983 research outputs found
Measuring the Human Factor of Cyber Security
This paper investigates new methods to measure, quantify and evaluate the security posture of human organizations especially within large corporations and government agencies. Computer security is not just about technology and systems. It is also about the people that use those systems and how their vulnerable behaviors can lead to exploitation. We focus on measuring enterprise-level susceptibility to phishing attacks. Results of experiments conducted at Columbia University and the system used to conduct the experiments are presented that show how the system can also be effective for training users. We include a description of follow-on work that has been proposed to DHS that aims to measure and improve the security posture of government departments and agencies, as well as for comparing security postures of individual agencies against one another
Recommended from our members
Design and Analysis of Decoy Systems for Computer Security
This dissertation is aimed at defending against a range of internal threats, including eaves-dropping on network taps, placement of malware to capture sensitive information, and general insider threats to exfiltrate sensitive information. Although the threats and adversaries may vary, in each context where a system is threatened, decoys can be used to deny critical information to adversaries making it harder for them to achieve their target goal. The approach leverages deception and the use of decoy technologies to deceive adversaries and trap nefarious acts. This dissertation proposes a novel set of properties for decoys to serve as design goals in the development of decoy-based infrastructures. To demonstrate their applicability, we designed and prototyped network and host-based decoy systems. These systems are used to evaluate the hypothesis that network and host decoys can be used to detect inside attackers and malware. We introduce a novel, large-scale automated creation and management system for deploying decoys. Decoys may be created in various forms including bogus documents with embedded beacons, credentials for various web and email accounts, and bogus financial in- formation that is monitored for misuse. The decoy management system supplies decoys for the network and host-based decoy systems. We conjecture that the utility of the decoys depends on the believability of the bogus information; we demonstrate the believability through experimentation with human judges. For the network decoys, we developed a novel trap-based architecture for enterprise networks that detects "silent" attackers who are eavesdropping network traffic. The primary contributions of this system is the ease of injecting, automatically, large amounts of believable bait, and the integration of various detection mechanisms in the back-end. We demonstrate our methodology in a prototype platform that uses our decoy injection API to dynamically create and dispense network traps on a subset of our campus wireless network. We present results of a user study that demonstrates the believability of our automatically generated decoy traffic. We present results from a statistical and information theoretic analysis to show the believability of the traffic when automated tools are used. For host-based decoys, we introduce BotSwindler, a novel host-based bait injection sys- tem designed to delude and detect crimeware by forcing it to reveal itself during the ex- ploitation of monitored information. Our implementation of BotSwindler relies upon an out-of-host software agent to drive user-like interactions in a virtual machine, seeking to convince malware residing within the guest OS that it has captured legitimate credentials. To aid in the accuracy and realism of the simulations, we introduce a novel, low overhead approach, called virtual machine verification, for verifying whether the guest OS is in one of a predefined set of states. We provide empirical evidence to show that BotSwindler can be used to induce malware into performing observable actions and demonstrate how this approach is superior to that used in other tools. We present results from a user to study to illustrate the believability of the simulations and show that financial bait infor- mation can be used to effectively detect compromises through experimentation with real credential-collecting malware. We present results from a statistical and information theo- retic analysis to show the believability of simulated keystrokes when automated tools are used to distinguish them. Finally, we introduce and demonstrate an expanded role for decoys in educating users and measuring organizational security through experiments with approximately 4000 university students and staff
Recommended from our members
Crimeware Swindling without Virtual Machines
In previous work, we introduced a bait-injection system designed to delude and detect crimeware by forcing it to reveal itself during the exploitation of captured information. Although effective as a technique, our original system was practically limited, as it was implemented in a personal VM environment. In this paper, we investigate how to extend our system by applying it to personal workstation environments. Adapting our system to such a different environment reveals a number of challenging issues, such as scalability, portability, and choice of physical communication means. We provide implementation details and we evaluate the effectiveness of our new architecture
Recommended from our members
Designing Host and Network Sensors to Mitigate the Insider Threat
We propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. We are motivated by real world incidents and our experience with building isolated detectors: such standalone mechanisms are often easily identified and avoided by malefactors. Our work-in-progress combines host-based user-event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. We identify several challenges in scaling up, deploying, and validating our architecture in real environments
Systematic Review of Laser and Other Light Therapy for the Management of Oral Mucositis in Cancer Patients
Background The aim of this study was to review the available literature and define clinical practice guidelines for the use of laser and other light therapies for the prevention and treatment of oral mucositis.
