838 research outputs found
Configuration Management of Distributed Systems over Unreliable and Hostile Networks
Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems.
This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration.
Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture.
The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn.
Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts
Deteção de intrusões de rede baseada em anomalias
Dissertação de mestrado integrado em Eletrónica Industrial e ComputadoresAo longo dos últimos anos, a segurança de hardware e software tornou-se uma grande preocupação. À medida
que a complexidade dos sistemas aumenta, as suas vulnerabilidades a sofisticadas técnicas de ataque têm
proporcionalmente escalado. Frequentemente o problema reside na heterogenidade de dispositivos conectados ao
veÃculo, tornando difÃcil a convergência da monitorização de todos os protocolos num único produto de segurança.
Por esse motivo, o mercado requer ferramentas mais avançadas para a monitorizar ambientes crÃticos à vida
humana, tais como os nossos automóveis.
Considerando que existem várias formas de interagir com os sistemas de entretenimento do automóvel como
o Bluetooth, o Wi-fi ou CDs multimédia, a necessidade de auditar as suas interfaces tornou-se uma prioridade,
uma vez que elas representam um sério meio de aceeso à rede interna do carro. Atualmente, os mecanismos de
segurança de um carro focam-se na monitotização da rede CAN, deixando para trás as tecnologias referidas e não
contemplando os sistemas não crÃticos. Como exemplo disso, o Bluetooth traz desafios diferentes da rede CAN,
uma vez que interage diretamente com o utilizador e está exposto a ataques externos.
Uma abordagem alternativa para tornar o automóvel num sistema mais robusto é manter sob supervisão as
comunicações que com este são estabelecidas. Ao implementar uma detecção de intrusão baseada em anomalias,
esta dissertação visa analisar o protocolo Bluetooth no sentido de identificar interações anormais que possam
alertar para uma situação fora dos padrões de utilização. Em última análise, este produto de software embebido
incorpora uma grande margem de auto-aprendizagem, que é vital para enfrentar quaisquer ameaças desconhecidas
e aumentar os nÃveis de segurança globais. Ao longo deste documento, apresentamos o estudo do problema seguido
de uma metodologia alternativa que implementa um algoritmo baseado numa LSTM para prever a sequência de
comandos HCI correspondentes a tráfego Bluetooth normal. Os resultados mostram a forma como esta abordagem
pode impactar a deteção de intrusões nestes ambientes ao demonstrar uma grande capacidade para identificar padrões anómalos no conjunto de dados considerado.In the last few years, hardware and software security have become a major concern. As the systems’ complexity
increases, its vulnerabilities to several sophisticated attack techniques have escalated likewise. Quite often, the
problem lies in the heterogeneity of the devices connected to the vehicle, making it difficult to converge the monitoring
systems of all existing protocols into one security product. Thereby, the market requires more refined tools to monitor
life-risky environments such as personal vehicles.
Considering that there are several ways to interact with the car’s infotainment system, such as Wi-fi, Bluetooth,
or CD player, the need to audit these interfaces has become a priority as they represent a serious channel to reach
the internal car network. Nowadays, security in car networks focuses on CAN bus monitoring, leaving behind the
aforementioned technologies and not contemplating other non-critical systems. As an example of these concerns,
Bluetooth brings different challenges compared to CAN as it interacts directly with the user, being exposed to external
attacks.
