahelapõhiste rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applications’ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applications’ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352

TEDDI: Tamper Event Detection on Distributed Cyber-Physical Systems

Edge devices, or embedded devices installed along the periphery of a power grid SCADA network, pose a significant threat to the grid, as they give attackers a convenient entry point to access and cause damage to other essential equipment in substations and control centers. Grid defenders would like to protect these edge devices from being accessed and tampered with, but they are hindered by the grid defender\u27s dilemma; more specifically, the range and nature of tamper events faced by the grid (particularly distributed events), the prioritization of grid availability, the high costs of improper responses, and the resource constraints of both grid networks and the defenders that run them makes prior work in the tamper and intrusion protection fields infeasible to apply. In this thesis, we give a detailed description of the grid defender\u27s dilemma, and introduce TEDDI (Tamper Event Detection on Distributed Infrastructure), a distributed, sensor-based tamper protection system built to solve this dilemma. TEDDI\u27s distributed architecture and use of a factor graph fusion algorithm gives grid defenders the power to detect and differentiate between tamper events, and also gives defenders the flexibility to tailor specific responses for each event. We also propose the TEDDI Generation Tool, which allows us to capture the defender\u27s intuition about tamper events, and assists defenders in constructing a custom TEDDI system for their network. To evaluate TEDDI, we collected and constructed twelve different tamper scenarios, and show how TEDDI can detect all of these events and solve the grid defender\u27s dilemma. In our experiments, TEDDI demonstrated an event detection accuracy level of over 99% at both the information and decision point levels, and could process a 99-node factor graph in under 233 microseconds. We also analyzed the time and resources needed to use TEDDI, and show how it requires less up-front configuration effort than current tamper protection solutions

Secure Configuration and Management of Linux Systems using a Network Service Orchestrator.

Manual management of the configuration of network devices and computing devices (hosts) is an error-prone task. Centralized automation of these tasks can lower the costs of management, but can also introduce unknown or unanticipated security risks. Misconfiguration (deliberate (by outsiders) or inadvertent (by insiders)) can expose a system to significant risks. Centralized network management has seen significant progress in recent years, resulting in model-driven approaches that are clearly superior to previous "craft" methods. Host management has seen less development. The tools available have developed in separate task-specific ways. This thesis explores two aspects of the configuration management problem for hosts: (1) implementing host management using the model-driven (network) management tools; (2) establishing the relative security of traditional methods and the above proposal for model driven host management. It is shown that the model-driven approach is feasible, and the security of the model driven approach is significantly higher than that of existing approaches

Active FPGA Security through Decoy Circuits

Field Programmable Gate Arrays (FPGAs) based on Static Random Access Memory (SRAM) are vulnerable to tampering attacks such as readback and cloning attacks. Such attacks enable the reverse engineering of the design programmed into an FPGA. To counter such attacks, measures that protect the design with low performance penalties should be employed. This research proposes a method which employs the addition of active decoy circuits to protect SRAM FPGAs from reverse engineering. The effects of the protection method on security, execution time, power consumption, and FPGA resource usage are quantified. The method significantly increases the security of the design with only minor increases in execution time, power consumption, and resource usage. For the circuits used to characterize the method, security increased to more than one million times the original values, while execution time increased to at most 1.2 times, dynamic power consumption increased to at most two times, and look-up table usage increased to at most seven times the original values. These are reasonable penalties given the size and security of the modified circuits. The proposed design protection method also extends to FPGAs based on other technologies and to Application-Specific Integrated Circuits (ASICs). In addition to the design methodology proposed, a new classification of tampering attacks and countermeasures is presented

Nota Bene, February 16, 2000

https://scholarship.law.gwu.edu/nota_bene_2000/1001/thumbnail.jp

Sustainability of Solar PV Institutions in Malawi

The sustainability challenges of off-grid community energy projects using solar photovoltaics in Malawi have been widely acknowledged. However, little formal evidence has been produced regarding the factors that affect the sustainability of these projects. Under the MREAP, a study was commissioned to generate more conclusive evidence around the sustainability challenges of the current stock of schools, health centres, and other rural public institutions. An original data set consisting of performance data from 5 sustainability ‘pillars’, consisting of economic, technical, social, organizational, and environmental has been captured for 43 systems in rural Malawi. The results confirm existing anecdotal evidence and suggest that the majority of installed projects can be considered ‘unsustainable’ and at risk of failure in the near future. Many projects are now unsupported, are partially or completely non-functional, and are without reliable and effective means to resuscitate performance. Projects are ranked (relatively) in terms of overall sustainability and factors for improved sustainability are discussed. Our analysis demonstrates the complicated interactions between sustainability pillars and highlights the need for a holistic approach to project design and implementation

