Global ETD Search

261	Um big brother global? os programas de vigilância da NSA à luz da securitização dos espaços sociotecnológicos / A global big brother? the NSA surveillance programs in the light of the securitization of socio-technological spaces Frazão, Pedro Henrique Oliveira 19 May 2016 (has links) Submitted by Elesbão Santiago Neto (neto10uepb@cche.uepb.edu.br) on 2018-04-17T17:34:39Z No. of bitstreams: 1 PDF - Pedro Henrique Oliveira Frazão.pdf: 48458154 bytes, checksum: bfeab5c13f03bd3b57617d633439cb1e (MD5) / Made available in DSpace on 2018-04-17T17:34:39Z (GMT). No. of bitstreams: 1 PDF - Pedro Henrique Oliveira Frazão.pdf: 48458154 bytes, checksum: bfeab5c13f03bd3b57617d633439cb1e (MD5) Previous issue date: 2016-05-19 / CAPES / The increasing use of cyberspace in International Relations is providing a new scenario for world politics. The evolution of digital media has provided a data flow never before seen in human history, which eventually expanded the role of information as a bargaining chip in the power relations of the current international scenario. One of the changes observed from this process was the strengthening of surveillance – which gains new tools in the cyber environment – as a mechanism of monitoring, law enforcement, control and acquisition of information that makes international actors relevant in the new cyberpower relations. Thus, this dissertation analyzes this phenomenon from two main lines that complement each other: the evolution of surveillance as a key dimension of (cyber)security through a panoptic and post-panoptic approach and how these perspectives influence the current cyber surveillance phenomena. To do so, we present Foucault's studies of disciplinary society and its developments that have given rise to an information society of control, and Bauman’s analysis on liquid modernity and how its characteristics can influence contemporary surveillance. The second line of analysis, drawn from the data collected so far, deals with a vision of cyber surveillance as a tool of cyberspace securitization process. Following this logic, studies of the Copenhagen School, based on the constructivist theory of International Relations, point out a favorable path to understanding the role of cyber surveillance within the cybersecurity issues. As an example case, we examine how this process took place within NSA programs of global surveillance revealed in mid-2013 by Edward Snowden. In order to achieve these objectives, classical authors of surveillance and security studies will be reviewed, as well as new approaches; for the presentation and analysis of the proposed case, documentary analysis, reports and speeches relating to international responses in the face of revelations of the NSA programs will be used. / O crescente uso do ciberespaço nas Relações Internacionais vem propiciando um novo cenário para a política mundial. A evolução dos meios digitais proporcionou um fluxo de dados nunca antes visto na história da humanidade, o que acabou ampliando o papel da informação enquanto moeda de troca nas relações de poder do cenário internacional atual. Uma das transformações observadas a partir deste processo foi o fortalecimento da vigilância – que ganha novas ferramentas no ambiente cibernético – enquanto mecanismo de monitoramento, manutenção da ordem, controle e aquisição de informações que tornem os atores internacionais relevantes nas novas relações de poder cibernéticas. Sendo assim, a presente dissertação analisa este fenômeno a partir de duas linhas principais que se complementam: a evolução da vigilância enquanto dimensão-chave da (ciber)segurança, através de uma abordagem panóptica e pós-panóptica e como estas perspectivas influenciam nos fenômenos atuais de vigilância cibernética. Para tanto, apresentam-se os estudos de Foucault acerca da sociedade disciplinar e os seus desdobramentos que deram lugar a uma sociedade de controle informacional, e as análises de Bauman sobre a modernidade líquida e como tais características podem influenciar a vigilância contemporânea. A segunda linha de análise, elaborada a partir dos dados levantados até então, aborda uma visão da vigilância cibernética enquanto ferramenta do processo de securitização do ciberespaço. Seguindo esta lógica, os estudos da Escola de Copenhague, baseados na teoria construtivista das Relações Internacionais, apontam um caminho propício para a compreensão do papel da vigilância cibernética dentro das questões de cibersegurança. Como exemplo de caso, examina-se como esse processo se deu dentro dos programas de vigilância global da NSA, revelados em meados de 2013 por Edward Snowden. A fim de alcançar tais objetivos, serão revisados autores clássicos dos estudos de vigilância e segurança, bem como novas abordagens; para a apresentação e análise do caso proposto, serão utilizados análises documentais, reportagens e discursos referentes às respostas internacionais em face das revelações dos programas da NSA. Cibersegurança Securitização Vigilância cibernética Panóptico Agência de segurança - NSA Cybersecurity Securitization Cyber surveillance Panopticon Security Agency - NSA CIENCIAS HUMANAS
262	Strategie pro rozvoj vzdělávání v oblasti bezpečnosti ICT na vysokých školách / Strategy for the development of education in the field of ICT security at universities Sulanová, Monika January 2017 (has links) The thesis deals with the problems of education in ICT security experts at universities in order to design a strategy for the development of education in present degree courses that dealing with this issue. The theoretical part focuses on the definition of ICT security and to familiarize the reader with the basic concepts of information security management and management of cyber security and gives an overview of the overall development of ICT security and the current trends in this area. It also describes the current situation on the labor market in relation to ICT security and the education of professionals in this field and characterizes the existing recommendations for education in ICT security. Practical part focuses on analyzing the current education ic ICT security and on analyzing the knowledge and skills requirements of the labor market to professionals in this area. Defines the basic professional role and knowledge domains that should be covered by this role. In the analytical part they are evaluated current profiles of graduates Master's degree programs focused on this area in order to find gaps in the knowledge base of graduates based on the requirements of the labor market and the existing recommendations. The results of the analysis are input to define a strategy on education in ICT security, which gives basic recommendations on how to eliminate the shortcomings.
