Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network

In this paper we present empirical results and speculative analysis based on observations collected over a two month period from studies with two high interaction honeynets, deployed in a corporate and an SME (small to medium enterprise) environment, and a distributed honeypots deployment. All three networks contain a mixture of Windows and Linux hosts. We detail the architecture of the deployment and results of comparing the observations from the three environments. We analyze in detail the times between attacks on different hosts, operating systems, networks or geographical location. Even though results from honeynet deployments are reported often in the literature, this paper provides novel results analyzing traffic from three different types of networks and some initial exploratory models. This research aims to contribute to endeavours in the wider security research community to build methods, grounded on strong empirical work, for assessment of the robustness of computer-based systems in hostile environments

New light on electromagnetic corrections to the scattering parameters obtained from experiments on pionium

We calculate the electromagnetic corrections needed to obtain isospin invariant hadronic pion-pion s-wave scattering lengths a^0, a^2 from the elements a_cc, a_0c of the s-wave scattering matrix for the (\pi^+ \pi^-, \pi^0 \pi^0) system at the \pi^+ \pi^- threshold. These elements can be extracted from experiments on pionium. Our calculation uses energy independent hadronic pion-pion potentials that satisfactorily reproduce the low-energy phase shifts given by two-loop chiral pertur- bation theory. We also take into account an important relativistic effect whose inclusion influences the corrections considerably.Comment: 14 pages including 3 figures. Uses elsart.cls. Some numbers have been updated and a few typos have been correcte

The effect of vacuum polarisation on muon-proton scattering at small energies and angles

We give a compact expression for the unpolarised differential cross section for muon-proton scattering in the one photon exchange approximation. The effect of adding the vacuum polarisation amplitude to the no-spin-flip amplitude for one photon exchange is calculated at small energies and scattering angles and is found to be negligible for present experiments.Comment: 6 pages, one figur

vepRisk - A Web Based Analysis Tool for Public Security Data

We present vepRisk (Vulnerabilities, Exploits and Patches Risk analysis tool): a web-based tool for analyzing publically available security data. The tool has a backend modules that mine, extract, parse and store data from public repositories of vulnerabilities, exploits and patches; and a frontend web-based application that provides functionality for analyzing the data. The frontend uses shinyR, hence allowing integration with the R statistical analysis package and seamless use of R functions. We also present initial analysis we have done with the tool, and outline the extensions and future development we plan to integrate into the tool in the near future

OS diversity for intrusion tolerance: Myth or reality?

One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper we present a study with operating systems (OS) vulnerability data from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OSes over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSes. Hence, our analysis provides a strong indication that building a system with diverse OSes may be a useful technique to improve its intrusion tolerance capabilities

Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity

Fault/intrusion tolerance is usually the only viable way of improving the system dependability and security in the presence of continuously evolving threats. Many of the solutions in the literature concern a specific snapshot in the production or deployment of a fault-tolerant system and no immediate considerations are made about how the system should evolve to deal with novel threats. In this paper we outline and evaluate a set of operating systems’ and applications’ reconfiguration rules which can be used to modify the state of a system replica prior to deployment or in between recoveries, and hence increase the replicas chance of a longer intrusion-free operation

Diversity, Safety and Security in Embedded Systems: modelling adversary effort and supply chain risks

We present quantitative considerations for the design of redundancy and diversity in embedded systems with security requirements. The potential for malicious activity against these systems have complicated requirements and design choices. New design trade-offs have arisen besides those already familiar in this area: for instance, adding redundancy may increase the attack surface of a system and thus increase overall risk. Our case study concerns protecting redundant communications between a control system and its controlled physical system. We study the effects of using: (i) different encryption keys on replicated channels, and (ii) diverse encryption schemes and implementations. We consider two attack scenarios, with adversaries having access to (i) ways of reducing the search space in attacks using random searches for keys; or (ii) hidden major flaws in some crypto algorithm or implementation. Trade-offs between the requirements of integrity and confidentiality are found, but not in all cases. Simple models give useful design insights. In this system, we find that key diversity improves integrity without impairing confidentiality – no trade-offs arise between the two – and it can substantially increase adversary effort, but it will not remedy substantial weaknesses of the crypto system. Implementation diversity does involve design trade-offs between integrity and confidentiality, which we analyse, but turns out to be generally desirable for highly critical applications of the control system considered