The Markov multi-phase transferable belief model : a data fusion theory for enhancing cyber situational awareness

Ioannou, Georgios

January 2015

eXfiltration Advanced Persistent Threats (XAPTs) increasingly account for incidents concerned with critical information exfiltration from High Valued Targets (HVT's) by terrorists, cyber criminals or enemy states. Existing Cyber Defence frameworks and data fusion models do not adequately address (i) the multi-stage nature of XAPTs and (ii) the uncertainty and conflicting information associated with XAPTs. A new data fusion theory, called the Markov Multi-phase Transferable Belief Model (MM-TBM) is developed, for tracking and predicting XAPTs. MM-TBM expands the attack kill-chain model to attack trees and introduces a novel approach for combining various sources of cyber evidence, which takes into account the multi-phased nature of XAPTs and the characteristics of the cyberspace. As a data fusion theory, MM-TBM constitutes a novel approach for performing hypothesis assessment and evidence combination across phases, by means of a new combination rule, called the Multi-phase Combination Rule with conflict Reset (MCR2). This is the first combination rule in the field of data fusion that formalises a new method for combining evidence from multiple, causally connected hypotheses spaces and eliminating the bias from preceding phases of the kill-chain. Moreover, this is the first time a data fusion theory utilises the conflict mass m(Ø) for identifying paradoxes. In addition, a diagnostic formula for managing missing pieces of evidence within attack trees is presented. MM-TBM is designed, developed and evaluated using a Design Science Research approach within two iterations. Evaluation is conducted in a relevant computer network environment using scenario-based testing. The experimental design has been reviewed and approved by Cyber Security Subject Matter Experts from MoD’s Defence Science Technology Laboratory and Airbus Group. The experimental results validate the novel capabilities introduced by the new MM-TBM theory to Cyber Defence in the presence of information clutter, conflict and congestion. Furthermore, the results underpin the importance of selecting an optimal sampling policy to effectively track and predict XAPTs. This PhD bridges the gaps in the body of knowledge concerned with multi-phase fusion under uncertainty and Cyber SA against XAPTs. MM-TBM is a novel mathematical fusion theory for managing applications that existing fusion models do not address. This research has demonstrated MM-TBM enables the successful Tracking and Prediction of XAPTs to deliver an enhanced Cyber SA capability.

A Framework for Enforcing Role Based Access Control in Open Source Software

Manning, Francis Jay

01 January 2013

While Role Based Access Control (RBAC) has been a popular topic of research over the last several years, there are some gaps in the literature that have been waiting to be addressed. One of these gaps involves the application of RBAC to free and open source software (FOSS). With the prevalence of FOSS in most information systems growing rapidly, there is a need to be able to provide a level of confidence that the software will not compromise the data integrity of an environment, nor will it enable the violation of established access controls. Additionally, when utilizing FOSS software it is desirable to do so without having to modify its source code whenever an update is released in order to maintain a secure environment; this makes adding proprietary modules both time consuming and expensive. The challenges involved in maintaining proprietary changes to FOSS generates a particular interest in an RBAC environment that could be deployed without requiring modification to the source code. Developing this type of a framework presented a significant challenge due to the software having been established prior to the definition of any security requirements that would have to be applied by the proposed framework. What this research paper shows are the results of the development of a software framework that allowed security requirements engineering to seamlessly meld with an application after it had already been developed. This framework provided a mechanism to measurably reduce the attack surface of the application against which the framework was implemented, while performing these tasks without requiring alterations to the source code of the application. Additionally, this research introduced a mechanism that was utilized to measure the effectiveness of the framework. This mechanism provided a means of comparing the relative effectiveness of different frameworks against the same software, as well as the effectiveness of a framework against different pieces of software.

