Global ETD Search

831	The Training Deficiency in Corporate America: Training Security Professionals to Protect Sensitive Information Johnson, Kenneth Tyrone 01 January 2017 (has links) Increased internal and external training approaches are elements senior leaders need to know before creating a training plan for security professionals to protect sensitive information. The purpose of this qualitative case study was to explore training strategies telecommunication industry leaders use to ensure security professionals can protect sensitive information. The population consisted of 3 senior leaders in a large telecommunication company located in Dallas, Texas that has a large footprint of securing sensitive information. The conceptual framework on which this study was based was the security risk planning model. Semistructured interviews and document reviews helped to support the findings of this study. Using the thematic approach, 3 major themes emerged. The 3 themes included security training is required for all professionals, different approaches to training are beneficial, and using internal and external training's to complement each other. The findings revealed senior leaders used different variations of training programs to train security professionals on how to protect sensitive information. The senior leaders' highest priority was the ability to ensure all personnel accessing the network received the proper training. The findings may contribute to social change by enhancing area schools' technology programs with evolving cyber security technology, helping kids detect and eradicate threats before any loss of sensitive information occurs. Cyber security Security professionals Sensitive Information Training Databases and Information Systems
832	High Assurance Models for Secure Systems Almohri, Hussain 08 May 2013 (has links) Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and mobile devices that suffer from vulnerabilities, which allow the execution of various cyber attacks, and, (ii) poor security and system configurations that create loopholes used by attackers to bypass implemented security defenses. Complex attacks on large networks are only possible with the existence of vulnerable intermediate machines, routers, or mobile devices (that we refer to as network components) in the network. Vulnerabilities in highly connected servers and workstations, that compromise the heart of today's networks, are inevitable. Also, modern mobile devices with known vulnerabilities cause an increasing risk on large networks. Thus, weak security mechanisms in vulnerable network components open the possibilities for effective network attacks On the other hand, lack of systematic methods for an effective static analysis of an overall complex network results in inconsistent and vulnerable configurations at individual network components as well as at the network level. For example, inconsistency and faults in designing firewall rules at a host may result in enabling more attack vector. Further, the dynamic nature of networks with changing network configurations, machine availability and connectivity, make the security analysis a challenging task This work presents a hybrid approach to security by providing two solutions for analyzing the overall security of large organizational networks, and a runtime framework for protecting individual network components against misuse of system resources by cyber attackers. We observe that to secure an overall computing environment, a static analysis of a network is not sufficient. Thus, we couple our analysis with a framework to secure individual network components including high performance machines as well as mobile devices that repeatedly enter and leave networks. We also realize the need for advancing the theoretical foundations for analyzing the security of large networks. To analyze the security of large enterprise network, we present the first scientific attempt to compute an optimized distribution of defensive resources with the objective of minimizing the chances of successful attacks. To achieve this minimization, we develop a rigorous probabilistic model that quantitatively measures the chances of a successful attack on any network component. Our model provides a solid theoretical foundation that enables efficient computation of unknown success probabilities on every stage of a network attack. We design an algorithm that uses the computed attack probabilities for optimizing security configurations of a network. Our optimization algorithm uses state of the art sequential linear programming to approximate the solution to a complex single objective nonlinear minimization problem that formalizes various attack steps and candidate defenses at the granularity of attack stages. To protect individual network components, we develop a new approach under our novel idea of em process authentication. We argue that to provide high assurance security, enforcing authorization is necessary but not sufficient. In fact, existing authorization systems lack a strong and reliable process authentication model for preventing the execution of malicious processes (i.e., processes that intentionally contain malicious goals that violate integrity and confidentiality of legitimate processes and data). Authentication is specially critical when malicious processes may use various system vulnerabilities to install on the system and stealthily execute without the user's consent. We design and implement the Application Authentication (A2) framework that is capable of monitoring application executions and ensuring proper authentication of application processes. A2 has the advantage of strong security guarantees, efficient runtime execution, and compatibility with legacy applications. This authentication framework reduces the risk of infection by powerful malicious applications that may disrupt proper execution of legitimate applications, steal users' private data, and spread across the entire organizational network. Our process authentication model is extended and applied to the Android platform. As Android imposes its unique challenges (e.g., virtualized application execution model), our design and implementation of process authentication is extended to address these challenges. Per our results, process authentication in Android can protect the system against various critical vulnerabilities such as privilege escalation attacks and drive by downloads. To demonstrate process authentication in Android, we implement DroidBarrier. As a runtime system, DroidBarrier includes an authentication component and a lightweight permission system to protect legitimate applications and secret authentication information in the file system. Our implementation of DroidBarrier is compatible with the Android runtime (with no need for modifications) and shows efficient performance with negligible penalties in I/O operations and process creations. / Ph. D. Systems Security Authentication Mathematical Programming Optimization Security Risk
