- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 171 to 180 of 462 (0.01 seconds)| 171 |
Är gymnasieskolans digitala säkerhet tillräcklig? : Risk- och sårbarhetsanalys, ur ett informationssäkert perspektiv / Is the Swedish highschooldigital security adequate? : Risk and Vulnerability assesmentRahimi, Farhad, Isufi, Mevlyde January 2020 (has links)
This work presents a study of how information security has been implemented in the municipal high school. The study covers applications' resistance to intrusion, hardware security, students & the IT department's overall competence, also requirements for confidentiality in relation to municipal and state guidelines. The study includes field visits that have been carried out at two municipal high schools with technical vulnerabilities in focus. Based on this study, a risk and vulnerability analysis and an action plan for identified risks are presented.
|
| 172 |
Performance of DevOps compared to DevSecOps : DevSecOps pipelines benchmarked!Björnholm, Jimmy January 2020 (has links)
This paper examines how adding security tools to a software pipeline affect the build time. Software development is an ever-changing field in a world where computers are trusted with almost everything society does. Meanwhile keeping build time low is crucial, and some aspects of quality assurance have therefore been left on the cutting room floor, security being one of the most vital and time-consuming. The time taken to scan for vulnerabilities has been suggested as a reason for the absence of security tests. By implementing nine different security tools into a generic DevOps pipeline, this paper aimed to examine the build times quantitatively. The tools were selected using the OWASP Top Ten, coupled with an ISO standard, as a guideline. OWASP Juice Shop was used as the testing environment, and the scans managed to find most of the vulnerabilities in the Vulnerable Web Application. The pipeline was set up in Microsoft Azure and was configured in .yaml files. The resulting scan durations show that adding security measures to a build pipeline can add as little as 1/3 of the original build time.
|
| 173 |
Who Watches The Privileged UsersPersson, Sebastian January 2020 (has links)
Today, companies are spending millions of dollars on cybersecurity, but compromised systems and stealing sensitive information are still huge problems. Protecting sensitive information has always been of vital importance. However, the struggle today is that digital information can be distributed to an endless amount of users, everywhere in the world. Security solutions today focus on role-based access control and "the principle of the least privilege". They can affect the productivity of employees, which is also a key aspect to be considered when it comes to security. Privilege users are the ones that possess the most permissions within a system and are, therefore, a significant risk. This thesis project is focusing on developing a solution that protects against security risks connected to the users with the most privilege. The developed solution resulted in a modular role-based access methodology, also adding the "four-eye principle" (4EP). By introducing an extra shield outside the standard API, sensitive commands sent unwittingly or wittingly by a privileged user can be discovered before compromising a system or leaking sensitive information. Introducing the "four-eye principle" in a secure proxy solution, a "third-party" user approves sensitive commands before reaching the intended system. The solution is developed in JAVA and is adaptable to different organisations by letting the system administrators choose an intended system, which policies of sensitive commands to apply and whom that needs to approve them. The concepts implemented in this prototype can be used in future industrial developments.
|
| 174 |
Integrating security into agile software development : A case study on the role of inertiaAndersson, Rasmus, Edström, Carl January 2022 (has links)
The security directives at Ericsson Group IT have recently been re-worked to apply to modern security requirements. For Ericsson's software development teams developing internal applications, security tools have been implemented into the daily workflow to follow these new directives. Before, security mainly was considered during the reviews and scheduled assessments of the software projects. The goal of these new tools is to add security to every part of the software development process. Security thus adds to the scope of work of the developers at Ericsson Group IT, which has, in the past, evolved from being solely a developer to being responsible for development and operations to development, security and operations. However, adding methods and tools to the developer's workflow can create inertia and friction in daily work. We intend to apply the concept of inertia to agile work practices to examine how small-scale projects are affected when new security tools and methods are introduced and implemented in the agile workflow. Research suggests that linked processes and methods should be put in place to achieve desirable results from the implemented tools and be integrated into the team's agile methodologies. The thesis aims to identify the factors that affect inertia by investigating and analysing the developers' use of methods and tools. As for data collection, a pilot study and a case study were applied to a team at Ericsson Group IT. The data was collected through qualitative surveys conducted on twelve proven factors regarding successfulness in work implementations. The data was then analysed through the Gioia methodology by compiling the collected data into first-order concepts and linking them to familiar second-order themes. These themes were then translated into aggregate dimensions synthesised from the study's theoretical framework. The results showed that several factors affected the change process: personnel training and education, appropriate communication, and adaptability to the change process. These are all factors attributing inertia to the change process, and awareness of these can help mitigate and facilitate a successful change process. Streamlining successful change processes is vital when integrating security as a requirement into an agile software development team.
|
| 175 |
Formal security verification of the Drone Remote Identification Protocol using Tamarin / Formell säkerhetsverifiering av Drone Remote Identification Protocol med hjälp av TamarinAhokas, Jakob, Persson, Jonathan January 2022 (has links)
The current standard for remote identification of unmanned aircraft does not contain anyform of security considerations, opening up possibilities for impersonation attacks. Thenewly proposed Drone Remote Identification Protocol aims to change this. To fully ensurethat the protocol is secure before real world implementation, we conduct a formal verification using the Tamarin Prover tool, with the goal of detecting possible vulnerabilities. Theunderlying technologies of the protocol are studied and important aspects are identified.The main contribution of this thesis is the formal verification of session key secrecy andmessage authenticity within the proposed protocol. Certain aspects of protocol securityare still missing from the scripts, but the protocol is deemed secure to the extent of themodel. Many features of both the protocol and Tamarin Prover are presented in detail,serving as a potential base for the continued work toward a complete formal verificationof the protocol in the future.
