Forensic Box for Quick Network-Based Security Assessments

Network security assessments are seen as important, yet cumbersome and time consuming tasks, mostly due to the use of different and manually operated tools. These are often very specialized tools that need to be mastered and combined, besides requiring sometimes that a testing environment is set up. Nonetheless, in many cases, it would be useful to obtain an audit in a swiftly and on-demand manner, even if with less detail. In such cases, these audits could be used as an initial step for a more detailed evaluation of the network security, as a complement to other audits, or aid in preventing major data leaks and system failures due to common configuration, management or implementation issues. This dissertation describes the work towards the design and development of a portable system for quick network security assessments and the research on the automation of many tasks (and associated tools) composing that process. An embodiment of such system was built using a Raspberry Pi 2, several well known open source tools, whose functions vary from network discovery, service identification, Operating System (OS) fingerprinting, network sniffing and vulnerability discovery, and custom scripts and programs for connecting all the different parts that comprise the system. The tools are integrated in a seamless manner with the system, to allow deployment in wired or wireless network environments, where the device carries out a mostly automated and thorough analysis. The device is near plug-and-play and produces a structured report at the end of the assessment. Several simple functions, such as re-scanning the network or doing Address Resolution Protocol (ARP) poisoning on the network are readily available through a small LCD display mounted on top of the device. It offers a web based interface for finer configuration of the several tools and viewing the report, aso developed within the scope of this work. Other specific outputs, such as PCAP files with collected traffic, are available for further analysis. The system was operated in controlled and real networks, so as to verify the quality of its assessments. The obtained results were compared with the results obtained through manually auditing the same networks. The achieved results showed that the device was able to detect many of the issues that the human auditor detected, but showed some shortcomings in terms of some specific vulnerabilities, mainly Structured Query Language (SQL) injections. The image of the OS with the pre-configured tools, automation scripts and programs is available for download from [Ber16b]. It comprises one of the main outputs of this work.As avaliações de segurança de uma rede (e dos seus dispositivos) são vistas como tarefas importantes, mas pesadas e que consomem bastante tempo, devido à utilização de diferentes ferramentas manuais. Normalmente, estas ferramentas são bastante especializadas e exigem conhecimento prévio e habituação, e muitas vezes a necessidade de criar um ambiente de teste. No entanto, em muitos casos, seria útil obter uma auditoria rápida e de forma mais direta, ainda que pouco profunda. Nesses moldes, poderia servir como passo inicial para uma avaliação mais detalhada, complementar outra auditoria, ou ainda ajudar a prevenir fugas de dados e falhas de sistemas devido a problemas comuns de configuração, gestão ou implementação dos sistemas. Esta dissertação descreve o trabalho efetuado com o objetivo de desenhar e desenvolver um sistema portátil para avaliações de segurança de uma rede de forma rápida, e também a investigação efetuada com vista à automação de várias tarefas (e ferramentas associadas) que compõem o processo de auditoria. Uma concretização do sistema foi criada utilizando um Raspberry Pi 2, várias ferramentas conhecidas e de código aberto, cujas funcionalidades variam entre descoberta da rede, identificação de sistema operativo, descoberta de vulnerabilidades a captura de tráfego na rede, e scripts e programas personalizados que interligam as várias partes que compõem o sistema. As ferramentas são integradas de forma transparente no sistema, que permite ser lançado em ambientes cablados ou wireless, onde o dispositivo executa uma análise meticulosa e maioritariamente automatizada. O dispositivo é praticamente plug and play e produz um relatório estruturado no final da avaliação. Várias funções simples, tais como analisar novamente a rede ou efetuar ataques de envenenamento da cache Address Resolution Protocol (ARP) na rede estão disponíveis através de um pequeno ecrã LCD montado no topo do dispositivo. Este oferece ainda uma interface web, também desenvolvida no contexto do trabalho, para configuração mais específica das várias ferramentas e para obter acesso ao relatório da avaliação. Outros outputs mais específicos, como ficheiros com tráfego capturado, estão disponíveis a partir desta interface. O sistema foi utilizado em redes controladas e reais, de forma a verificar a qualidade das suas avaliações. Os resultados obtidos foram comparados com aqueles obtidos através de auditoria manual efetuada às mesmas redes. Os resultados obtidos mostraram que o dispositivo deteta a maioria dos problemas que um auditor detetou manualmente, mas mostrou algumas falhas na deteção de algumas vulnerabilidades específicas, maioritariamente injeções Structured Query Language (SQL). A imagem do Sistema Operativo com as ferramentas pré-configuradas, scripts de automação e programas está disponível para download de [Ber16b]. Esta imagem corresponde a um dos principais resultados deste trabalho

