Study of Blacklisted Malicious Domains from a Microsoft Windows End-user Perspective: Is It Safe Behind the Wall?

The Internet is a dangerous place, filled with dierent cyber threats, including malware. To withstand this, blacklists have been utilized for a long time to block known infection and delivery sources. However, through blacklisting the domain names we are leaving a landscape of threats to be unknown and forgotten. In this paper, first, we investigate the current state-of-the-art in cyber threats available on such blacklists. Then, we study the corresponding malicious actors and reveal that those persistently appear since 2006. By shedding light on this part of the cyber threat landscape we target increased information security perception of the landscape from the perspective of the average end-user. Moreover, it is clear that the blacklisting the domains should not be one-way function and need to be regularly re-evaluated. Moreover, blacklisting might not be enforced by client applications in addition to outdated system software leaving real danger. For practical evaluation, we created a multi-focused experimental setup employing different MS Windows OS and browser versions. This allowed us to perform a thorough analysis of blacklisted domains from the perspective of the published information, content retrieved and possible malware distribution campaigns. We believe that this paper serves as a stepping stone in a re-evaluation of the once found and then blacklisted domains from the perspective of minimal security protection of a general user, who might not be equipped with a blacklisting mechanism

DETECTION AND PREVENTION OF MISUSE OF SOFTWARE COMPONENTS

Ph.DDOCTOR OF PHILOSOPH

Economic indicators used for EU projects, in other criteria of aggregation than national / regional

Economical and social indicators are created and published for national and regional dimensions. Nowadays, both local and territorial indicators are really able to define more adequate the stage of social and economical development and to illustrate the impact of European programs and projects in fields like: long lasting development, entrepreneurial development, scientific research development and strategies, education and learning resources, IT resources, dissemination of European culture etc. If in the first part, there is only quantitative information, offered by our National Institute of Statistics (NIS), in the following few examples of some useful economical and social indicators provide a dynamic vision in defining objectives, methods and implementation Thus the need for a quantitative framework of local and territorial indicators demands for an original statistical methodology.gross domestic product, indicators in macro, mezo and micro economics, weight of selected, factors, representative methodology

Distributed detection of anomalous internet sessions

Financial service providers are moving many services online reducing their costs and facilitating customers¿ interaction. Unfortunately criminals have quickly found several ways to avoid most security measures applied to browsers and banking sites. The use of highly dangerous malware has become the most significant threat and traditional signature-detection methods are nowadays easily circumvented due to the amount of new samples and the use of sophisticated evasion techniques. Antivirus vendors and malware experts are pushed to seek for new methodologies to improve the identification and understanding of malicious applications behavior and their targets. Financial institutions are now playing an important role by deploying their own detection tools against malware that specifically affect their customers. However, most detection approaches tend to base on sequence of bytes in order to create new signatures. This thesis approach is based on new sources of information: the web logs generated from each banking session, the normal browser execution and customers mobile phone behavior. The thesis can be divided in four parts: The first part involves the introduction of the thesis along with the presentation of the problems and the methodology used to perform the experimentation. The second part describes our contributions to the research, which are based in two areas: *Server side: Weblogs analysis. We first focus on the real time detection of anomalies through the analysis of web logs and the challenges introduced due to the amount of information generated daily. We propose different techniques to detect multiple threats by deploying per user and global models in a graph based environment that will allow increase performance of a set of highly related data. *Customer side: Browser analysis. We deal with the detection of malicious behaviors from the other side of a banking session: the browser. Malware samples must interact with the browser in order to retrieve or add information. Such relation interferes with the normal behavior of the browser. We propose to develop models capable of detecting unusual patterns of function calls in order to detect if a given sample is targeting an specific financial entity. In the third part, we propose to adapt our approaches to mobile phones and Critical Infrastructures environments. The latest online banking attack techniques circumvent protection schemes such password verification systems send via SMS. Man in the Mobile attacks are capable of compromising mobile devices and gaining access to SMS traffic. Once the Transaction Authentication Number is obtained, criminals are free to make fraudulent transfers. We propose to model the behavior of the applications related messaging services to automatically detect suspicious actions. Real time detection of unwanted SMS forwarding can improve the effectiveness of second channel authentication and build on detection techniques applied to browsers and Web servers. Finally, we describe possible adaptations of our techniques to another area outside the scope of online banking: critical infrastructures, an environment with similar features since the applications involved can also be profiled. Just as financial entities, critical infrastructures are experiencing an increase in the number of cyber attacks, but the sophistication of the malware samples utilized forces to new detection approaches. The aim of the last proposal is to demonstrate the validity of out approach in different scenarios. Conclusions. Finally, we conclude with a summary of our findings and the directions for future work

