A framework and theory for cyber security assessments

Sommestad, Teodor

January 2012

Information technology (IT) is critical and valuable to our society. An important type of IT system is Supervisor Control And Data Acquisition (SCADA) systems. These systems are used to control and monitor physical industrial processes like electrical power supply, water supply and railroad transport. Since our society is heavily dependent on these industrial processes we are also dependent on the behavior of our SCADA systems. SCADA systems have become (and continue to be) integrated with other IT systems they are thereby becoming increasingly vulnerable to cyber threats. Decision makers need to assess the security that a SCADA system’s architecture offers in order to make informed decisions concerning its appropriateness. However, data collection costs often restrict how much information that can be collected about the SCADA system’s architecture and it is difficult for a decision maker to know how important different variables are or what their value mean for the SCADA system’s security. The contribution of this thesis is a modeling framework and a theory to support cyber security vulnerability assessments. It has a particular focus on SCADA systems. The thesis is a composite of six papers. Paper A describes a template stating how probabilistic relational models can be used to connect architecture models with cyber security theory. Papers B through E contribute with theory on operational security. More precisely, they contribute with theory on: discovery of software vulnerabilities (paper B), remote arbitrary code exploits (paper C), intrusion detection (paper D) and denial-of-service attacks (paper E). Paper F describes how the contribution of paper A is combined with the contributions of papers B through E and other operationalized cyber security theory. The result is a decision support tool called the Cyber Security Modeling Language (CySeMoL). This tool produces a vulnerability assessment for a system based on an architecture model of it. / Informationsteknik (IT) är kritiskt och värdefullt för vårt samhälle. En viktig typ av IT-system är de styrsystem som ofta kallas SCADA-system (från engelskans "Supervisor Control And Data Acquisition"). Dessa system styr och övervakar fysiska industriella processer så som kraftförsörjning, vattenförsörjning och järnvägstransport. Eftersom vårt samhälle är beroende av dessa industriella processer så är vi också beroende av våra SCADA-systems beteende. SCADA-system har blivit (och fortsätter bli) integrerade med andra IT system och blir därmed mer sårbara för cyberhot. Beslutsfattare behöver utvärdera säkerheten som en systemarkitektur erbjuder för att kunna fatta informerade beslut rörande dess lämplighet. Men datainsamlingskostnader begränsar ofta hur mycket information som kan samlas in om ett SCADA-systems arkitektur och det är svårt för en beslutsfattare att veta hur viktiga olika variabler är eller vad deras värden betyder för SCADA-systemets säkerhet. Bidraget i denna avhandling är ett modelleringsramverk och en teori för att stödja cybersäkerhetsutvärderingar. Det har ett särskilt focus på SCADA-system. Avhandlingen är av sammanläggningstyp och består av sex artiklar. Artikel A beskriver en mall för hur probabilistiska relationsmodeller kan användas för att koppla samman cybersäkerhetsteori med arkitekturmodeller. Artikel B till E bidrar med teori inom operationell säkerhet. Mer exakt, de bidrar med teori angående: upptäckt av mjukvarusårbarheter (artikel B), fjärrexekvering av godtycklig kod (artikel C), intrångsdetektering (artikel D) och attacker mot tillgänglighet (artikel E). Artikel F beskriver hur bidraget i artikel A kombineras med bidragen i artikel B till E och annan operationell cybersäkerhetsteori. Resultatet är ett beslutsstödsverktyg kallat Cyber Security Modeling Language (CySeMoL). Beslutsstödsverktyget producerar sårbarhetsutvärdering för ett system baserat på en arkitekturmodell av det. / <p>QC 20121018</p>

cyber security

security assessment

vulnerability assessment

architecture modeling

enterprise architecture

Coercive instruments in the digital age : The cases of cyber-attacks against Estonia and Iran

Steiner, Hrafn

January 2014

In the wake of the cyber-attacks in 2007 against Estonia and in 2010 against Iran, academics have debated the character of cyberwar. This study applies the theories of coercive diplomacy to the cases of Estonia and Iran in order to explain cyber-attacks as instrument for coercive diplomacy. While the long term effects of the attacks have yet to be understood it is clear that cyber-attacks can, and will, become a serious threat against political decision-makers in times of conflict.

