17,363 research outputs found
ESASCF: Expertise Extraction, Generalization and Reply Framework for an Optimized Automation of Network Security Compliance
The Cyber threats exposure has created worldwide pressure on organizations to
comply with cyber security standards and policies for protecting their digital
assets. Vulnerability assessment (VA) and Penetration Testing (PT) are widely
adopted Security Compliance (SC) methods to identify security gaps and
anticipate security breaches. In the computer networks context and despite the
use of autonomous tools and systems, security compliance remains highly
repetitive and resources consuming. In this paper, we proposed a novel method
to tackle the ever-growing problem of efficiency and effectiveness in network
infrastructures security auditing by formally introducing, designing, and
developing an Expert-System Automated Security Compliance Framework (ESASCF)
that enables industrial and open-source VA and PT tools and systems to extract,
process, store and re-use the expertise in a human-expert way to allow direct
application in similar scenarios or during the periodic re-testing. The
implemented model was then integrated within the ESASCF and tested on different
size networks and proved efficient in terms of time-efficiency and testing
effectiveness allowing ESASCF to take over autonomously the SC in Re-testing
and offloading Expert by automating repeated segments SC and thus enabling
Experts to prioritize important tasks in Ad-Hoc compliance tests. The obtained
results validate the performance enhancement notably by cutting the time
required for an expert to 50% in the context of typical corporate networks
first SC and 20% in re-testing, representing a significant cost-cutting. In
addition, the framework allows a long-term impact illustrated in the knowledge
extraction, generalization, and re-utilization, which enables better SC
confidence independent of the human expert skills, coverage, and wrong
decisions resulting in impactful false negatives
Towards a systematic security evaluation of the automotive Bluetooth interface
In-cabin connectivity and its enabling technologies have increased dramatically in recent years. Security was not considered an essential property, a mind-set that has shifted significantly due to the appearance of demonstrated vulnerabilities in these connected vehicles. Connectivity allows the possibility that an external attacker may compromise the security - and therefore the safety - of the vehicle. Many exploits have already been demonstrated in literature. One of the most pervasive connective technologies is
Bluetooth, a short-range wireless communication technology. Security issues with this technology are well-documented, albeit in other domains. A threat intelligence study was carried out to substantiate this motivation and finds that while the general trend is towards increasing (relative) security in automotive
Bluetooth implementations, there is still significant technological lag when compared to more traditional computing systems. The main contribution of this thesis is a framework for the systematic security evaluation of the automotive Bluetooth interface from a black-box perspective (as technical specifications were loose or absent). Tests were performed through both the vehicle’s native connection and through Bluetoothenabled aftermarket devices attached to the vehicle. This framework is supported through the use of attack trees and principles as outlined in the Penetration Testing Execution Standard. Furthermore, a proof-of-concept tool was developed to implement this framework in a semi-automated manner, to carry out testing on real-world vehicles. The tool also allows for severity classification of the results acquired, as outlined in the SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Results of the severity classification are validated through domain expert review. Finally, how formal methods could be integrated into the framework and tool to improve confidence and rigour, and to demonstrate how future iterations of design could be improved is also explored. In conclusion, there is a need for systematic security testing, based on the findings of the threat intelligence study. The systematic evaluation and
the developed tool successfully found weaknesses in both the automotive Bluetooth interface and in the vehicle itself through Bluetooth-enabled aftermarket devices. Furthermore, the results of applying this framework provide a focus for counter-measure development and could be used as evidence in a security assurance case. The systematic evaluation framework also allows for formal methods to be introduced for added rigour and confidence. Demonstrations of how this might be performed (with case studies) were presented. Future recommendations include using this framework with more test vehicles and expanding on the existing attack trees that form the heart of the evaluation. Further work on the tool chain would also be desirable. This would enable further accuracy of any testing or modelling required, and would also take automation of the entire process further
