14 research outputs found

    Modeling Deception for Cyber Security

    Get PDF
    In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

    Forensic analysis of open-source XMPP/Jabber multi-client instant messaging apps on Android smartphones

    Get PDF
    In the quest for a panacea to ensure digital privacy, many users have switched to using decentralized open-source Extensible Messaging and Presence Protocol multi-client instant messaging (IM) apps for secure end-to-end communication. In this paper, we present a forensic analysis of the artefacts generated on Android smartphones by Conversations and Xabber apps. We identified databases maintained by each app and external Secure Digital card directories that store local copies of user metadata. We analysed each app’s storage locations for forensic artefacts and how they can be used in a forensic investigation. The results in this paper show a detailed analysis of forensic files of interest which can be correlated to identify the local user’s multiple IM accounts and contact list, contents of messages exchanged with contacts, deleted files, time, and dates in the order of their occurrence. The contributions of this research include a comprehensive description of artefacts, which are of forensic interest, for each app analysed

    The Influence of New Media Technologies on African Literature

    Get PDF
    This study investigates the role of new media technologies in the development of African literature. It examines the different ways that these new technologies such as the Internet and mobile phones have revolutionised the way Africans write and read literary works on the continent. African literature refers to literary works written mostly by Africans in any language. Over the last decade, new African writers have created a stir in the arenas of creative writing. Uses and gratification as well as diffusion of innovation theories were adopted as the theoretical framework for this study. A total of 30 African writers and 300 readers completed a survey questionnaire designed to elicit responses on how new media has influenced African literature. Some of the writers interviewed have distinguished themselves in their fields, their works have appeared alongside works of other international writers. The readers were chosen from a popular literary society. The results of the study indicate that the Internet has a big impact on reception of African literature, creating endless opportunities, easy accessibility, promotion of work and networking with peers and literary community. The findings also show that social media also increases networking opportunities and provides a platform where readers access, share and discuss African literature. Mobile phones also play a significant and functional role in the reception and promotion of African literature. Overall, these findings suggest that new media technologies have created opportunities for African literature to be appreciated globally, and have enabled readers to access, share and discuss new works

    2018-2019 Undergraduate Course Catalog

    Get PDF

    The Effaced Poetic Text in Intermedial Art Works

    Get PDF

    Why Can Poetry Matter?:Or: Poetry as an Ideal – or an Expanding Genre

    Get PDF

    Contemporary Poetry and the Question of Genre:With a Special View to a Danish Context

    Get PDF

    Studi irlandesi. A Journal of Irish Studies, Vol. 4, N° 4, 2014, Fascicolo intero

    Get PDF
    corecore