Forensic acquisition of file systems with parallel processing of digital artifacts to generate an early case assessment report

A evolução da maneira como os seres humanos interagem e realizam tarefas rotineiras mudou nas últimas décadas e uma longa lista de atividades agora somente são possíveis com o uso de tecnologias da informação – entre essas pode-se destacar a aquisição de bens e serviços, gestão e operações de negócios e comunicações. Essas transformações são visíveis também em outras atividades menos legítimas, permitindo que crimes sejam cometidos através de meios digitais. Em linhas gerais, investigadores forenses trabalham buscando por indícios de ações criminais realizadas por meio de dispositivos digitais para finalmente, tentar identificar os autores, o nível do dano causado e a história atrás que possibilitou o crime. Na sua essência, essa atividade deve seguir normas estritas para garantir que as provas sejam admitidas em tribunal, mas quanto maior o número de novos artefatos e maior o volume de dispositivos de armazenamento disponíveis, maior o tempo necessário entre a identificação de um dispositivo de um suspeito e o momento em que o investigador começa a navegar no mar de informações alojadas no dispositivo. Esta pesquisa, tem como objetivo antecipar algumas etapas do EDRM através do uso do processamento em paralelo adjacente nas unidades de processamento (CPU) atuais para para traduzir multiplos artefactos forenses do sistema operativo Windows 10 e gerar um relatório com as informações mais cruciais sobre o dispositivo adquirido. Permitindo uma análise antecipada do caso (ECA) ao mesmo tempo em que uma aquisição completa do disco está em curso, desse modo causando um impacto mínimo no tempo geral de aquisição

Uma arquitetura para monitoramento de banco de dados e recomendações utilizando sistema de banco de dados ativos

Integrated environments monitoring can become complex with heterogeneous databases, due to the particularities in the language syntax and available tools. In particular, active databases allow developing mechanisms and automation of processes involving data or objects. This work proposes the development of an architecture to identify and monitor DDL (Data Definition Language), exploring the active databases and recommendations approach. This architecture could be explored in several ways: simple monitoring of DDL events in one or more databases, or recommendation of future DDLs or settings within the monitored database. In this context, this work proposes: (i) an integrated architecture of active databases and recommendation; (ii) the adaptation of a recommendation algorithm; and (iii) the validation of concepts through a prototype.O monitoramento de forma integrada pode se tornar complexo em ambientes com bancos de dados heterogêneos, devido às particularidades na sintaxe e em ferramentas disponíveis. Em particular, bancos de dados ativos permitem o desenvolvimento de mecanismos e a automação de processos que envolvam os dados ou objetos. Este trabalho propõe o desenvolvimento de uma arquitetura para identificar e monitorar eventos DDL (Data Definition Language), utilizando a abordagem de banco de dados ativos e recomendação. As aplicações desta arquitetura variam desde o simples monitoramento de eventos DDL em um ou mais bancos de dados, até a recomendação de possíveis configurações ou mudanças que podem ser realizadas no banco de dados monitorado. Neste contexto, essa dissertação propõe: (i) uma arquitetura integrada de banco de dados ativos e recomendação; (ii) a adaptação de um algoritmo de recomendação; e (iii) a validação dos conceitos aplicados através de um protótipo

The Internet of Things supporting the Cultural Heritage domain: analysis, design and implementation of a smart framework enhancing the smartness of cultural spaces

Nowadays embedded systems have reached a great level of maturity and diffusion thanks to their small size, low power consumption, large connectivity and variety of application in everyday contexts. These systems, if properly structured and configured, can signifi- cantly increase the smartness of the environments where they are deployed, monitoring and continuously collecting data to be processed and elaborated. In this perspective, the Internet of Things (IoT) paradigm supports the transition from a closed world, in which an object is characterized by a descriptor, to an open world, in which objects interact with the surrounding environment, because they have become ”intelligent”. Accordingly, not only people will be connected to the internet, but objects such as cars, fridges, televisions, water management systems, buildings, monuments and so on will be connected as well. The Cultural Heritage represents a worldwide resource of inestimable value, attracting millions of visitors every year to monuments, museums and art exhi- bitions. Fundamental aspects of this resource to be investigated are its promotion and people enjoyment. Indeed, to achieve an enjoyment of a cultural space that is attractive and sustainable, it is necessary to realize ubiquitous and multimedia solutions for users’ interaction to enrich their visiting experience and improve the knowledge transmission process of a cultural site. The main target of this PhD Thesis is the study of the IoT paradigm, devoted to the design of a smart framework supporting the fruition, enjoyment and tutelage of the Cultural Heritage domain. In order to assess the proposed approach, a real case study is presented and discussed. In detail, it represents the deployment of our framework during an art exhibition, named The Beauty or the Truth within the Monumental Complex of San Domenico Maggiore, Naples (Italy). Following the Internet of Things paradigm, the proposed intelligent framework relies on the integration of a Sensor Network of Smart Objects with Wi-Fi and Bluetooth Low Energy technologies to identify, locate and support users. In this way technology can become a mediator between visitors and fruition, an instrument of connection between people, objects, and spaces to create new social, economic and cultural opportunities