AOP

AspectJ

attack graph

FOSS

RBAC

security

Computer Sciences

Trestněprávní a kriminologické aspekty kyberkriminality se zaměřením na útoky typu odepření služby / Criminal and criminological aspects of cybercrime with a focus on denial of service attacks

Přívozník, Lukáš

January 2019

Criminal and criminological aspects of cybercrime with a focus on denial of service attacks Abstract The aim of this master thesis is to analyze the criminal law assessment of denial of service (DoS) cyber-attacks and related criminological aspects. The author deals with the technical characteristics and typology of this type of attack. He analyzes its individual variants, as the way of performing the attack, that is reflected in its criminal assessment. The thesis also describes the facts concerning the largest series of DoS attacks that occurred in the Czech Republic in 2013. Next, the author deals with the criminological aspects of cybercrime, namely its expansion and latency, the perpetrators and victims of the denial of service attack and related prevention, including techniques and methods of defense against this attack. In the main part of the thesis, the author analyzes the criminal law aspects of this specific type of crime. The thesis deals with the development of law in this area at international level, within the European Union and at national level. It also deals with the analysis of the factual situation of cybercrime provided for in Sections 230 to 232 of the Criminal Code and the criminal law assessment of individual variants of the attack. The thesis deals with related problematic points,...

Side Channel Leakage Exploitation, Mitigation and Detection of Emerging Cryptosystems

Chen, Cong

26 March 2018

With the emerging computing technologies and applications in the past decades, cryptography is facing tremendous challenges in its position of guarding our digital world. The advent of quantum computers is potentially going to cease the dominance of RSA and other public key algorithms based on hard problems of factorization and discrete logarithm. In order to protect the Internet at post-quantum era, great efforts have been dedicated to the design of RSA substitutions. One of them is code- based McEliece public key schemes which are immune to quantum attacks. Meanwhile, new infrastructures like Internet of Things are bringing the world enormous benefits but, due to the resource-constrained nature, require compact and still reliable cryptographic solutions. Motivated by this, many lightweight cryptographic algorithms are introduced. Nevertheless, side channel attack is still a practical threat for implementations of these new algorithms if no countermeasures are employed. In the past decades two major categories of side channel countermeasures, namely masking and hiding, have been studied to mitigate the threat of such attacks. As a masking countermeasure, Threshold Implementation becomes popular in recent years. It is sound in providing provable side channel resistance for hardware-based cryptosystems but meanwhile it also incurs significant overheads which need further optimization for constrained applications. Masking, especially for higher order masking schemes, requires low signal-to-noise ratio to be effective which can be achieved by applying hiding countermeasures. In order to evaluate side channel resistance of countermeasures, several tools have been introduced. Due to its simplicity, TVLA is being accepted by academy and industry as a one-size-fit-all leakage detection methodolgy that can be used by non-experts. However, its effectiveness can be negatively impacted by environmental factors such as temperature variations. Thus, a robust and simple evaluation method is desired. In this dissertation, we first show how differential power analysis can efficiently exploit the power consumption of a McEliece implementation to recover the private key. Then, we apply Threshold Implementation scheme in order to protect from the proposed attack. This is, to the best of our knowledge, the first time of applying Threshold Implementation in a public key cryptosystem. Next, we investigate the reduction of shares in Threshold Implementation so as to bring down its overhead for constrained applications. Our study shows that Threshold Implementation using only two shares reduces the overheads while still provides reliable first-order resistance but in the meantime it also leaks a strong second-order leakage. We also propose a hiding countermeasure, namely balanced encoding scheme based on the idea of Dual- Rail Pre-charge logic style in hardwares. We show that it is effective to mitigate the leakage and can be combined with masking schemes to achieve better resistance. Finally, we study paired t-test versus Welch's t-test in the original TVLA and show its robustness against environmental noises. We also found that using moving average in computing t statistics can detect higher-order leakage faster.

post-quantum crypto

t-test

Threshold Implementations

Side channel attack

Systematic Vulnerability Evaluation of Interoperable Medical Device System using Attack Trees

