47 research outputs found
A Comprehensive Security Assessment Toolkit for HealthCare Systems
This research identifies the critical need for conducting a comprehensive information security assessment of any healthcare system. This effort is vital to establish and maintain compliance of security and privacy in healthcare organizations. The paper presents a novel framework and toolkit for security assessment to establish and maintain regulatory compliance. Furthermore, the paper lays out the design of a comprehensive, automated tool set to gain insight about electronic healthcare information system vulnerabilities in the system. The research then investigates various mitigation techniques to secure a healthcare information system and its electronic health records. Furthermore, as validation the proposed toolkit is evaluated in a real-world HIMSS 6 [1] healthcare organization and their over 20 partnering clinical practices
Optimizing Anti-Phishing Solutions Based on User Awareness, Education and the Use of the Latest Web Security Solutions
Phishing has grown significantly in volume over the time, becoming the most usual web threat today. The present economic crisis is an added argument for the great increase in number of attempts to cheat internet users, both businesses and private ones. The present research is aimed at helping the IT environment get a more precise view over the phishing attacks in Romania; in order to achieve this goal we have designed an application able to retrieve and interpret phishing related data from five other trusted web sources and compile them into a meaningful and more targeted report. As a conclusion, besides making available regular reports, we underline the need for a higher degree of awareness related to this issue.Security, Phishing, Ev-SSL, Security Solutions
Securing the Next Generation Web
With the ever-increasing digitalization of society, the need for secure systems is growing. While some security features, like HTTPS, are popular, securing web applications, and the clients we use to interact with them remains difficult.To secure web applications we focus on both the client-side and server-side. For the client-side, mainly web browsers, we analyze how new security features might solve a problem but introduce new ones. We show this by performing a systematic analysis of the new Content Security Policy (CSP)\ua0 directive navigate-to. In our research, we find that it does introduce new vulnerabilities, to which we recommend countermeasures. We also create AutoNav, a tool capable of automatically suggesting navigation policies for this directive. Finding server-side vulnerabilities in a black-box setting where\ua0 there is no access to the source code is challenging. To improve this, we develop novel black-box methods for automatically finding vulnerabilities. We\ua0 accomplish this by identifying key challenges in web scanning and combining the best of previous methods. Additionally, we leverage SMT solvers to\ua0 further improve the coverage and vulnerability detection rate of scanners.In addition to browsers, browser extensions also play an important role in the web ecosystem. These small programs, e.g. AdBlockers and password\ua0 managers, have powerful APIs and access to sensitive user data like browsing history. By systematically analyzing the extension ecosystem we find new\ua0 static and dynamic methods for detecting both malicious and vulnerable extensions. In addition, we develop a method for detecting malicious extensions\ua0 solely based on the meta-data of downloads over time. We analyze new attack vectors introduced by Google’s new vehicle OS, Android Automotive. This\ua0 is based on Android with the addition of vehicle APIs. Our analysis results in new attacks pertaining to safety, privacy, and availability. Furthermore, we\ua0 create AutoTame, which is designed to analyze third-party apps for vehicles for the vulnerabilities we found
IoT Threat Detection Testbed Using Generative Adversarial Networks
The Internet of Things(IoT) paradigm provides persistent sensing and data
collection capabilities and is becoming increasingly prevalent across many
market sectors. However, most IoT devices emphasize usability and function over
security, making them very vulnerable to malicious exploits. This concern is
evidenced by the increased use of compromised IoT devices in large scale bot
networks (botnets) to launch distributed denial of service(DDoS) attacks
against high value targets. Unsecured IoT systems can also provide entry points
to private networks, allowing adversaries relatively easy access to valuable
resources and services. Indeed, these evolving IoT threat vectors (ranging from
brute force attacks to remote code execution exploits) are posing key
challenges. Moreover, many traditional security mechanisms are not amenable for
deployment on smaller resource-constrained IoT platforms. As a result,
researchers have been developing a range of methods for IoT security, with many
strategies using advanced machine learning(ML) techniques. Along these lines,
this paper presents a novel generative adversarial network(GAN) solution to
detect threats from malicious IoT devices both inside and outside a network.
This model is trained using both benign IoT traffic and global darknet data and
further evaluated in a testbed with real IoT devices and malware threats.Comment: 8 pages, 5 figure
IceCube Cybersecurity Improvement Plan
This document is a product of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC). CTSC is supported by the National Science Foundation under Grant Number OCI-1234408. For more information about the Center for Trustworthy Scientific Cyberinfrastructure please visit: http://trustedci.org/. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
A decision support system for corporations cyber security risk management
This thesis presents a decision aiding system named C3-SEC (Contex-aware Corporative
Cyber Security), developed in the context of a master program at Polytechnic Institute of
Leiria, Portugal. The research dimension and the corresponding software development
process that followed are presented and validated with an application scenario and case study
performed at Universidad de las Fuerzas Armadas ESPE – Ecuador.
