Using kerberos for enterprise cloud authentication

The Kerberos authentication protocol has a maturity of approximately thirty years, being widely used in IT systems in the corporate environment, mainly due to its adoption by Microsoft in its operating systems. Moreover, the practical application of the Cloud computing and its concepts is in its early days regarding its adoption by organizations, especially the large companies. This study aims to investigate the practical applications of the Kerberos protocol for authentication of enterprise applications deployed in the cloud, looking from both the f unctional and security perspective. To achieve this goal, it will be necessary to evaluate its applicability to the Cloud and assess whether it keeps the security characteristics found when using it only inside the corporate network.O protocolo de autenticação Kerberos apresenta uma maturidade de aproximadamente trinta anos, sendo amplamente utilizado nos sistemas de TI no meio corporativo, principalmente devido à sua adopção pela Microsoft nos seus sistemas operativos. Por outro lado, a aplicação prática dos conceitos de computação na nuvem encontra-se nos seus primeiros passos no que diz respeito à adopção pelas empresas, principalmente as de grande porte. Este estudo propõe-se a investigar as possibilidades práticas do protocolo Kerberos para autenticação de aplicações corporativas implementadas na nuvem, do ponto de vista funcional e de segurança. Para alcançar esse objectivo, será necessário avaliar sua aplicabilidade à nuvem e fazer um levantamento para validar se o protocolo mantêm as características de segurança encontrada quando utilizado somente na rede corporativa

Security Testing: A Survey

Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application

An approach for joint estimation of physical and logical security by semantic modelling

Key activities in critical systems are the monitoring, observation and comprehension of different phenomena, aimed at providing an updated and meaningful description of the monitored scenario, as well as its possible evolutions, to enable proper decisions and countermeasures for the protection and safety of people and things. The threats coming from many different sources, internally and externally. The diffusion of new technologies have made more accessible the assets of a system. In this thesis we demonstrate that the use of a semantic model for the information management it is suitable in order to meet these issues. In particular, thesis proposes and implement a methodology and approach for the early situation awareness recognizing a threat situation on time, for decision support to automatically activate recovery strategies. The threat on which the thesis focus on are regarded the logical and physical security. In particular for the logical security estimation will be presented a an approach guided by metrics. Then will be presented some results and example of real application

Implementação de sistema SIEM open-source em conformidade com o RGPD

É inegável que um dos grandes desafios das Organizações é o de garantir a segurança dos seus dados, sendo que o Regulamento Geral de Proteção de Dados (RGPD) veio aumentar o nível de complexidade da segurança de um sistema informático, pois impõe que sejam aplicados níveis de proteção acrescidos. Os sistemas Security Information and Event Management (SIEM) podem ajudar a ultrapassar os desafios criados pela obrigatoriedade do cumprimento do RGPD, pois permitem a definição de medidas técnicas para a proteção e controlo dos dados pessoais. Com o crescente aumento e a complexidade dos ataques informáticos, a implementação de um SIEM vai permitir mitigar os riscos e contribuir para proteger a informação, muitas vezes sigilosa, que as Organizações possuem, como por exemplo os dados pessoais. No âmbito do presente trabalho foi implementado um sistema SIEM open-source, aplicando medidas técnicas para a proteção e controlo dos dados pessoais, por forma a assegurar a conformidade com o RGPD. Além disso, foi efetuada uma pesquisa documental sobre vários SIEM open source e, tendo em conta os resultados da mesma, selecionaram-se para o estudo comparativo os seguintes SIEM open-source: Graylog e o Alienvault OSSIM. Considerámos importante também incluir no estudo o SIEM Splunk, porque este disponibiliza uma versão freeware e é uma solução líder do mercado, e a solução Elastic Stack, pois é uma solução que é muito utilizada para a gestão de logs e, com recurso a outras ferramentas open-source, pode tornar-se num SIEM. Depois de selecionadas as soluções a analisar, foi realizado um estudo comparativo entre as quatro: Graylog, Alienvault OSSIM, Splunk e Elastic Stack. Além disso, estas soluções foram testadas para aferir a facilidade de utilização e de administração, foram monitorizadas em tempo real para avaliar o seu comportamento relativamente a um ataque de força bruta e foram comparadas em relação a algumas das suas funcionalidades. Como se considerou que seria importante basear a arquitetura do protótipo na rede de uma entidade real, foi efetuado o levantamento dos requisitos da rede informática da empresa XLog, definida a arquitetura e implementado o protótipo tendo como base a solução Elastic Stack, à qual foram adicionados outros componentes: ElastAlert, Slack e o ReadonlyRest. Além disso, foram realizados vários testes ao protótipo, a título de exemplo, simulou-se um ataque com a ferramenta Pupy a uma máquina Microsoft Windows e, em simultâneo, identificaram-se os logs criados no processo. Durante a realização dos testes também se recolheram métricas de forma a mesurar o custo da pseudonimização dos dados sensíveis. Em suma, através da implementação do protótipo SIEM open-source pretendeu-se criar uma ferramenta útil para a análise e deteção de ameaças em tempo real, mas que, em simultâneo, garantisse uma atuação em conformidade com cumprimento do RGPD

