20 research outputs found
Forensic Collection of Electronic Evidence from Infrastructure-As-a-Service Cloud Computing
As cloud computing becomes ubiquitous, the criminal targeting and criminal use of cloud computing is inevitable and imminent. Similarly, the need for civil forensic analyses of cloud computing has become more prevalent. Forensic investigation of cloud computing matters first requires an understanding of the technology and issues associated with the collection of electronically stored information (“ESI”) in the cloud. The misuse of the broad term “cloud computing” has caused some confusion and misinformation among legal and technology scholars, leading to a muddied and incomplete analysis of cloud-based discovery issues. Cases and academic analyses have dealt primarily with popular online services such as Gmail and Facebook, but they omit discussions of commercial cloud computing providers’ fundamental infrastructure offerings
Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies
The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloudbased website. Our cases highlight shortcomings of current forensic practices and laws. We describe significant challenges with cloud forensics, including forensic acquisition, evidence preservation and chain of custody, and open problems for continued research.
Keywords: Cloud computing, cloud forensics, digital forensics, case studie
Privacy, Security, and Usability Tradeoffs of Telehealth from Practitioners' Perspectives
The COVID-19 pandemic has significantly transformed the healthcare sector,
with telehealth services being among the most prominent changes. The adoption
of telehealth services, however, has raised new challenges, particularly in the
areas of security and privacy. To better comprehend the telehealth needs and
concerns of medical professionals, particularly those in private practice, we
conducted a study comprised of 20 semi-structured interviews with telehealth
practitioners in audiology and speech therapy. Our findings indicate that
private telehealth practitioners encounter difficult choices when it comes to
balancing security, privacy, usability, and accessibility, particularly while
caring for vulnerable populations. Additionally, the study revealed that
practitioners face challenges in ensuring HIPAA compliance due to inadequate
resources and a lack of technological comprehension. Policymakers and
healthcare providers should take proactive measures to address these
challenges, including offering resources and training to ensure HIPAA
compliance and enhancing technology infrastructure to support secure and
accessible telehealth
Battle Ground: Data Collection and Labeling of CTF Games to Understand Human Cyber Operators
Industry standard frameworks are now widespread for labeling the high-level
stages and granular actions of attacker and defender behavior in cyberspace.
While these labels are used for atomic actions, and to some extent for
sequences of actions, there remains a need for labeled data from realistic
full-scale attacks. This data is valuable for better understanding human
actors' decisions, behaviors, and individual attributes. The analysis could
lead to more effective attribution and disruption of attackers.
We present a methodological approach and exploratory case study for
systematically analyzing human behavior during a cyber offense/defense
capture-the-flag (CTF) game. We describe the data collection and analysis to
derive a metric called keystroke accuracy. After collecting players' commands,
we label them using the MITRE ATT&CK framework using a new tool called
Pathfinder. We present results from preliminary analysis of participants'
keystroke accuracy and its relation to score outcome in CTF games. We describe
frequency of action classification within the MITRE ATT&CK framework and
discuss some of the mathematical trends suggested by our observations. We
conclude with a discussion of extensions for the methodology, including
performance evaluation during games and the potential use of this methodology
for training artificial intelligence.Comment: 9 pages, accepted to 2023 Workshop on Cyber Security Experimentation
and Test (CSET
Emergent (In)Security of Multi-Cloud Environments
As organizations increasingly use cloud services to host their IT
infrastructure, there is a need to share data among these cloud hosted services
and systems. A majority of IT organizations have workloads spread across
different cloud service providers, growing their multi-cloud environments. When
an organization grows their multi-cloud environment, the threat vectors and
vulnerabilities for their cloud systems and services grow as well. The increase
in the number of attack vectors creates a challenge of how to prioritize
mitigations and countermeasures to best defend a multi-cloud environment
against attacks. Utilizing multiple industry standard risk analysis tools, we
conducted an analysis of multi-cloud threat vectors enabling calculation and
prioritization for the identified mitigations and countermeasures. The
prioritizations from the analysis showed that authentication and architecture
are the highest risk areas of threat vectors. Armed with this data, IT managers
are able to more appropriately budget cybersecurity expenditure to implement
the most impactful mitigations and countermeasures
Systemic Risk and Vulnerability Analysis of Multi-cloud Environments
With the increasing use of multi-cloud environments, security professionals
face challenges in configuration, management, and integration due to uneven
security capabilities and features among providers. As a result, a fragmented
approach toward security has been observed, leading to new attack vectors and
potential vulnerabilities. Other research has focused on single-cloud platforms
or specific applications of multi-cloud environments. Therefore, there is a
need for a holistic security and vulnerability assessment and defense strategy
that applies to multi-cloud platforms. We perform a risk and vulnerability
analysis to identify attack vectors from software, hardware, and the network,
as well as interoperability security issues in multi-cloud environments.
Applying the STRIDE and DREAD threat modeling methods, we present an analysis
of the ecosystem across six attack vectors: cloud architecture, APIs,
authentication, automation, management differences, and cybersecurity
legislation. We quantitatively determine and rank the threats in multi-cloud
environments and suggest mitigation strategies.Comment: 27 pages, 9 figure
Sonification with music for cybersecurity situational awareness
Presented at the 25th International Conference on Auditory Display (ICAD 2019) 23-27 June 2019, Northumbria University, Newcastle upon Tyne, UK.Cyber defenders work in stressful, information-rich, and highstakes environments. While other researchers have considered sonification for security operations centers (SOCs), the mappings of network events to sound parameters have produced aesthetically unpleasing results. This paper proposes a novel sonification process for transforming data about computer network traffic into music. The musical cues relate to notable network events in such a way as to minimize the amount of training time a human listener would need in order to make sense of the cues. We demonstrate our technique on a dataset of 708 million authentication events over nine continuous months from an enterprise network. We illustrate a volume-centric approach in relation to the amplitude of the input data, and also a volumetric approach mapping the input data signal into the number of notes played. The resulting music prioritizes aesthetics over bandwidth to balance performance with adoption
Invisible Security: Protecting Users with No Time to Spare
Presented online via Bluejeans Events and in-person in the CODA Building, 9th floor atrium on November 5, 2021 at 12:30 p.m.Dr. Josiah Dykstra is a Technical Fellow in the Cybersecurity Collaboration Center at the National Security Agency (NSA). He advises leadership and employees on technical matters for integrated cybersecurity operations and provides overall technical direction on projects and programs that enable high impact operational effects in the cyber domain and deny adversaries the ability to influence, exploit, or threaten cyber and information infrastructure domains.Runtime: 45:11 minutesFor over 50 years, the cybersecurity community has sought to protect vulnerable systems and users from victimization. Despite ongoing and valiant work at adoption and usability, some users cannot or will not avail themselves of necessary cybersecurity measures. Average, non-expert users—particularly those in small businesses—cannot afford to devote time to cybersecurity. Instead of accepting the risk of no security, alternatives are possible which achieve both security outcomes and conservation of time. In this talk, we explore the paradigm of invisible security focused on creating cyber defenses that occur automatically without end user intervention. We present examples consistent with this approach in existence today, including automatic software updates and protective DNS. Then we describe how invisible defenses may aid potential beneficiaries in health care, the defense industrial base, and the general public. Finally, we present benefits and limitations of the approach and propose areas of future research and innovation