Coercive diplomacy

cyberwar

cyber-attack

Stuxnet

DDoS

hacktivist

The Awareness of Computer-Mediated Communication's Social Presence for Virtual High School Students

Bigley, Heather

22 March 2012

This research investigated the perception of social presence that students in a virtual high school have of using computer-mediated communication (CMC): email, discussion board, tutoring sessions, and asynchronous classroom activities. The research analyzed data for social presence based on gender, years of experience in a cyber school, and self-proficiency ratings on each form of CMC. The purpose of this study was to identify if high school students in a virtual community perceive email, discussion board, tutoring sessions and asynchronous classroom activities as enhancing their social presence within the virtual community. The findings of the study are: &lt;br&gt;1. Students perceived that email showed more social presence than the other forms of CMC and asynchronous classroom activities showed more social presence than discussion board and tutoring sessions. &lt;br&gt;2. There was no significant difference found between male and females social presence in any of the CMC studied. &lt;br&gt;3. Students who rate their own self proficiency as being above average or expert had higher social presence scores on email and asynchronous classroom activities than students who rate their proficiency average, below average or novice. &lt;br&gt;4. Students perceived that email showed more social interaction than discussion board, tutoring session and asynchronous classroom activities. Asynchronous classroom activities showed more social interaction than discussion board or tutoring sessions. &lt;br&gt;5. The number of years a student attends a cyber school has no relationship with the student's perceived social presence in any form of CMC studied. &lt;br&gt; Understanding students' perception of social presence based on the use of CMC will enable cyber schools to use the appropriate form of CMC to help students develop their social skills. / School of Education / Instructional Technology (EdDIT) / EdD / Dissertation

Developing a framework for e-commerce privacy and data protection in developing nations : a case study of Nigeria

Adelola, Tiwalade

January 2017

The emergence of e-commerce has brought about many benefits to a country s economy and individuals, but the openness of the Internet has given rise to misuse of personal data and Internet security issues. Therefore, various countries have developed and implemented cyber-security awareness measures to counter this. However, there is currently a definite lack in this regard in Nigeria, as there are currently, little government-led and sponsored Internet security awareness initiatives. In addition, a security illiterate person will not know of the need to search for these awareness programmes online, particularly in Nigeria s case, where personal information security may not be regarded as an overly important issue for citizens. Therefore, this research attempts to find a means to reduce the privacy and data protection issues. It highlights the privacy and data protection problem in developing countries, using Nigeria as a case study, and seeks to provide a solution focusing on improving Internet security culture rather than focusing on solely technological solutions. The research proves the existence of the privacy and data protection problem in Nigeria by analysing the current privacy practices, Internet users perceptions and awareness knowledge, and by identifying factors specific to Nigeria that influence their current privacy and data protection situation. The research develops a framework for developing countries that consists of recommendations for relevant stakeholders and awareness training. In the case of Nigeria, the stakeholders are the government and organisations responsible for personal information security, and an awareness training method has been created to take into account Nigeria s unique factors. This training method encompasses promoting Internet security awareness through contextual training and promoting awareness programmes. Industry experts and Nigerian Internet users validated the framework. The findings obtained from the validation procedure indicated that the framework is applicable to the current situation in Nigeria and would assist in solving the privacy and Internet problem in Nigeria. This research offers recommendations that will assist the Nigerian government, stakeholders such as banks and e commerce websites, as well as Nigerian Internet users, in resolving the stated problems.

Model Based Safety Analysis of Cyber Physical Systems

January 2010

abstract: Cyber Physical Systems (CPSs) are systems comprising of computational systems that interact with the physical world to perform sensing, communication, computation and actuation. Common examples of these systems include Body Area Networks (BANs), Autonomous Vehicles (AVs), Power Distribution Systems etc. The close coupling between cyber and physical worlds in a CPS manifests in two types of interactions between computing systems and the physical world: intentional and unintentional. Unintentional interactions result from the physical characteristics of the computing systems and often cause harm to the physical world, if the computing nodes are close to each other, these interactions may overlap thereby increasing the chances of causing a Safety hazard. Similarly, due to mobile nature of computing nodes in a CPS planned and unplanned interactions with the physical world occur. These interactions represent the behavior of a computing node while it is following a planned path and during faulty operations. Both of these interactions change over time due to the dynamics (motion) of the computing node and may overlap thereby causing harm to the physical world. Lack of proper modeling and analysis frameworks for these systems causes system designers to use ad-hoc techniques thereby further increasing their design and development time. The thesis addresses these problems by taking a holistic approach to model Computational, Physical and Cyber Physical Interactions (CPIs) aspects of a CPS and proposes modeling constructs for them. These constructs are analyzed using a safety analysis algorithm developed as part of the thesis. The algorithm computes the intersection of CPIs for both mobile as well as static computing nodes and determines the safety of the physical system. A framework is developed by extending AADL to support these modeling constructs; the safety analysis algorithm is implemented as OSATE plug-in. The applicability of the proposed approach is demonstrated by considering the safety of human tissue during the operations of BAN, and the safety of passengers traveling in an Autonomous Vehicle. / Dissertation/Thesis / M.S. Computer Science 2010

