743 research outputs found
Towards a Trustworthy Thin Terminal for Securing Enterprise Networks
Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization\u27s network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the networkâŹâąs servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators
Modulating application behaviour for closely coupled intrusion detection
Includes bibliographical references.This thesis presents a security measure that is closely coupled to applications. This distinguishes it from conventional security measures which tend to operate at the infrastructure level (network, operating system or virtual machine). Such lower level mechanisms exhibit a number of limitations, amongst others they are poorly suited to the monitoring of applications which operate on encrypted data or the enforcement of security policies involving abstractions introduced by applications. In order to address these problems, the thesis proposes externalising the security related analysis functions performed by applications. These otherwise remain hidden in applications and so are likely to be underdeveloped, inflexible or insular. It is argued that these deficiencies have resulted in an over-reliance on infrastructure security components
Modelling of the Electric Vehicle Charging Infrastructure as Cyber Physical Power Systems: A Review on Components, Standards, Vulnerabilities and Attacks
The increasing number of electric vehicles (EVs) has led to the growing need
to establish EV charging infrastructures (EVCIs) with fast charging
capabilities to reduce congestion at the EV charging stations (EVCS) and also
provide alternative solutions for EV owners without residential charging
facilities. The EV charging stations are broadly classified based on i) where
the charging equipment is located - on-board and off-board charging stations,
and ii) the type of current and power levels - AC and DC charging stations. The
DC charging stations are further classified into fast and extreme fast charging
stations. This article focuses mainly on several components that model the EVCI
as a cyberphysical system (CPS)
Intrusion detection and management over the world wide web
As the Internet and society become ever more integrated so the number of Internet users continues to grow. Today there are 1.6 billion Internet users. They use its services to work from home, shop for gifts, socialise with friends, research the family holiday and manage their finances. Through generating both wealth and employment the Internet and our economies have also become interwoven. The growth of the Internet has attracted hackers and organised criminals. Users are targeted for financial gain through malware and social engineering attacks. Industry has responded to the growing threat by developing a range defences: antivirus software, firewalls and intrusion detection systems are all readily available. Yet the Internet security problem continues to grow and Internet crime continues to thrive. Warnings on the latest application vulnerabilities, phishing scams and malware epidemics are announced regularly and serve to heighten user anxiety. Not only are users targeted for attack but so too are businesses, corporations, public utilities and even states. Implementing network security remains an error prone task for the modern Internet user. In response this thesis explores whether intrusion detection and management can be effectively offered as a web service to users in order to better protect them and heighten their awareness of the Internet security threat
Recommended from our members
Secure expandable communication framework for POCT system development and deployment
This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonHealth-care delivery in developing countries has many challenges because they do not
have enough resources for meeting the healthcare needs and they lack testing lab infras-
tructures in communities. It has been proven that Point-Of-Care (POC) testing can be
considered as one of the ways to resolve the crisis in healthcare delivery in these com-
munities. The POC testing is a mission critical processes in which the patient conduct
tests outside of laboratory environment and it needs a secure communication system of
architecture support which the research refers as POCT system
Almost every ten years there will be a new radio access technology (RAT) is released
in the wireless communication system evolution which is primarily driven by the 3GPP
standards organisation. It is challenging to develop a predictable communication sys-
tem in an environment of frequent changes originated by the 3GPP and the wireless
operators. The scalable and expandable network architecture is needed for cost-effective
network management, deployment and operation of the POC devices. Security mecha-
nisms are necessary to address the specific threats associated with POCT system. Se-
curity mechanisms are necessary to address the specific threats associated with POCT
system.The POCT system communication must provide secure storage and secure com-
munication to maintain patient data privacy and security. The Federal Drug Admin-
istration (FDA) reports the leading causes of defects and system failures in medical
devices are caused by gaps between the requirements, implementation and testing.
The research was conducted, and technical research contributions are made to resolve
the issues and challenges related to the POCT system. A communication protocol
implemented at the application level, independent of radio access technologies. A new
methodology was created by combining Easy Approach to Requirement Specifications
(EARS) methodology and Use Case Maps (UCM) model which is a new approach and
it addresses the concerns raised by the FDA. Secure cloud architecture was created
which is a new way of data storage and security algorithms models were designed to
address the security threats in the POCT system. The security algorithms, secure cloud
architecture and the communication protocol coexist together to provide Radio access
technology Independent Secure and Expandable (RISE) POCT system.
