Vulnerability management service for product life cycle

This thesis was commissioned by a large enterprise. The company requires a vulnerability management solution, which would enable them to manage vulnerabilities throughout the product life cycle. An analysis was required on whether such solution should be purchased or built as an internal project. This study was completed in two main phases. First, a make-or-buy decision was done based on the analysis. Second, a suitable VMS design and implementation was suggested. To collect input for the analysis, all potential users were identified and from them groups of volunteers were invited to interviews. The data from the focus group interviews was then processed and documented in the form of requirement specification for Vulnerability Management Service (VMS). Commercial off-the-shelf solutions were compared against the list of requirements. A second round of review was done with selected commercial products, which fulfilled majority of the requirements. As a result of the performed comparisons, this study concluded that building an own solution would deliver higher Return on Investment (ROI) in long term perspective. VMS stakeholders accepted the recommendation of this study and proceeded to fund the design and implementation. The study goes on to provide guidelines for service design and implementation based on industry best practices. This paper also introduces a useful maturity model for VMS capabilities and monitoring of the evolution of vulnerability management practices

DRIVER Technology Watch Report

This report is part of the Discovery Workpackage (WP4) and is the third report out of four deliverables. The objective of this report is to give an overview of the latest technical developments in the world of digital repositories, digital libraries and beyond, in order to serve as theoretical and practical input for the technical DRIVER developments, especially those focused on enhanced publications. This report consists of two main parts, one part focuses on interoperability standards for enhanced publications, the other part consists of three subchapters, which give a landscape picture of current and surfacing technologies and communities crucial to DRIVER. These three subchapters contain the GRID, CRIS and LTP communities and technologies. Every chapter contains a theoretical explanation, followed by case studies and the outcomes and opportunities for DRIVER in this field

INSPIRE Network Services SOAP Framework

The goal of this document is to provide a definition and rationale for a proposed INSPIRE SOAP framework (SOAP nodes policy, RPC, attachments, WS-I, WSDL) and description of issues and solutions for the specific geospatial domain, for example GML handling in SOAP messages or interfaces definition of the OGC specifications.JRC.H.6-Spatial data infrastructure

Describing the Impact of Document Content Variance on Access Control Efficiency and A Proposed Solution for Improving Efficiency: Fine-grained, Redactive Access Control Models

Access control is a fundamental safeguard for protecting corporate information contained in computer files (herein documents). In the de facto industry standard implementation, the most granular access control specification available is to define the entry on the entire document object. Given the proliferation of data privacy regulations mandating varying degrees of information security controls and practices, one must consider to what extent inefficiency arises due to the withholding from a collaborative workflow relevant information entwined with discrete sensitive information of which not all members of the workflow are authorized to access. Contemporary research in the field proposes a digital metamorphosis of the analogue document redaction paradigm. This research explores the aforementioned inefficiency phenomenon as well as purported utility of redaction through examination of survey data from faculty and staff at a public University.Master of Science in Information Scienc

Mustererkennungsbasierte Verteidgung gegen gezielte Angriffe

The speed at which everything and everyone is being connected considerably outstrips the rate at which effective security mechanisms are introduced to protect them. This has created an opportunity for resourceful threat actors which have specialized in conducting low-volume persistent attacks through sophisticated techniques that are tailored to specific valuable targets. Consequently, traditional approaches are rendered ineffective against targeted attacks, creating an acute need for innovative defense mechanisms. This thesis aims at supporting the security practitioner in bridging this gap by introducing a holistic strategy against targeted attacks that addresses key challenges encountered during the phases of detection, analysis and response. The structure of this thesis is therefore aligned to these three phases, with each one of its central chapters taking on a particular problem and proposing a solution built on a strong foundation on pattern recognition and machine learning. In particular, we propose a detection approach that, in the absence of additional authentication mechanisms, allows to identify spear-phishing emails without relying on their content. Next, we introduce an analysis approach for malware triage based on the structural characterization of malicious code. Finally, we introduce MANTIS, an open-source platform for authoring, sharing and collecting threat intelligence, whose data model is based on an innovative unified representation for threat intelligence standards based on attributed graphs. As a whole, these ideas open new avenues for research on defense mechanisms and represent an attempt to counteract the imbalance between resourceful actors and society at large.In unserer heutigen Welt sind alle und alles miteinander vernetzt. Dies bietet mächtigen Angreifern die Möglichkeit, komplexe Verfahren zu entwickeln, die auf spezifische Ziele angepasst sind. Traditionelle Ansätze zur Bekämpfung solcher Angriffe werden damit ineffektiv, was die Entwicklung innovativer Methoden unabdingbar macht. Die vorliegende Dissertation verfolgt das Ziel, den Sicherheitsanalysten durch eine umfassende Strategie gegen gezielte Angriffe zu unterstützen. Diese Strategie beschäftigt sich mit den hauptsächlichen Herausforderungen in den drei Phasen der Erkennung und Analyse von sowie der Reaktion auf gezielte Angriffe. Der Aufbau dieser Arbeit orientiert sich daher an den genannten drei Phasen. In jedem Kapitel wird ein Problem aufgegriffen und eine entsprechende Lösung vorgeschlagen, die stark auf maschinellem Lernen und Mustererkennung basiert. Insbesondere schlagen wir einen Ansatz vor, der eine Identifizierung von Spear-Phishing-Emails ermöglicht, ohne ihren Inhalt zu betrachten. Anschliessend stellen wir einen Analyseansatz für Malware Triage vor, der auf der strukturierten Darstellung von Code basiert. Zum Schluss stellen wir MANTIS vor, eine Open-Source-Plattform für Authoring, Verteilung und Sammlung von Threat Intelligence, deren Datenmodell auf einer innovativen konsolidierten Graphen-Darstellung für Threat Intelligence Stardards basiert. Wir evaluieren unsere Ansätze in verschiedenen Experimenten, die ihren potentiellen Nutzen in echten Szenarien beweisen. Insgesamt bereiten diese Ideen neue Wege für die Forschung zu Abwehrmechanismen und erstreben, das Ungleichgewicht zwischen mächtigen Angreifern und der Gesellschaft zu minimieren