An alternative approach to converting modern vehicles and their set of computers into more robust systems
is to keep track of established communications with them. By enforcing anomaly-based intrusion detection this
dissertation aims to analyze the Bluetooth protocol to identify abnormal user interactions that may alert for a non conforming pattern. Ultimately, such embedded software product incorporates a self-learning edge, which is vital to
face newly developed threats and increasing global security levels. Throughout this document, we present the study
case followed by an alternative methodology that implements an LSTM based algorithm to predict a sequence of
HCI commands corresponding to normal Bluetooth traffic. The results show how this approach can impact intrusion
detection in such environments by expressing a high capability of identifying abnormal patterns in the considered
data
Towards securing hard real-time networked embedded devices and systems : a cBPF implementation for an FPGA
In this body of work we describe preliminary work implementing a Berkely Packet Filter, in its original conception, in an FPGA. The purpose is packet filtering and ingress traffic shaping in security-relevant applications in distributed embedded nodes. We specifically target PROFINET nodes in hard real-time applications where network security is an open issue. We describe the motivation, implementation and verification including performance characteristics. We conclude that such a filter can be used to not only for protection against simple denial-of-service attacks but also for ingress protocol management and potentially for the implementation of system-wide security policies
Anpassen verteilter eingebetteter Anwendungen im laufenden Betrieb
The availability of third-party apps is among the key success factors for software ecosystems: The users benefit from more features and innovation speed, while third-party solution vendors can leverage the platform to create successful offerings.
However, this requires a certain decoupling of engineering activities of the different parties not achieved for distributed control systems, yet.
While late and dynamic integration of third-party components would be required, resulting control systems must provide high reliability regarding real-time requirements, which leads to integration complexity.
Closing this gap would particularly contribute to the vision of software-defined manufacturing, where an ecosystem of modern IT-based control system components could lead to faster innovations due to their higher abstraction and availability of various frameworks.
Therefore, this thesis addresses the research question:
How we can use modern IT technologies and enable independent evolution and easy third-party integration of software components in distributed control systems, where deterministic end-to-end reactivity is required, and especially, how can we apply distributed changes to such systems consistently and reactively during operation?
This thesis describes the challenges and related approaches in detail and points out that existing approaches do not fully address our research question.
To tackle this gap, a formal specification of a runtime platform concept is presented in conjunction with a model-based engineering approach.
The engineering approach decouples the engineering steps of component definition, integration, and deployment.
The runtime platform supports this approach by isolating the components, while still offering predictable end-to-end real-time behavior.
Independent evolution of software components is supported through a concept for synchronous reconfiguration during full operation, i.e., dynamic orchestration of components.
Time-critical state transfer is supported, too, and can lead to bounded quality degradation, at most.
The reconfiguration planning is supported by analysis concepts, including simulation of a formally specified system and reconfiguration, and analyzing potential quality degradation with the evolving dataflow graph (EDFG) method.
A platform-specific realization of the concepts, the real-time container architecture, is described as a reference implementation.
The model and the prototype are evaluated regarding their feasibility and applicability of the concepts by two case studies.
The first case study is a minimalistic distributed control system used in different setups with different component variants and reconfiguration plans to compare the model and the prototype and to gather runtime statistics.
The second case study is a smart factory showcase system with more challenging application components and interface technologies.
The conclusion is that the concepts are feasible and applicable, even though the concepts and the prototype still need to be worked on in future -- for example, to reach shorter cycle times.Eine große Auswahl von Drittanbieter-Lösungen ist einer der Schlüsselfaktoren für Software Ecosystems:
Nutzer profitieren vom breiten Angebot und schnellen Innovationen, während Drittanbieter über die Plattform erfolgreiche Lösungen anbieten können.
Das jedoch setzt eine gewisse Entkopplung von Entwicklungsschritten der Beteiligten voraus, welche für verteilte Steuerungssysteme noch nicht erreicht wurde.
Während Drittanbieter-Komponenten möglichst spät -- sogar Laufzeit -- integriert werden müssten, müssen Steuerungssysteme jedoch eine hohe Zuverlässigkeit gegenüber Echtzeitanforderungen aufweisen, was zu Integrationskomplexität führt.
Dies zu lösen würde insbesondere zur Vision von Software-definierter Produktion beitragen, da ein Ecosystem für moderne IT-basierte Steuerungskomponenten wegen deren höherem Abstraktionsgrad und der Vielzahl verfügbarer Frameworks zu schnellerer Innovation führen würde.