The effects of large-sided soccer training games and pitch size manipulation on time–motion profile, spatial exploration and surface area: Tactical opportunities

Analysis of the physical, technical and physiological variations induced through the use of different soccer game formats have been widely discussed. However, the coaching justification for the specific use of certain game formats based on individual and collective spatial awareness is unclear. As a result, the purpose of this study was to analyze 11 versus 11 game formats conducted across two pitch sizes (half-size: 54 m × 68 m vs full-size: 108 m × 68 m) to identify effects of time–motion profiles, individual exploration behavior and collective organization. A total of 10 amateur soccer players from the same team (23.39 ± 3.91 years old) participated in this study. Data position of the players was used to calculate the spatial exploration index and the surface area. Distances covered in different speeds were used to observe the time–motion profile. The full-size pitch dimensions significantly contributed to greater distances covered via running (3.86–5.52 m s−1) and sprinting (>5.52 m s−1). Total distance and number of sprints were also significantly greater in the full-size pitch as compared to the half-size pitch. The surface area covered by the team (half-size pitch: 431.83 m2 vs full-size pitch: 589.14 m2) was significantly larger in the full-size pitch condition. However, the reduced half-size pitch significantly contributed to a greater individual spatial exploration. Results of this study suggest that running and sprinting activities increase when large, full-size pitch dimensions are utilized. Smaller surface area half-size pitch contributes to a better exploration of the pitch measured by spatial exploration index while maintaining adequate surface area coverage by the team. In conclusion, the authors suggest that the small half-size pitch is more appropriate for low-intensity training sessions and field exploration for players in different positions. Alternatively, the large full-size pitch is more appropriate for greater physically demanding training sessions with players focused on positional tactical behavior.info:eu-repo/semantics/publishedVersio

Towards a Framework for System and Attack Modelling and Mapping of Requirements and Technology for the Internet of Things