Event-driven Middleware for Body and Ambient Sensor Applications

Continuing development of on-body and ambient sensors has led to a vast increase in sensor-based assistance and monitoring solutions. A growing range of modular sensors, and the necessity of running multiple applications on the sensor information, has led to an equally extensive increase in efforts for system development. In this work, we present an event-driven middleware for on-body and ambient sensor networks allowing multiple applications to define information types of their interest in a publish/subscribe manner. Incoming sensor data is hereby transformed into the required data representation which lifts the burden of adapting the application with respect to the connected sensors off the developer's shoulders. Furthermore, an unsupervised on-the-fly reloading of transformation rules from a remote server allows the system's adaptation to future applications and sensors at run-time as well as reducing the number of connected sensors. Open communication channels distribute sensor information to all interested applications. In addition to that, application-specific event channels are introduced that provide tailor-made information retrieval as well as control over the dissemination of critical information. The system is evaluated based on an Android implementation with transformation rules implemented as OSGi bundles that are retrieved from a remote web server. Evaluation shows a low impact of running the middleware and the transformation rules on a phone and highlights the reduced energy consumption by having fewer sensors serving multiple applications. It also points out the behavior and limits of the open and application-specific event channels with respect to CPU utilization, delivery ratio, and memory usage. In addition to the middleware approach, four (preventive) health care applications are presented. They take advantage of the mediation between sensors and applications and highlight the system's capabilities. By connecting body sensors for monitoring physical and physiological parameters as well as ambient sensors for retrieving information about user presence and interactions with the environment, full-fledged health monitoring examples for monitoring a user throughout the day are presented. Vital parameters are gathered from commercially available biosensors and the mediator device running both the middleware and the application is an off-the-shelf smart phone. For gaining information about a user's physical activity, custom-built body and ambient sensors are presented and deployed

Open-source resources and standards for Arabic word structure analysis: Fine grained morphological analysis of Arabic text corpora

Morphological analyzers are preprocessors for text analysis. Many Text Analytics applications need them to perform their tasks. The aim of this thesis is to develop standards, tools and resources that widen the scope of Arabic word structure analysis - particularly morphological analysis, to process Arabic text corpora of different domains, formats and genres, of both vowelized and non-vowelized text. We want to morphologically tag our Arabic Corpus, but evaluation of existing morphological analyzers has highlighted shortcomings and shown that more research is required. Tag-assignment is significantly more complex for Arabic than for many languages. The morphological analyzer should add the appropriate linguistic information to each part or morpheme of the word (proclitic, prefix, stem, suffix and enclitic); in effect, instead of a tag for a word, we need a subtag for each part. Very fine-grained distinctions may cause problems for automatic morphosyntactic analysis – particularly probabilistic taggers which require training data, if some words can change grammatical tag depending on function and context; on the other hand, finegrained distinctions may actually help to disambiguate other words in the local context. The SALMA – Tagger is a fine grained morphological analyzer which is mainly depends on linguistic information extracted from traditional Arabic grammar books and prior knowledge broad-coverage lexical resources; the SALMA – ABCLexicon. More fine-grained tag sets may be more appropriate for some tasks. The SALMA –Tag Set is a theory standard for encoding, which captures long-established traditional fine-grained morphological features of Arabic, in a notation format intended to be compact yet transparent. The SALMA – Tagger has been used to lemmatize the 176-million words Arabic Internet Corpus. It has been proposed as a language-engineering toolkit for Arabic lexicography and for phonetically annotating the Qur’an by syllable and primary stress information, as well as, fine-grained morphological tagging

Wide spectrum attribution: Using deception for attribution intelligence in cyber attacks

Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field

Digitalization and Development

This book examines the diffusion of digitalization and Industry 4.0 technologies in Malaysia by focusing on the ecosystem critical for its expansion. The chapters examine the digital proliferation in major sectors of agriculture, manufacturing, e-commerce and services, as well as the intermediary organizations essential for the orderly performance of socioeconomic agents. The book incisively reviews policy instruments critical for the effective and orderly development of the embedding organizations, and the regulatory framework needed to quicken the appropriation of socioeconomic synergies from digitalization and Industry 4.0 technologies. It highlights the importance of collaboration between government, academic and industry partners, as well as makes key recommendations on how to encourage adoption of IR4.0 technologies in the short- and long-term. This book bridges the concepts and applications of digitalization and Industry 4.0 and will be a must-read for policy makers seeking to quicken the adoption of its technologies

