A Comprehensive Security Assessment Toolkit for HealthCare Systems

This research identifies the critical need for conducting a comprehensive information security assessment of any healthcare system. This effort is vital to establish and maintain compliance of security and privacy in healthcare organizations. The paper presents a novel framework and toolkit for security assessment to establish and maintain regulatory compliance. Furthermore, the paper lays out the design of a comprehensive, automated tool set to gain insight about electronic healthcare information system vulnerabilities in the system. The research then investigates various mitigation techniques to secure a healthcare information system and its electronic health records. Furthermore, as validation the proposed toolkit is evaluated in a real-world HIMSS 6 [1] healthcare organization and their over 20 partnering clinical practices

Optimizing Anti-Phishing Solutions Based on User Awareness, Education and the Use of the Latest Web Security Solutions

Phishing has grown significantly in volume over the time, becoming the most usual web threat today. The present economic crisis is an added argument for the great increase in number of attempts to cheat internet users, both businesses and private ones. The present research is aimed at helping the IT environment get a more precise view over the phishing attacks in Romania; in order to achieve this goal we have designed an application able to retrieve and interpret phishing related data from five other trusted web sources and compile them into a meaningful and more targeted report. As a conclusion, besides making available regular reports, we underline the need for a higher degree of awareness related to this issue.Security, Phishing, Ev-SSL, Security Solutions

Securing the Next Generation Web

With the ever-increasing digitalization of society, the need for secure systems is growing. While some security features, like HTTPS, are popular, securing web applications, and the clients we use to interact with them remains difficult.To secure web applications we focus on both the client-side and server-side. For the client-side, mainly web browsers, we analyze how new security features might solve a problem but introduce new ones. We show this by performing a systematic analysis of the new Content Security Policy (CSP)\ua0 directive navigate-to. In our research, we find that it does introduce new vulnerabilities, to which we recommend countermeasures. We also create AutoNav, a tool capable of automatically suggesting navigation policies for this directive. Finding server-side vulnerabilities in a black-box setting where\ua0 there is no access to the source code is challenging. To improve this, we develop novel black-box methods for automatically finding vulnerabilities. We\ua0 accomplish this by identifying key challenges in web scanning and combining the best of previous methods. Additionally, we leverage SMT solvers to\ua0 further improve the coverage and vulnerability detection rate of scanners.In addition to browsers, browser extensions also play an important role in the web ecosystem. These small programs, e.g. AdBlockers and password\ua0 managers, have powerful APIs and access to sensitive user data like browsing history. By systematically analyzing the extension ecosystem we find new\ua0 static and dynamic methods for detecting both malicious and vulnerable extensions. In addition, we develop a method for detecting malicious extensions\ua0 solely based on the meta-data of downloads over time. We analyze new attack vectors introduced by Google’s new vehicle OS, Android Automotive. This\ua0 is based on Android with the addition of vehicle APIs. Our analysis results in new attacks pertaining to safety, privacy, and availability. Furthermore, we\ua0 create AutoTame, which is designed to analyze third-party apps for vehicles for the vulnerabilities we found

IoT Threat Detection Testbed Using Generative Adversarial Networks

The Internet of Things(IoT) paradigm provides persistent sensing and data collection capabilities and is becoming increasingly prevalent across many market sectors. However, most IoT devices emphasize usability and function over security, making them very vulnerable to malicious exploits. This concern is evidenced by the increased use of compromised IoT devices in large scale bot networks (botnets) to launch distributed denial of service(DDoS) attacks against high value targets. Unsecured IoT systems can also provide entry points to private networks, allowing adversaries relatively easy access to valuable resources and services. Indeed, these evolving IoT threat vectors (ranging from brute force attacks to remote code execution exploits) are posing key challenges. Moreover, many traditional security mechanisms are not amenable for deployment on smaller resource-constrained IoT platforms. As a result, researchers have been developing a range of methods for IoT security, with many strategies using advanced machine learning(ML) techniques. Along these lines, this paper presents a novel generative adversarial network(GAN) solution to detect threats from malicious IoT devices both inside and outside a network. This model is trained using both benign IoT traffic and global darknet data and further evaluated in a testbed with real IoT devices and malware threats.Comment: 8 pages, 5 figure

IceCube Cybersecurity Improvement Plan

This document is a product of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC). CTSC is supported by the National Science Foundation under Grant Number OCI-1234408. For more information about the Center for Trustworthy Scientific Cyberinfrastructure please visit: http://trustedci.org/. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation

