Towards understanding and mitigating attacks leveraging zero-day exploits

Zero-day vulnerabilities are unknown and therefore not addressed with the result that they can be exploited by attackers to gain unauthorised system access. In order to understand and mitigate against attacks leveraging zero-days or unknown techniques, it is necessary to study the vulnerabilities, exploits and attacks that make use of them. In recent years there have been a number of leaks publishing such attacks using various methods to exploit vulnerabilities. This research seeks to understand what types of vulnerabilities exist, why and how these are exploited, and how to defend against such attacks by either mitigating the vulnerabilities or the method / process of exploiting them. By moving beyond merely remedying the vulnerabilities to defences that are able to prevent or detect the actions taken by attackers, the security of the information system will be better positioned to deal with future unknown threats. An interesting finding is how attackers exploit moving beyond the observable bounds to circumvent security defences, for example, compromising syslog servers, or going down to lower system rings to gain access. However, defenders can counter this by employing defences that are external to the system preventing attackers from disabling them or removing collected evidence after gaining system access. Attackers are able to defeat air-gaps via the leakage of electromagnetic radiation as well as misdirect attribution by planting false artefacts for forensic analysis and attacking from third party information systems. They analyse the methods of other attackers to learn new techniques. An example of this is the Umbrage project whereby malware is analysed to decide whether it should be implemented as a proof of concept. Another important finding is that attackers respect defence mechanisms such as: remote syslog (e.g. firewall), core dump files, database auditing, and Tripwire (e.g. SlyHeretic). These defences all have the potential to result in the attacker being discovered. Attackers must either negate the defence mechanism or find unprotected targets. Defenders can use technologies such as encryption to defend against interception and man-in-the-middle attacks. They can also employ honeytokens and honeypots to alarm misdirect, slow down and learn from attackers. By employing various tactics defenders are able to increase their chance of detecting and time to react to attacks, even those exploiting hitherto unknown vulnerabilities. To summarize the information presented in this thesis and to show the practical importance thereof, an examination is presented of the NSA's network intrusion of the SWIFT organisation. It shows that the firewalls were exploited with remote code execution zerodays. This attack has a striking parallel in the approach used in the recent VPNFilter malware. If nothing else, the leaks provide information to other actors on how to attack and what to avoid. However, by studying state actors, we can gain insight into what other actors with fewer resources can do in the future

Security and Privacy for the Modern World

The world is organized around technology that does not respect its users. As a precondition of participation in digital life, users cede control of their data to third-parties with murky motivations, and cannot ensure this control is not mishandled or abused. In this work, we create secure, privacy-respecting computing for the average user by giving them the tools to guarantee their data is shielded from prying eyes. We first uncover the side channels present when outsourcing scientific computation to the cloud, and address them by building a data-oblivious virtual environment capable of efficiently handling these workloads. Then, we explore stronger privacy protections for interpersonal communication through practical steganography, using it to hide sensitive messages in realistic cover distributions like English text. Finally, we discuss at-home cryptography, and leverage it to bind a user’s access to their online services and important files to a secure location, such as their smart home. This line of research represents a new model of digital life, one that is both full-featured and protected against the security and privacy threats of the modern world

East Lancashire Research 2008

East Lancashire Research 200

Aspects of internet security: identity management and online child protection

This thesis examines four main subjects; consumer federated Internet Identity Management (IdM), text analysis to detect grooming in Internet chat, a system for using steganographed emoticons as ‘digital fingerprints’ in instant messaging and a systems analysis of online child protection. The Internet was never designed to support an identity framework. The current username / password model does not scale well and with an ever increasing number of sites and services users are suffering from password fatigue and using insecure practises such as using the same password across websites. In addition users are supplying personal information to vast number of sites and services with little, if any control over how that information is used. A new identity metasystem promises to bring federated identity, which has found success in the enterprise to the consumer, placing the user in control and limiting the disclosure of personal information. This thesis argues though technical feasible no business model exists to support consumer IdM and without a major change in Internet culture such as a breakdown in trust and security a new identity metasystem will not be realised. Is it possible to detect grooming or potential grooming from a statistical examination of Internet chat messages? Using techniques from speaker verification can grooming relationships be detected? Can this approach improve on the leading text analysis technique – Bayesian trigram analysis? Using a novel feature extraction technique and Gaussian Mixture Models (GMM) to detect potential grooming proved to be unreliable. Even with the benefit of extensive tuning the author doubts the technique would match or improve upon Bayesian analysis. Around 80% of child grooming is blatant with the groomer disguising neither their age nor sexual intent. Experiments conducted with Bayesian trigram analysis suggest this could be reliably detected, detecting the subtle, devious remaining 20% is considerably harder and reliable detection is questionable especially in systems using teenagers (the most at risk group). Observations of the MSN Messenger service and protocol lead the author to discover a method by which to leave digitally verifiable files on the computer of anyone who chats with a child by exploiting the custom emoticon feature. By employing techniques from steganography these custom emoticons can be made to appear innocuous. Finding and removing custom emoticons is a non-trivial matter and they cannot be easily spoofed. Identification is performed by examining the emoticon (file) hashes. If an emoticon is recovered e.g. in the course of an investigation it can be hashed and the hashed compared against a database of registered users and used to support non-repudiation and confirm if an individual has indeed been chatting with a child. Online child protection has been described as a classic systems problem. It covers a broad range of complex, and sometimes difficult to research issues including technology, sociology, psychology and law, and affects directly or indirectly the majority of the UK population. Yet despite this the problem and the challenges are poorly understood, thanks in no small part to mawkish attitudes and alarmist media coverage. Here the problem is examined holistically; how children use technology, what the risks are, and how they can best be protected – based not on idealism, but on the known behaviours of children. The overall protection message is often confused and unrealistic, leaving parents and children ill prepared to protect themselves. Technology does have a place in protecting children, but this is secondary to a strong and understanding parent/child relationship and education, both of the child and parent

