An Insider Misuse Threat Detection and Prediction Language

Numerous studies indicate that amongst the various types of security threats, the problem of insider misuse of IT systems can have serious consequences for the health of computing infrastructures. Although incidents of external origin are also dangerous, the insider IT misuse problem is difficult to address for a number of reasons. A fundamental reason that makes the problem mitigation difficult relates to the level of trust legitimate users possess inside the organization. The trust factor makes it difficult to detect threats originating from the actions and credentials of individual users. An equally important difficulty in the process of mitigating insider IT threats is based on the variability of the problem. The nature of Insider IT misuse varies amongst organizations. Hence, the problem of expressing what constitutes a threat, as well as the process of detecting and predicting it are non trivial tasks that add up to the multi- factorial nature of insider IT misuse. This thesis is concerned with the process of systematizing the specification of insider threats, focusing on their system-level detection and prediction. The design of suitable user audit mechanisms and semantics form a Domain Specific Language to detect and predict insider misuse incidents. As a result, the thesis proposes in detail ways to construct standardized descriptions (signatures) of insider threat incidents, as means of aiding researchers and IT system experts mitigate the problem of insider IT misuse. The produced audit engine (LUARM – Logging User Actions in Relational Mode) and the Insider Threat Prediction and Specification Language (ITPSL) are two utilities that can be added to the IT insider misuse mitigation arsenal. LUARM is a novel audit engine designed specifically to address the needs of monitoring insider actions. These needs cannot be met by traditional open source audit utilities. ITPSL is an XML based markup that can standardize the description of incidents and threats and thus make use of the LUARM audit data. Its novelty lies on the fact that it can be used to detect as well as predict instances of threats, a task that has not been achieved to this date by a domain specific language to address threats. The research project evaluated the produced language using a cyber-misuse experiment approach derived from real world misuse incident data. The results of the experiment showed that the ITPSL and its associated audit engine LUARM provide a good foundation for insider threat specification and prediction. Some language deficiencies relate to the fact that the insider threat specification process requires a good knowledge of the software applications used in a computer system. As the language is easily expandable, future developments to improve the language towards this direction are suggested

Implementation of an identity based encryption sub-system for secure e-mail and other applications

This thesis describes the requirements for, and design of, a suite of a sub-systems which support the introduction of Identity Based Encryption (IBE) to Intrenet communications. Current methods for securing Internet transmission are overly complex to users and require expensive and complex supporting infrastructure for distributing credentials such as certificates or public keys. Identity Based Encryption holds a promise of simplifying the process without compromising the security. In this thesis I will outline the theory behind the cryptography required , give a background to e-M ail and messaging protocols,the current security methods, the infrastructure used, the issues with these methods, and the break through that recent innovations in Identity Based Encryption hopes to deliver.I will describe an implementation of a sub-system that secures e-Mail and other protocolsin desktop platforms with as little impact on the end user as possible

The effective combating of intrusion attacks through fuzzy logic and neural networks

The importance of properly securing an organization’s information and computing resources has become paramount in modern business. Since the advent of the Internet, securing this organizational information has become increasingly difficult. Organizations deploy many security mechanisms in the protection of their data, intrusion detection systems in particular have an increasingly valuable role to play, and as networks grow, administrators need better ways to monitor their systems. Currently, many intrusion detection systems lack the means to accurately monitor and report on wireless segments within the corporate network. This dissertation proposes an extension to the NeGPAIM model, known as NeGPAIM-W, which allows for the accurate detection of attacks originating on wireless network segments. The NeGPAIM-W model is able to detect both wired and wireless based attacks, and with the extensions to the original model mentioned previously, also provide for correlation of intrusion attacks sourced on both wired and wireless network segments. This provides for a holistic detection strategy for an organization. This has been accomplished with the use of Fuzzy logic and neural networks utilized in the detection of attacks. The model works on the assumption that each user has, and leaves, a unique footprint on a computer system. Thus, all intrusive behaviour on the system and networks which support it, can be traced back to the user account which was used to perform the intrusive behavior

An exploration of constructions of racial and national identities in US and EU climate security discourses