The proliferation of Internet of Things (IoT) devices has been expanding several domains, offering unprecedented connectivity and convenience. However, this surge in interconnected devices has brought forth significant security challenges, as constrained budgets and development time leave security in a secondary role, or even non-existent. This is compounded upon by small design and development teams, where security expertise is reduced and lacking, creating a landscape of IoT systems that are unsecured and ripe for attack by malicious actors. The data gathered by these devices, their general lack of security, and the possibility of serving ans entry points to otherwise more secure systems, makes them increasingly tempting targets for exploration and exploitation. This thesis attempts to bridge the gap of aiding in the secure IoT system development, by approaching the issue of security in IoT from a standpoint of low knowledge and/or low expertise in IoT security. The first step towards the main goal is the extensive survey of existing IoT architectures and modeling tools, to aid in identifying the main challenges in secure IoT development and what can be improved or built upon. The second phase advances upon what was surveyed, by proposing an IoT system model that encompasses a large set of IoT ecosystems, and that embeds security in its essence, by identifying, for each system component, what are its critical security requirements, and what are the most attractive targets for an attacker on the given component. This model is complemented by the creation of an attack taxonomy, that attempts to take the most common attacks on IoT, and identifying where in the system those attacks may occur. To further aid the development process and provide a practical substrate to the Doctor of Philosophy (degree) (Ph.D.) work, an attack modeling tool named Attack Trees for IoT (ATIoT) is presented as a means to identify, starting from a system description given through a direct answer questionnaire, the attacks the system may be more susceptible to, providing the user with a set of attack trees, together with detailed node descriptions, of the identified attacks for the described system. Joining ATIoT, other existing tools are mapped to the proposed model, to further aid in identifying where security requirements, best practices, guidelines, security mechanisms and potential threats in an IoT system should be applied or can be found, further enhancing the usefulness of such tools. Motivated by the profound transformation that Artificial Intelligence (AI) is causing in the technological world, and the always fast advancing security area, a series of experiments of applying different AI mechanisms to the developed tools are also detailed herein. They specifically concern the application of classification models to the elicitation of security requirements, and the use of Large Language Models (LLMs) for identifying potential attacks from a textual system description. The thesis presents the results of these experiments, which show the promise of applying such methodologies to the process of security engineering. Main conclusions include achieving the goal of creating a panoply of mechanisms and tools that aid the development of secure IoT systems, that were designed towards being used by developers with low or no security background and expertise. It was also concluded that AI methods can aid in the maintaining of such tools and mechanisms, ensuring their validity in a longer time period, a challenge always present in fast-paced, always evolving areas.A proliferação de dispositivos para a Internet das Coisas (IoT) tem vindo a expandir vários domínios, oferecendo conectividade e conveniência sem precedentes. No entanto, este aumento de dispositivos interligados traz consigo significativos desafios de segurança, uma vez que orçamentos limitados e tempos de desenvolvimento insuficientes deixam a segurança num papel secundário, ou mesmo inexistente. Isto é agravado por equipas de desenho e desenvolvimento reduzidas, onde a experiência em segurança é limitada e escassa, criando um cenário de sistemas IoT não seguros e propícios a ataques por agentes maliciosos. Os dados recolhidos por estes dispositivos, a sua geral falta de segurança, e a possibilidade de servirem como pontos de entrada para sistemas geralmente mais seguros, torna-os alvos cada vez mais tentadores para ataques e exploração. Esta tese procura colmatar a lacuna de auxílio no desenvolvimento seguro de sistemas IoT, abordando a questão da segurança em IoT a partir de um ponto de vista de baixo conhecimento e/ou baixa experiência em segurança. O primeiro passo rumo ao objetivo principal é o extenso levantamento das arquiteturas e ferramentas de modelação para IoT existentes, para ajudar a identificar os principais desafios no desenvolvimento seguro de sistemas IoT, e o que pode ser melhorado ou desenvolvido. A segunda fase avança sobre o que foi levantado, propondo umm modelo de sistema para a IoT que engloba um conjunto de ecossistemas da IoT, e que incorpora segurança na sua essência, identificando, para cada componente do sistema, quais são os seus requisitos de segurança, e quais são os alvos mais atrativos para um atacante num dado componente. Este modelo é complementado pela criação de uma taxonomia de ataques, que tenta identificar os ataques mais comuns na IoT e onde no sistema esses ataques têm maior probabilidade de ocorrerem. Para auxiliar ainda mais o processo de desenvolvimento, e fornecer um substrato prático ao trabalho de doutoramento, é apresentada uma ferramenta de modelação de ataques, denominada ATIoT, como um meio de identificar, a partir de uma descrição do sistema, fornecida através de um questionário de resposta direta, os ataques aos quais o sistema pode ser mais suscetível, fornecendo assim ao utilizador um conjunto de árvores de ataque, juntamente com descrições detalhadas dos vários nós, dos ataques identificados para o sistema descrito. Juntamente com a ATIoT, outras ferramentas existentes são mapeadas para o modelo proposto, para auxiliar ainda mais na identificação de onde requisitos de segurança, melhores práticas, diretrizes, mecanismos de segurança e ameaças potenciais num sistema da IoT devem ser aplicados ou podem ser encontrados, aumentando ainda mais a utilidade dessas ferramentas. Motivadas pela profunda transformação que a Inteligência Artificial (IA) está a causar no mundo tecnológico, e pela constante evolução das áreas de segurança e da IoT, uma série de experiências de aplicação de diferentes mecanismos de IA às ferramentas desenvolvidas também são detalhadas neste documento. Especificamente, estas experiências incidem sobre a aplicação de modelos de classificação na elicitação de requisitos de segurança, e sobre uso de grandes modelos de linguagem para identificar potenciais ataques a partir de uma descrição textual do sistema. A tese apresenta os resultados destas experiências, que demonstram validade na aplicação destas metodologias no processo de engenharia de segurança. As principais conclusões incluem o alcançar do objetivo de criar vários mecanismos e ferramentas que auxiliem no desenvolvimento de sistemas da IoT seguros, concebidos para serem utilizados por desenvolvedores com baixa ou nenhuma experiência em segurança. Também foi concluído que os métodos de IA podem auxiliar na manutenção dessas ferramentas e mecanismos, garantindo a sua validade num período de tempo mais longo, um desafio sempre presente em áreas em constante evolução e rápido desenvolvimento.The work described in this thesis was carried out at the Secure and Intelligent Networked Software Systems Laboratory (sins-lab) and at the Instituto de Telecomunicações – Covilhã Delegation, while part of the Network Applications and Services research group (nas-cv), located at the Universidade da Beira Interior, Covilhã, Portugal. This research work was partially supported by the Ph.D. research grant from the Fundação para Ciência e Tecnologia (FCT) with reference SFRH/BD/133838/2017, by the S E C U R I o T E S I G N Project, through FCT/COMPETE/FEDER funds (project with Reference Number POCI-01-0145-FEDER- 030657), and also by operation Centro-01-0145-FEDER-000019 – C4 – Centro de Competências em Cloud Computing, co-financed by the European Regional Development Fund (FEDER) through the Programa Operacional Regional do Centro (Centro 2020), in the scope of the Sistema de Apoio à Investigação Científica e Tecnológica - Programas Integrados de IC&DT