|
| 176 |
The Internal Auditor's Role in Cybersecurity Governance : A qualitative study about the internal auditor's influence on the people factor of cybersecuritySimić, Nikola January 2022 (has links)
Internal auditors have a substantial impact on organisations’ governance. Hence this research aims to uncover the practice of internal auditors in Sweden, especially their part in cybersecurity and the people factor. While previous research point to internal auditing being an oversight governance mechanism for organisations, the threat of a changing risk landscape due to increased digitalisation and business transactions occurring in cyberspace leaves more questions undiscovered. The research implements a qualitative approach. The data was collected by semi-structured interviews conducted with members from IIA working as internal auditors. The IPPF authoritative guidance was also used as complementary data. The data was later analysed through theories such as the Three Lines of Defense. The results demonstrated how internal auditors provide assurance heavily influence organisations’ cybersecurity. However, it is equally essential for auditors to consider the indirect impact they have on the organisation, especially regarding the people factor of cybersecurity and the amount of influence internal auditors have. These findings indicate the need to focus on researching the indirect influence internal auditors have through their soft skills. Professionals should also reflect on their influence in their organisation not to overshadow other important risks.
|
| 177 |
Threats to smart buildings : Securing devices in a SCADA networkLindqvist, Anna January 2021 (has links)
This paper examines the possibilities of performing tests with the aim to ensure that devices in a SCADA network can be deemed secure before deployment. SCADA systems are found in most industries and have recently seen an increased use in building automation, most importantly the healthcare sector, which means that a successful attack toward such a system could endanger lives of patients and healthcare professionals.The method of testing was created to examine whether devices conflicted with the security flaws identified by OWASP IoT Top 10 list, meaning that OWASP IoT Top 10 was the foundation for the methodology used in this paper.Results of the tests show that the devices used in testing are not in conflict with the OWASP IoT Top 10 list when using the default settings. However, some settings that can be enabled on the devices would constitute a security risk if enabled.
|
| 178 |
Nepoučitelní uživatelé: příčiny (ne)bezpečných hesel / Careless society: Drivers of (un)secure passwordsNedvěd, Vojtěch January 2021 (has links)
Careless Society: Drivers of (Un)Secure Passwords Thesis abstract Vojtěch Nedvěd May 2, 2021 Vulnerabilities related to poor cybersecurity are a dangerous global economic issue. This thesis aims to explain two examples of poor password management. First, why users use similar password and username and second, why they reuse their passwords, as the main drivers of this behaviour are unknown. We examined the effects of selected macroeconomic variables, gender, password length and password complexity. Additionally, this thesis suggest how to estimate sentiment in passwords using models build on Twitter posts. The results are verified on large password data, including password leaks from recent years. There are four main findings. First, a higher cybersecurity index and diversity of a password seem to be related to the lower similarity between a username and a password. Second, it seems that there are structural differences between countries and languages. Third, the sentiment seems to be a significant determinant too. Fourth, password reuse seems to be positively affected by the cybersecurity level. The thesis contributes to the study of password management. It proposes how to model the relationship, derive the data, split the passwords into words, model the sentiment of passwords, what variables might be...
|
| 179 |
Adaptive Safety and Cyber Security for Connected and Automated Vehicle SystemHanlin Chen (11173323) 23 July 2021 (has links)
<div>
<div>
<p>This dissertation discussed the potential benefits that CAV systems can bring to the
general well-being, and how the threat lies within the CAV system can affect its performance and
functionality.<br></p>
<p>Particularly, this dissertation discovered how CAV technology can benefit homeland
security and crime investigations involving child abduction crimes. By proposing the initial
design network, this dissertation proposed a solution that enhances the current AMBER Alert
system using CAV technology. This dissertation also discussed how CAV technology can help
perception in corner-case driving scenarios and reduce the risk of traffic accidents, by proposing a
dataset that covers various corner cases including different weather and lighting conditions
targeting the work zone. Evaluation is made on the collected data and several impact factors have
been figured out.
</p>
<p>This dissertation also discussed an attack scenario that a ROS-based CAV platform was
attacked by DoS attacks. We analized the system response after we attacked the system.
Discussion and analysis was made on the functionality and stability of the system.
</p>
<p>Overall, we determined that CAV technology can greatly benefit in general well-being,
and threats within the CAV system can cast potential negative benefits once the CAV system is
being attacked.
</p>
</div>
</div>
|
| 180 |
A Machine Learning Approach for Reconnaissance Detection to Enhance Network SecurityBakaletz, Rachel 01 May 2022 (has links)
Before cyber-crime can happen, attackers must research the targeted organization to collect vital information about the target and pave the way for the subsequent attack phases. This cyber-attack phase is called reconnaissance or enumeration. This malicious phase allows attackers to discover information about a target to be leveraged and used in an exploit. Information such as the version of the operating system and installed applications, open ports can be detected using various tools during the reconnaissance phase. By knowing such information cyber attackers can exploit vulnerabilities that are often unique to a specific version.
In this work, we develop an end-to-end system that uses machine learning techniques to detect reconnaissance attacks on cyber networks. Successful detection of such attacks provides the target the time to devise plans on how to evade or mitigate the cyber-attack phases that supervene the reconnaissance phase.
|
Page generated in 0.0168 seconds