193 research outputs found

    Deploying Secure Distributed Systems: Comparative Analysis of GNS3 and SEED Internet Emulator

    Get PDF
    Network emulation offers a flexible solution for network deployment and operations, leveraging software to consolidate all nodes in a topology and utilizing the resources of a single host system server. This research paper investigated the state of cybersecurity in virtualized systems, covering vulnerabilities, exploitation techniques, remediation methods, and deployment strategies, based on an extensive review of the related literature. We conducted a comprehensive performance evaluation and comparison of two network-emulation platforms: Graphical Network Simulator-3 (GNS3), an established open-source platform, and the SEED Internet Emulator, an emerging platform, alongside physical Cisco routers. Additionally, we present a Distributed System that seamlessly integrates network architecture and emulation capabilities. Empirical experiments assessed various performance criteria, including the bandwidth, throughput, latency, and jitter. Insights into the advantages, challenges, and limitations of each platform are provided based on the performance evaluation. Furthermore, we analyzed the deployment costs and energy consumption, focusing on the economic aspects of the proposed application

    Securing Distributed Systems: A Survey on Access Control Techniques for Cloud, Blockchain, IoT and SDN

    Get PDF
    Access Control is a crucial defense mechanism organizations can deploy to meet modern cybersecurity needs and legal compliance with data privacy. The aim is to prevent unauthorized users and systems from accessing protected resources in a way that exceeds their permissions. The present survey aims to summarize state-of-the-art Access Control techniques, presenting recent research trends in this area. Moreover, as the cyber-attack landscape and zero-trust networking challenges require organizations to consider their Information Security management strategies carefully, in this study, we present a review of contemporary Access Control techniques and technologies being discussed in the literature and the various innovations and evolution of the technology. We also discuss adopting and applying different Access Control techniques and technologies in four upcoming and crucial domains: Cloud Computing, Blockchain, the Internet of Things, and Software-Defined Networking. Finally, we discuss the business adoption strategies for Access Control and how the technology can be integrated into a cybersecurity and network architecture strategy

    Context-aware and user bahavior-based continuous authentication for zero trust access control in smart homes

    Get PDF
    Orientador: Aldri Luiz dos SantosDissertação (mestrado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba, 24/02/2023Inclui referências: p. 96-106Área de concentração: Ciência da ComputaçãoResumo: Embora as casas inteligentes tenham se tornado populares recentemente, as pessoas ainda estão muito preocupadas com questões de segurança, proteção e privacidade. Estudos revelaram que questões de privacidade das pessoas geram prejuízos fisiológicos e financeiros porque as casas inteligentes são ambientes de convivência íntima. Além disso, nossa pesquisa revelou que os ataques de impersonificação são uma das ameaças mais graves contra casas inteligentes porque comprometem a confidencialidade, autenticidade, integridade e não repúdio. Normalmente, abordagens para construir segurança para Sistemas de Casas Inteligentes (SHS) requerem dados históricos para implementar controle de acesso e Sistemas de Detecção de Intrusão (IDS), uma vulnerabilidade à privacidade dos habitantes. Além disso, a maioria dos trabalhos depende de computação em nuvem ou recursos na nuvem para executar tarefas de segurança, que os invasores podem atacar para atingir a confidencialidade, integridade e disponibilidade. Além disso, os pesquisadores não consideram o uso indevido de SHS ao forçar os usuários a interagir com os dispositivos por meio de seus smartphones ou tablets, pois eles costumam interagir por qualquer meio, como assistentes virtuais e os próprios dispositivos. Portanto, os requisitos do sistema de segurança para residências inteligentes devem compreender percepção de privacidade, resposta de baixa latência, localidade espacial e temporal, extensibilidade de dispositivo, proteção contra impersonificação, isolamento de dispositivo, garantia de controle de acesso e levar em consideração a verificação atualizada com um sistema confiável. Para atender a esses requisitos, propomos o sistema ZASH (Zero-Aware Smart Home) para fornecer controle de acesso para as ações do usuário em dispositivos em casas inteligentes. Em contraste com os trabalhos atuais, ele aproveita a autenticação contínua com o paradigma de Confiança Zero suportado por ontologias configuradas, contexto em tempo real e atividade do usuário. A computação de borda e a Cadeia de Markov permitem que o ZASH evite e mitigue ataques de impersonificação que visam comprometer a segurança dos usuários. O sistema depende apenas de recursos dentro de casa, é autossuficiente e está menos exposto à exploração externa. Além disso, funciona desde o dia zero sem a exigência de dados históricos, embora conte com o passar do tempo para monitorar o comportamento dos usuários. O ZASH exige prova de identidade para que os usuários confirmem sua autenticidade por meio de características fortes da classe Something You Are. O sistema executa o controle de acesso nos dispositivos inteligentes, portanto, não depende de intermediários e considera qualquer interação usuário-dispositivo. A princípio, um teste inicial de algoritmos com um conjunto de dados sintético demonstrou a capacidade do sistema de se adaptar dinamicamente aos comportamentos de novos usuários, bloqueando ataques de impersonificação. Por fim, implementamos o ZASH no simulador de rede ns-3 e analisamos sua robustez, eficiência, extensibilidade e desempenho. De acordo com nossa análise, ele protege a privacidade dos usuários, responde rapidamente (cerca de 4,16 ms), lida com a adição e remoção de dispositivos, bloqueia a maioria dos ataques de impersonificação (até 99% com uma configuração adequada), isola dispositivos inteligentes e garante o controle de acesso para todas as interações.Abstract: Although smart homes have become popular recently, people are still highly concerned about security, safety, and privacy issues. Studies revealed that issues in people's privacy generate physiological and financial harm because smart homes are intimate living environments. Further, our research disclosed that impersonation attacks are one of the most severe threats against smart homes because they compromise confidentiality, authenticity, integrity, and non-repudiation. Typically, approaches to build security for Smart Home Systems (SHS) require historical data to implement access control and Intrusion Detection Systems (IDS), a vulnerability to the inhabitant's privacy. Additionally, most works rely on cloud computing or resources in the cloud to perform security tasks, which attackers can exploit to target confidentiality, integrity, and availability. Moreover, researchers do not regard the misuse of SHS by forcing users to interact with devices through their smartphones or tablets, as they usually interact by any means, like virtual assistants and devices themselves. Therefore, the security system requirements for smart homes should comprehend privacy perception, low latency in response, spatial and temporal locality, device extensibility, protection against impersonation, device isolation, access control enforcement, and taking into account the refresh verification with a trustworthy system. To attend to those requirements, we propose the ZASH (Zero-Aware Smart Home) system to provide access control for the user's actions on smart devices in smart homes. In contrast to current works, it leverages continuous authentication with the Zero Trust paradigm supported by configured ontologies, real-time context, and user activity. Edge computing and Markov Chain enable ZASH to prevent and mitigate impersonation attacks that aim to compromise users' security. The system relies only on resources inside the house, is self-sufficient, and is less exposed to outside exploitation. Furthermore, it works from day zero without the requirement of historical data, though it counts on that as time passes to monitor the users' behavior. ZASH requires proof of identity for users to confirm their authenticity through strong features of the Something You Are class. The system enforces access control in smart devices, so it does not depend on intermediaries and considers any user-device interaction. At first, an initial test of algorithms with a synthetic dataset demonstrated the system's capability to dynamically adapt to new users' behaviors withal blocking impersonation attacks. Finally, we implemented ZASH in the ns-3 network simulator and analyzed its robustness, efficiency, extensibility, and performance. According to our analysis, it protects users' privacy, responds quickly (around 4.16 ms), copes with adding and removing devices, blocks most impersonation attacks (up to 99% with a proper configuration), isolates smart devices, and enforces access control for all interactions