Clustering and classification methods for spam analysis

Spam emails are a major tool for criminals to distribute malware, conduct fraudulent activity, sell counterfeit products, etc. Thus, security companies are interested in researching spam. Unfortunately, due to the spammers' detection-avoidance techniques, most of the existing tools for spam analysis are not able to provide accurate information about spam campaigns. Moreover, they are not able to link together campaigns initiated by the same sender. F-Secure, a cybersecurity company, collects vast amounts of spam for analysis. The threat intelligence collection from these messages currently involves a lot of manual work. In this thesis we apply state-of-the-art data-analysis techniques to increase the level of automation in the analysis process, thus enabling the human experts to focus on high-level information such as campaigns and actors. The thesis discusses a novel method of spam analysis in which email messages are clustered by different characteristics and the clusters are presented as a graph. The graph representation allows the analyst to see evolving campaigns and even connections between related messages which themselves have no features in common. This makes our analysis tool more powerful than previous methods that simply cluster emails to sets. We implemented a proof of concept version of the analysis tool to evaluate the usefulness of the approach. Experiments show that the graph representation and clustering by different features makes it possible to link together large and complex spam campaigns that were previously not detected. The tools also found evidence that different campaigns were likely to be organized by the same spammer. The results indicate that the graph-based approach is able to extract new, useful information about spam campaigns

BlogForever: D3.1 Preservation Strategy Report

This report describes preservation planning approaches and strategies recommended by the BlogForever project as a core component of a weblog repository design. More specifically, we start by discussing why we would want to preserve weblogs in the first place and what it is exactly that we are trying to preserve. We further present a review of past and present work and highlight why current practices in web archiving do not address the needs of weblog preservation adequately. We make three distinctive contributions in this volume: a) we propose transferable practical workflows for applying a combination of established metadata and repository standards in developing a weblog repository, b) we provide an automated approach to identifying significant properties of weblog content that uses the notion of communities and how this affects previous strategies, c) we propose a sustainability plan that draws upon community knowledge through innovative repository design

Towards a model for ensuring optimal interoperability between the security systems of trading partners in a business-to-business e-commerce context

A vast range of controls/countermeasures exists for implementing security on information systems connected to the Internet. For the practitioner attempting to implement an integrated solution between trading partners operating across the Internet, this has serious implications in respect of interoperability between the security systems of the trading partners. The problem is exacerbated by the range of specification options within each control. This research is an attempt to find a set of relevant controls and specifications towards a framework for ensuring optimal interoperability between trading partners in this context. Since a policy-based, layered approach is advocated, which allows each trading partner to address localized risks independently, no exhaustive risk analysis is attempted. The focus is on infrastructure that is simultaneously optimally secure and provides optimal interoperability. It should also be scalable, allowing for additional security controls to be added whenever deemed necessary.ComputingM. Sc. (Information Systems

Proceedings of the 2nd International Workshop on Security in Mobile Multiagent Systems

This report contains the Proceedings of the Second Workshop on Security on Security of Mobile Multiagent Systems (SEMAS2002). The Workshop was held in Montreal, Canada as a satellite event to the 5th International Conference on Autonomous Agents in 2001. The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. In particular, that these applications will not be successful unless security issues can be adequately handled. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. Related problems are secure communication between agents, implementation of trust models/authentication procedures or even reflections of agents on security mechanisms. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. For example, if we allow agents to enter our hosts or private networks, we must offer the agents a platform so that they can execute correctly but at the same time ensure that they will not have deleterious effects on our hosts or any other agents / processes in our network. If we send out mobile agents, we should also be able to provide guarantees about specific aspects of their behaviour, i.e., we are not only interested in whether the agents carry out-out their intended task correctly. They must defend themselves against attacks initiated by other agents, and survive in potentially malicious environments. Agent technologies can also be used to support network security. For example in the context of intrusion detection, intelligent guardian agents may be used to analyse the behaviour of agents on a firewall or intelligent monitoring agents can be used to analyse the behaviour of agents migrating through a network. Part of the inspiration for such multi-agent systems comes from primitive animal behaviour, such as that of guardian ants protecting their hill or from biological immune systems