Towards Sound Forensic Arguments: Structured Argumentation Applied to Digital Forensics Practice

Digital forensic practitioners are increasingly facing examinations which are both complex in nature and structure. Throughout this process, during the examination and analysis phases, the practitioner is constantly drawing logical inferences which will be reflected in the reporting of results. Therefore, it is important to expose how all the elements of an investigation fit together to allow review and scrutiny, and to support associated parties to understand the components within it. This paper proposes the use of ‘Structured Argumentation’ as a valuable and flexible ingredient of the practitioners’ thinking toolbox. It explores this approach using three case examples which allow discussion of the benefits and application of structured argumentation to real world contexts. We argue that, despite requiring a short learning curve, structured argumentation is a practical method which promotes accessibility of findings facilitating communication between technical and legal parties, peer review, logical reconstruction, jury interpretation, and error detection

Single Vehicle Routing in Port Container Terminals

Export containers must be carried over from the port storage area to container ships to be delivered to their destination. Optimizing containers’ transport routing is essential in order to enhance port performance and save costs. This thesis deals with a single vehicle routing problem in a container terminal environment. Heuristic strategies Beam Search and Ant Colony Optimization are proposed to solve the problem and are tested comparatively. A new strategy for container collection is proposed as a substitute for the traditional greedy strategy of container collection

A Mobile Ambients-based Approach for Network Attack Modelling and Simulation

Attack Graphs are an important support for assessment and subsequent improvement of network security. They reveal possible paths an attacker can take to break through security perimeters and traverse a network to reach valuable assets deep inside the network. Although scalability is no longer the main issue, Attack Graphs still have some problems that make them less useful in practice. First, Attack Graphs remain difficult to relate to the network topology. Second, Attack Graphs traditionally only consider the exploitation of vulnerable hosts. Third, Attack Graphs do not rely on automatic identification of potential attack targets. We address these gaps in our MsAMS (Multi-step Attack Modelling and Simulation) tool, based on Mobile Ambients. The tool not only allows the modelling of more static aspects of the network, such as the network topology, but also the dynamics of network attacks. In addition to Mobile Ambients, we use the PageRank algorithm to determine targets and hub scores produced by the HITS (Hypertext Induced Topic Search) algorithm to guide the simulation of an attacker searching for targets

A Systematic Approach for Cyber Security in Vehicular Networks

Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and with adjacent infrastructure by exchanging significant messages, such as road accident warnings, steep-curve ahead warnings or traffic jam warnings. However, this communication and other assets involved are subject to major threats and provide numerous opportunities for attackers to launch several attacks and compromise security and privacy of vehicular users. This paper reviews the cyber security in VANET and proposes an asset-based approach for VANET security. Firstly, it identifies relevant assets in VANET. Secondly, it provides a detailed taxonomy of vulnerabilities and threats on these assets, and, lastly, it classifies the possible attacks in VANET and critically evaluates them

TEAM: A Trust Evaluation and Management Framework in Context-Enabled Vehicular Ad-Hoc Networks

Vehicular ad-hoc network (VANET) provides a unique platform for vehicles to intelligently exchange critical information, such as collision avoidance messages. It is, therefore, paramount that this information remains reliable and authentic, i.e., originated from a legitimate and trusted vehicle. Trust establishment among vehicles can ensure security of a VANET by identifying dishonest vehicles and revoking messages with malicious content. For this purpose, several trust models (TMs) have been proposed but, currently, there is no effective way to compare how they would behave in practice under adversary conditions. To this end, we propose a novel trust evaluation and management (TEAM) framework, which serves as a unique paradigm for the design, management, and evaluation of TMs in various contexts and in presence of malicious vehicles. Our framework incorporates an asset-based threat model and ISO-based risk assessment for the identification of attacks against critical risks. The TEAM has been built using VEINS, an open source simulation environment which incorporates SUMO traffic simulator and OMNET++ discrete event simulator. The framework created has been tested with the implementation of three types of TMs (data oriented, entity oriented, and hybrid) under four different contexts of VANET based on the mobility of both honest and malicious vehicles. Results indicate that the TEAM is effective to simulate a wide range of TMs, where the efficiency is evaluated against different quality of service and security-related criteria. Such framework may be instrumental for planning smart cities and for car manufacturers