C3-SEC is a decision aiding software intended to support cyber risks and cyber threats
analysis of a corporative information and communications technological infrastructure. The
resulting software product will help corporations Chief Information Security Officers
(CISO) on cyber security risk analysis, decision-making and prevention measures for the
infrastructure and information assets protection.
The work is initially focused on the evaluation of the most popular and relevant tools
available for risk assessment and decision making in the cyber security domain. Their
properties, metrics and strategies are studied and their support for cyber security risk
analysis, decision-making and prevention is assessed for the protection of organization's
information assets.
A contribution for cyber security experts decision support is then proposed by the means of
reuse and integration of existing tools and C3-SEC software. C3-SEC extends existing tools
features from the data collection and data analysis (perception) level to a full context-ware
reference model.
The software developed makes use of semantic level, ontology-based knowledge
representation and inference supported by widely adopted standards, as well as cyber
security standards (CVE, CPE, CVSS, etc.) and cyber security information data sources
made available by international authorities, to share and exchange information in this
domain. C3-SEC development follows a context-aware systems reference model addressing
the perception, comprehension, projection and decision/action layers to create corporative
scale cyber security situation awareness
Recommended from our members
CYBER SECURITY VULNERABILITY ASSESSMENT IN LEARNING MANAGEMENT SYSTEMS
With online learning becoming in high demand to deliver training and education during the COVID-19 pandemic, cybercriminals have more opportunities to take advantage of vulnerable Learning Management Systems to steal information like training materials, and students\u27 private information, or they try to make easy money by deploying ransomware. Regardless of the cybercriminal motivation, the compromised system has consequences on the organization that affects it financially, legally, and reputationally. This requires the organization to invest in choosing the most secure LMS and apply the required security controls to avoid such consequences that may cost them much more than expected.
This project highlights the vulnerabilities that are found in a selected list of Learning Management Systems. This may help organizations in the selection phase of their LMS, and also blue teams can use this project’s result to harden their systems
An Analysis Of Tools, Techniques, And Mathematics Involved In A Penetration Test
In the security arena, there are two main approaches to carrying out security measures, namely offensive and defensive. Penetration testing combines these two methodologies to help detect and eliminate vulnerabilities. Penetration testing simulates real attacks to properly assess the potential consequences of a security breach; furthermore, penetration testers not only discover vulnerabilities but actively exploit vulnerabilities to identify the systems and data potentially at risk. Using a virtual lab and Appalachian State University’s Computer Science Department’s student server as targets, this thesis introduces the idea of a penetration test, provides a demonstration of selected tools, investigates efficiency issues of various attacks, and ultimately offers an inspection of the information obtained. An effective and efficient password cracking attempt is illustrated by discovering, analyzing, and interpreting the mathematics that underlie the Secure Hashing Algorithm. This work exposed significant security vulnerabilities on the student machine, including an exploit that can be executed by a regular user to obtain root access unobtrusively. In addition, student account passwords are, by default, very insecure. After using an exploit to obtain the password and shadow files, it was found that 60% of the passwords can be cracked in just over 24 hours
Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques -- An Experiment
Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult
to detect using traditional signature- and anomaly-based intrusion detection
approaches. Deception techniques such as decoy objects, often called honey
items, may be deployed for intrusion detection and attack analysis, providing
an alternative to detect APT behaviours. This work explores the use of honey
items to classify intrusion interactions, differentiating automated attacks
from those which need some human reasoning and interaction towards APT
detection. Multiple decoy items are deployed on honeypots in a virtual honey
network, some as breadcrumbs to detect indications of a structured manual
attack. Monitoring functionality was created around Elastic Stack with a Kibana
dashboard created to display interactions with various honey items. APT type
manual intrusions are simulated by an experienced pentesting practitioner
carrying out simulated attacks. Interactions with honey items are evaluated in
order to determine their suitability for discriminating between automated tools
and direct human intervention. The results show that it is possible to
differentiate automatic attacks from manual structured attacks; from the nature
of the interactions with the honey items. The use of honey items found in the
honeypot, such as in later parts of a structured attack, have been shown to be
successful in classification of manual attacks, as well as towards providing an
indication of severity of the attack