These are the contributions to new knowledge that came out of the research. The
research was conducted with a team of experts who are the subject matter experts in
the areas such as microfluidics, bio-medical, mechanical engineering and medicine
Repeating the past experimental and empirical methods in system and software security
I propose a new method of analyzing intrusions: instead of analyzing evidence and deducing what must have happened, I find the intrusion-causing circumstances by a series of automatic experiments. I first capture process';s system calls, and when an intrusion has been detected, I use these system calls to replay some of the captured processes in order to find the intrusion-causing processesâthe cause-effect chain that led to the intrusion. I extend this approach to find also the inputs to those processes that cause the intrusionâthe attack signature. Intrusion analysis is a minimization problemâhow to find a minimal set of circumstances that makes the intrusion happen. I develop several efficient minimization algorithms and show their theoretical properties, such as worst-case running times, as well as empirical evidence for a comparison of average running times. Our evaluations show that the approach is correct and practical; it finds the 3 processes out of 32 that are responsible for a proof-of-concept attack in about 5 minutes, and it finds the 72 out of 168 processes in a large, complicated, and difficult to detect multi-stage attack involving Apache and suidperl in about 2.5 hours. I also extract attack signatures in proof-of-concept attacks in reasonable time. I have also considered the problem of predicting before deployment which components in a software system are most likely to contain vulnerabilities. I present empirical evidence that vulnerabilities are connected to a component';s imports. In a case study on Mozilla, I correctly predicted one half of all vulnerable components, while more than two thirds of our predictions were correct.Ich stelle eine neue Methode der Einbruchsanalyse vor: Anstatt Spuren zu analysieren und daraus den Ereignisverlauf zu erschlieĂen, finde ich die einbruchsverursachenden UmstĂ€nde durch automatische Experimente. ZunĂ€chst zeichne ich die Systemaufrufe von Prozessen auf. Nachdem ein Einbruch entdeckt wird, benutze ich diese Systemaufrufe, um Prozesse teilweise wieder einzuspielen, so dass ich herausfinden kann, welche Prozesse den Einbruch verursacht haben âdie Ursache-Wirkungs-Kette. Ich erweitere diesen Ansatz, um auch die einbruchsverursachenden Eingaben dieser Prozesse zu finden â die Angriffs-Signatur. Einbruchsanalyse ist ein Minimierungsproblem â wie findet man eine minimale Menge von UmstĂ€nden, die den Einbruch passieren lassen? Ich entwickle einige effiziente Algorithmen und gebe sowohl theroretische Eigenschaften an, wie z.B. die Laufzeit im ungĂŒnstigsten Fall, als auch empirische Ergebnisse, die das mittlere Laufzeitverhalen beleuchten. Meine Evaluierung zeigt, dass unser Ansatz korrekt und praktikabel ist; er findet die 3 aus 32 Prozessen, die fĂŒr einen konstruierten Angriff verantwortlich sind, in etwa 5 Minuten, und er findet die 72 von 168 Prozessen, die fĂŒr einen echten, komplizierten, mehrstufigen und schwer zu analysierenden Angriff auf Apache und suidperl verantwortlich sind, in 2,5 Stunden. Ich kann ebenfalls Angriffs-Signaturen eines konstruierten Angriffs in vernĂŒnftiger Zeit erstellen. Ich habe mich auch mit dem Problem beschĂ€ftigt, vor der Auslieferung von Software diejenigen Komponenten vorherzusagen, die besonders anfĂ€llig fĂŒr Schwachstellen sind. Ich bringe empirische Anhaltspunkte, dass Schwachstellen mit Importen korrelieren. In einer Fallstudie ĂŒber Mozilla konnte ich die HĂ€lfte aller fehlerhaften Komponenten korrekt vorhersagen, wobei etwa zwei Drittel aller Vorhersagen richtig war
- âŠ