How dots behave in two different pitch sizes? Analysis of tactical behavior based on position data in two soccer field sizes

The purpose of this study was to analyze the effects of two different field sizes (full and half of an official size field) on the tactical behaviors measured by position data of players. Ten amateur soccer players (age = 23.39 ± 3.91 years old) were tracked with GPS units during two situations of 11 vs. 11, one in each field size. The position data was treated and the centroid and stretch index of the team were calculated with the Ultimate Performance Analysis Tool. Significantly greater values of centroid in goalto-goal axis (p = 0.001; ES = 3.794), centroid in lateral-to-lateral axis (p = 0.001; ES = 0.729) and total stretch index (p = 0.001; ES = 1.185) were found in the full-size game. The full-size of the field increased the distances between teammates and the distances to the centroid. Moreover, the position of geometrical center of the team was beyond of the middle line in the full size.El propósito de este trabajo fue analizar el efecto de la modificación del espacio de juego sobre los comportamientos tácticos en fútbol, mediante variables de posicionamiento de jugadores. Se monitorizó a 10 jugadores amateur (edad = 23.39 ± 3.91 años) con unidades GPS en dos partidos 11 vs. 11 diferentes en cuanto al tamaño del campo (medio campo y campo entero). Se calculó el centroide y el índice de elasticidad de los equipos mediante el software Ultimate Performance Analysis Tool (Instrumento de análisis de alto rendimiento). Se observaron valores significativamente superiores de los centroid portería-a-portería (p = 0.001; ES = 3.794), centroid banda-a-banda (p = 0.001; ES = 0.729) y índice total de elasticidad (p = 0.001; ES = 1.185) en la situación de campo entero. La situación de campo entero incrementó las distancias entre compañeros y distancias de los jugadores respecto al centroide. Además, la posición geométrica del centro del equipo se situó por delante de la línea media del campo en la situación de campo entero

How dots behave in two different pitch sizes? Analysis of tactical behavior based on position data in two soccer field sizes. [¿Cómo se comportan los puntos en dos campos diferentes? Análisis del comportamiento táctico basado en los datos de posición en dos tamaños de campo de fútbol].