Enabling Recovery of Secure Non-Volatile Memories

Emerging non-volatile memories (NVMs), such as phase change memory (PCM), spin-transfer torque RAM (STT-RAM) and resistive RAM (ReRAM), have dual memory-storage characteristics and, therefore, are strong candidates to replace or augment current DRAM and secondary storage devices. The newly released Intel 3D XPoint persistent memory and Optane SSD series have shown promising features. However, when these new devices are exposed to events such as power loss, many issues arise when data recovery is expected. In this dissertation, I devised multiple schemes to enable secure data recovery for emerging NVM technologies when memory encryption is used. With the data-remanence feature of NVMs, physical attacks become easier; hence, emerging NVMs are typically paired with encryption. In particular, counter-mode encryption is commonly used due to its performance and security advantages over other schemes (e.g., electronic codebook encryption). However, enabling data recovery in power failure events requires the recovery of security metadata associated with data blocks. Naively writing security metadata updates along with data for each operation can further exacerbate the write endurance problem of NVMs as they have limited write endurance and very slow write operations. Therefore, it is necessary to enable the recovery of data and security metadata (encryption counters) but without incurring a significant number of writes. The first work of this dissertation presents an explanation of Osiris, a novel mechanism that repurposes error correcting code (ECC) co-located with data to enable recovery of encryption counters by additionally serving as a sanity-check for encryption counters used. Thus, by using a stop-loss mechanism with a limited number of trials, ECC can be used to identify which encryption counter that was used most recently to encrypt the data and, hence, allow correct decryption and recovery. The first work of this dissertation explores how different stop-loss parameters along with optimizations of Osiris can potentially reduce the number of writes. Overall, Osiris enables the recovery of encryption counters while achieving better performance and fewer writes than a conventional write-back caching scheme of encryption counters, which lacks the ability to recover encryption counters. Later, in the second work, Osiris implementation is expanded to work with different counter-mode memory encryption schemes, where we use an epoch-based approach to periodically persist updated counters. Later, when a crash occurs, we can recover counters through test-and-verification to identify the correct counter within the size of an epoch for counter recovery. Our proposed scheme, Osiris-Global, incurs minimal performance overheads and write overheads in enabling the recovery of encryption counters. In summary, the findings of the present PhD work enable the recovery of secure NVM systems and, hence, allows persistent applications to leverage the persistency features of NVMs. Meanwhile, it also minimizes the number of writes required in meeting this crash consistency requirement of secure NVM systems

Angular positioning of a door or window - using a MEMS accelerometer and a magnetometer

