The global vulnerability discovery and disclosure system : a thematic system dynamics approach

Lewis, Paul Simon

January 2017

Vulnerabilities within software are the fundamental issue that provide both the means, and opportunity for malicious threat actors to compromise critical IT systems (Younis et al., 2016). Consequentially, the reduction of vulnerabilities within software should be of paramount importance, however, it is argued that software development practitioners have historically failed in reducing the risks associated with software vulnerabilities. This failure is illustrated in, and by the growth of software vulnerabilities over the past 20 years. This increase which is both unprecedented and unwelcome has led to an acknowledgement that novel and radical approaches to both understand the vulnerability discovery and disclosure system (VDDS) and to mitigate the risks associate with software vulnerability centred risk is needed (Bradbury, 2015; Marconato et al., 2012). The findings from this research show that whilst technological mitigations are vital, the social and economic features of the VDDS are of critical importance. For example, hitherto unknown systemic themes identified by this research are of key and include; Perception of Punishment; Vendor Interactions; Disclosure Stance; Ethical Considerations; Economic factors for Discovery and Disclosure and Emergence of New Vulnerability Markets. Each theme uniquely impacts the system, and ultimately the scale of vulnerability based risks. Within the research each theme within the VDDS is represented by several key variables which interact and shape the system. Specifically: Vender Sentiment; Vulnerability Removal Rate; Time to fix; Market Share; Participants within VDDS, Full and Coordinated Disclosure Ratio and Participant Activity. Each variable is quantified and explored, defining both the parameter space and progression over time. These variables are utilised within a system dynamic model to simulate differing policy strategies and assess the impact of these policies upon the VDDS. Three simulated vulnerability disclosure futures are hypothesised and are presented, characterised as depletion, steady and exponential with each scenario dependent upon the parameter space within the key variables.

005.8

Cyber security

Collaborative cyber security situational awareness

Almualla, Mohammed Humaid

January 2017

Situational awareness is often understood as the perception of environmental elements and comprehension of their meaning, and the projection of future status. The advancements in cyberspace technology have fuelled new business and opportunities, but also brought an element of risk to valued assets. Today, the growing gap between different types of cyber-attacks threatens governments and organisations, from individuals to highly organized sponsored teams capable of breaching the most sophisticated systems and the inability to cope with these emerging threats. There is a strong case to be made for effective Collaborative Cyber-Security Situational Awareness (CCSA) that is designed to protect valuable assets, making them more resilient to cybersecurity threats. Cybersecurity experts today must rethink the nature of security, and shift from a conventional approach that stresses protecting vulnerable assets to a larger, more effective framework with the aim of strengthening cyber assets, making them more resilient and part of a cybersecurity process that delivers greater value against cyber threats. This study introduces a new approach to understanding situational awareness of information sharing and collaboration using knowledge from existing situational awareness models. However, current situational awareness models lack resilience in supporting information systems infrastructure, addressing various vulnerabilities, identifying high priority threats and selecting mitigation techniques for cyber threats. The use of exploratory and explanatory analysis techniques executed by Structure Equation Modelling (SEM) allowed the examination of CCSA, in this study. Data from 377 cyber security practitioners affiliated to cybersecurity expert groups including computer emergency response team (CERT) and computer security incident response team (CSIRT) was gathered in the form of an electronic survey and analysed to discover insights and understand the mental model of those cybersecurity experts. Also, a finding from the SEM was the CSSA model aligned perfectly with the second-order Cybernetics model to test the theory in practice, confirming the possibility of using the proposed model in a practical application for this research. Furthermore, the SEM informed the design of the CCSA Environment where an empirical study was employed to verify and validate the CCSA theory in practice. In addition, the SEM informed the design of a behavioural anchor rating scale to measure participant situational awareness performance. The experiment results proved that when using the CCSA model and replicating real-world cyber-attack scenarios that the outcome of situational awareness performance was 61% more than those who did not employ the use of the CCSA model and associated dashboard tool. Further, it was found that both timeliness and accuracy are important in influencing the outcome of information sharing and collaboration in enhancing cyber situational awareness and decision-making. This thesis for the first time presents a novel CCSA theory which has been confirmed in practice. Firstly, this research work improves the outcome of effectiveness in cyber SA by identifying important variables related with the CCSA model. Second, it provides a new technique to measure operators' cyber SA performance. Secondly, it provides the necessary steps to employ information sharing in order to improve cyber security incorporated in the CCSA model. Finally, cybersecurity experts should collaborate to identify and close the gap between cybersecurity threats and execution capacity. The novel CCSA model validated in this research can be considered an effective solution in fighting and preventing cyber-attacks. Attainment of cyber security is driven by how information is both secured and presented between members to encourage the use of information sharing and collaboration to resolve cyber security threats in a timely and accurate manner. This research helps researchers and practitioners alike gain an understanding of key aspects of information sharing and collaboration in CSSA which is informed by the CCSA theory and new capability that the implementation of this theory has shown to deliver in practice.

