6,663 research outputs found
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
Storytelling Security: User-Intention Based Traffic Sanitization
Malicious software (malware) with decentralized communication infrastructure, such as peer-to-peer botnets, is difficult to detect. In this paper, we describe a traffic-sanitization method for identifying malware-triggered outbound connections from a personal computer. Our solution correlates user activities with the content of outbound traffic. Our key observation is that user-initiated outbound traffic typically has corresponding human inputs, i.e., keystroke or mouse clicks. Our analysis on the causal relations between user inputs and packet payload enables the efficient enforcement of the inter-packet dependency at the application level.
We formalize our approach within the framework of protocol-state machine. We define new application-level traffic-sanitization policies that enforce the inter-packet dependencies. The dependency is derived from the transitions among protocol states that involve both user actions and network events. We refer to our methodology as storytelling security.
We demonstrate a concrete realization of our methodology in the context of peer-to-peer file-sharing application, describe its use in blocking traffic of P2P bots on a host. We implement and evaluate our prototype in Windows operating system in both online and offline deployment settings. Our experimental evaluation along with case studies of real-world P2P applications demonstrates the feasibility of verifying the inter-packet dependencies. Our deep packet inspection incurs overhead on the outbound network flow. Our solution can also be used as an offline collect-and-analyze tool
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Recommended from our members
Automatically bridging the semantic gap in machine introspection
Disclosed are various embodiments that facilitate automatically bridging the semantic gap in machine introspection. It may be determined that a program executed by a first virtual machine is requested to introspect a second virtual machine. A system call execution context of the program may be determined in response to determining that the program is requested to introspect the second virtual machine. Redirectable data in a memory of the second virtual machine may be identified based at least in part on the system call execution context of the program. The program may be configured to access the redirectable data. In various embodiments, the program may be able to modify the redirectable data, thereby facilitating configuration, reconfiguration, and recovery operations to be performed on the second virtual machine from within the first virtual machine.Board of Regents, University of Texas Syste
Recommendation of a security architecture for data loss prevention
Data and people are the most important assets of any organization. The amount of
information that is generated increases exponentially due to the number of new devices
that create information. On the other hand, more and more organizations are covered by
some type of regulation, such as the General Data Protection Regulation.
Organizations implement several security controls, however, they do not focus on
protecting the information itself and information leakage is a reality and a growing
concern. Based on this problem, there is a need to protect confidential information, such
as clinical data, personal information, among others. In this regard, data loss prevention
solutions (DLP ā Data Loss Prevention) that have the ability to identify, monitor and act
on data considered confidential, whether at the endpoint, data repositories or in the
network, should be part of the information security strategy of organizations in order to
mitigate these risks.
This dissertation will study the topic of data loss prevention and evaluate several
existing solutions in order to identify the key components of this type of solutions. The
contribution of this work will be the recommendation of a security architecture that
mitigates the risk of information leakage and that can be easily adaptable to any DLP
solution to be implemented by organizations. In order to prove the efficiency of the
architecture, it was implemented and tested to mitigate the risk of information leakage in
specific proposed scenarios.A informaĆ§Ć£o e as pessoas sĆ£o os ativos mais importantes de qualquer organizaĆ§Ć£o. A
quantidade de informaĆ§Ć£o que Ć© gerada aumenta exponencialmente devido Ć quantidade
de novos dispositivos que produzem informaĆ§Ć£o. Por outro lado, cada vez mais
organizaƧƵes sĆ£o abrangidas por algum tipo de regulamento, como o Regulamento Geral
de ProteĆ§Ć£o de Dados.
As organizaƧƵes implementam vĆ”rios controlos de seguranƧa, no entanto, nĆ£o se focam
na proteĆ§Ć£o da informaĆ§Ć£o em si e a fuga da informaĆ§Ć£o Ć© uma realidade e uma
preocupaĆ§Ć£o crescente. Com base neste problema, existe a necessidade de proteger a
informaĆ§Ć£o confidencial, como dados clĆnicos, informaĆ§Ć£o pessoal, entre outros. Neste
sentido, as soluƧƵes de prevenĆ§Ć£o da fuga de informaĆ§Ć£o (DLP ā Data Loss Prevention)
que tĆŖm a capacidade de identificar, monitorizar e atuar em dados considerados
confidenciais, seja ao nĆvel do endpoint, repositĆ³rio de dados ou na rede, devem fazer
parte da estratĆ©gia da seguranƧa da informaĆ§Ć£o das organizaƧƵes por forma a mitigar estes
riscos.
Esta dissertaĆ§Ć£o vai analisar a temĆ”tica da prevenĆ§Ć£o da fuga de informaĆ§Ć£o e avaliar
vĆ”rias soluƧƵes existentes com o propĆ³sito de identificar as componentes chave deste tipo
de soluƧƵes. A principal contribuiĆ§Ć£o deste trabalho serĆ” a recomendaĆ§Ć£o de uma
arquitetura de seguranƧa que mitigue o risco da fuga da informaĆ§Ć£o e que poderĆ” ser
facilmente adaptĆ”vel a qualquer soluĆ§Ć£o de DLP a ser implementada pelas organizaƧƵes.
Por forma a comprovar a eficiĆŖncia da arquitetura, a mesma foi implementada e testada
para mitigar o risco de fuga da informaĆ§Ć£o em cenĆ”rios especĆficos que foram definidos
Recommended from our members
A survey on security issues and solutions at different layers of Cloud computing
Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment
Discovering New Vulnerabilities in Computer Systems
Vulnerability research plays a key role in preventing and defending against malicious computer system exploitations. Driven by a multi-billion dollar underground economy, cyber criminals today tirelessly launch malicious exploitations, threatening every aspect of daily computing. to effectively protect computer systems from devastation, it is imperative to discover and mitigate vulnerabilities before they fall into the offensive parties\u27 hands. This dissertation is dedicated to the research and discovery of new design and deployment vulnerabilities in three very different types of computer systems.;The first vulnerability is found in the automatic malicious binary (malware) detection system. Binary analysis, a central piece of technology for malware detection, are divided into two classes, static analysis and dynamic analysis. State-of-the-art detection systems employ both classes of analyses to complement each other\u27s strengths and weaknesses for improved detection results. However, we found that the commonly seen design patterns may suffer from evasion attacks. We demonstrate attacks on the vulnerabilities by designing and implementing a novel binary obfuscation technique.;The second vulnerability is located in the design of server system power management. Technological advancements have improved server system power efficiency and facilitated energy proportional computing. However, the change of power profile makes the power consumption subjected to unaudited influences of remote parties, leaving the server systems vulnerable to energy-targeted malicious exploit. We demonstrate an energy abusing attack on a standalone open Web server, measure the extent of the damage, and present a preliminary defense strategy.;The third vulnerability is discovered in the application of server virtualization technologies. Server virtualization greatly benefits today\u27s data centers and brings pervasive cloud computing a step closer to the general public. However, the practice of physical co-hosting virtual machines with different security privileges risks introducing covert channels that seriously threaten the information security in the cloud. We study the construction of high-bandwidth covert channels via the memory sub-system, and show a practical exploit of cross-virtual-machine covert channels on virtualized x86 platforms
- ā¦