1,453 research outputs found
Choosing IT Platforms In The Age Of Stuxnet
This paper addresses the question of choosing/investing in IT (hardware/software) platforms that avoid quick obsolescence and the underlying dilemmas of choosing proprietary software versus open source software, and opting for managed services such as public cloud computing versus in-house hardware/communication infrastructures. These dilemmas in strategic information systems planning have become more significant in light of the recent revelations of security backdoors in commercial software, encryption backdoors in communication software, and governmental access to private data on managed services for national security reasons. This paper considers enterprise-wide challenges and strategies for adopting open source software/hardware in response to these security concerns
Analysis domain model for shared virtual environments
The field of shared virtual environments, which also
encompasses online games and social 3D environments, has a
system landscape consisting of multiple solutions that share great functional overlap. However, there is little system interoperability between the different solutions. A shared virtual environment has an associated problem domain that is highly complex raising difficult challenges to the development process, starting with the architectural design of the underlying system. This paper has two main contributions. The first contribution is a broad domain analysis of shared virtual environments, which enables developers to have a better understanding of the whole rather than the part(s). The second contribution is a reference domain model for discussing and describing solutions - the Analysis Domain Model
Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook
Deception techniques have been widely seen as a game changer in cyber
defense. In this paper, we review representative techniques in honeypots,
honeytokens, and moving target defense, spanning from the late 1980s to the
year 2021. Techniques from these three domains complement with each other and
may be leveraged to build a holistic deception based defense. However, to the
best of our knowledge, there has not been a work that provides a systematic
retrospect of these three domains all together and investigates their
integrated usage for orchestrated deceptions. Our paper aims to fill this gap.
By utilizing a tailored cyber kill chain model which can reflect the current
threat landscape and a four-layer deception stack, a two-dimensional taxonomy
is developed, based on which the deception techniques are classified. The
taxonomy literally answers which phases of a cyber attack campaign the
techniques can disrupt and which layers of the deception stack they belong to.
Cyber defenders may use the taxonomy as a reference to design an organized and
comprehensive deception plan, or to prioritize deception efforts for a budget
conscious solution. We also discuss two important points for achieving active
and resilient cyber defense, namely deception in depth and deception lifecycle,
where several notable proposals are illustrated. Finally, some outlooks on
future research directions are presented, including dynamic integration of
different deception techniques, quantified deception effects and deception
operation cost, hardware-supported deception techniques, as well as techniques
developed based on better understanding of the human element.Comment: 19 page
Interoperability middleware for IIoT gateways based on international standard ontologies and standardized digital representation
Recent advances in the areas of microelectronics, information technology, and communication protocols have made the development of smaller devices with greater processing capacity and lower energy consumption. This context contributed to the growing number of physical devices in industrial environments which are interconnected and communicate via the internet, enabling concepts such as Industry 4.0 and the Industrial Internet of Things (IIoT). These nodes have different sensors and actuators that monitor and control environment data. Several companies develop these devices, including diverse communication protocols, data structures, and IoT platforms, which leads to interoperability issues. In IoT scenarios, interoperability is the ability of two systems to communicate and share services. Therefore, communication problems can make it unfeasible to use heterogeneous devices, increasing the project’s financial cost and development time. In an industry, interoperability is related to different aspects, such as physical communication, divergent device communication protocols, and syntactical problems, referring to the distinct data structure. Developing a new standard for solving these matters may bring interoperability-related drawbacks rather than effectively solving these issues. Therefore, to mitigate interoperability problems in industrial applications, this work proposes the development of an interoperability middleware for Edge-enabled IIoT gateways based on international standards. The middleware is responsible for translating communication protocols, updating data from simulations or physical nodes to the assets’ digital representations, and storing data locally or remotely. The middleware adopts the IEEE industrial standard ontologies combined with assets’ standardized digital models. As a case study, a simulation replicates the production of a nutrient solution