Integração de dados de sensores e gestão de ambientes inteligentes

Mestrado em Engenharia de Computadores e TelemáticaNum mundo de constante desenvolvimento tecnológico e acelerado crescimento populacional, observa-se um aumento da utilização de recursos energéticos. Sendo os edifícios responsáveis por uma grande parte deste consumo energético, desencadeiam-se vários esforços de investigações de forma a criarem-se edifícios energeticamente eficientes e espaços inteligentes. Esta dissertação visa, numa primeira fase, apresentar uma revisão das atuais soluções que combinam sistemas de automação de edifícios e a Internet das Coisas. Posteriormente, é apresentada uma solução de automação para edifícios, com base em princípios da Internet das Coisas e explorando as vantagens de sistemas de processamento complexo de eventos, de forma a fornecer uma maior integração dos múltiplos sistemas existentes num edifício. Esta solução é depois validada através de uma implementação, baseada em protocolos leves desenhados para a Internet das Coisas, plataformas de alto desempenho, e métodos complexos para análise de grandes fluxos de dados. Esta implementação é ainda aplicada num cenário real, e será usada como a solução padrão para gestão e automação num edifício existente.In a world of constant technological development and accelerated population growth, an increased use of energy resources is being observed. With buildings responsible for a large share of this energy consumption, a lot of research activities are pursued with the goal to create energy efficient buildings and smart spaces. This dissertation aims to, in a first stage, present a review of the current solutions combining Building Automation Systems (BAS) and Internet of Things (IoT). Then, a solution for building automation is presented based on IoT principles and exploiting the advantages of Complex Event Processing (CEP) systems, to provide higher integration of the multiple building subsystems. This solution was validated through an implementation, based on standard lightweight protocols designed for IoT, high performance and real time platforms, and complex methods for analysis of large streams of data. The implementation is also applied to a real world scenario, and will be used as a standard solution for management and automation of an existing buildin

Digitalization and Development

This book examines the diffusion of digitalization and Industry 4.0 technologies in Malaysia by focusing on the ecosystem critical for its expansion. The chapters examine the digital proliferation in major sectors of agriculture, manufacturing, e-commerce and services, as well as the intermediary organizations essential for the orderly performance of socioeconomic agents. The book incisively reviews policy instruments critical for the effective and orderly development of the embedding organizations, and the regulatory framework needed to quicken the appropriation of socioeconomic synergies from digitalization and Industry 4.0 technologies. It highlights the importance of collaboration between government, academic and industry partners, as well as makes key recommendations on how to encourage adoption of IR4.0 technologies in the short- and long-term. This book bridges the concepts and applications of digitalization and Industry 4.0 and will be a must-read for policy makers seeking to quicken the adoption of its technologies

Self-adaptive Authorisation Infrastructures

Traditional approaches in access control rely on immutable criteria in which to decide and award access. These approaches are limited, notably when handling changes in an organisation’s protected resources, resulting in the inability to accommodate the dynamic aspects of risk at runtime. An example of such risk is a user abusing their privileged access to perform insider attacks. This thesis proposes self-adaptive authorisation, an approach that enables dynamic access control. A framework for developing self-adaptive authorisation is defined, where autonomic controllers are deployed within legacy based authorisation infrastructures to enable the runtime management of access control. Essential to the approach is the use of models and model driven engineering (MDE). Models enable a controller to abstract from the authorisation infrastructure it seeks to control, reason about state, and provide assurances over change to access. For example, a modelled state of access may represent an active access control policy. Given the diverse nature in implementations of authorisation infrastructures, MDE enables the creation and transformation of such models, whereby assets (e.g., policies) can be automatically generated and deployed at runtime. A prototype of the framework was developed, whereby management of access control is focused on the mitigation of abuse of access rights. The prototype implements a feedback loop to monitor an authorisation infrastructure in terms of modelling the state of access control and user behaviour, analyse potential solutions for handling malicious behaviour, and act upon the infrastructure to control future access control decisions. The framework was evaluated against mitigation of simulated insider attacks, involving the abuse of access rights governed by access control methodologies. In addition, to investigate the framework’s approach in a diverse and unpredictable environment, a live experiment was conducted. This evaluated the mitigation of abuse performed by real users as well as demonstrating the consequence of self-adaptation through observation of user response