29 research outputs found
Multifaceted Faculty Network Design and Management: Practice and Experience Report
We report on our experience on multidimensional aspects of our faculty's
network design and management, including some unique aspects such as
campus-wide VLANs and ghosting, security and monitoring, switching and routing,
and others. We outline a historical perspective on certain research, design,
and development decisions and discuss the network topology, its scalability,
and management in detail; the services our network provides, and its evolution.
We overview the security aspects of the management as well as data management
and automation and the use of the data by other members of the IT group in the
faculty.Comment: 19 pages, 11 figures, TOC and index; a short version presented at
C3S2E'11; v6: more proofreading, index, TOC, reference
Issues with Incorporating Regulatory Compliance into Agile Development: A Critical Analysis
Agile development methodology is widely used for software development in organizations. Incorporating regulatory compliance aspects in development process is important. This paper discusses various issues in considering compliance aspects into development process. An analysis of different aspects of compliance related issues is presented
Challenges for Trusted Computing
This article identifies and discusses some of the key challenges that need to
be addressed if the vision of Trusted Computing is to become reality. Topics
addressed include issues with setting up and maintaining the PKI required
to support the full set of Trusted Computing functionality, the practical
use and verification of attestation evidence, and backwards compatibility,
usability and compliance issues
Modelling and analysing network security policies in a given vulnerability setting
Abstract. The systematic protection of critical information infrastructures requires an analytical process to identify the critical components and their interplay, to determine the threats and vulnerabilities, to assess the risks and to prioritise countermeasures where risk is unacceptable. This paper presents an integrated framework for model-based symbolic interpretation, simulation and analysis with a comprehensive approach focussing on the validation of network security policies. A graph of all possible attack paths is automatically computed from the model of an ICT network, of vulnerabilities, exploits and an attacker strategy. Constraints on this graph are given by a model of the network security policy. The impact of changes to security policies can be computed and visualised by finding differences in the attack graphs. A unique feature of the presented approach is, that abstract representations of these graphs can be computed that allow comparison of focussed views on the behaviour of the system. This guides optimal adaptation of the security policy to the given vulnerability setting
e-EMV: Emulating EMV for Internet payments using Trusted Computing technology v-2
The introduction of EMV-compliant payment cards, with their
improved cardholder verification and card authentication capabilities,
has resulted in a dramatic reduction in the levels of fraud seen at
Point of Sale (PoS) terminals across Europe. However, this reduction
has been accompanied by an alarming increase in the level of fraud
associated with Internet-based Card Not Present (CNP) transactions.
This increase is largely attributable to the weaker authentication pro-
cedures involved in CNP transactions. This paper shows how the
functionality associated with EMV-compliant payment cards can be
securely emulated in software on platforms supporting Trusted Com-
puting technology. We describe a detailed system architecture encom-
passing user enrollment, card deployment (in the form of software),
card activation, and subsequent transaction processing. Our proposal
is compatible with the existing EMV transaction processing architec-
ture, and thus integrates fully and naturally with already deployed
EMV infrastructure. We show that our proposal, which effectively
makes available the full security of PoS transactions for Internet-based
CNP transactions, has the potential to significantly reduce the oppor-
tunity for fraudulent CNP transactions
A formal approach for network security policy validation
Network security is a crucial aspect for administrators due to increasing network size and number of functions and controls (e.g.firewall, DPI, parental control).
Errors in configuring security controls may result in serious security breaches and vulnerabilities (e.g. blocking legitimate traffic or permitting unwanted traffic) that must be absolutely detected and addressed.
This work proposes a novel approach for validating network policy enforcement, by checking the network status and configuration, and detection of the possible causes in case of misconfiguration or software attacks.
Our contribution exploits formal methods to model and validate the packet processing and forwarding behaviour of security controls, and to validate the trustworthiness of the controls by using remote attestation.
A prototype implementation of this approach is proposed to validate different scenarios
Verifying sensor network security protocol implementations
Verifying sensor network security protocol implementations using testing/simulation might leave some flaws undetected. Formal verification techniques have been very successful in detecting faults in security protocol specifications; however, they generally require building a formal description (model) of the protocol. Building accurate models is hard, thus hindering the application of formal verification. In this work, a framework for automating formal verification of sensor network security protocols is presented. The framework Slede extracts models from protocol implementations and verifies them against generated intruder models. Slede was evaluated by verifying two sensor network security protocol implementations. Security flaws in both protocols were detected