Integration and Evaluation of QUIC and TCP-BBR in longhaul Science Data Transfers

Two recent and promising additions to the internet protocols are TCP-BBR and QUIC. BBR defines a congestion policy that promises a better control in TCP bottlenecks on long haul transfers and can also be used in the QUIC protocol. TCP-BBR is implemented in the Linux kernels above 4.9. It has been shown, however, to demand careful fine tuning in the interaction, for example, with the Linux Fair Queue. QUIC, on the other hand, replaces HTTP and TLS with a protocol on the top of UDP and thin layer to serve HTTP. It has been reported to account today for 7% of Google’s traffic. It has not been used in server-to-server transfers even if its creators see that as a real possibility. Our work evaluates the applicability and tuning of TCP-BBR and QUIC for data science transfers. We describe the deployment and performance evaluation of TCP-BBR and comparison with CUBIC and H-TCP in transfers through the TEIN link to Singaren (Singapore). Also described is the deployment and initial evaluation of a QUIC server. We argue that QUIC might be a perfect match in security and connectivity to base services that are today performed by the Xroot redirectors

“I don't think we're there yet”: The practices and challenges of organisational learning from cyber security incidents

Learning from cyber incidents is crucial for organisations to enhance their cyber resilience and effectively respond to evolving threats. This study employs neo-institutional and organisational learning theories to examine how organisations learn from incidents and gain insights into the challenges they face. Drawing on qualitative research methods, interviews were conducted with 34 security practitioners from organisations operating in the UK spanning a range of industries. The findings highlight the importance of consciously evaluating learning practices and creating a culture of openness to hear about incidents from employees, customers and suppliers. Deciding which incidents to learn from, as well as who should participate in the learning process, emerged as critical considerations. Overcoming defensiveness and addressing systemic causes were recognised as barriers to effective learning. The study emphasises the need to assess the value and impact of identified lessons and to avoid superficial reviews that treat symptoms rather than underlying causes to improve resilience. While progress has been made in learning from incidents, further enhancements are needed. Practical recommendations have been proposed to suggest how organisations may gain valuable insights for maximising the benefits derived from incident learning. This research contributes to the existing knowledge on organisational learning and informs future studies exploring the social and political influences on the learning process. By considering the suggested recommendations, organisations may strengthen their cyber security, foster a culture of continuous improvement, and respond effectively to the dynamic cyber security landscape

Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes

© 2018 Elsevier Ltd The state-of-the-art and practice show an increased recognition, but limited adoption, of Behavioural Evidence Analysis (BEA) within the Digital Forensics (DF) investigation process. Yet, there is currently no BEA-driven process model and guidelines for DF investigators to follow in order to take advantage of such an approach. This paper proposes the Behavioural Digital Forensics Model to fill this gap. It takes a multidisciplinary approach which incorporates BEA into in-lab investigation of seized devices related to interpersonal cases (i.e., digital crimes involving human interactions between offender(s) and victim(s)). The model was designed based on the application of traditional BEA phases to 35 real cases, and evaluated using 5 real digital crime cases - all from Dubai Police archive. This paper, however, provides details of only one case from this evaluation pool. Compared to the outcome of these cases using a traditional DF investigation process, the new model showed a number of benefits. It allowed a more effective focusing of the investigation, and provided logical directions for identifying the location of further relevant evidence. It also enabled a better understanding and interpretation of victim/offender behaviours (e.g., probable offenders’ motivations and modus operandi), which facilitated a more in depth understanding of the dynamics of the specific crime. Finally, in some cases, it enabled the identification of suspect\u27s collaborators, something which was not identified via the traditional investigative process