Daher behandelt diese Dissertation folgende Forschungsfrage:
Wie können wir moderne IT-Technologien verwenden und unabhängige Entwicklung und einfache Integration von Software-Komponenten in verteilten Steuerungssystemen ermöglichen, wo Ende-zu-Ende-Echtzeitverhalten gefordert ist, und wie können wir insbesondere verteilte Änderungen an solchen Systemen konsistent und im Vollbetrieb vornehmen?
Diese Dissertation beschreibt Herausforderungen und verwandte Ansätze im Detail und zeigt auf, dass existierende Ansätze diese Frage nicht vollständig behandeln.
Um diese Lücke zu schließen, beschreiben wir eine formale Spezifikation einer Laufzeit-Plattform und einen zugehörigen Modell-basierten Engineering-Ansatz.
Dieser Ansatz entkoppelt die Design-Schritte der Entwicklung, Integration und des Deployments von Komponenten.
Die Laufzeit-Plattform unterstützt den Ansatz durch Isolation von Komponenten und zugleich Zeit-deterministischem Ende-zu-Ende-Verhalten.
Unabhängige Entwicklung und Integration werden durch Konzepte für synchrone Rekonfiguration im Vollbetrieb unterstützt, also durch dynamische Orchestrierung.
Dies beinhaltet auch Zeit-kritische Zustands-Transfers mit höchstens begrenzter Qualitätsminderung, wenn überhaupt.
Rekonfigurationsplanung wird durch Analysekonzepte unterstützt, einschließlich der Simulation formal spezifizierter Systeme und Rekonfigurationen und der Analyse der etwaigen Qualitätsminderung mit dem Evolving Dataflow Graph (EDFG).
Die Real-Time Container Architecture wird als Referenzimplementierung und Evaluationsplattform beschrieben.
Zwei Fallstudien untersuchen Machbarkeit und Nützlichkeit der Konzepte.
Die erste verwendet verschiedene Varianten und Rekonfigurationen eines minimalistischen verteilten Steuerungssystems, um Modell und Prototyp zu vergleichen sowie Laufzeitstatistiken zu erheben.
Die zweite Fallstudie ist ein Smart-Factory-Demonstrator, welcher herausforderndere Applikationskomponenten und Schnittstellentechnologien verwendet.
Die Konzepte sind den Studien nach machbar und nützlich, auch wenn sowohl die Konzepte als auch der Prototyp noch weitere Arbeit benötigen -- zum Beispiel, um kürzere Zyklen zu erreichen
Efficient Security Protocols for Constrained Devices
During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it
Enabling Security Analysis and Education of the Ethereum Platform: A Network Traffic Dissection Tool
Ethereum, the decentralized global software platform powered by blockchain technology known for its native cryptocurrency, Ether (ETH), provides a technology stack for building apps, holding assets, transacting, and communicating without control by a central authority. At the core of Ethereum’s network is a suite of purpose-built protocols known as DEVP2P, which provides the underlying nodes in an Ethereum network the ability to discover, authenticate and communicate confidentiality. This document discusses the creation of a new Wireshark dissector for DEVP2P’s discovery protocols, DiscoveryV4 and DiscoveryV5, and a dissector for RLPx, an extensible TCP transport protocol for a range of Ethereum node capabilities. Network packet dissectors like Wireshark are commonly used to educate, develop, and analyze underlying network traffic. In support of creating the dissector, a custom private Ethereum docker network was also created, facilitating the communication amongst Go Ethereum execution clients and allowing the Wireshark dissector to capture live network data. Lastly, the dissector is used to understand the differences between DiscoveryV4 and DiscoveryV5, along with stepping through the network packets of RLPx to track a transaction executed on the network
Testing SOAR Tools in Use
Modern security operation centers (SOCs) rely on operators and a tapestry of
logging and alerting tools with large scale collection and query abilities. SOC
investigations are tedious as they rely on manual efforts to query diverse data
sources, overlay related logs, and correlate the data into information and then
document results in a ticketing system. Security orchestration, automation, and
response (SOAR) tools are a new technology that promise to collect, filter, and
display needed data; automate common tasks that require SOC analysts' time;
facilitate SOC collaboration; and, improve both efficiency and consistency of
SOCs. SOAR tools have never been tested in practice to evaluate their effect
and understand them in use. In this paper, we design and administer the first
hands-on user study of SOAR tools, involving 24 participants and 6 commercial
