33 research outputs found
Cyber Deception Reactive: TCP Stealth Redirection to On-Demand Honeypots
Cybersecurity is developing rapidly, and new methods of defence against
attackers are appearing, such as Cyber Deception (CYDEC). CYDEC consists of
deceiving the enemy who performs actions without realising that he/she is being
deceived. This article proposes designing, implementing, and evaluating a
deception mechanism based on the stealthy redirection of TCP communications to
an on-demand honey server with the same characteristics as the victim asset,
i.e., it is a clone. Such a mechanism ensures that the defender fools the
attacker, thanks to stealth redirection. In this situation, the attacker will
focus on attacking the honey server while enabling the recollection of relevant
information to generate threat intelligence. The experiments in different
scenarios show how the proposed solution can effectively redirect an attacker
to a copied asset on demand, thus protecting the real asset. Finally, the
results obtained by evaluating the latency times ensure that the redirection is
undetectable by humans and very difficult to detect by a machine
COSMOS: Centinela colaborativa, perfecta y adaptable para la Internet de las cosas
The Internet of Things (IoT) became established during the last decade as an emerging technology with considerable potentialities and applicability. Its paradigm of everything connected together penetrated the real world, with smart devices located in several daily appliances. Such intelligent objects are able to communicate autonomously through already existing network infrastructures, thus generating a more concrete integration between real world and computer-based systems. On the downside, the great benefit carried by the IoT paradigm in our life brings simultaneously severe security issues, since the information exchanged among the objects frequently remains unprotected from malicious attackers. The paper at hand proposes COSMOS (Collaborative, Seamless and Adaptive Sentinel for the Internet of Things), a novel sentinel to protect smart environments from cyber threats. Our sentinel shields the IoT devices using multiple defensive rings, resulting in a more accurate and robust protection. Additionally, we discuss the current deployment of the sentinel on a commodity device (i.e., Raspberry Pi). Exhaustive experiments are conducted on the sentinel, demonstrating that it performs meticulously even in heavily stressing conditions. Each defensive layer is tested, reaching a remarkable performance, thus proving the applicability of COSMOS in a distributed and dynamic scenario such as IoT. With the aim of easing the enjoyment of the proposed sentinel, we further developed a friendly and ease-to-use COSMOS App, so that end-users can manage sentinel(s) directly using their own devices (e.g., smartphone)
SCORPION Cyber Range: Fully Customizable Cyberexercises, Gamification and Learning Analytics to Train Cybersecurity Competencies
It is undeniable that we are witnessing an unprecedented digital revolution.
However, recent years have been characterized by the explosion of cyberattacks,
making cybercrime one of the most profitable businesses on the planet. That is
why training in cybersecurity is increasingly essential to protect the assets
of cyberspace. One of the most vital tools to train cybersecurity competencies
is the Cyber Range, a virtualized environment that simulates realistic
networks. The paper at hand introduces SCORPION, a fully functional and
virtualized Cyber Range, which manages the authoring and automated deployment
of scenarios. In addition, SCORPION includes several elements to improve
student motivation, such as a gamification system with medals, points, or
rankings, among other elements. Such a gamification system includes an adaptive
learning module that is able to adapt the cyberexercise based on the users'
performance. Moreover, SCORPION leverages learning analytics that collects and
processes telemetric and biometric user data, including heart rate through a
smartwatch, which is available through a dashboard for instructors. Finally, we
developed a case study where SCORPION obtained 82.10% in usability and 4.57 out
of 5 in usefulness from the viewpoint of a student and an instructor. The
positive evaluation results are promising, indicating that SCORPION can become
an effective, motivating, and advanced cybersecurity training tool to help fill
current gaps in this context.Comment: 31 page
Desarrollo de servicios de IoT seguros: una revisión de las plataformas de IoT orientada a la seguridad
Undoubtedly, the adoption of the Internet of Things (IoT) paradigm has impacted on our every-day life, surrounding us with smart objects. Thus, the potentialities of this new market attracted the industry, so that many enterprises developed their own IoT platforms aiming at helping IoT services’ developers. In the multitude of possible platforms, selecting the most suitable to implement a specific service is not straightforward, especially from a security perspective. This paper analyzes some of the most prominent proposals in the IoT platforms market-place, performing an in-depth security comparison using five common criteria. These criteria are detailed in sub-criteria, so that they can be used as a baseline for the development of a secure IoT service. Leveraging the knowledge gathered from our in-depth study, both researchers and developers may select the IoT platform which best fits their needs. Additionally, an IoT service for monitoring commercial flights is implemented in two previously analyzed IoT platforms, giving an adequate detail level to represent a solid guideline for future IoT developer
Spotting political social bots in Twitter: A use case of the 2019 Spanish general election
While social media has been proved as an exceptionally useful tool to
interact with other people and massively and quickly spread helpful
information, its great potential has been ill-intentionally leveraged as well
to distort political elections and manipulate constituents. In the paper at
hand, we analyzed the presence and behavior of social bots on Twitter in the
context of the November 2019 Spanish general election. Throughout our study, we
classified involved users as social bots or humans, and examined their
interactions from a quantitative (i.e., amount of traffic generated and
existing relations) and qualitative (i.e., user's political affinity and
sentiment towards the most important parties) perspectives. Results
demonstrated that a non-negligible amount of those bots actively participated
in the election, supporting each of the five principal political parties
Framework de reacción dinámico frente a ciber ataques
Los ciberataques dirigidos a las infraestructuras de red actuales son cada vez más frecuentes y disruptivos, con entidades malintencionadas que intentan manipular la confidencialidad, integridad y disponibilidad de los datos y servicios relacionados. En un escenario tan alarmante, la ciberseguridad se convierte en algo esencial para proteger los activos del sistema y asegurar su correcto funcionamiento. En concreto, la estrategia de reacción ante posibles amenazas es crucial para erradicarlas del sistema y devolver a éste a un estado seguro.
