359 research outputs found
Outsmarting Network Security with SDN Teleportation
Software-defined networking is considered a promising new paradigm, enabling
more reliable and formally verifiable communication networks. However, this
paper shows that the separation of the control plane from the data plane, which
lies at the heart of Software-Defined Networks (SDNs), introduces a new
vulnerability which we call \emph{teleportation}. An attacker (e.g., a
malicious switch in the data plane or a host connected to the network) can use
teleportation to transmit information via the control plane and bypass critical
network functions in the data plane (e.g., a firewall), and to violate security
policies as well as logical and even physical separations. This paper
characterizes the design space for teleportation attacks theoretically, and
then identifies four different teleportation techniques. We demonstrate and
discuss how these techniques can be exploited for different attacks (e.g.,
exfiltrating confidential data at high rates), and also initiate the discussion
of possible countermeasures. Generally, and given today's trend toward more
intent-based networking, we believe that our findings are relevant beyond the
use cases considered in this paper.Comment: Accepted in EuroSP'1
A Vulnerability Assessment of the East Tennessee State University Administrative Computer Network.
A three phase audit of East Tennessee State University\u27s administrative computer network was conducted during Fall 2001, Spring 2002, and January 2004. Nmap and Nessus were used to collect the vulnerability data. Analysis discovered an average of 3.065 critical vulnerabilities per host with a low of 2.377 in Spring 2001 to a high of 3.694 in Fall 2001. The number of unpatched Windows operating system vulnerabilities, which accounted for over 75% of these critical vulnerabilities, strongly argues for the need of an automated patch deployment system for the approximately 3,000 Windows-based systems at ETSU
Software Fault Isolation: a first step towards Microreboot in legacy C applications
Microreboot is an attractive technique for recovering an application
after a non-malicious failure or deliberate integrity breach even in
cases where the precise cause of the failure or breach are not known.
Unfortunately, Microreboot functionality has so far been demonstrated
only with Java applications meeting a set of peculiar Crash-only
architectural requirements. This report describes a method of using
Software Fault Isolation techniques to meet some of these
architectural requirements in C programs, thereby taking a first step
towards making Microreboot available for retrofit in legacy C
applications
An Assessment of North Korean Threats and Vulnerabilities in Cyberspace
This thesis answers the fundamental questions of what North Korean capabilities and intent in cyberspace are and what North Korean threats and vulnerabilities are associated with these. It argues that although North Korea’s cyberspace resources and capabilities have increased and reached a level that represents an advanced persistent threat, its cyberspace operations have remained restrained and regional. It also argues that North Korea’s valuable assets include its ability to control cyberspace within North Korea and its ability to engage in cyberspace activities and operations from abroad. The thesis recommends that the United States government exploit these assets by denying and disrupting the use of cyberspace by covert cyber units outside of North Korea, as well as by enabling and ensuring the less monitored and less controlled use of cyberspace by civilians inside of North Korea
Professional English. Fundamentals of Software Engineering
Посібник містить оригінальні тексти фахового змісту, які супроводжуються термінологічним тематичним вокабуляром та вправами різного методичного спрямування.
Для студентів, які навчаються за напрямами підготовки: «Програмна інженерія», «Комп’ютерні науки» «Комп’ютерна інженерія»
The Challenges of Network Security Remediation at a Regional University.
This thesis describes challenges encountered during a year-long effort to improve the security of the 3,300 node administrative computer network at East Tennessee State University. The key remediation strategies used included employing the vulnerability scanner Nessus to profile the network, analyzing the scan results, and attempting to remove the most critical vulnerabilities found. The project succeeded in decreasing known “high” criticality vulnerabilities on campus by 26.1%, and confirmed four standard observations about the challenges of network administration: Vulnerability scanning is a lengthy task best performed in parallel and supported by automated data analysis.Securing a network is like trying to hit a moving target, due to an ever-increasing proliferation of networked hosts, services enabled by default install and lists of vulnerabilities to address.Failures of common sense are still among the primary threats to network security.Failing to retain management support for the security hardening process can jeopardize the project
- …