A decision support system for corporations cyber security risk management

This thesis presents a decision aiding system named C3-SEC (Contex-aware Corporative Cyber Security), developed in the context of a master program at Polytechnic Institute of Leiria, Portugal. The research dimension and the corresponding software development process that followed are presented and validated with an application scenario and case study performed at Universidad de las Fuerzas Armadas ESPE – Ecuador. C3-SEC is a decision aiding software intended to support cyber risks and cyber threats analysis of a corporative information and communications technological infrastructure. The resulting software product will help corporations Chief Information Security Officers (CISO) on cyber security risk analysis, decision-making and prevention measures for the infrastructure and information assets protection. The work is initially focused on the evaluation of the most popular and relevant tools available for risk assessment and decision making in the cyber security domain. Their properties, metrics and strategies are studied and their support for cyber security risk analysis, decision-making and prevention is assessed for the protection of organization's information assets. A contribution for cyber security experts decision support is then proposed by the means of reuse and integration of existing tools and C3-SEC software. C3-SEC extends existing tools features from the data collection and data analysis (perception) level to a full context-ware reference model. The software developed makes use of semantic level, ontology-based knowledge representation and inference supported by widely adopted standards, as well as cyber security standards (CVE, CPE, CVSS, etc.) and cyber security information data sources made available by international authorities, to share and exchange information in this domain. C3-SEC development follows a context-aware systems reference model addressing the perception, comprehension, projection and decision/action layers to create corporative scale cyber security situation awareness

CYBER SECURITY VULNERABILITY ASSESSMENT IN LEARNING MANAGEMENT SYSTEMS

With online learning becoming in high demand to deliver training and education during the COVID-19 pandemic, cybercriminals have more opportunities to take advantage of vulnerable Learning Management Systems to steal information like training materials, and students\u27 private information, or they try to make easy money by deploying ransomware. Regardless of the cybercriminal motivation, the compromised system has consequences on the organization that affects it financially, legally, and reputationally. This requires the organization to invest in choosing the most secure LMS and apply the required security controls to avoid such consequences that may cost them much more than expected. This project highlights the vulnerabilities that are found in a selected list of Learning Management Systems. This may help organizations in the selection phase of their LMS, and also blue teams can use this project’s result to harden their systems

An Analysis Of Tools, Techniques, And Mathematics Involved In A Penetration Test

In the security arena, there are two main approaches to carrying out security measures, namely offensive and defensive. Penetration testing combines these two methodologies to help detect and eliminate vulnerabilities. Penetration testing simulates real attacks to properly assess the potential consequences of a security breach; furthermore, penetration testers not only discover vulnerabilities but actively exploit vulnerabilities to identify the systems and data potentially at risk. Using a virtual lab and Appalachian State University’s Computer Science Department’s student server as targets, this thesis introduces the idea of a penetration test, provides a demonstration of selected tools, investigates efficiency issues of various attacks, and ultimately offers an inspection of the information obtained. An effective and efficient password cracking attempt is illustrated by discovering, analyzing, and interpreting the mathematics that underlie the Secure Hashing Algorithm. This work exposed significant security vulnerabilities on the student machine, including an exploit that can be executed by a regular user to obtain root access unobtrusively. In addition, student account passwords are, by default, very insecure. After using an exploit to obtain the password and shadow files, it was found that 60% of the passwords can be cracked in just over 24 hours

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques -- An Experiment

Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature- and anomaly-based intrusion detection approaches. Deception techniques such as decoy objects, often called honey items, may be deployed for intrusion detection and attack analysis, providing an alternative to detect APT behaviours. This work explores the use of honey items to classify intrusion interactions, differentiating automated attacks from those which need some human reasoning and interaction towards APT detection. Multiple decoy items are deployed on honeypots in a virtual honey network, some as breadcrumbs to detect indications of a structured manual attack. Monitoring functionality was created around Elastic Stack with a Kibana dashboard created to display interactions with various honey items. APT type manual intrusions are simulated by an experienced pentesting practitioner carrying out simulated attacks. Interactions with honey items are evaluated in order to determine their suitability for discriminating between automated tools and direct human intervention. The results show that it is possible to differentiate automatic attacks from manual structured attacks; from the nature of the interactions with the honey items. The use of honey items found in the honeypot, such as in later parts of a structured attack, have been shown to be successful in classification of manual attacks, as well as towards providing an indication of severity of the attack