Detecting cloud virtual network isolation security for data leakage

This thesis considers information leakage in cloud virtually isolated networks. Virtual Network (VN) Isolation is a core element of cloud security yet research literature shows that no experimental work, to date, has been conducted to test, discover and evaluate VN isolation data leakage. Consequently, this research focussed on that gap. Deep Dives of the cloud infrastructures were performed, followed by (Kali) penetration tests to detect any leakage. This data was compared to information gathered in the Deep Dive, to determine the level of cloud network infrastructure being exposed. As a major contribution to research, this is the first empirical work to use a Deep Dive approach and a penetration testing methodology applied to both CloudStack and OpenStack to demonstrate cloud network isolation vulnerabilities. The outcomes indicated that Cloud manufacturers need to test their isolation mechanisms more fully and enhance them with available solutions. However, this field needs more industrial data to confirm if the found issues are applicable to non-open source cloud technologies. If the problems revealed are widespread then this is a major issue for cloud security. Due to the time constraints, only two cloud testbeds were built and analysed, but many potential future works are listed for analysing more complicated VN, analysing leveraged VN plugins and testing if system complexity will cause more leakage or protect the VN. This research is one of the first empirical building blocks in the field and gives future researchers the basis for building their research on top of the presented methodology and results and for proposing more effective solutions

Сучасні інформаційні технології в кібербезпеці

У монографії розглянуто питання квантової криптографічної технології, управління ризиками інформаційної безпеки, виявлення шкідливого програмного забезпечення, стандартизації та термінології кібербезпеки і підготовки студентів за спеціальністю "Кібербезпека". Значну увагу приділено вирішенню завдання інформаційно-екстремального синтезу системи виявлення кібератак у рамках розробленого авторами методу машинного навчання. Викладений у монографії матеріал може бути корисним фахівцям, аспірантам і студентам спеціальності "Кібербезпека"

“Be a Pattern for the World”: The Development of a Dark Patterns Detection Tool to Prevent Online User Loss

Dark Patterns are designed to trick users into sharing more information or spending more money than they had intended to do, by configuring online interactions to confuse or add pressure to the users. They are highly varied in their form, and are therefore difficult to classify and detect. Therefore, this research is designed to develop a framework for the automated detection of potential instances of web-based dark patterns, and from there to develop a software tool that will provide a highly useful defensive tool that helps detect and highlight these patterns

Minding the Gap: Computing Ethics and the Political Economy of Big Tech

In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology

Technical Debt is an Ethical Issue

We introduce the problem of technical debt, with particular focus on critical infrastructure, and put forward our view that this is a digital ethics issue. We propose that the software engineering process must adapt its current notion of technical debt – focusing on technical costs – to include the potential cost to society if the technical debt is not addressed, and the cost of analysing, modelling and understanding this ethical debt. Finally, we provide an overview of the development of educational material – based on a collection of technical debt case studies - in order to teach about technical debt and its ethical implication

A Multi-Agent Approach to Advanced Persistent Threat Detection in Networked Systems

Advanced cyber threats that are well planned, funded and stealthy are an increasing issue facing secure networked systems. As our reliance on protected networked systems continues to grow, the motivation for developing new malicious techniques that cannot be easily detected by traditional signature-based systems, and that make use of previously unseen zero-day vulnerabilities, continues to grow. Lack of adaptivity, extended data-collection and generalised algorithms to detect stealthy attacks is contributing to the insecurity of modern networked systems. To protect these networks, new approaches that can monitor and respond to indicators of compromise in a reflective way that considers all of the available evidence rather than individual points of data is required. This thesis presents a novel approach to intrusion detection and specifically focuses on detecting advanced persistent threats which are characteristically stealthy and evasive attacks. This approach offers a multi-agent model for automatically collecting, analysing and classifying data in a distributed way that considers the context in which the data was found. Using a context-based classification that considers the likelihood of a data-point being a false alarm or legitimate is used to decrease the prevalence of erroneous classifications and regulate continuation of the data collection process. Using this architecture, a detection rate increase of up to 20% is achieved in false alarm environments and an efficiency increase of up to 50% made over traditional monolithic intrusion detection systems. Additionally, the shortcomings of algorithms to detect stealthy attacks are addressed by providing a generalised anomaly detection algorithm for detecting the initial traces of an attack and deploying the proposed multi-agent model to investigate the attack further. The generalised algorithms can detect a wide variety of network-based attacks at an average detection rate of 85% providing an accurate and scalable way to detect the initial traces of compromise. The main novelty of this thesis is providing systems for detecting attacks where the threat model is increasingly stealthy and assumed capable of bypassing traditional signature-based approaches. The multi-agent architecture is unique in its ability, and the generalised anomaly detection algorithm is novel in detecting a variety of different cyber attacks from the network-flow layer. The evidence from this research suggests that context-based evidence gathering can provide a more efficient approach to analysing data and the generalised anomaly detection algorithm can be applied widely to detect attack indicators