El objetivo principal de esta tesis doctoral es estudiar, analizar y abordar las principales limitaciones de los sistemas de reacción del estado del arte, con el fin de implementar un sistema innovador y robusto de selección de contramedidas.
Para lograr un objetivo tan ambicioso, el primer hito fue estudiar y analizar en profundidad los sistemas de reacción del estado del arte. En particular, el candidato investigó 24 de los artículos más notables sobre estrategias de reacción durante un período de 5 años (es decir, de 2012 a 2016), comparándolos en base a siete criterios comunes. Sobre la base de este análisis, se enumeran los desafíos abiertos de este campo, junto con las posibles direcciones futuras para abordarlos.
Partiendo de los retos señalados, el segundo logro de la tesis doctoral fue la propuesta de una representación estándar de una contramedida, detallando con granularidad fina los campos que la componen. La representación propuesta tiene en cuenta las características específicas de las contramedidas (por ejemplo, la eficacia, el impacto, el coste, los posibles parámetros), pero también aprovecha los conocimientos de seguridad externos preexistentes y ya maduros. Dicha representación sirve como punto de partida hacia la estandarización de las contramedidas dentro de los ecosistemas de reacción, permitiendo compartir el conocimiento de reacción entre los equipos de seguridad de todo el mundo para construir planes de seguridad robustos.
A su vez, otro logro del doctorado consistió en diseñar e implementar una metodología novedosa y escalable para seleccionar el conjunto óptimo de contramedidas atómicas para actuar frente a la ocurrencia de ciberamenazas. Dicha propuesta aprovecha las capacidades de los Sistemas Inmunes Artificiales (SIA), una técnica bioinspirada que puede calcular resultados óptimos en un tiempo más que aceptable gracias a las constantes fases de clonación y mutación de los individuos dentro del espacio de soluciones.
Cada uno de los resultados alcanzados fue publicado en una revista de primer nivel, lo que dio lugar a una gran difusión en el ámbito de la investigación. En efecto, los trabajos propuestos en el marco de esta tesis doctoral representan un avance significativo con respecto al estado del arte en lo que se refiere a los sistemas de reacción. No obstante, aún quedan algunos retos por resolver que darán lugar a más aportaciones en el futuro. Concretamente, es destacable la falta de un sistema de evaluación de contramedidas comúnmente utilizado y compartido. La creación de un sistema de este tipo sería muy beneficiosa para cada sistema de respuesta, ya que sus resultados podrían compararse con los de otros de forma equitativa.
Por otra parte, la metodología de reacción SIA propuesta ha sido probada mediante la simulación tanto del entorno (es decir, de los activos y las contramedidas) como de las amenazas. En este sentido, sería interesante aplicar el marco diseñado en un escenario de uso real con tráfico de red real, desde la detección de la amenaza hasta la aplicación de la respuesta sugerida, supervisada por el administrador de seguridad en cualquier momento. Posiblemente, un entorno que abarque desde la detección a la reacción tan completo requerirá los esfuerzos conjuntos de varias instituciones, lo que dará lugar a una posible propuesta de proyecto de investigación.
Por último, pero no por ello menos importante, otra vía de investigación interesante contempla el estudio de contramedidas ofensivas para enriquecer las estrategias de reacción.Cyberattacks targeting modern network infrastructures are becoming every day more frequent and disruptive, with ill-motivated entities trying to manipulate the confidentiality, integrity, and availability of the related data and services. In such an alarming scenario, cybersecurity becomes essential to protect system assets and ensure correct operations. Specifically, the reaction strategy against potential threats is crucial to eradicate them from the system and bring it back to a safe state.
The main objective of this PhD thesis is to study, analyze and address the principal limitations of the state-of-the-art reaction frameworks, heading to the implementation of an innovative and robust countermeasures selection system.