The accurate and reliable detection of opening of doors and windows is vital for home security applications. This master thesis aims to present a way to achieve this using a low-cost and low-power ecompass, containing a MEMS accelerometer and a magnetometer. This has been achieved by attaching such a device to a door and collecting sensor data when opening and closing the door. Said data were then analysed in the Matlab environment to study the impact of different methods found in literature to correct for errors in measurements. These include Zero Velocity Compensation for the accelerometer values and hard- and soft-iron compensation for the magnetometer. Thereafter the angle of opening has been calculated, using corrected measurement values. The finished algorithm has also been adapted for implementation on a Cortex-M4 CPU as this, or a similar processor, is likely what is available to use with the e-compass in a real world application. This also motivates the adjustment of the algorithm to use less memory. Finally said implementation has been performed. The results show that it is possible to correct for most of the errors of the accelerometer, but the errors that are left will still propagate to the angular calculations, causing the angle to drift. This can be compensated for by using the angle calculated from magnetometer measurements. The correction of effects affecting the magnetometer is also mostly successful. Likewise the implementation of the algorithm on the processor shows promising results. However, to generalise the algorithm to work on all kinds of doors, as opposed to only the doors it has been developed on, further studies are required.Detection of breaking and entering using an eCompass To stop breaking and entering a new way of detecting the opening of doors or windows has been developed in collaboration with Verisure Innovation AB. The method is based on sensor data from a device called an eCompass, made up of an accelerometer and a magnetometer. In home security it is important to determine if a door or window is open or closed, as an opening when the alarm is activated might indicate an attempted burglary. Some sort of sensor to be placed on the door or window for this detection is required. Today a magnetic contact is often used. However, to provide options that could increase power efficiency, decrease cost or simplify the installation, an alternative component has been investigated. Since it is a consumer product, placed on doors and windows, it will need to be wireless; a component requiring chords everywhere would not be popular. This means that it needs to be battery-powered. To limit the amount of service, the device should still have a life-span of several years. Therefore it simply needs to be very low-power. Recent development of the accelerometers on the market provides just such a sensor; low power and sensitive enough to react to movement of the door or window. Not to forget, it is also affordable. An accelerometer is a component measuring acceleration acting on it. When a door is opened the outer edges of the door will move in a demi-circle. By placing the accelerometer close to the outer edge of the door, the acceleration when opening the door can be measured. From the acceleration it is possible to calculate an angle of the door in relation to the starting position. These calculations are subjected to certain problems: Firstly, errors will cause the calculated angles to drift. Secondly, the noise levels of the accelerometer will hide very low accelerations. During a burglary the burglar might try to escape notice by opening the door utterly slowly. Therefore some kind of verification of the angle is needed to counteract the drift and detect slow openings. One good option for this is to include a magnetometer. This is a component that measures magnetic fields. Combined with an accelerometer it is often referred to as an eCompass. As the name implies, it measures the compass heading, that is the angle relative to north. When attached to the door this angle will change as the door turns during opening. This can be related to the angle relative to the closed door by simply subtracting the compass heading of the door when closed. Then the resulting angle of the closed door is 0 degrees. This method has been tested and works in real life on doors, showing the angle of opening. By setting a limit of around 2 degrees for the "open" state of the door (to combat false negatives due to errors, while still having too small an angle for anyone to pass through) the "open" or "closed" state of the door can be determined. The inclusion of another component for the algorithm will cause the power consumption to increase, especially since the magnetometer has around 10 times higher power consumption than the accelerometer. To counteract this one could decrease the sampling rate of foremost the magnetometer. Since the accelerometer is very good at detecting motion, the main point of the magnetometer is to detect slow opening of doors. For that purpose it does not need to be sampled very often. It should therefore be possible to optimize the algorithm so that the magnetometer only detects openings too slow for the accelerometer, while the latter detects the fast openings. To sum up, it is possible to use the combination of an accelerometer and a magnetometer to determine the opening angle of a door or window. The power consumption can also be controlled by optimizing the algorithm

Synthetic steganography: Methods for generating and detecting covert channels in generated media

Issues of privacy in communication are becoming increasingly important. For many people and businesses, the use of strong cryptographic protocols is sufficient to protect their communications. However, the overt use of strong cryptography may be prohibited or individual entities may be prohibited from communicating directly. In these cases, a secure alternative to the overt use of strong cryptography is required. One promising alternative is to hide the use of cryptography by transforming ciphertext into innocuous-seeming messages to be transmitted in the clear. ^ In this dissertation, we consider the problem of synthetic steganography: generating and detecting covert channels in generated media. We start by demonstrating how to generate synthetic time series data that not only mimic an authentic source of the data, but also hide data at any of several different locations in the reversible generation process. We then design a steganographic context-sensitive tiling system capable of hiding secret data in a variety of procedurally-generated multimedia objects. Next, we show how to securely hide data in the structure of a Huffman tree without affecting the length of the codes. Next, we present a method for hiding data in Sudoku puzzles, both in the solved board and the clue configuration. Finally, we present a general framework for exploiting steganographic capacity in structured interactions like online multiplayer games, network protocols, auctions, and negotiations. Recognizing that structured interactions represent a vast field of novel media for steganography, we also design and implement an open-source extensible software testbed for analyzing steganographic interactions and use it to measure the steganographic capacity of several classic games. ^ We analyze the steganographic capacity and security of each method that we present and show that existing steganalysis techniques cannot accurately detect the usage of the covert channels. We develop targeted steganalysis techniques which improve detection accuracy and then use the insights gained from those methods to improve the security of the steganographic systems. We find that secure synthetic steganography, and accurate steganalysis thereof, depends on having access to an accurate model of the cover media