Economic indicators used for EU projects, in other criteria of aggregation than national / regional

Economical and social indicators are created and published for national and regional dimensions. Nowadays, both local and territorial indicators are really able to define more adequate the stage of social and economical development and to illustrate the impact of European programs and projects in fields like: long lasting development, entrepreneurial development, scientific research development and strategies, education and learning resources, IT resources, dissemination of European culture etc. If in the first part, there is only quantitative information, offered by our National Institute of Statistics (NIS), in the following few examples of some useful economical and social indicators provide a dynamic vision in defining objectives, methods and implementation Thus the need for a quantitative framework of local and territorial indicators demands for an original statistical methodology

Economic indicators used for EU projects, in other criteria of aggregation than national / regional

Economical and social indicators are created and published for national and regional dimensions. Nowadays, both local and territorial indicators are really able to define more adequate the stage of social and economical development and to illustrate the impact of European programs and projects in fields like: long lasting development, entrepreneurial development, scientific research development and strategies, education and learning resources, IT resources, dissemination of European culture etc. If in the first part, there is only quantitative information, offered by our National Institute of Statistics (NIS), in the following few examples of some useful economical and social indicators provide a dynamic vision in defining objectives, methods and implementation Thus the need for a quantitative framework of local and territorial indicators demands for an original statistical methodology

Program Analysis Based Approaches to Ensure Security and Safety of Emerging Software Platforms

Our smartphones, homes, hospitals, and automobiles are being enhanced with software that provide an unprecedentedly rich set of functionalities, which has created an enormous market for the development of software that run on almost every personal computing devices in a person's daily life, including security- and safety-critical ones. However, the software development support provided by the emerging platforms also raises security risks by allowing untrusted third-party code, which can potentially be buggy, vulnerable or even malicious to control user's device. Moreover, as the Internet-of-Things (IoT) technology is gaining vast adoptions by a wide range of industries, and is penetrating every aspects of people's life, safety risks brought by the open software development support of the emerging IoT platform (e.g., smart home) could bring more severe threat to the well-being of customers than what security vulnerabilities in mobile apps have done to a cell phone user. To address this challenge posed on the software security in emerging domains, my dissertation focuses on the flaws, vulnerabilities and malice in the software developed for platforms in these domains. Specifically, we demonstrate that systematic program analyses of software (1) Lead to an understanding of design and implementation flaws across different platforms that can be leveraged in miscellaneous attacks or causing safety problems; (2) Lead to the development of security mechanisms that limit the potential for these threats.We contribute static and dynamic program analysis techniques for three modern platforms in emerging domains -- smartphone, smart home, and autonomous vehicle. Our app analysis reveals various different vulnerabilities and design flaws on these platforms, and we propose (1) static analysis tool OPAnalyzer to automates the discovery of problems by searching for vulnerable code patterns; (2) dynamic testing tool AutoFuzzer to efficiently produce and capture domain specific issues that are previously undefined; and (3) propose new access control mechanism ContexIoT to strengthen the platform's immunity to the vulnerability and malice in third-party software. Concretely, we first study a vulnerability family caused by the open ports on mobile devices, which allows remote exploitation due to insufficient protection. We devise a tool called OPAnalyzer to perform the first systematic study of open port usage and their security implications on mobile platform, which effectively identify and characterize vulnerable open port usage at scale in popular Android apps. We further identify the lack of context-based access control as a main enabler for such attacks, and begin to seek for defense solution to strengthen the system security. We study the popular smart home platform, and find the existing access control mechanisms to be coarse-grand, insufficient, and undemanding. Taking lessons from previous permission systems, we propose the ContexIoT approach, a context-based permission system for IoT platform that supports third-party app development, which protects the user from vulnerability and malice in these apps through fine-grained identification of context. Finally, we design dynamic fuzzing tool, AutoFuzzer for the testing of self-driving functionalities, which demand very high code quality using improved testing practice combining the state-of-the-art fuzzing techniques with vehicular domain knowledge, and discover problems that lead to crashes in safety-critical software on emerging autonomous vehicle platform.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/145845/1/jackjia_1.pd