The purpose of this study was to analyze the effects of two different field sizes (full and half of an official size field) on the tactical behaviors measured by position data of players. Ten amateur soccer players (age = 23.39 3.91 years old) were tracked with GPS units during two situations of 11 vs. 11, one in each field size. The position data was treated and the centroid and stretch index of the team were calculated with the Ultimate Performance Analysis Tool. Significantly greater values of centroid in goal-to-goal axis (p = 0.001; ES = 3.794), centroid in lateral-to-lateral axis (p = 0.001; ES = 0.729) and total stretch index (p = 0.001; ES = 1.185) were found in the full-size game. The full-size of the field increased the distances between teammates and the distances to the centroid. Moreover, the position of geometrical center of the team was beyond of the middle line in the full size. Resumen El propósito de este trabajo fue analizar el efecto de la modificación del espacio de juego sobre los comportamientos tácticos en fútbol, mediante variables de posicionamiento de jugadores. Se monitorizó a 10 jugadores amateur (edad = 23.39 3.91 años) con unidades GPS en dos partidos 11 vs. 11 diferentes en cuanto al tamaño del campo (medio campo y campo entero). Se calculó el centroide y el índice de elasticidad de los equipos mediante el software Ultimate Performance Analysis Tool (Instrumento de análisis de alto rendimiento). Se observaron valores significativamente superiores de los centroid portería-a-portería (p = 0.001; ES = 3.794), centroid banda-a-banda (p = 0.001; ES = 0.729) y índice total de elasticidad (p = 0.001; ES = 1.185) en la situación de campo entero. La situación de campo entero incrementó las distancias entre compañeros y distancias de los jugadores respecto al centroide. Además, la posición geométrica del centro del equipo se situó por delante de la línea media del campo en la situación de campo entero

The effects of large-sided soccer training games and pitch size manipulation on time–motion profile, spatial exploration and surface area: Tactical opportunities

Analysis of the physical, technical and physiological variations induced through the use of different soccer game formats have been widely discussed. However, the coaching justification for the specific use of certain game formats based on individual and collective spatial awareness is unclear. As a result, the purpose of this study was to analyze 11 versus 11 game formats conducted across two pitch sizes (half-size: 54 m × 68 m vs full-size: 108 m × 68 m) to identify effects of time–motion profiles, individual exploration behavior and collective organization. A total of 10 amateur soccer players from the same team (23.39 ± 3.91 years old) participated in this study. Data position of the players was used to calculate the spatial exploration index and the surface area. Distances covered in different speeds were used to observe the time–motion profile. The full-size pitch dimensions significantly contributed to greater distances covered via running (3.86–5.52 m s−1) and sprinting (>5.52 m s−1). Total distance and number of sprints were also significantly greater in the full-size pitch as compared to the half-size pitch. The surface area covered by the team (half-size pitch: 431.83 m2 vs full-size pitch: 589.14 m2) was significantly larger in the full-size pitch condition. However, the reduced half-size pitch significantly contributed to a greater individual spatial exploration. Results of this study suggest that running and sprinting activities increase when large, full-size pitch dimensions are utilized. Smaller surface area half-size pitch contributes to a better exploration of the pitch measured by spatial exploration index while maintaining adequate surface area coverage by the team. In conclusion, the authors suggest that the small half-size pitch is more appropriate for low-intensity training sessions and field exploration for players in different positions. Alternatively, the large full-size pitch is more appropriate for greater physically demanding training sessions with players focused on positional tactical behavior.info:eu-repo/semantics/publishedVersio

Global variation in postoperative mortality and complications after cancer surgery: a multicentre, prospective cohort study in 82 countries