Xu, Jian

10 December 2015

"Security for medical devices has gained some attractions in the recent years following some well- publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. Medical devices are however becoming increasingly interconnected and interoperable as a way to improve patient safety, decrease false alarms, and reduce clinician cognitive workload. Given the nature of interoperable medical devices (IMDs), attacks on IMDs can have devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. A useful way of performing threat analysis of any system is to use attack trees. Attack trees are conceptual, multi-leveled diagrams showing how an asset, or target, might be attacked. They provide a formal, methodical way of describing the threats to a system. Developing attack trees for any system is however non-trivial and requires considerable expertise in identifying the various attack vectors. IMDs are typically deployed in hospitals by clinicians and clinical engineers who may not posses such expertise. We therefore develop a methodology that will enable the automated generation of attack trees for IMDs based on a description of the IMD operational workflow and list of safety hazards that need to be avoided during its operation. Additionally, we use the generated attack trees to quantify the security condition of the IMD instance being analyzed. Both these pieces of information can be provided by the users of IMDs in a care facility. The contributions of this paper are: (1) a methodology for automated generation of attack trees for IMDs using process modeling and hazard analysis, and (2) a demonstration of the viability of the methodology for a specific IMD setup called Patient Controlled Analgesia (PCA- IMD), which is used for delivering pain medication to patients in hospitals."

Attack Trees

Interoperable Medical Device System

Vulnerability Evaluation

Detection of Man-in-the-middle Attacks Using Physical Layer Wireless Security Techniques

Wang, Le

27 August 2013

"In a wireless network environment, all the users are able to access the wireless channel. Thus, if malicious users exploit this feature by mimicking the characteristics of a normal user or even the central wireless access point (AP), they can intercept almost all the information through the network. This scenario is referred as a Man-in-the-middle (MITM) attack. In the MITM attack, the attackers usually set up a rogue AP to spoof the clients. In this thesis, we focus on the detection of MITM attacks in Wi-Fi networks. The thesis introduces the entire process of performing and detecting the MITM attack in two separate sections. The first section starts from creating a rogue AP by imitating the characteristics of the legitimate AP. Then a multi-point jamming attack is conducted to kidnap the clients and force them to connect to the rogue AP. Furthermore, the sniffer software is used to intercept the private information passing through the rogue AP. The second section focuses on the detection of MITM attacks from two aspects: jamming attacks detection and rogue AP detection. In order to enable the network to perform defensive strategies more effectively, distinguishing different types of jamming attacks is necessary. We begin by using signal strength consistency mechanism in order to detect jamming attacks. Then, based on the statistical data of packets send ratio (PSR) and packets delivery ratio (PDR) in different jamming situations, a model is built to further differentiate the jamming attacks. At the same time, we gather the received signal strength indication (RSSI) values from three monitor nodes which process the random RSSI values employing a sliding window algorithm. According to the mean and standard deviation curve of RSSI, we can detect if a rogue AP is present within the vicinity. All these proposed approaches, either attack or detection, have been validated via computer simulations and experimental hardware implementations including Backtrack 5 Tools and MATLAB software suite. "

RSSI

Jamming attack

rogue AP

MITM

Wi-Fi

A comparative analysis of small combatant ships

Sullivan, Paul Edward

January 1980

Thesis (Ocean E)--Massachusetts Institute of Technology, Dept. of Ocean Engineering, 1980. / MICROFICHE COPY AVAILABLE IN ARCHIVES AND ENGINEERING. / Bibliography: leaves 177-179. / by Paul Edward Sullivan. / Ocean E

Ocean Engineering.