A Virtualized Scada Laboratory for Research and Teaching

Thornton, Joseph Zachary

09 May 2015

This thesis describes a virtual Supervisory Control and Data Acquisition (SCADA) laboratory. This virtual laboratory was built using virtual devices that simulate industrial processes, emulate control system ladder logic functionality, and utilize control system communication protocols. Human machine interfaces (HMIs) were developed for distribution and testing, and commercially available HMIs were implemented. In addition to virtual devices and HMIs, attacks were implemented against this virtual system. Uses for this laboratory include both SCADA security research and pedagogy. The laboratory serves research purposes, as it utilizes industry standard SCADA communication protocols as well as commercial HMIs, and is capable of interfacing with physical SCADA equipment, and is also capable of producing volumes of industrial control system traffic. It also serves pedagogical purposes as several laboratory exercises were developed in conjunction with the simulators to demonstrate the workings of cyber-physical security in a classroom environment.

SCADA

Cyber-Security

Virtual

Laboratory

Security Weaknesses of the Android Advertising Ecosystem

Tate, Jeremy

27 January 2015

Mobile device security is becoming increasingly important as the number of devices that are used continues to grow and has surpassed one billion active devices globally. In this thesis, we will investigate the security of Android ad supported apps, security vulnerabilities that have been identified in the way those ads are delivered to the device and improvements that can be made to protect the privacy of the end user. To do this, we will discuss the Android architecture and the ecosystems of apps and ads on those devices. To better understand the threats to mobile devices, a threat analysis will be conducted, investigating the different attack vectors that devices are susceptible to. This will also include a survey of existing work that has been conducted within the realm of Android security and web based exploits. The specific attacks that are detailed in this research are addJavascriptInterface attacks against a WebView used to display an ad and information leakage from the ad URL request. These attack vectors are discussed in detail with applicability and feasibility studies conducted. The results of these attacks will be analyzed with a discussion of the methodology used to obtain them. In order to combat such attacks, there will also be discussion of potential solutions to mitigate the threats of attack from a variety of angles, to include steps that users can take to protect themselves as well as changes that should be made to the Android operating system itself. / Master of Science

Android

Cyber Security

Advertising Network

Wide spectrum attribution : using deception for attribution intelligence in cyber attacks

Nicholson, Andrew

January 2015

Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field.

600

Effective Cyber Security Strategies for Small Businesses

Cook, Kimberly Diane

01 January 2017

Disruptive technologies developed in the digital age expose individuals, businesses, and government entities to potential cyber security vulnerabilities. Through the conceptual framework of general systems theory, this multiple case study was used to explore the strategies among owners of 4 retail small- and medium-size enterprises (SMEs) in Melbourne, Florida, who successfully protected their businesses against cyber attacks. The data were collected from a review of archival company documents and semistructured interviews. Yin's 5-phased cycles for analyzing case studies provided the guidelines for the data analysis process. Three themes emerged from thematic analysis across the data sets: cyber security strategy, reliance on third-party vendors for infrastructure services, and cyber security awareness. The study findings indicated that the SME owners' successful cyber security strategies might serve as a foundational guide for others to assess and mitigate cyber threat vulnerabilities. The implications for positive social change include the potential to empower other SME owners, new entrepreneurs, and academic institutions with successful cyber security strategies and resources to affect changes within the community. SME owners who survive cyber attacks may spur economic growth by employing local residents, thus stimulating the socioeconomic lifecycle. Moreover, implementation of these successful strategies may catalyze consumer confidence, resulting in greater economic prosperity.

cyber security awareness

cyber security effectiveness

cyber security strategy

cyber security third party reliance

SME cyber security guidance

SMEs

National Resilience in Cyberspace: an analysis of the evolution of the United Kingdom's National Cyber Security Strategy and its response to dynamic cyber security challenges / National Resilience in CyberSpace: The UK's National Cyber Security Strategy Evolving Response to Dynamic Cyber Security Challenges