    Obstructions in Security-Aware Business Processes

    Get PDF
    This Open Access book explores the dilemma-like stalemate between security and regulatory compliance in business processes on the one hand and business continuity and governance on the other. The growing number of regulations, e.g., on information security, data protection, or privacy, implemented in increasingly digitized businesses can have an obstructive effect on the automated execution of business processes. Such security-related obstructions can particularly occur when an access control-based implementation of regulations blocks the execution of business processes. By handling obstructions, security in business processes is supposed to be improved. For this, the book presents a framework that allows the comprehensive analysis, detection, and handling of obstructions in a security-sensitive way. Thereby, methods based on common organizational security policies, process models, and logs are proposed. The Petri net-based modeling and related semantic and language-based research, as well as the analysis of event data and machine learning methods finally lead to the development of algorithms and experiments that can detect and resolve obstructions and are reproducible with the provided software

    Vertrauenswürdige, adaptive Anfrageverarbeitung in dynamischen Sensornetzwerken zur Unterstützung assistiver Systeme

    Get PDF
    Assistenzsysteme in smarten Umgebungen sammeln durch den Einsatz verschiedenster Sensoren viele Daten, um die Intentionen und zukünftigen Aktivitäten der Nutzer zu berechnen. In den meisten Fällen werden dabei mehr Informationen gesammelt als für die Erfüllung der Aufgabe des Assistenzsystems notwendig sind. Das Ziel dieser Dissertation ist die Konzeption und Implementierung von datenschutzfördernden Algorithmen für die Weitergabe sensibler Sensor- und Kontextinformationen zu den Analysewerkzeugen der Assistenzsysteme. Die Datenschutzansprüche der Nutzer werden dazu in Integritätsbedingungen der Datenbanksysteme transformiert, welche die gesammelten Informationen speichern und auswerten. Ausgehend vom Informationsbedarf des Assistenzsystems und den Datenschutzbedürfnissen des Nutzers werden die gesammelten Daten so nahe wie möglich am Sensor durch Selektion, Reduktion, Kompression oder Aggregation durch die Datenschutzkomponente des Assistenzsystems verdichtet. Sofern nicht alle Informationen lokal verarbeitet werden können, werden Teile der Analyse an andere, an der Verarbeitung der Daten beteiligte Rechenknoten ausgelagert. Das Konzept wurde im Rahmen des PArADISE-Frameworks (Privacy-AwaRe Assistive Distributed Information System Environment) umgesetzt und u. a. in Zusammenarbeit mit dem DFG-Graduiertenkolleg 1424 (MuSAMA-Multimodal Smart Appliances for Mobile Application) anhand eines Beispielszenarios getestet