for agriculture, controlled by IIoT nodes. The use case consists of three devices, each equipped with at least five sensors or actuators, communicating in different communication protocols and exchanging data using diverse structures. The performance of the proposed middleware and its proposed translations algorithms were evaluated, obtaining satisfactory results for mitigating interoperable in industrial applications.Devido a recentes avanços nas áreas de microeletrĂ´nica, tecnologia da informação, e protocolos de comunicação tornaram possĂvel o desenvolvimento de dispositivos cada vez menores com maior capacidade de processamento e menor consumo energĂ©tico. Esse contexto contribuiu para o crescente nĂş- mero desses dispositivos na industria que estĂŁo interligados via internet, viabilizando conceitos como IndĂşstria 4.0 e Internet das Coisas Industrial (IIoT). Esses nĂłs possuem diferentes sensores e atuadores que monitoram e controlam os dados do ambiente. Esses equipamentos sĂŁo desenvolvidos por diferentes empresas, incluindo protocolos de comunicação, estruturas de dados e plataformas de IoT distintos, acarretando em problemas de interoperabilidade. Em cenários de IoT, interoperabilidade, Ă© a capacidade de sistemas se comunicarem e compartilharem serviços. Portanto, esses problemas podem inviabilizar o uso de dispositivos heterogĂŞneos, aumentando o custo financeiro do projeto e seu tempo de desenvolvimento. Na indĂşstria, interoperabilidade se divide em diferentes aspectos, como comunicação e problemas sintáticos, referentes Ă estrutura de dados distinta. O desenvolvimento de um padrĂŁo industrial pode trazer mais desvantagens relacionadas Ă interoperabilidade, em vez de resolver esses problemas. Portanto, para mitigar problemas relacionados a intoperabilidade industrial, este trabalho propõe o desenvolvimento de um middleware de interoperável para gateways IIoT baseado em padrões internacionais e ontologias. O middleware Ă© responsável por traduzir diferentes protocolos de comunicação, atualizar os dados dos ativos industriais por meio de suas representações digitais, esses armazenados localmente ou remotamente. O middleware adota os padrões ontolĂłgicos industriais da IEEE combinadas com modelos digitais padronizados de ativos industriais. Como estudo de caso, sĂŁo realizadas simulações para a produção de uma solução nutritiva para agricultura, controlada por nĂłs IIoT. O processo utiliza trĂŞs dispositivos, cada um equipado com pelo menos cinco sensores ou atuadores, por meio de diferentes protocolos de comunicação e estruturas de dados. O desempenho do middleware proposto e seus algoritmos de tradução foram avaliados e apresentados no final do trabalho, os quais resultados foram satisfatĂłrios para mitigar a interoperabilidade em aplicações industriais
Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)
DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website.
With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks.
In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation.
This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack
Beyond SELinux: the Case for Behavior-Based Policy and Trust Languages
Despite the availability of powerful mechanisms for security policy and access control, real-world information security practitioners---both developers and security officers---still find themselves in need of something more. We believe that this is the case because available policy languages do not provide clear and intelligible ways to allow developers to communicate their knowledge and expectations of trustworthy behaviors and actual application requirements to IT administrators. We work to address this policy engineering gap by shifting the focus of policy language design to this communication via behavior-based policies and their motivating scenarios
Architectural Vulnerabilities in Plug-and-Play Systems
Plug-and-play architectures enhance systems’ extensibility by providing a framework that enables additional functionalities to be added or removed from the system at their runtime. Such frameworks are often implemented through a set of well-defined interfaces that form the extension points for the pluggable functionalities. However, the plug-ins can increase the applications attack surface or introduce untrusted behavior into the system. Designing a secure plug-and-play architecture is critical and non-trivial as the features provided by plug-ins are not known in advance. In this paper, we conduct an in-depth study of seven systems with plug-and-play architectures. In total, we have analyzed 3,183 vulnerabilities from Chromium, Thunderbird, Firefox, Pidgin, WordPress, Apache OfBiz, and OpenMRS whose core architecture is based on a plug-and-play approach. We have also identified the common security vulnerabilities related to the plug-and-play architectures, and mechanisms to mitigate them by following a grounded theory approach. We found a total of 303 vulnerabilities that are rooted in extensibility design decisions. We also observed that these plugin-related vulnerabilities were caused by 15 different types of problems. We present these 15 types of security issues observed in the case studies and the design mechanisms that could prevent such vulnerabilities. Finally, as a result of this study, we have used formal modeling in order to guide developers of plug and play systems in verifying that their architectures are free of many of these types of security issues
- …