Computer Science

Cyber Physical Systems

Modeling

Safety

Verification

Validation of Computational Fluid Dynamics Based Data Center Cyber-Physical Models

January 2012

abstract: Energy efficient design and management of data centers has seen considerable interest in the recent years owing to its potential to reduce the overall energy consumption and thereby the costs associated with it. Therefore, it is of utmost importance that new methods for improved physical design of data centers, resource management schemes for efficient workload distribution and sustainable operation for improving the energy efficiency, be developed and tested before implementation on an actual data center. The BlueTool project, provides such a state-of-the-art platform, both software and hardware, to design and analyze energy efficiency of data centers. The software platform, namely GDCSim uses cyber-physical approach to study the physical behavior of the data center in response to the management decisions by taking into account the heat recirculation patterns in the data center room. Such an approach yields best possible energy savings owing to the characterization of cyber-physical interactions and the ability of the resource management to take decisions based on physical behavior of data centers. The GDCSim mainly uses two Computational Fluid Dynamics (CFD) based cyber-physical models namely, Heat Recirculation Matrix (HRM) and Transient Heat Distribution Model (THDM) for thermal predictions based on different management schemes. They are generated using a model generator namely BlueSim. To ensure the accuracy of the thermal predictions using the GDCSim, the models, HRM and THDM and the model generator, BlueSim need to be validated experimentally. For this purpose, the hardware platform of the BlueTool project, namely the BlueCenter, a mini data center, can be used. As a part of this thesis, the HRM and THDM were generated using the BlueSim and experimentally validated using the BlueCenter. An average error of 4.08% was observed for BlueSim, 5.84% for HRM and 4.24% for THDM. Further, a high initial error was observed for transient thermal prediction, which is due to the inability of BlueSim to account for the heat retained by server components. / Dissertation/Thesis / M.S. Mechanical Engineering 2012

Mechanical engineering

computational fluid dynamics

cyber-physical

data center

validation

Vi ger bort vår personliga integritet för att få veta vilken M &amp; M vi är : En kvalitativ intervjustudie med individer med kunskap om hacking

Bengtsson, Clara, Leikas, Nette

January 2018

The digital environment is facing changes and threats from different factors. Digitalisation seeks to exceed all boundaries at the expense of something we used to value high. Privacy today is a subject that garners a lot of attention due to its deterioration. This study aims to assess this dilemma from different angles and find easier ways to understand it. It considers components like updating legislation, companies’ business models and lack of available information. All this is done from the perspective of hackers and cyber security professionals by researchers without further IT background. Thus, the methodology of the study consists of qualitative interviews with persons who possess a great knowledge of the digital world. After the interviews the study has found a connection between an individual’s privacy and his choices, level of knowledge and society’s structures. The results indicate that information has become so highly valued that it can be used as a currency. This creates for example the possibility for big companies to exploit their power in order to affect opinions and consumer behaviour. However, individuals donate their privacy voluntarily in exchange for free services. Therefore, they should be offered clear information by those who recognise the threats. The study also proposes some suggestions from the professionals for better privacy.

privacy

cyber security

digitalisation

GDPR

Media and Communications

Medie- och kommunikationsvetenskap

Kybernetická šikana jako fenomén nových médií / Cyber Bullying in the world of new media

LEPIČOVÁ, Zuzana

January 2015

The diploma thesis titled Cyber Bullying in the world of new media deals with one of the potential risks associated with the use of new information and communication media cyber bullying. The goal of the thesis is to map the awareness of parents about possible forms of cyber bullying and about the risks associated with the use of modern information technology by their children. The introduction of the theoretical part of the thesis deals with the explanation of basic terms which are associated with the issue of new media, such as: media, new media and cyberspace. Then there is a section which is dedicated to the issue of cyber bullying and its comparison with the traditional bullying. The section deals with forms of cyber bullying and with perpetrators of cyber bullying, and with the forms of prevention, intervention and possible impacts of cyber bullying. The practical part of the thesis contains the description of the used methodology and the description of the research sample. It also includes the results of research and the discussion, which is focused on comparing the results of the research with opinions of experts working in the field of cyber bullying. The strategy of quantitative research, through the questionnaire survey of parents of children and adolescents, was used to verify the hypotheses. The field collection of data was carried out from May 2014 to December 2014. The results of the research show that the parents of children and adolescents are aware of the risks associated with using the modern information technologies. The research proved that the parents know about the forms of cyber bullying as well as about the risks associated with cyber bullying and that they have awareness of what materials are published on social networks by their children. Results of the thesis can be offered to the managements of elementary schools in Písek District. The thesis can be used as an informative material by parents of children and adolescents, and by teachers and educational counsellors at primary and secondary schools.