    Automatic Context-Based Policy Generation from Usage- and Misusage-Diagrams

    Get PDF

    Cryptographic solutions of organization’s memory protection from the point of management’s knowledge

    Get PDF
    Moderne kompanije se svakim danom suočavaju sa problemom opterećenosti velikom količinom informacija i podataka, a što otežava njihovo poslovanje i donošenje efikasnih poslovnih odluka. Pronalaženje nove suštine primene načina menadžmenta znanja u smislu efikasnog korišćenja memorije organizacije (znanja), predstavlja sve veću potrebu kompanija da unaprede svoje poslovanje. Isto tako, zaštita načina pristupanja memoriji organizacije (znanju kompanije), njegovoj razmeni i upravljanju njime, kompanije sve više posvećuju pažnju i stavljaju akcenat u svom poslovanju. Primena koncepta poslovne inteligencije u upravljanju memorije organizacije postaje neizostavan element strategije uspešnih kompanija. Integrisano automatizovano upravljanje memorijom organizacije (znanjem jedne kompanije), iako veoma složeno, predstavlja rešenje za interakciju menadžmenta znanja i informacione tehnologije. Time se stvara mogućnost potpunog objašnjavanja procesa donošenja odluka u jednoj kompaniji, ali i procesa toka dokumenata, informacija i podataka. Integrisanim automatizovanim upravljanjem memorijom organizacije, kompanija ostvaruje mogućnost dobijanja detaljnih podataka na osnovu kojih je olakšano konkretno poslovno odlučivanje. Takođe, ovde se javlja i zahtev za zaštitu jednog takvog integrisanog automatizo vanog procesa. U skladu sa određenim i usvojenim međunarodnim standardima (ISO 27001), menadžment u ovakvom sistemu kakav je memorija organizacije treba da osigura efikasnu implementaciju, praćenje i unapređenje sistema za rukovanje bezbednošću memorije organizacije. Zaštita i bezbednost memorije organizacije kroz kriptografska rešenje treba da zadovolji balans između zahteva korisnika, funkcionalnosti unutar memorije organizacije i potrebe zaštite osetljivih podataka i čuvanje njihovog integriteta. Ovakav integrisani automatizovani proces upravljanja memorijom organizacije predstavlja jedno rešenje koje bi svoju upotrebu moglo da nađe kako u oblasti učenja inteligentnih sistema, tako i u postojećim sistemima savremenog poslovnog odlučivanja. Jedan od predloženog načina rešenja zaštite integrisanog sistema za proces upravljanja memorijom organizacije u ovom radu biće i mogućnost snimanja u šifrovanom obliku, čime podaci postaju dostupni samo kroz informacioni sistem kompanije. U ovom radu biće predstavljeno sopstveno kriptografsko rešenje zaštite memorije organizacije sa stanovišta menadžmenta znanja. Pristup dokumentima i podacima će imati samo ovlašćeni korisnici sistema na osnovu definisanih dozvola pristupa. Autentičnost dokumenata i njihova nepromenljivost bi se obezbedila pomoću digitalnih potpisa, što predložena kriptografska rešenja obezbeđuju u skladu sa aktuelnim zakonskim propisima za elektronski dokument. Isto tako, biće razmotreni principi i modeli koji obezbeđuju i zaštitu podataka i privilegovan pristup podacima, a sve u cilju donošenja odluka zasnovanih na memoriji organizacije. Najbolji primer za ovakvu analizu su bezbednosno-informativne agencije, a brojni su primeri, kako dobrih organizacija, tako i propusta u njihovom radu

    Managing Security Requirements Patterns using Feature Diagram Hierarchies

    Get PDF
    Abstract-Security requirements patterns represent reusable security practices that software engineers can apply to improve security in their system. Reusing best practices that others have employed could have a number of benefits, such as decreasing the time spent in the requirements elicitation process or improving the quality of the product by reducing product failure risk. Pattern selection can be difficult due to the diversity of applicable patterns from which an analyst has to choose. The challenge is that identifying the most appropriate pattern for a situation can be cumbersome and time-consuming. We propose a new method that combines an inquiry-cycle based approach with the feature diagram notation to review only relevant patterns and quickly select the most appropriate patterns for the situation. Similar to patterns themselves, our approach captures expert knowledge to relate patterns based on decisions made by the pattern user. The resulting pattern hierarchies allow users to be guided through these decisions by questions, which introduce related patterns in order to help the pattern user select the most appropriate patterns for their situation, thus resulting in better requirement generation. We evaluate our approach using access control patterns in a pattern user study
    corecore