8,107 research outputs found

    Configuration Management of Distributed Systems over Unreliable and Hostile Networks

    Get PDF
    Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems. This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration. Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture. The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn. Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts

    Disciplinary Differences and Scholarly Literature: Discovery, Browsing, and Formats

    Get PDF
    This study reports faculty experiences regarding the discovery of scholarly content, highlighting similarities and differences across a range of academic disciplines. The authors interviewed twenty-five faculty members at a public, high-research university in the Midwest to explore the intersections of discovery, browsing, and format from diverse disciplinary perspectives. Although most participants rely on similar discovery tools such as library catalogs and databases and Google Scholar, their discovery techniques varied according to the discipline and type of research being done. Browsing is not a standard method for discovery, but it is still done selectively and strategically by some scholars. Journal articles are the most important format across disciplines, but books, chapters, and conference proceedings are core for some scholars and should be considered when facilitating discovery. The findings detail several ways in which disciplinary and personal experiences shape scholars’ practices. The authors discuss the perceived disconnect between browsability, discovery, and access of scholarly literature and explore solutions that make the library central to discovery and browsing

    LIPIcs, Volume 251, ITCS 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 251, ITCS 2023, Complete Volum

    A Critical Review Of Post-Secondary Education Writing During A 21st Century Education Revolution

    Get PDF
    Educational materials are effective instruments which provide information and report new discoveries uncovered by researchers in specific areas of academia. Higher education, like other education institutions, rely on instructional materials to inform its practice of educating adult learners. In post-secondary education, developmental English programs are tasked with meeting the needs of dynamic populations, thus there is a continuous need for research in this area to support its changing landscape. However, the majority of scholarly thought in this area centers on K-12 reading and writing. This paucity presents a phenomenon to the post-secondary community. This research study uses a qualitative content analysis to examine peer-reviewed journals from 2003-2017, developmental online websites, and a government issued document directed toward reforming post-secondary developmental education programs. These highly relevant sources aid educators in discovering informational support to apply best practices for student success. Developmental education serves the purpose of addressing literacy gaps for students transitioning to college-level work. The findings here illuminate the dearth of material offered to developmental educators. This study suggests the field of literacy research is fragmented and highlights an apparent blind spot in scholarly literature with regard to English writing instruction. This poses a quandary for post-secondary literacy researchers in the 21st century and establishes the necessity for the literacy research community to commit future scholarship toward equipping college educators teaching writing instruction to underprepared adult learners

    Tradition and Innovation in Construction Project Management

    Get PDF
    This book is a reprint of the Special Issue 'Tradition and Innovation in Construction Project Management' that was published in the journal Buildings

    Next-Generation Industrial Control System (ICS) Security:Towards ICS Honeypots for Defence-in-Depth Security

    Get PDF
    The advent of Industry 4.0 and smart manufacturing has led to an increased convergence of traditional manufacturing and production technologies with IP communications. Legacy Industrial Control System (ICS) devices are now exposed to a wide range of previously unconsidered threats, which must be considered to ensure the safe operation of industrial processes. Especially as cyberspace is presenting itself as a popular domain for nation-state operations, including against critical infrastructure. Honeypots are a well-known concept within traditional IT security, and they can enable a more proactive approach to security, unlike traditional systems. More work needs to be done to understand their usefulness within OT and critical infrastructure. This thesis advances beyond current honeypot implementations and furthers the current state-of-the-art by delivering novel ways of deploying ICS honeypots and delivering concrete answers to key research questions within the area. This is done by answering the question previously raised from a multitude of perspectives. We discuss relevant legislation, such as the UK Cyber Assessment Framework, the US NIST Framework for Improving Critical Infrastructure Cybersecurity, and associated industry-based standards and guidelines supporting operator compliance. Standards and guidance are used to frame a discussion on our survey of existing ICS honeypot implementations in the literature and their role in supporting regulatory objectives. However, these deployments are not always correctly configured and might differ from a real ICS. Based on these insights, we propose a novel framework towards the classification and implementation of ICS honeypots. This is underpinned by a study into the passive identification of ICS honeypots using Internet scanner data to identify honeypot characteristics. We also present how honeypots can be leveraged to identify when bespoke ICS vulnerabilities are exploited within the organisational network—further strengthening the case for honeypot usage within critical infrastructure environments. Additionally, we demonstrate a fundamentally different approach to the deployment of honeypots. By deploying it as a deterrent, to reduce the likelihood that an adversary interacts with a real system. This is important as skilled attackers are now adept at fingerprinting and avoiding honeypots. The results presented in this thesis demonstrate that honeypots can provide several benefits to the cyber security of and alignment to regulations within the critical infrastructure environment

    Ditransitives in germanic languages. Synchronic and diachronic aspects

    Full text link
    This volume brings together twelve empirical studies on ditransitive constructions in Germanic languages and their varieties, past and present. Specifically, the volume includes contributions on a wide variety of Germanic languages, including English, Dutch, and German, but also Danish, Swedish, and Norwegian, as well as lesser-studied ones such as Faroese. While the first part of the volume focuses on diachronic aspects, the second part showcases a variety of synchronic aspects relating to ditransitive patterns. Methodologically, the volume covers both experimental and corpus-based studies. Questions addressed by the papers in the volume are, among others, issues like the cross-linguistic pervasiveness and cognitive reality of factors involved in the choice between different ditransitive constructions, or differences and similarities in the diachronic development of ditransitives. The volume’s broad scope and comparative perspective offers comprehensive insights into well-known phenomena and furthers our understanding of variation across languages of the same family

    20th SC@RUG 2023 proceedings 2022-2023

    Get PDF
    • …
    corecore