SOAR tools. Our contributions include the experimental design, itemizing six
characteristics of SOAR tools and a methodology for testing them. We describe
configuration of the test environment in a cyber range, including network,
user, and threat emulation; a full SOC tool suite; and creation of artifacts
allowing multiple representative investigation scenarios to permit testing. We
present the first research results on SOAR tools. We found that SOAR
configuration is critical, as it involves creative design for data display and
automation. We found that SOAR tools increased efficiency and reduced context
switching during investigations, although ticket accuracy and completeness
(indicating investigation quality) decreased with SOAR use. Our findings
indicated that user preferences are slightly negatively correlated with their
performance with the tool; overautomation was a concern of senior analysts, and
SOAR tools that balanced automation with assisting a user to make decisions
were preferred
EU Data Governance: Preserving Global Privacy in the Age of Surveillance
The thesis explores the EU’s Global Data Protection Regulation (GDPR), its human rights approach to data privacy, and its diffusion around the world. It asks the question: why would any nation, authoritarian or democratic, adopt Europe’s data privacy framework as a model for their country’s data governance? Accessing the theoretical frameworks of the Brussels Effect and the New Interde-pendence Approach, the research considers country case studies on China, Japan, and the US, comparing the different motivations and structural conditions that dictate how these three countries have adopted and adapted the GDPR framework. It finds a vastly different set of conditions for adopting the GDPR data privacy framework, none of which can be explained fully by either the Brussels Effect or the New Interdependence Approach. It also finds that none of the three countries embrace the language of human rights in their data privacy legislation. Of all the three countries, Japan has converged most closely with the GDPR in letter and spirit over time. While China’s legislation bears all the key features of the GDPR, the de facto reality is that data privacy regulation is a tool of state control. The United States case shows how a changing global environment forced the U.S. legislators to retreat from their market-driven approach to data governance in the direction of GDPR-like regulation
Behavior quantification as the missing link between fields: Tools for digital psychiatry and their role in the future of neurobiology
The great behavioral heterogeneity observed between individuals with the same
psychiatric disorder and even within one individual over time complicates both
clinical practice and biomedical research. However, modern technologies are an
exciting opportunity to improve behavioral characterization. Existing
psychiatry methods that are qualitative or unscalable, such as patient surveys
or clinical interviews, can now be collected at a greater capacity and analyzed
to produce new quantitative measures. Furthermore, recent capabilities for
continuous collection of passive sensor streams, such as phone GPS or
smartwatch accelerometer, open avenues of novel questioning that were
previously entirely unrealistic. Their temporally dense nature enables a
cohesive study of real-time neural and behavioral signals.
To develop comprehensive neurobiological models of psychiatric disease, it
will be critical to first develop strong methods for behavioral quantification.
There is huge potential in what can theoretically be captured by current
technologies, but this in itself presents a large computational challenge --
one that will necessitate new data processing tools, new machine learning
techniques, and ultimately a shift in how interdisciplinary work is conducted.
In my thesis, I detail research projects that take different perspectives on
digital psychiatry, subsequently tying ideas together with a concluding
discussion on the future of the field. I also provide software infrastructure
where relevant, with extensive documentation.
Major contributions include scientific arguments and proof of concept results
for daily free-form audio journals as an underappreciated psychiatry research
datatype, as well as novel stability theorems and pilot empirical success for a
proposed multi-area recurrent neural network architecture.Comment: PhD thesis cop
Security and Privacy for Modern Wireless Communication Systems
The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks
- …