Applications of ISES for vegetation and land use
Remote sensing relative to applications involving vegetation cover and land use is reviewed to consider the potential benefits to the Earth Observing System (Eos) of a proposed Information Sciences Experiment System (ISES). The ISES concept has been proposed as an onboard experiment and computational resource to support advanced experiments and demonstrations in the information and earth sciences. Embedded in the concept is potential for relieving the data glut problem, enhancing capabilities to meet real-time needs of data users and in-situ researchers, and introducing emerging technology to Eos as the technology matures. These potential benefits are examined in the context of state-of-the-art research activities in image/data processing and management
SciTech News Volume 71, No. 1 (2017)
Columns and Reports From the Editor 3
Division News Science-Technology Division 5 Chemistry Division 8 Engineering Division Aerospace Section of the Engineering Division 9 Architecture, Building Engineering, Construction and Design Section of the Engineering Division 11
Reviews Sci-Tech Book News Reviews 12
Advertisements IEEE
PhagePro: prophage finding tool
Dissertação de mestrado em BioinformáticaBacteriophages are viruses that infect bacteria and use them to reproduce. Their
reproductive cycle can be lytic or lysogenic. The lytic cycle leads to the bacteria death,
given that the bacteriophage hijacks hosts machinery to produce phage parts necessary
to assemble a new complete bacteriophage, until cell wall lyse occurs. On the other
hand, the lysogenic reproductive cycle comprises the bacteriophage genetic material in
the bacterial genome, becoming a prophage. Sometimes, due to external stimuli, these
prophages can be induced to perform a lytic cycle. Moreover, the lysogenic cycle can
lead to significant modifications in bacteria, for example, antibiotic resistance.
To that end, PhagePro was created. This tool finds and characterises prophages
inserted in the bacterial genome. Using 42 features, three datasets were created and
five machine learning algorithms were tested.
All models were evaluated in two phases, during testing and with real bacterial cases.
During testing, all three datasets reached the 98 % F1 score mark in their best result. In
the second phase, the results of the models were used to predict real bacterial cases
and the results compared to the results of two tools, Prophage Hunter and PHASTER.
The best model found 110 zones out of 154 and the model with the best result in dataset
3 had 94 in common.
As a final test, Agrobacterium fabrum strC68 was extensively analysed. The results
show that PhagePro was capable of detecting more regions with proteins associated
with phages than the other two tools.
In the ligth of the results obtained, PhagePro has shown great potential in the discovery
and characterisation of bacterial alterations caused by prophages.Bacteriófagos são vírus que infetam bactérias usando-as para garantir a manutenção do seu genoma. Este processo pode ser realizado por ciclo lítico ou lipogénico. O ciclo lítico consiste em usar a célula para seu proveito, criar bacteriófagos e lisar a célula. Por outro lado, no ciclo lipogénico o bacteriófago insere o seu código genético no genoma da bactéria, o que pode levar à transferência de genes de interesse, tornando-se importante uma monitorização dos profagos. Assim foi desenvolvido o PhagePro, uma ferramenta capaz de encontrar e caracterizar bacteriófagos em genomas bactérias. Foram criadas features para distinguir profagos de bactérias, criando três datasets e usando algoritmos de aprendizagem de máquina. Os modelos foram avaliados durante duas fases, a fase de teste e a fase de casos reais. Na primeira fase de testes, o melhor modelo do dataset 1 teve 98% de F1 score, dataset 2 teve 98% e do dataset 3 também teve 98%. Todos os modelos, para teste em casos reais, foram comparados com previsões de duas ferramentas Prophage Hunter e PHASTER. O modelo com os melhores resultados obteve 110 de 154 zonas em comum com as duas ferramentas e o modelo do dataset 3 teve 94 zonas. Por fim, foi feita a análise dos resultados da bactéria Agrobacterium fabrum strC68. Os resultados obtidos mostram resultados diferentes, mas válidos, as ferramentas comparadas, visto que o PhagePro consegue detectar zonas com proteínas associadas a fagos que as outras tools não conseguem. Em virtude dos resultados obtidos, PhagePro mostrou que é capaz de encontrar e caracterizar profagos em bactérias.Este estudo contou com o apoio da Fundação para a Ciência e Tecnologia (FCT)
portuguesa no âmbito do financiamento estratégico da unidade UIDB/04469/2020. A obra também foi parcialmente financiada pelo Projeto PTDC/SAU-PUB/29182/2017 [POCI-01-0145-FEDER-029182]
- …