833	Multi-Dimensional Identification of Vulnerable Access Control in Mobile Applications Chaoshun, Zuo January 2020 (has links) No description available. Computer Science
834	Physical Security Assessment of a Regional University Computer Network Timbs, Nathan H 01 December 2013 (has links) (PDF) Assessing a network's physical security is an essential step in securing its data. This document describes the design, implementation, and validation of PSATool, a prototype application for assessing the physical security of a network's intermediate distribution frames, or IDFs (a.k.a. "wiring closets"). PSATool was created to address a lack of tools for IDF assessment. It implements a checklist-based protocol for assessing compliance with 52 security requirements compiled from federal and international standards. This checklist can be extended according to organizational needs. PSATool was validated by using it to assess physical security at 135 IDFs at East Tennessee State University. PSATool exposed 95 threats, hazards, and vulnerabilities in 82 IDFs. A control was recommended for each threat, hazard, and vulnerability discovered. The administrators of ETSU's network concluded that PSATool's results agreed with their informal sense of these IDFs' physical security, while providing documented support for improvements to IDF security. Physical Security Assessment Information Assurance Security Requirements Computer Sciences
835	Analyzing and Improving Security-Enhanced Communication Protocols Weicheng Wang (17349748) 08 November 2023 (has links) <p dir="ltr">Security and privacy are one of the top concerns when experts select for communication protocols. When a protocol is confirmed with problems, such as leaking users’ privacy, the protocol developers will upgrade it to an advanced version to cover those concerns in a short interval, or the protocol will be discarded or replaced by other secured ones. </p><p dir="ltr">There are always communication protocols failing to protect users’ privacy or exposing users’ accounts under attack. A malicious user or an attacker can utilize the vulnerabilities in the protocol to gain private information, or even take control of the users’ devices. Hence, it is important to expose those protocols and improve them to enhance the security properties. Some protocols protect users’ privacy but in a less efficient way. Due to the new cryptography technique or the modern hardware support, the protocols can be improved with less overhead and enhanced security protection. </p><p dir="ltr">In this dissertation, we focus on analyzing and improving security-enhanced communication protocols in three aspects: </p><p dir="ltr">(1) We systematically analyzed an existing and widely used communication protocol: Zigbee. We identified the vulnerabilities of the existing Zigbee protocols during the new device joining process and proposed a security-enhanced Zigbee protocol. The new protocol utilized public-key primitives with little extra overhead with capabilities to protect against the outsourced attackers. The new protocol is formally verified and implemented with a prototype. </p><p dir="ltr">(2) We explored one type of communication detection system: Keyword-based deep packet inspection. The system has several protocols, such as BlindBox, PrivDPI, PE-DPI, mbTLS, and so on. We analyzed those protocols and identified their vulnerabilities or inefficiencies. To address those issues, we proposed three enhanced protocols: MT-DPI, BH-DPI, and CE-DPI which work readily with AES-based encryption schemes deployed and well-supported by AES-NI. Specifically, MT-DPI utilized multiplicative triples to support multi-party computation. </p><p dir="ltr">(3) We developed a technique to support Distributed confidential computing with the use of a trusted execution environment. We found that the existing confidential computing cannot handle multiple-stakeholder scenarios well and did not give reasonable control over derived data after computation. We analyzed six real use cases and pointed out what is missing in the existing solutions. To bridge the gap, we developed a language SeDS policy that was built on top of the trusted execution environment. It works well for specific privacy needs during the collaboration and gives protection over the derived data. We examined the language in the use cases and showed the benefits of applying the new policies.</p> Data and information privacy Data security and protection security privacy communication protocol
836	Leveraging Security Data for a Quantitative Evaluation of Security Mitigation Strategies Di Tizio, Giorgio 26 April 2023 (has links) Keeping users’ and organizations’ data secure is a challenging task. The situation is made more complicated due to the ever-increasing complex dependencies among IT systems. In this scenario, current approaches for risk assessment and mitigation rely on industry best practices based on qualitative assessments that do not provide any measure of their effectiveness. In this Thesis, we argue that the rich availability of data about IT infrastructures and adversaries must be employed to quantitatively measure the risk and the effectiveness of security mitigation strategies. Our goal is to show that quantitative measures of effectiveness and cost using security data are not only possible but also beneficial for both individual users and organizations to identify the most appropriate security plan. To this aim, we employed a heterogeneous set of security data spanning from blacklist feeds and software vulnerability repositories to web third-party dynamics, criminal forums, and threat intelligence reports. We use this data to model attackers and security mitigation strategies and evaluate their effectiveness in mitigating attacks. We start with an evaluation of filter lists of privacy extensions to protect individuals’ privacy when browsing the Web. We then consider the security of billions of users accessing the Top 5K Alexa domains and evaluated the effectiveness and cost of security mitigations at different levels of the Internet infrastructure. We then evaluate the accuracy of SOC analysts in investigating alerts related to cyber attacks targeting a network. Finally, we develop methodologies for the analysis of the effectiveness of ML models to detect criminal discussions in forums and software updates to protect against targeted attacks performed by nation-state groups.