Grounded in a methodology of critical discourse analysis and semi-structured interviews, this thesis investigates constructions of racial and national identities in US and EU climate security discourses. Utilizing a theoretical framework based on ‘essentializing logics’ (a concept developed to analyze how naturalized assumptions and associations about populations are held in relation to possible climate-insecure futures), the thesis argues that intersectional racial and national identities are constructed in context-specific moments of US and EU climate security discourses and are underpinned by multiple biopolitics of unequally valued lives. This argument is elaborated in three empirical chapters. First, the thesis examines the racialization of ‘Muslim’ and ‘African’ climate-induced migrant populations in particular, situated moments of climate security discourse. The second empirical chapter focuses on discursive representations of interconnections between climate change and terrorism and how such interconnections represent important points of intersection for racial and national identities in climate security. The final empirical chapter examines representations of American nationhood in US climate security discourse. These include constructions of American exceptionalism, the impacts of Hurricane Katrina and Hurricane Sandy for conceptions of American national identity, and the development of ‘climate-resilient’ American nationhood. The thesis concludes by reflecting on the project’s findings. I argue that multi-scalar interpretations of environmental justice (grounded in a manifesto for ‘abundant futures’ (Collard et al (2015)) and Koopman’s (2011) feminist ‘alter-geopolitics’) could provide a tentative means through which to think about more just, situated environmental securities

Trustworthy Wireless Personal Area Networks

In the Internet of Things (IoT), everyday objects are equipped with the ability to compute and communicate. These smart things have invaded the lives of everyday people, being constantly carried or worn on our bodies, and entering into our homes, our healthcare, and beyond. This has given rise to wireless networks of smart, connected, always-on, personal things that are constantly around us, and have unfettered access to our most personal data as well as all of the other devices that we own and encounter throughout our day. It should, therefore, come as no surprise that our personal devices and data are frequent targets of ever-present threats. Securing these devices and networks, however, is challenging. In this dissertation, we outline three critical problems in the context of Wireless Personal Area Networks (WPANs) and present our solutions to these problems. First, I present our Trusted I/O solution (BASTION-SGX) for protecting sensitive user data transferred between wirelessly connected (Bluetooth) devices. This work shows how in-transit data can be protected from privileged threats, such as a compromised OS, on commodity systems. I present insights into the Bluetooth architecture, Intel’s Software Guard Extensions (SGX), and how a Trusted I/O solution can be engineered on commodity devices equipped with SGX. Second, I present our work on AMULET and how we successfully built a wearable health hub that can run multiple health applications, provide strong security properties, and operate on a single charge for weeks or even months at a time. I present the design and evaluation of our highly efficient event-driven programming model, the design of our low-power operating system, and developer tools for profiling ultra-low-power applications at compile time. Third, I present a new approach (VIA) that helps devices at the center of WPANs (e.g., smartphones) to verify the authenticity of interactions with other devices. This work builds on past work in anomaly detection techniques and shows how these techniques can be applied to Bluetooth network traffic. Specifically, we show how to create normality models based on fine- and course-grained insights from network traffic, which can be used to verify the authenticity of future interactions

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Usability issues with security of electronic mail

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This thesis shows that human factors can have a large and direct impact on security, not only on the user’s satisfaction, but also on the level of security achieved in practice. The usability issues identified are also extended to include mental models and perceptions as well as traditional user interface issues. These findings were accomplished through three studies using various methodologies to best suit their aims. The research community have issued principles to better align security and usability, so it was first necessary to evaluate their effectiveness. The chosen method for achieving this was through a usability study of the most recent software specifically to use these principles. It was found that the goal of being simultaneously usable and secure was not entirely met, partially through problems identified with the software interface, but largely due to the user’s perceptions and actions whilst using the software. This makes it particularly difficult to design usable and secure software without detailed knowledge of the users attitudes and perceptions, especially if we are not to blame the user for security errors as has occurred in the past. Particular focus was given to e-mail security because it is an area in which there is a massive number of vectors for security threats, and in which it is technologically possible to negate most of these threats, yet this is not occurring. Interviews were used to gain in depth information from the user’s point of view. Data was collected from individual e-mail users from the general public, and organisations. It was found that although the literature had identified various problems with the software and process of e-mail encryption, the majority of problems identified in the interviews stemmed once again from user’s perceptions and attitudes. Use of encryption was virtually nil, although the desire to use encryption to protect privacy was strong. Remembering secure passwords was recurrently found to be problematic, so in an effort to propose a specific method of increasing their usability an empirical experiment was used to examine the memorability of passwords. Specially constructed passwords were tested for their ability to improve memorability, and therefore usability. No statistical significance in the construction patterns was found, but a memory phenomenon whereby users tend to forget their password after a specific period of non-use was discovered. The findings are discussed with reference to the fact that they all draw on a theme of responsibility to maintain good security, both from the perspective of the software developer and the end user. The term Personal Liability and General Use Evaluation (PLaGUE) is introduced to highlight the importance of considering these responsibilities and their effect on the use of security