Warships

Fast attack craft

Naval architecture

Investigating the invisible cord : an analytical autoethnography of first panic attack

Stephenson-Huxford, Michael

January 2018

The phenomenon of panic is one of the most unedifying experiences to inflict the human condition. It is a globally-recognised problem regularly encountered in psychotherapeutic practice. Whilst it is thought that distressing psychological and social (‘psychosocial’) problems might help account for this experience, the precise role they play - particularly in first onset - remains difficult to fathom. For example, whilst there is evidence to suggest that stress related to an individual’s family and work life, marital circumstances, age and gender appear linked with initial episodes of panic, these and many associated stressors people endure remain largely under-researched. Following an inquiry aim that recognises the social construction of reality, this research offers an insight into my first experience of panic attack (my being both a panic sufferer and psychotherapist). The aim was to identify an ‘invisible cord’ (e.g. a series of causally linked stressful life events) related to my panic. These events are typically thought to be found in the twelve months prior to first onset and hold important clues to an individual’s recovery. Hence my research question was: ‘What sense can be made of the invisible cord of events leading to my first experience of panic attack’? Using analytical autoethnographic methods to guide this research, significant personal events were discovered and are presented here in the findings. The earliest events uncovered would stretch back far longer than twelve months; with a series of five scenarios plotted from childhood to my mid-forties. To ensure that this research remained an exercise in critical thinking, each event was then examined alongside broader psychosocial theory and frameworks; offering a connected analysis of this first attack and contingent factors. A summary follows, ‘pulling together’ aspects of this undertaking and offering implications for practice. For example, having only made visible elements of my stressful cord by means of the analytical methods at my disposal (including use of collage and timelines) I suggest that such tools might routinely help other panic sufferers in retracing their past. Equally, in learning that my (often confused) Christian faith was implicated in this panic, I advance that we, as therapists, must remain vigilant to matters of client spirituality: noting that traditional forms of religious guidance are receding in an increasingly sceptical UK society. The thesis concludes with a personal reflection that aims to facilitate a deeper understanding of my research journey.

Efeito neuroprotetor do prÃ-condicionamento por estresse de contensÃo sobre a lesÃo induzida por breve mudanÃa subcrÃtica isquÃmica: papel dos receptores A1 da adenosina. / Pre-conditioning induced by restraint stress provides protection against transient cerebral ischemia: Role of adenosine A1 receptors.

