843 research outputs found
Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received
funding from the European Union’s Horizon 2020 research
and innovation programme under grant agreement No 644429
and No 780351, MUSA project and ENACT project,
respectively. We would also like to acknowledge all the
members of the MUSA Consortium and ENACT Consortium
for their valuable help
Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On
Single Sign-On (SSO) systems simplify login procedures by using an an
Identity Provider (IdP) to issue authentication tokens which can be consumed by
Service Providers (SPs). Traditionally, IdPs are modeled as trusted third
parties. This is reasonable for SSO systems like Kerberos, MS Passport and
SAML, where each SP explicitely specifies which IdP he trusts. However, in open
systems like OpenID and OpenID Connect, each user may set up his own IdP, and a
discovery phase is added to the protocol flow. Thus it is easy for an attacker
to set up its own IdP. In this paper we use a novel approach for analyzing SSO
authentication schemes by introducing a malicious IdP. With this approach we
evaluate one of the most popular and widely deployed SSO protocols - OpenID. We
found four novel attack classes on OpenID, which were not covered by previous
research, and show their applicability to real-life implementations. As a
result, we were able to compromise 11 out of 16 existing OpenID implementations
like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks
in a open source tool OpenID Attacker, which additionally allows fine-granular
testing of all parameters in OpenID implementations. Our research helps to
better understand the message flow in the OpenID protocol, trust assumptions in
the different components of the system, and implementation issues in OpenID
components. It is applicable to other SSO systems like OpenID Connect and SAML.
All OpenID implementations have been informed about their vulnerabilities and
we supported them in fixing the issues
A Survey of Techniques for Improving Security of GPUs
Graphics processing unit (GPU), although a powerful performance-booster, also
has many security vulnerabilities. Due to these, the GPU can act as a
safe-haven for stealthy malware and the weakest `link' in the security `chain'.
In this paper, we present a survey of techniques for analyzing and improving
GPU security. We classify the works on key attributes to highlight their
similarities and differences. More than informing users and researchers about
GPU security techniques, this survey aims to increase their awareness about GPU
security vulnerabilities and potential countermeasures
Investigation of Availability of Wireless Access Points based on Embedded Systems
The paper presents the results of load testing of embedded hardware platforms for Internet of Things solutions. Analyzed the available hardware. The operating systems from different manufacturers were consolidated into a single classification, and for the two most popular, load testing was performed by an external and internal wireless network adapter. Developed its own software solution based on the Python programming language. The number of wireless subscribers ranged from 7 to 14. Experimental results will be useful in deploying wireless infrastructure for small commercial and scientific wireless networks
Security and trust in a Network Functions Virtualisation Infrastructure
L'abstract è presente nell'allegato / the abstract is in the attachmen
Building Security Aware E-Commerce Web Applications
In the past decade, there has been a rapid increase in Electronic commerce (e-commerce) activity via web applications. With this increase, there is a need for building a good quality application. One of the major factors to achieve quality is the application’s security. This paper discusses about how alarming the threats posed to the e-commerce applications are, how can one counteract against the threats, what are the mistakes made by the current e-commerce applications which enabled them to get affected by the security attacks, how they recovered from the incidents, takes the opinions from the consumers with the help of a survey, proposes a methodology to be followed while developing an e-commerce web application to make the application aware about the threats and take countermeasures accordingly
Aplicação de mecanismos baseados em broker para ligação de terminais a redes móveis
In recent years, mobile data traffic has been growing with the increase of equipments
connected to the network. Due to user demand, network operators have
to continuously upgrade their networks and keep the costs low. Nowadays, to do
this upgrade, the operator needs to acquire new equipment, leading to a very high
investment. 5G aims to provide more scalability and flexibility on the network.
For this, the 5G system architecture is built based on a cloud-native, which means
Service Based Architecture (SBA) in the core network. SBA aims to provide connectivity
with all access technologies, introducing more redundancy in the control
plane’s resiliency and operational efficiency. Additionaly, instead of using dedicated
interfaces between each pair of interacting core functions, they now communicate
through a Service-Based Interface (SBI), aiming for greater flexibility and simplicity.
The OpenAirInterface (OAI) is an open-source software platform that aims to
provide an approximation to the 3GPP standards of the 4G and 5G networks. This
thesis provides a study of the impact of the SBA in the control plane. For that,
we used an architecture that evolves the Evolved Packet Core (EPC) into a core
network close to 5G Core (5GC) by introducing a broker. The broker is integrated
between the modules in the control plane, wherein they have to order requests to
communicate with each other. The proposed architecture consists of integrating
the broker on the OAI platform, evaluating it, and comparing it with the original
EPC.Nos últimos anos, o tráfego de dados móveis tem vindo a crescer com o aumento
de equipamentos ligados à rede. Devido à demanda do utilizador, os operadores
de rede necessitam de atualizar continuamente a sua rede e manter os custos
baixos. Atualmente, para essa atualização, o operador precisa de adquirir novos
equipamentos, tendo um investimento muito elevado. O 5G via fornecer maior
escalabilidade e flexibilidade na rede. Para isso, a arquitetura do sistema 5G é
construída com base numa nuvem nativa, o que significa uma arquitetura baseada
em serviços na rede “core”. Este tipo de arquitetura visa fornecer conectividade
independentemente da tecnologia de acesso, introduzindo maior redundância na
resiliência no plano de controlo e eficiência operacional. Adicionalmente, ao invés
de interfaces dedicadas entre cada par de funções de rede “core” intervenientes,
as mesmas comunicam através de uma interface baseada em serviços, com vista a
uma maior flexibilidade e simplicidade.
OpenAirInterface (OAI) é uma plataforma de software de código aberto que visa
fornecer uma aproximação aos padrões 3GPP das redes 4G e 5G. Esta dissertação
fornece um estudo do impacto de uma arquitetura baseada em serviços no plano
de controlo. Para isso, utilizou-se uma arquitetura que evolui o Evolved Packet
Core (EPC) para uma rede “core” próxima da 5G Core (5GC), introduzindo um
broker. Um broker é integrado entre os módulos do plano de controlo, no qual estes
para comunicarem entre si necessitam de realizar pedidos. A abordagem utilizada
consiste na integração de um broker na plataforma OAI, avaliando o seu impacto
comparando com o EPC original.Mestrado em Engenharia de Computadores e Telemátic
- …