© 2021 The Author(s). Published by Elsevier Ltd. This is an Open Access article under the CC BY-NC-ND 4.0 licenseBackground: 80% of individuals with cancer will require a surgical procedure, yet little comparative data exist on early outcomes in low-income and middle-income countries (LMICs). We compared postoperative outcomes in breast, colorectal, and gastric cancer surgery in hospitals worldwide, focusing on the effect of disease stage and complications on postoperative mortality. Methods: This was a multicentre, international prospective cohort study of consecutive adult patients undergoing surgery for primary breast, colorectal, or gastric cancer requiring a skin incision done under general or neuraxial anaesthesia. The primary outcome was death or major complication within 30 days of surgery. Multilevel logistic regression determined relationships within three-level nested models of patients within hospitals and countries. Hospital-level infrastructure effects were explored with three-way mediation analyses. This study was registered with ClinicalTrials.gov, NCT03471494. Findings: Between April 1, 2018, and Jan 31, 2019, we enrolled 15 958 patients from 428 hospitals in 82 countries (high income 9106 patients, 31 countries; upper-middle income 2721 patients, 23 countries; or lower-middle income 4131 patients, 28 countries). Patients in LMICs presented with more advanced disease compared with patients in high-income countries. 30-day mortality was higher for gastric cancer in low-income or lower-middle-income countries (adjusted odds ratio 3·72, 95% CI 1·70–8·16) and for colorectal cancer in low-income or lower-middle-income countries (4·59, 2·39–8·80) and upper-middle-income countries (2·06, 1·11–3·83). No difference in 30-day mortality was seen in breast cancer. The proportion of patients who died after a major complication was greatest in low-income or lower-middle-income countries (6·15, 3·26–11·59) and upper-middle-income countries (3·89, 2·08–7·29). Postoperative death after complications was partly explained by patient factors (60%) and partly by hospital or country (40%). The absence of consistently available postoperative care facilities was associated with seven to 10 more deaths per 100 major complications in LMICs. Cancer stage alone explained little of the early variation in mortality or postoperative complications. Interpretation: Higher levels of mortality after cancer surgery in LMICs was not fully explained by later presentation of disease. The capacity to rescue patients from surgical complications is a tangible opportunity for meaningful intervention. Early death after cancer surgery might be reduced by policies focusing on strengthening perioperative care systems to detect and intervene in common complications. Funding: National Institute for Health Research Global Health Research Unit

Effects of hospital facilities on patient outcomes after cancer surgery: an international, prospective, observational study

© 2022 The Author(s). Published by Elsevier Ltd. This is an Open Access article under the CC BY 4.0 licenseBackground: Early death after cancer surgery is higher in low-income and middle-income countries (LMICs) compared with in high-income countries, yet the impact of facility characteristics on early postoperative outcomes is unknown. The aim of this study was to examine the association between hospital infrastructure, resource availability, and processes on early outcomes after cancer surgery worldwide. Methods: A multimethods analysis was performed as part of the GlobalSurg 3 study—a multicentre, international, prospective cohort study of patients who had surgery for breast, colorectal, or gastric cancer. The primary outcomes were 30-day mortality and 30-day major complication rates. Potentially beneficial hospital facilities were identified by variable selection to select those associated with 30-day mortality. Adjusted outcomes were determined using generalised estimating equations to account for patient characteristics and country-income group, with population stratification by hospital. Findings: Between April 1, 2018, and April 23, 2019, facility-level data were collected for 9685 patients across 238 hospitals in 66 countries (91 hospitals in 20 high-income countries; 57 hospitals in 19 upper-middle-income countries; and 90 hospitals in 27 low-income to lower-middle-income countries). The availability of five hospital facilities was inversely associated with mortality: ultrasound, CT scanner, critical care unit, opioid analgesia, and oncologist. After adjustment for case-mix and country income group, hospitals with three or fewer of these facilities (62 hospitals, 1294 patients) had higher mortality compared with those with four or five (adjusted odds ratio [OR] 3·85 [95% CI 2·58–5·75]; p<0·0001), with excess mortality predominantly explained by a limited capacity to rescue following the development of major complications (63·0% vs 82·7%; OR 0·35 [0·23–0·53]; p<0·0001). Across LMICs, improvements in hospital facilities would prevent one to three deaths for every 100 patients undergoing surgery for cancer. Interpretation: Hospitals with higher levels of infrastructure and resources have better outcomes after cancer surgery, independent of country income. Without urgent strengthening of hospital infrastructure and resources, the reductions in cancer-associated mortality associated with improved access will not be realised. Funding: National Institute for Health and Care Research