To achieve such an ambitious goal, the first milestone was to profoundly study and analyze the state-of-the-art reaction systems. Notably, the candidate investigated 24 of the most remarkable articles dealing with reaction strategies over a period of 5 years (i.e., from 2012 to 2016), comparing them based on seven common criteria. Based on this side-by-side analysis, the open challenges of the field are listed together with possible future directions to address them.
Starting from the challenges highlighted, the second achievement of the PhD Thesis was the proposal of a standard representation of a countermeasure, detailing with fine granularity the necessary fields. The proposed representation considers specific characteristics of the countermeasures (e.g., effectiveness, impact, cost, possible parameters), but it also leverages already mature external security knowledge. Such a representation serves as a starting point toward the standardization of countermeasures within reaction ecosystems, enabling reaction knowledge sharing among worldwide security teams to build robust security plans.
In turn, another accomplishment of the PhD dissertation consisted of designing and implementing a novel and scalable methodology to select the optimal set of atomic countermeasures to fire against the occurrence of cyber threats. Such a proposal leverages the capabilities of the Artificial Immune Systems (AIS), a bio-inspired technique that can calculate optimal outcomes in a more than acceptable time thanks to the constant cloning and mutation phases of the individuals within the solution space.
Each of the achieved results was published in a top-tier journal, leading to a great dissemination within the research field. Indeed, the works proposed in the context of this PhD Thesis represent a significant advance of the state-of-the-art regarding the reaction frameworks. Nevertheless, some challenges are still unsolved and will lead to more contributions in the future. Concretely, there is a noticeable lack of a commonly used and shared countermeasures assessment system. The creation of such a system would be highly beneficial for each response framework since its results could be fairly compared with other approaches.
Moreover, the proposed AIS-reaction methodology has been tested by simulating both the environment (i.e., targeted assets and countermeasures) and the threats. In this sense, it would be exciting to apply the designed framework in a real use-case scenario with real network traffic, from the detection of the threat to the enforcement of the suggested response, supervised by the security administrator at any time. Possibly, such a full-fledged detection-to-reaction framework will require the joint efforts of several institutions, leading to a potential research project proposal.
Last but not least, another interesting research path contemplates the study of offensive countermeasures to enrich the reaction strategies
Una comparación inicial de estilos de programación implícitos y explícitos para multiprocesadores de memoria distribuida
La gestión de tareas paralelas y datos distribuidos es la esencia de la programación paralela en multiprocesadores de memoria distribuida y puede expresarse explícitamente en el lenguaje de programación o proporcionarse implícitamente a través de alguna combinación de soporte de lenguaje y tiempo de ejecución. Los lenguajes funcionales están diseñados para proporcionar soporte implícito tanto para la gestión de tareas como de datos, pero a menudo son menos eficientes que los enfoques explícitos. Ésta es la tensión clásica entre rendimiento y facilidad de programación. Este documento proporciona un estudio inicial que intenta cuantificar esta compensación. Si bien nuestros resultados cuantitativos son precisos para capturar las escalas del esfuerzo de programación y la eficiencia de estos métodos de programación, nuestros resultados se basan en dos pequeños programas paralelos y deben sopesarse en consecuenciaManagement of parallel tasks and distributed data are the essence of parallel programming on distributed memory multiprocessors, and can be expressed explicitly in the programming language, or provided implicitly through some combination of language and run-time support. Functional languages are designed to provide implicit support for both task and data management, but are often less efficient than explicit approaches. This is the classical tension between performance and ease of programming. This paper provides an initial study which attempts to quantify this trade-off. While our quantitative results are accurate at capturing the scales for programming effort and efficiency of these programming methods, our results are based on two small parallel programs, and should be weighed accordingly
On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering
Software is behind the technological solutions that deliver many services to our society, which means that software security should not be considered a desirable feature anymore but more of a necessity. Protection of software is an endless labor that includes the improvement of security controls but also the understanding of the sources that induce incidents, which in many cases are due to bad implementation or assumptions of controls. As traditional methods may not be efficient in detecting those security assumptions, novel alternatives must be attempted. In this sense, Security Chaos Engineering (SCE) becomes an innovative methodology based on the definition of a steady state, a hypothesis, experiments, and metrics, which allow to identify failing components and ultimately protect assets under cyber risk scenarios. As an extension of a previous work, this paper presents ChaosXploit, an SCE-powered framework that employs a knowledge database, composed of attack trees, to expose vulnerabilities that exist in a software solution that has been previously defined as a target. The use of ChaosXploit may be part of a defensive security strategy to detect and correct software misconfigurations at an early stage. Finally, different experiments are described and executed to validate the feasibility of ChaosXploit in terms of auditing the security of cloud-managed services, i.e., Amazon buckets, which may be prone to misconfigurations and, consequently, targeted by potential cyberattacks