Adaptive Scheduling in a Distributed Cyber-Physical System: A case study on Future Power Grids

Choudhari, Ashish

01 December 2015

Cyber-physical systems (CPS) are systems that are composed of physical and computational components. CPS components are typically interconnected through a communication network that allows components to interact and take automated actions that are beneficial for the overall CPS. Future Power-Grid is one of the major example of Cyber-physical systems. Traditionally, Power-Grids use a centralized approach to manage the energy produced at power sources or large power plants. Due to the advancement and availability of renewable energy sources such as wind farms and solar systems, there are more number of energy sources connecting to the power grid. Managing these large number of energy sources using a centralized technique is not practical and is computationally very expensive. Therefore, a decentralized way of monitoring and scheduling of energy across the power grid is preferred. In a decentralized approach, computational load is distributed among the grid entities that are interconnected through a readily available communication network like internet. The communication network allows the grid entities to coordinate and exchange their power state information with each other and take automated actions that lead to efficient consumption of energy as well as the network bandwidth. Thus, the future power grid is appropriately called a "Smart-Grid". While Smart-Grids provide efficient energy operations, they also impose several challenges in the design, verification and monitoring phases. The computer network serves as a backbone for scheduling messages between the Smart-Grid entities. Therefore, network delays experienced by messages play a vital role in grid stability and overall system performance. In this work, we study the effects of network delays on Smart-Grid performance and propose adaptive algorithms to efficiently schedule messages between the grid entities. Algorithms proposed in this work also ensure the grid stability and perform network congestion control. Through this work, we derive useful conclusions regarding the Smart-Grid performance and find new challenges that can serve as future research directions in this domain.

Adaptive Scheduling

Cyber Physical System

Real Time Scheduling

Federated authentication using the Cloud (Cloud Aura)

Al Abdulwahid, Abdulwahid Abdullah

January 2017

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorised user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. Traditionally deployed in a point-of-entry mode (although a number of implementations also provide for re-authentication), the intrusive nature of the control is a significant inhibitor. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This thesis reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between the need for high security whilst maximising user satisfaction. This is followed by a comprehensive literature survey and critical analysis of the existing research domain on continuous and transparent multibiometric authentication. It is evident that most of the undertaken studies and proposed solutions thus far endure one or more shortcomings; for instance, an inability to balance the trade-off between security and usability, confinement to specific devices, lack or negligence of evaluating users’ acceptance and privacy measures, and insufficiency or absence of real tested datasets. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilised in a universal manner. Accordingly, it is paramount to have a high level of performance, scalability, and interoperability amongst existing and future systems, services and devices. A survey of 302 digital device users was undertaken and reveals that despite the widespread interest in more security, there is a quite low number of respondents using or maintaining the available security measures. However, it is apparent that users do not avoid applying the concept of authentication security but avoid the inconvenience of its current common techniques (biometrics are having growing practical interest). The respondents’ perceptions towards Trusted Third-Party (TTP) enable utilising biometrics for a novel authentication solution managed by a TTP working on multiple devices to access multiple services. However, it must be developed and implemented considerately. A series of experimental feasibility analysis studies disclose that even though prior Transparent Authentication Systems (TAS) models performed relatively well in practice on real live user data, an enhanced model utilising multibiometric fusion outweighs them in terms of the security and transparency of the system within a device. It is also empirically established that a centralised federated authentication approach using the Cloud would help towards constructing a better user profile encompassing multibiometrics and soft biometric information from their multiple devices and thus improving the security and convenience of the technique beyond those of unimodal, the Non-Intrusive and Continuous Authentication (NICA), and the Weighted Majority Voting Fusion (WMVF) and what a single device can do by itself. Furthermore, it reduces the intrusive authentication requests by 62%-74% (of the total assumed intrusive requests without operating this model) in the worst cases. As such, the thesis proposes a novel authentication architecture, which is capable of operating in a transparent, continuous and convenient manner whilst functioning across a range of digital devices – bearing in mind it is desirable to work on differing hardware configurations, operating systems, processing capabilities and network connectivity but they are yet to be validated. The approach, entitled Cloud Aura, can achieve high levels of transparency thereby being less dependent on secret-knowledge or any other intrusive login and leveraging the available devices capabilities without requiring any external sensors. Cloud Aura incorporates a variety of biometrics from different types, i.e. physiological, behavioural, and soft biometrics and deploys an on-going identity confidence level based upon them, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s). While in use, it functions with minimal processing overhead thereby reducing the time required for the authentication decision. Ultimately, a functional proof of concept prototype is developed showing that Cloud Aura is feasible and would have the provisions of effective security and user convenience.

005.8