837	Automatic Detection of Security Deficiencies and Refactoring Advises for Microservices Ünver, Burak January 2023 (has links) The microservice architecture enables organizationsto shorten development cycles and deliver cloud-native applicationsrapidly. However, it also brings security concerns thatneed to be addressed by developers. Therefore, security testingin microservices becomes even more critical. Recent researchpapers indicate that security testing of microservices is oftenneglected for reasons such as lack of time, lack of experience inthe security domain, and absence of automated test environments.Even though several security scanning tools exist to detectcontainer, containerized workload management (Kubernetes),and network issues, none individually is sufficient to cover allsecurity problems in microservices. Using multiple scanning toolsincreases the complexity of analyzing findings and mitigatingsecurity vulnerabilities. This paper presents a fully automatedtest tool suite that can help developers address security issuesin microservices and resolve them. It targets to reduce timeand effort in security activities by encapsulating open-sourcescanning tools into one suite and providing improved feedback.The developed security scanning suite is named Pomegranate.To develop Pomegranate, we employed Design Science andconducted our investigation in Ericsson. We have evaluated ourtool using a static approach. The evaluation results indicate thatthe Pomegranate could be helpful to developers by providingsimplified and classified outputs for security vulnerabilities inmicroservices. More than half of the practitioners who give usfeedback found Pomegranate helpful in detecting and mitigatingsecurity problems in microservices. We conclude that a fullyautomated test tool suite can help developers to address mostsecurity issues in microservices. Based on the findings in thispaper, the direction for future work is to conduct a dynamicvalidation of Pomegranate in a live project. Microservices Security Kubernetes Security Scanning Tools Software Engineering Programvaruteknik
838	Modeling risk analysis of a layered commercial solution for a classified program when a patient attacker is present Farnam, Marsella 30 April 2021 (has links) Layered security systems pose significant challenges while attempting to monitor security related activities. The varying attributes embedded within each layer as well as the attribute interdependencies within and across layers takes measurement complexity to an exponential state. The many interdependencies at play in an interconnected infrastructure further exacerbates the ability to measure overall security assurance. Then enters the patient attacker who infiltrates one layer of this security system and waits for the opportune time to infiltrate another layer. The ability to simulate and understand risk with respect to time in this dynamic environment is critical to the decision maker who must work under time and cost constraints. This thesis seeks to improve methods for interdependent risk assessment particularly when a patient attacker is present. attributes layered security interdependent risk classified security simulation
839	An Approach To Graph-Based Modeling Of Network Exploitations Li, Wei 10 December 2005 (has links) Computer security professionals and researchers are investigating proactive techniques for studying network-based attack behavior. Attack modeling is one of these research areas. In this dissertation, we address a novel attack modeling technique called an exploitation graph (e-graph) for representing attack scenarios. The key assumption in this research is that we can use exploitation graphs to represent attack scenarios, and methods involving e-graphs can be applied to provide vulnerability mitigation strategies. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. Each v-graph shows necessary preconditions in order to make the vulnerability exploitable, and post-conditions that denote effects after a successful exploitation. A template is used to facilitate the definition of preconditions and post-conditions. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Network topology information and security policies (e.g., firewall rules) are encoded during the modeling process. A set of experiments were designed to test the modeling approach in a cluster computing environment consisting of one server node and eight internal computing nodes. Experimental results showed that e-graphs can be used to evaluate vulnerability mitigation solutions, e.g., identifying critical vulnerabilities and evaluating firewall policies. The third step of this process focuses on devising graph-simplification techniques for large e-graphs. Efficient graph-simplification techniques are described based on host and exploitation similarity. The most distinctive feature of these techniques is that, they help to simplify the most complex graph-generation process and do not require excessive memory storage. Experimental results showed that these techniques can not only reduce the size of e-graphs substantially, but also preserve most information needed for useful attack scenario analysis. The usefulness of the e-graph approach is shown in this dissertation. As a general approach for system administrators, the proposed techniques can be used in, but is not limited to, the cluster-computing environment in providing proactive Vulnerability Assessment (VA) strategies. exploitation graph e-graph vulnerability assessment network security computer security
840	Enhancing Software Security through Modeling Attacker Profiles Hussein, Nesrin 21 September 2018 (has links) No description available. Computer Science security requirements Non-functional requirements security related test cases

Search results