Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues

A Survey of Techniques for Improving Security of GPUs

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link' in the security `chain'. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures

Investigation of Availability of Wireless Access Points based on Embedded Systems

The paper presents the results of load testing of embedded hardware platforms for Internet of Things solutions. Analyzed the available hardware. The operating systems from different manufacturers were consolidated into a single classification, and for the two most popular, load testing was performed by an external and internal wireless network adapter. Developed its own software solution based on the Python programming language. The number of wireless subscribers ranged from 7 to 14. Experimental results will be useful in deploying wireless infrastructure for small commercial and scientific wireless networks

Security and trust in a Network Functions Virtualisation Infrastructure

L'abstract è presente nell'allegato / the abstract is in the attachmen

Building Security Aware E-Commerce Web Applications

In the past decade, there has been a rapid increase in Electronic commerce (e-commerce) activity via web applications. With this increase, there is a need for building a good quality application. One of the major factors to achieve quality is the application’s security. This paper discusses about how alarming the threats posed to the e-commerce applications are, how can one counteract against the threats, what are the mistakes made by the current e-commerce applications which enabled them to get affected by the security attacks, how they recovered from the incidents, takes the opinions from the consumers with the help of a survey, proposes a methodology to be followed while developing an e-commerce web application to make the application aware about the threats and take countermeasures accordingly

Aplicação de mecanismos baseados em broker para ligação de terminais a redes móveis

In recent years, mobile data traffic has been growing with the increase of equipments connected to the network. Due to user demand, network operators have to continuously upgrade their networks and keep the costs low. Nowadays, to do this upgrade, the operator needs to acquire new equipment, leading to a very high investment. 5G aims to provide more scalability and flexibility on the network. For this, the 5G system architecture is built based on a cloud-native, which means Service Based Architecture (SBA) in the core network. SBA aims to provide connectivity with all access technologies, introducing more redundancy in the control plane’s resiliency and operational efficiency. Additionaly, instead of using dedicated interfaces between each pair of interacting core functions, they now communicate through a Service-Based Interface (SBI), aiming for greater flexibility and simplicity. The OpenAirInterface (OAI) is an open-source software platform that aims to provide an approximation to the 3GPP standards of the 4G and 5G networks. This thesis provides a study of the impact of the SBA in the control plane. For that, we used an architecture that evolves the Evolved Packet Core (EPC) into a core network close to 5G Core (5GC) by introducing a broker. The broker is integrated between the modules in the control plane, wherein they have to order requests to communicate with each other. The proposed architecture consists of integrating the broker on the OAI platform, evaluating it, and comparing it with the original EPC.Nos últimos anos, o tráfego de dados móveis tem vindo a crescer com o aumento de equipamentos ligados à rede. Devido à demanda do utilizador, os operadores de rede necessitam de atualizar continuamente a sua rede e manter os custos baixos. Atualmente, para essa atualização, o operador precisa de adquirir novos equipamentos, tendo um investimento muito elevado. O 5G via fornecer maior escalabilidade e flexibilidade na rede. Para isso, a arquitetura do sistema 5G é construída com base numa nuvem nativa, o que significa uma arquitetura baseada em serviços na rede “core”. Este tipo de arquitetura visa fornecer conectividade independentemente da tecnologia de acesso, introduzindo maior redundância na resiliência no plano de controlo e eficiência operacional. Adicionalmente, ao invés de interfaces dedicadas entre cada par de funções de rede “core” intervenientes, as mesmas comunicam através de uma interface baseada em serviços, com vista a uma maior flexibilidade e simplicidade. OpenAirInterface (OAI) é uma plataforma de software de código aberto que visa fornecer uma aproximação aos padrões 3GPP das redes 4G e 5G. Esta dissertação fornece um estudo do impacto de uma arquitetura baseada em serviços no plano de controlo. Para isso, utilizou-se uma arquitetura que evolui o Evolved Packet Core (EPC) para uma rede “core” próxima da 5G Core (5GC), introduzindo um broker. Um broker é integrado entre os módulos do plano de controlo, no qual estes para comunicarem entre si necessitam de realizar pedidos. A abordagem utilizada consiste na integração de um broker na plataforma OAI, avaliando o seu impacto comparando com o EPC original.Mestrado em Engenharia de Computadores e Telemátic