Methods A systematic review was conducted by the Mucositis Study Group of the Multinational Association of Supportive Care in Cancer/International Society of Oral Oncology. The body of evidence for each intervention, in each cancer treatment setting, was assigned an evidence level. Based onthe evidence level, one of the following three guideline determinations was possible: recommendation, suggestion, and no guideline possible.
Results A new recommendation was made for low-level laser (wavelength at 650 nm, power of 40 mW, and each square centimeter treated with the required time to a tissue energy dose of 2 J/cm2 (2 s/point)) for the prevention of oral mucositis in adult patients receiving hematopoietic stem cell transplantation conditioned with high-dose chemotherapy, with or without total body irradiation. A new suggestion was made for low-level laser (wavelength around 632.8 nm) for the prevention of oral mucositis in patients undergoing radiotherapy, without concomitant chemotherapy, for head and neck cancer. No guideline was possible in other populations and for other light sources due to insufficient evidence.
Conclusions The increasing evidence in favor of low-level laser therapy allowed for the development of two new guidelines supporting this modality in the populations listed above. Evidence for other populations was also generally encouraging over a range of wavelengths and intensities. However, additional well-designed research is needed to evaluate the efficacy of laser and other light therapies in various cancer treatment settings
Development and initial validation of the Seated Posture Scale
—Literature shows that some health outcomes (e.g., eating, breathing, and speaking) are directly related to posture. Evidence of outcomes mediated by wheelchair seated posture is limited to interface pressure, physical function, and wheelchair skills and safety. This study’s purpose was to develop and validate a rapid, low-burden, paper-pencil assessment of wheelchair seated posture for research use and to test feasibility of its use with a sample of older adults. We used a prospective design and a convenience sample of older adults who were receiving rehabilitation services in a community living center. Forty-nine older wheelchair users participated. Main measures were the Seated Posture Scale (SPS), Modified Ashworth Scale, Barthel Index, Visual Descriptor Scale, scale-content validity index (S-CVI), Cronbach alpha, and test-retest reliability. Rating by six experts yielded the overall content validity score (S-CVI) of 0.744. Total SPS score correlated positively with physical function (Barthel Index, r = 0.46, p \u3c 0.001) and negatively with muscle tone (Modified Ashworth Scale, r = –0.44, p = 0.001), supporting SPS construct validity. Internal consistency was 0.66 (Cronbach alpha). Test-retest reliability yielded Pearson product-moment correlations of 0.89 to 0.99. We conclude that the SPS has sufficient preliminary validity and reliability to support its use as an evaluation of wheelchair seated posture in outcomes research
Vertebrate Host Susceptibility to Heartland Virus
Heartland virus (HRTV) is a recently described phlebovirus initially isolated in 2009 from 2 humans who had leukopenia and thrombocytopenia. Serologic assessment of domestic and wild animal populations near the residence of 1 of these persons showed high exposure rates to raccoons, white-tailed deer, and horses. To our knowledge, no laboratory-based assessments of viremic potential of animals infected with HRTV have been performed. We experimentally inoculated several vertebrates (raccoons, goats, chickens, rabbits, hamsters, C57BL/6 mice, and interferon-α/β/γ receptor–deficient [Ag129]) mice with this virus. All animals showed immune responses against HRTV after primary or secondary exposure. However, neutralizing antibody responses were limited. Only Ag129 mice showed detectable viremia and associated illness and death, which were dose dependent. Ag129 mice also showed development of mean peak viral antibody titers \u3e8 log10 PFU/mL, hemorrhagic hepatic lesions, splenomegaly, and large amounts of HRTV antigen in mononuclear cells and hematopoietic cells in the spleen
Geopolitical species revisited: genomic and morphological data indicate that the roundtail chub Gila robusta species complex (Teleostei, Cyprinidae) is a single species
The Gila robusta species complex in the Lower Colorado River Basin has a complicated taxonomic history. Recent authors have separated this group into three nominal taxa, G. robusta, G. intermedia, and G. nigra, however aside from location, no reliable method of distinguishing individuals of these species currently exists. To assess relationships within this group, we examined morphology of type specimens and fresh material, and used RADseq methods to assess phylogenetic relationship among these nominal species. Maximum likelihood and Bayesian inference tree building methods reveal high concordance between tree topologies based on the mitochondrial and nuclear datasets. Coalescent SNAPP analysis resolved a similar tree topology. Neither morphological nor molecular data reveal diagnostic differences between these species as currently defined. As such, G. intermedia and G. nigra should be considered synonyms of the senior G. robusta. We hypothesize that climate driven wet and dry cycles have led to periodic isolation of population subunits and subsequent local divergence followed by reestablished connectivity and mixing. Management plans should therefore focus on retaining genetic variability and viability of geographic populations to preserve adaptability to changing climate conditions
- …