Ailton Teles Fontenele Filho

18 February 2009

CoordenaÃÃo de AperfeiÃoamento de Pessoal de NÃvel Superior / O acidente vascular cerebral, doenÃa incapacitante e terceira causa de morte em paÃses desenvolvidos à caracterizada pela interrupÃÃo ou reduÃÃo do fluxo sangÃÃneo para o cÃrebro capaz de causar alteraÃÃo na funÃÃo cerebral. Sabe-se que o receptor A1 da adenosina possui um papel chave na neuroproteÃÃo devido à diminuiÃÃo da liberaÃÃo de glutamato e hiperpolarizaÃÃo neuronal. O objetivo desse trabalho foi determinar os efeitos do prÃ-condicionamento por estresse de contensÃo em ratos submetidos à isquemia cerebral transitÃria (ICT) por oclusÃo bilateral das carÃtidas e a participaÃÃo dos receptores A1 da adenosina nesse processo. Inicialmente, ratos Wistar machos, entre 200-240g, foram submetidos ao estresse de contensÃo (ST) em cilindros por 2h e imediatamente depois submetidos à ICT pela oclusÃo de ambas as artÃrias carÃtidas durante 30min. Um dos grupos dos animais foi prÃ-tratado com o antagonista do receptor A1 da adenosina, DPCPX, antes do estresse de contensÃo nas doses de 0,1mg/kg ou 1mg/kg. A temperatura retal foi monitorada e mantida a 37ÂC atravÃs de uma luz incandescente. Vinte e quatro horas depois do tÃrmino da ICT os animais foram sacrificados, tiveram seus cÃrebros dissecados, seccionados e imersos em soluÃÃo de Cloreto de 2,3,5-Trifeniltetrazol (TTC) a 1% por 30 min. para analise da viabilidade do tecido cerebral. Os testes comportamentais foram efetuados 72h apÃs a ICT e consistiram em Teste do Campo Aberto para a atividade locomotora, Labirinto em Y para a memÃria operacional ou de procedimento e Esquiva Passiva para aferiÃÃo da memÃria aversiva de curta e longa duraÃÃo. Os animais submetidos à ICT tiveram dano no tecido cerebral (FO= 10,36  0,75%; ISQ= 18,52  2,62%) alÃm de diminuiÃÃo no comportamento exploratÃrio de rearing (no de eventos: FO= 5,00 1,23; ISQ= 1,50  0,72) e dÃficit da memÃria aversiva de longa duraÃÃo (FO= 271,2  17,61s; ISQ= 108,4 67,64s). Nenhuma diferenÃa significativa foi encontrada no nÃmero de cruzamentos em Campo Aberto (FO= 15,71 2,02; ISQ= 11,00 2,13), na memÃria de procedimento (FO= 70,16  5,77; ISQ= 71,37  7,94), ou na memÃria aversiva de curta duraÃÃo (FO= 145,9  42,75; ISQ= 113,1  64,97).Os animais prÃ-condicionados por estresse tiveram uma reduÃÃo na taxa de infarto cerebral (FO= 10,36  0,75%; ISQ= 18,52  2,62%; ISQ+ST= 12,59  0,87%) e um retorno aos nÃveis normais do comportamento de rearing observado no teste do campo aberto (FO= 5,00 1,23; ISQ= 1,50 0,72; ISQ+ST= 6,091 1,443). No teste de esquiva passiva, observamos uma tendÃncia à melhora da memÃria aversiva de longa duraÃÃo (FO= 271,2  17,61s; ISQ= 108,4 67,64s; ISQ+ST= 156,1Â45,81s). Quando tratados com o DPCPX na dose de 1mg/kg, os animais tiveram um bloqueio da neuroproteÃÃo obtida com o prÃ-condicionamento (ISQ= 18,52  2,62%; ISQ+ST= 12,59  0,87%; ISQ+ST+DPCPX 1= 19,95  3,38%), aumento no nÃmero de rearings que havia sido normalizada pela contensÃo (ISQ= 1,50 0,72; ISQ+ST= 6,091 1,443; ISQ+ST+DPCPX 1= 3,20 0,90) e uma tendÃncia à reversÃo dos efeitos do prÃ-condicionamento na memÃria aversiva de longa duraÃÃo (ISQ= 108,4 67,64s; ISQ+ST= 156,1Â45,81s; ISQ+ST+DPCPX 1= 88,61 38,83s). O estresse de contensÃo conferiu neuroproteÃÃo aos animais submetidos à ICT e tal neuroproteÃÃo foi perdida pelo tratamento prÃvio com DPCPX. Esses achados apontam para a participaÃÃo do receptor A1 da adenosina na proteÃÃo conferida por estresse de contensÃo por mecanismos que ainda precisam ser esclarecidos. / Stroke,as disabling disease and as third cause death in developed countries, is characterized for the interruption of cerebral blood flow capable to cause alteration on brain functions. It is well established that the activation of A1 adenosine receptor confers neuroprotection against acute noxious brains stimuli. The aim of this study was to investigate the effects of preconditionnement by restraint stress on rats subjected to transient cerebral ischemia (TCI) and the participation of A1 receptor in this process. Firstly, Wistar male rats weighing 200-240g were exposed to immobilisation stress for 2 hours followed to TCI by occlusion of both carotid arteries for 30 minutes. Group of animals were pretreated with A1 receptor antagonist DPCPX (0,1mg/kg or 1 mg/kg. i.p.) before immobilisation stress. Retal temperature was monitored and 37ÂC were maintened during cirurgical procedure using a heating light. Infarct size was determined by TTC staining 24h after TCI and the behavioral tests were performed after 72 hours. Open field test were used to assess locomotor activity, Y-maze test for working memory and passive avoidance test to aversive short and long term memory evaluation. Our results showed that TCI caused damage on brain tissue (sham operated= 10.36  0.75%; ISC= 18.52  2.62%), decreased the vertical exploratory behavior (number of events: sham= 5.00  1.23; ISC= 1.50  0.72) and deficit on long term aversive memory (sham= 271.2  17.61s; ISC= 108.4  67.64s). No differences were found on the crossing behavior (sham= 15.71  2.02; ISC= 11.00  2.13), working memory (sham= 70.16  5.77; ISC= 71.37  7.94) neither short term memory (sham= 145.9  42.75; ISC= 113.1  64.97). The infarct volume rates on restraint stress (RS) group were significantly less than ischemic (ISC) group (sham= 10.36  0.75%; ISC= 18.52  2.62%; RS= 12.59  0.87%) while the number of rearing were significantly higher (sham= 5.00 1.23; ISC= 1.50 0.72; RS= 6.091 1.443). On the passive avoidance test, restraint stress tend to impair the ischemic damage on the long term memory (sham= 271.2  17.61s; ISC= 108.4  67.64s; RS= 156.1  45.81s). When treated with DPCPX (1mg/kg) the infarct size show an increase (ISC= 18.52  2.62%; RS = 12.59  0.87%; DPCPX= 19.95  3.38%) suggesting a blockade of neuroprotection action achieved by restraint stress. DPCPX also decreased the number of rearing on the open field test (ISC= 1.50  0.72; RS= 6.091 1.443; DPCPX = 3.20  0.90) and tend to reverse the improvement of long term aversive memory accessed by restraint stress (ISC= 108.4  67.64s; RS= 156.1  45.81s; DPCPX 1= 88.61 38.83s). This work showed a neuroprotection of pre conditioning restraint stress against cerebral ischemia and the blockade of this action by a previously administration of DPCPX, A1 adenosine antagonist. These findings point to the involvement of the A1 adenosine receptor in the protection conferred by restraint stress by mechanisms that still need to be clarified.