State of the Art and Future Perspectives in Smart and Sustainable Urban Development

This book contributes to the conceptual and practical knowledge pools in order to improve the research and practice on smart and sustainable urban development by presenting an informed understanding of the subject to scholars, policymakers, and practitioners. This book presents contributions—in the form of research articles, literature reviews, case reports, and short communications—offering insights into the smart and sustainable urban development by conducting in-depth conceptual debates, detailed case study descriptions, thorough empirical investigations, systematic literature reviews, or forecasting analyses. This way, the book forms a repository of relevant information, material, and knowledge to support research, policymaking, practice, and the transferability of experiences to address urbanization and other planetary challenges

Internal Crowdsourcing in Companies

This open access book examines the implications of internal crowdsourcing (IC) in companies. Presenting an employee-oriented, cross-sector reference model for good IC practice, it discusses the core theoretical foundations, and offers guidelines for process-management and blueprints for the implementation of IC. Furthermore, it examines solutions for employee training and competence development based on crowdsourcing. As such, the book will appeal to scholars of management science, work studies, organizational and participation research and to readers interested in inclusive approaches for cooperative change management and the IT implications for IC platforms

(Dis)Integrated Identities: Experiences of Tenure- Track Engineering Faculty Who Identify as Sexual Minorities

This study was conducted to explore how full-time, tenure-track engineering faculty members who self-identify as sexual minorities have experienced working in Doctoral Universities. Literature reviewed for this study included the history of higher education and engineering education in the United States; a review of the differences between engineering and science, technology, engineering, and mathematics (STEM) fields; and an overview of the history of discrimination against sexual minorities. Using a mixed-methods explanatory sequential methodology, the study included an anonymous web-based survey followed by semi-structured interviews of the participants who agreed to be contacted. During the interviews, participants shared photographs of their workspaces and described how items displayed in those spaces were congruent or incongruent with their multiple dimensions of identity. The simultaneous presence of both stigmatized and privileged identities led to complex relational interactions with colleagues and students that required individuals to dis-integrate, by denying some of their identities to successfully navigate in certain professional settings. Themes that emerged from the data included sexism, heterosexism, and hegemonic masculinity within the engineering academic environment; the value and importance of good mentoring; the professional pressures these faculty members faced and how their identities interacted to magnify those pressures; and that geographic and social location mattered. Participants also noted the importance of the Out in STEM student organization in breaking down the isolation they felt as sexual minorities in engineering. Study results demonstrated that a sexual minority identity was one of a long list of identities that have not been welcomed or valued in the engineering profession. This study’s findings were significant because they shone a spotlight on an issue that has been surrounded by silence in the engineering community. The primary implication of this study was the need for a more welcoming culture within engineering academia that would allow all engineering faculty members to feel more comfortable sharing the full spectrum of their identities. Potential areas for future research included expansion of the study to non-tenure-track sexual minority engineering faculty members, engineering faculty members of any sexual identity, and re-evaluation of the underlying assumptions of the stigma and social identity theories used in this study. Keywords: engineering faculty, mixed methods, sexual minority, social identity, stigm

Facebook as a site of stress reduction and resilience amongst trailing wives living in Alaska