Johnson, Kailyn

January 2018

Criminals and other threat actors are adapting to the growing reliance individuals, organisations, and nations have upon technology and the internet and have augmented their capabilities to be oriented in that direction for malevolent purposes. Cyberspace has become an extremely large vulnerability for countries because it facilitates any person with access to a computer or other technology along with malicious intent, to cause harm. The increased risk people and organisations now face in cyberspace is not isolated to just them. Nations now are also at an increased risk because of the evolving ubiquity of cyberspace and technology. States are at risk of cyber threats because of vulnerabilities in individual citizens and organisations. Nations have now become intended targets by a larger spectrum of threat actors. This research examines how the United Kingdom has developed their specific national cyber security strategy to improve national resilience to threats, and how well the UK government adapts to an ever- changing threat landscape. The UK is still deficient in the appropriate and thorough execution of their proposed strategies and strategic policies to attain national resilience and security. There have been strides to achieve that goal, but the national strategy continues to fail to...

Automated Vulnerability Assessment of Mobile Device Vulnerabilities

Shambra, Stephen M

06 May 2017

Mobile device security presents a unique challenge in the realm of cyber security, one which is difficult to assess and ultimately defend. Mobile devices, like other computing devices, should possess a secure environment by which a mobile user may operate safely and securely. However, insecure coding when developing applications, incomplete assessment tools to determine platform/application security, and security shortcomings in the Android platform and mobile communications standards result in an insecure environment. This thesis presents an analysis of aspects of a Mobile Station to identify components that contribute to the attack surface. An investigation is conducted to highlight vulnerabilities at the Application, Communications, and Resource Layers. The thesis also identifies current efforts to assess and identify mobile vulnerabilities and weaknesses in application and system settings. Finally, an automated vulnerability assessment solution is developed and introduced in this thesis that can aid in combating potential threats to mobile security.

Vulnerability Assessment

Mobile Security

Cyber Security

Optimal Experimental Planning, Resilience, and Simulation Methods Applied to Cybersecurity Experimentation

Alomair, Abdullah A.

January 2021

No description available.

Engineering

Design of Experiments

Resilience

Simulation

Cyber-Security

An Expert-based Approach for Demand Curtailment Allocation Subject to Communications and Cyber Security Limitations

Bian, Desong

03 February 2017

A smart grid is different from a traditional power system in that it allows incorporation of intelligent features and functions, e.g., meter reading, adaptive demand response, integration of distributed energy sources, substation automation, etc. All these intelligent features and functions are achieved by choosing appropriate communication technologies and network structures for the smart grid appropriately. The objective of this dissertation is to develop an AHP (analytic hierarchy process) - based strategy for demand curtailment allocation that is subject to communications and cyber security limitations. Specifically, it: (1) proposes an electrical demand curtailment allocation strategy to keep the balance between supply and demand in case of the sudden supply shortage; (2) simulates the operation of the proposed demand curtailment allocation strategy considering the impact from communication network limitations and simultaneous operations of multiple smart grid applications sharing the same communication network; and (3) analyzes the performance of the proposed demand curtailment allocation strategy when selected cyber security technologies are implemented. These are explained in more details below. An AHP-based approach to electrical demand curtailment allocation management is proposed, which determines load reduction amounts at various segments of the network to maintain the balance between generation and demand. Appropriate communication technologies and the network topology are used to implement these load reduction amounts down to the end-user. In this proposed strategy, demand curtailment allocation is quantified taking into account the demand response potential and the load curtailment priority of each distribution substation. The proposed strategy helps allocate demand curtailment (MW) among distribution substations or feeders in an electric utility service area based on requirements of the central load dispatch center. To determine how rapidly the proposed demand curtailment strategy can be implemented, the capability of the communication network supporting the demand curtailment implementation needs to be evaluated. To evaluate the capability of different communication technologies, selected communication technologies are compared in terms of their latency, throughput, reliability, power consumption and implementation costs. Since a number of smart grid applications share the same communication network, the performance of this communication network is also evaluated considering simultaneous operation of popular smart grid applications. Lastly, limitations of using several cyber security technologies based on different encryption methods - 3EDS (Triple Data Encryption Standard), AES (Advanced Encryption Standard), Blowfish, etc. - in deploying the proposed demand curtailment allocation strategy are analyzed. / Ph. D.

AHP

Demand Response

Communication

Cyber Security