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

Web attack risk awareness with lessons learned from high interaction honeypots

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2009Com a evolução da web 2.0, a maioria das empresas elabora negócios através da Internet usando aplicações web. Estas aplicações detêm dados importantes com requisitos cruciais como confidencialidade, integridade e disponibilidade. A perda destas propriedades influencia directamente o negócio colocando-o em risco. A percepção de risco providencia o necessário conhecimento de modo a agir para a sua mitigação. Nesta tese foi concretizada uma colecção de honeypots web de alta interacção utilizando diversas aplicações e sistemas operativos para analisar o comportamento do atacante. A utilização de ambientes de virtualização assim como ferramentas de monitorização de honeypots amplamente utilizadas providencia a informação forense necessária para ajudar a comunidade de investigação no estudo do modus operandi do atacante, armazenando os últimos exploits e ferramentas maliciosas, e a desenvolver as necessárias medidas de protecção que lidam com a maioria das técnicas de ataque. Utilizando a informação detalhada de ataque obtida com os honeypots web, o comportamento do atacante é classificado entre diferentes perfis de ataque para poderem ser analisadas as medidas de mitigação de risco que lidam com as perdas de negócio. Diferentes frameworks de segurança são analisadas para avaliar os benefícios que os conceitos básicos de segurança dos honeypots podem trazer na resposta aos requisitos de cada uma e a consequente mitigação de risco.With the evolution of web 2.0, the majority of enterprises deploy their business over the Internet using web applications. These applications carry important data with crucial requirements such as confidentiality, integrity and availability. The loss of those properties influences directly the business putting it at risk. Risk awareness provides the necessary know-how on how to act to achieve its mitigation. In this thesis a collection of high interaction web honeypots is deployed using multiple applications and diverse operating systems in order to analyse the attacker behaviour. The use of virtualization environments along with widely used honeypot monitoring tools provide the necessary forensic information that helps the research community to study the modus operandi of the attacker gathering the latest exploits and malicious tools and to develop adequate safeguards that deal with the majority of attacking techniques. Using the detailed attacking information gathered with the web honeypots, the attacking behaviour will be classified across different attacking profiles to analyse the necessary risk mitigation safeguards to deal with business losses. Different security frameworks commonly used by enterprises are analysed to evaluate the benefits of the honeypots security concepts in responding to each framework’s requirements and consequently mitigating the risk

Design of a Wearable Ultrasound System

Ultrasound imaging is a safe and powerful tool for providing detailed still and moving images of the human body. Most of today’s ultrasound systems are housed on a movable cart and designed for use within a clinical setting, such as in a hospital or doctor’s office. This configuration hinders its use in locations lacking controlled environments and stable power sources. Example locations include ambulances, disaster sights, war zones and rural medicine. A wearable ultrasound system, in the form of a vest worn by a sonographer, has been developed as a complete solution for performing untethered ultrasound examinations. The heart of the system is an enclosure containing an embedded computer running the Windows XP operating system, and a custom power supply. The power supply integrates a battery charger, a switching regulator, two linear regulators, a variable speed fan controller and a microcontroller providing an interface for monitoring and control to the embedded computer. Operation of the system is generally accomplished through the use of voice commands, but it may also be operated using a hand-held mouse. It is capable of operating for a full day, using two batteries contained in the vest. In addition, the system has the capability to wirelessly share live images with remote viewers in real-time, while also permitting full duplex voice communication. An integrated web-server also provides for the wireless retrieval of stored images, image loops and other information using a web-browser