2017 Spring.Includes bibliographical references.This explanatory sequential mixed methodology (Creswell & Plano Clark, 2011) study considers how Facebook use impacts sojourners' perceived stress and resilience. Forty-one current and retired sojourning "trailing wives"—women who move primarily for their husband's career—located in Anchorage, Alaska, participated in the Phase 1 survey. Phase 1 found support for the predicted negative relationship between perceived stress and Facebook social connectedness, but the predicted positive relationship between Facebook social connectedness and resilience was not significant. Seventeen Phase 2 participants participated in semi-structured interviews, which were then analyzed using the constant comparative method (Strauss & Corbin, 1990), to explore the relationship between Facebook use and resilience further. Interview participants identified Facebook information seeking and social networking activities as particularly helpful in their early sojourn adjustment. Some participants also reported using Facebook and other social media sites (e.g., Instagram) to grow from their sojourn experience by practicing four of the resilience communication processes identified by Buzzanell (2010): drawing upon communication networks, emphasizing identity anchors, fostering optimism, and reframing negative experiences. Implications for practitioners (e.g., sojourners, human resources and mental health professionals) and researchers (across international business and social science disciplines) are also discussed

Dynamics of expectations and linked ecologies: a case study of the Copyright Hub

This thesis examines the development of the Copyright Hub, an emerging infrastructural initiative, designed to streamline the processes of expressing, identifying and communicating Intellectual Property (IP) rights information, especially copyright licensing, across sectors of the creative industries. The study highlights the origins of the Copyright Hub and the provision of public support for its R&D as a product of divergent pressures: the creative industries sought government action to redress their concerns about difficulties in enforcing copyright in a digital world; government sought to stimulate the economy through fostering sustainable digital industries. The project however did not fulfil its promise of enabling the innovation of new market infrastructures for trading copyright-protected content. To go beyond prevalent snapshot studies of innovation, this research draws upon the Biographies of Artifacts and Practices (BOAP) approach, which informs the methodological choice of multi-site, longitudinal fieldwork. A rich account of the unfolding of a field of innovation is provided, combining archival and contemporary ethnographic sources. The analysis applies concepts from the sociology of expectations (and in particular ‘arenas of expectations’) to understand the process by which visions and expectations are mobilised to accumulate public and private funding and support, as well as understanding the dynamics of development of the Copyright Hub project. These notions are complemented by Abbott’s concept of “linked ecologies”, which helps in scrutinising the interrelation of actors within the policy-making ecology and its neighbouring ecologies of business and IP standard development. In addition, Abbott’s discussion on “things of boundaries” provides a helpful template for conceptualising the processes through which protected spaces are constructed. The thesis makes three main contributions to knowledge. 1. It provides a rich, empirical description of the Copyright Hub initiative from its embryonic stages when novel ideas are being formed, new alliances are being made, and resources are mobilised to build a protected space for innovation development. In addition to high expectations, this research managed to capture and portray how ‘low’ and ‘slow’ expectations can help in propelling the Copyright Hub project by (a) ensuring existing market actors that the new initiative would not cannibalise their commercial interests, and (b) providing for stability in policy making which counter-balanced the rapid re-bundling of policy issues around IP. The substantive area of developing digital infrastructures for IP licensing and management is per se of wider interest to policy makers, creative industries and scholars of innovation studies. 2. It contributes to the sociology of expectations by furthering our understanding of “arenas of expectations” as the battleground where adjacent ecologies meet in search of alliances, resources and support. Policy makers, businesses and infrastructure entrepreneurs do not compete alone, but rather in alliance, and thus any successful strategy must provide “dual rewards” for members of the alliance in both ecologies at once. For example, the Copyright Hub successfully acted as a “hinge”, which helped the UK creative industries prevent further copyright exceptions being imposed upon them, while allowing the government to fight off criticism of the dearth of visions and policies for long-term economic growth. Similarly, arenas of expectations are not isolated phenomena, but they are linked together through members of an alliance in its overall struggle for power. 3. It helps in reconceptualising “protected spaces”. The protected space for the development of the Copyright Hub’s technology was established through explicit act of various actors yoking together three “sites of differences”: the Copyright Hub Ltd., the Digital Catapult, and the Linked Content Coalition. These sites of differences brought with them constraints, preferences, and vested interests into the development process and played a crucial role in shaping the innovation’s trajectory. When the interest needed to hold these social boundaries in place was no longer adequate, the protected space would be dissolved. Yet, elements of such spaces do not completely disappear but morph, transform and eventually constitute new protected spaces or other types of social entities. In the case of the Copyright Hub, for example, the protected space was eventually dissolved when the Digital Catapult withdrew from the project, yet elements developed within this space morphed and constituted a new project named ARDITO, whose objectives were to develop actual services in the marketplace from the Copyright Hub’s pilot use cases