Estresse

CafeÃna

FARMACOLOGIA

Analysis and Management of Security State for Large-Scale Data Center Networks

January 2018

abstract: With the increasing complexity of computing systems and the rise in the number of risks and vulnerabilities, it is necessary to provide a scalable security situation awareness tool to assist the system administrator in protecting the critical assets, as well as managing the security state of the system. There are many methods to provide security states' analysis and management. For instance, by using a Firewall to manage the security state, and/or a graphical analysis tools such as attack graphs for analysis. Attack Graphs are powerful graphical security analysis tools as they provide a visual representation of all possible attack scenarios that an attacker may take to exploit system vulnerabilities. The attack graph's scalability, however, is a major concern for enumerating all possible attack scenarios as it is considered an NP-complete problem. There have been many research work trying to come up with a scalable solution for the attack graph. Nevertheless, non-practical attack graph based solutions have been used in practice for realtime security analysis. In this thesis, a new framework, namely 3S (Scalable Security Sates) analysis framework is proposed, which present a new approach of utilizing Software-Defined Networking (SDN)-based distributed firewall capabilities and the concept of stateful data plane to construct scalable attack graphs in near-realtime, which is a practical approach to use attack graph for realtime security decisions. The goal of the proposed work is to control reachability information between different datacenter segments to reduce the dependencies among vulnerabilities and restrict the attack graph analysis in a relative small scope. The proposed framework is based on SDN's programmable capabilities to adjust the distributed firewall policies dynamically according to security situations during the running time. It apply white-list-based security policies to limit the attacker's capability from moving or exploiting different segments by only allowing uni-directional vulnerability dependency links between segments. Specifically, several test cases will be presented with various attack scenarios and analyze how distributed firewall and stateful SDN data plan can significantly reduce the security states construction and analysis. The proposed approach proved to achieve a percentage of improvement over 61% in comparison with prior modules were SDN and distributed firewall are not in use. / Dissertation/Thesis / Masters Thesis Computer Engineering 2018

Computer science

Attack Graphs

Distributed Firewall

Scalability

SDN