263	Cyber-security protection techniques to mitigate memory errors exploitation Marco Gisbert, Héctor 04 November 2016 (has links) [EN] Practical experience in software engineering has demonstrated that the goal of building totally fault-free software systems, although desirable, is impossible to achieve. Therefore, it is necessary to incorporate mitigation techniques in the deployed software, in order to reduce the impact of latent faults. This thesis makes contributions to three memory corruption mitigation techniques: the stack smashing protector (SSP), address space layout randomisation (ASLR) and automatic software diversification. The SSP is a very effective protection technique used against stack buffer overflows, but it is prone to brute force attacks, particularly the dangerous byte-for-byte attack. A novel modification, named RenewSSP, has been proposed which eliminates brute force attacks, can be used in a completely transparent way with existing software and has negligible overheads. There are two different kinds of application for which RenewSSP is especially beneficial: networking servers (tested in Apache) and application launchers (tested on Android). ASLR is a generic concept with multiple designs and implementations. In this thesis, the two most relevant ASLR implementations of Linux have been analysed (Vanilla Linux and PaX patch), and several weaknesses have been found. Taking into account technological improvements in execution support (compilers and libraries), a new ASLR design has been proposed, named ASLR-NG, which maximises entropy, effectively addresses the fragmentation issue and removes a number of identified weaknesses. Furthermore, ASLR-NG is transparent to applications, in that it preserves binary code compatibility and does not add overheads. ASLR-NG has been implemented as a patch to the Linux kernel 4.1. Software diversification is a technique that covers a wide range of faults, including memory errors. The main problem is how to create variants, i.e. programs which have identical behaviours on normal inputs but where faults manifest differently. A novel form of automatic variant generation has been proposed, using multiple cross-compiler suites and processor emulators. One of the main goals of this thesis is to create applicable results. Therefore, I have placed particular emphasis on the development of real prototypes in parallel with the theoretical study. The results of this thesis are directly applicable to real systems; in fact, some of the results have already been included in real-world products. / [ES] La creación de software supone uno de los retos más complejos para el ser humano ya que requiere un alto grado de abstracción. Aunque se ha avanzado mucho en las metodologías para la prevención de los fallos software, es patente que el software resultante dista mucho de ser confiable, y debemos asumir que el software que se produce no está libre de fallos. Dada la imposibilidad de diseñar o implementar sistemas libres de fallos, es necesario incorporar técnicas de mitigación de errores para mejorar la seguridad. La presente tesis realiza aportaciones en tres de las principales técnicas de mitigación de errores de corrupción de memoria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) y Automatic Software Diversification. SSP es una técnica de protección muy efectiva contra ataques de desbordamiento de buffer en pila, pero es sensible a ataques de fuerza bruta, en particular al peligroso ataque denominado byte-for-byte. Se ha propuesto una novedosa modificación del SSP, llamada RenewSSP, la cual elimina los ataques de fuerza bruta. Puede ser usada de manera completamente transparente con los programas existentes sin introducir sobrecarga. El RenewSSP es especialmente beneficioso en dos áreas de aplicación: Servidores de red (probado en Apache) y lanzadores de aplicaciones eficientes (probado en Android). ASLR es un concepto genérico, del cual hay multitud de diseños e implementaciones. Se han analizado las dos implementaciones más relevantes de Linux (Vanilla Linux y PaX patch), encontrándose en ambas tanto debilidades como elementos mejorables. Teniendo en cuenta las mejoras tecnológicas en el soporte a la ejecución (compiladores y librerías), se ha propuesto un nuevo diseño del ASLR, llamado ASLR-NG, el cual: maximiza la entropía, soluciona el problema de la fragmentación y elimina las debilidades encontradas. Al igual que la solución propuesta para el SSP, la nueva propuesta de ASLR es transparente para las aplicaciones y compatible a nivel binario sin introducir sobrecarga. ASLR-NG ha sido implementado como un parche del núcleo de Linux para la versión 4.1. La diversificación software es una técnica que cubre una amplia gama de fallos, incluidos los errores de memoria. La principal dificultad para aplicar esta técnica radica en la generación de las "variantes", que son programas que tienen un comportamiento idéntico entre ellos ante entradas normales, pero tienen un comportamiento diferenciado en presencia de entradas anormales. Se ha propuesto una novedosa forma de generar variantes de forma automática a partir de un mismo código fuente, empleando la emulación de sistemas. Una de las máximas de esta investigación ha sido la aplicabilidad de los resultados, por lo que se ha hecho especial hincapié en el desarrollo de prototipos sobre sistemas reales a la par que se llevaba a cabo el estudio teórico. Como resultado, las propuestas de esta tesis son directamente aplicables a sistemas reales, algunas de ellas ya están siendo explotadas en la práctica. / [CAT] La creació de programari suposa un dels reptes més complexos per al ser humà ja que requerix un alt grau d'abstracció. Encara que s'ha avançat molt en les metodologies per a la prevenció de les fallades de programari, és palès que el programari resultant dista molt de ser confiable, i hem d'assumir que el programari que es produïx no està lliure de fallades. Donada la impossibilitat de dissenyar o implementar sistemes lliures de fallades, és necessari incorporar tècniques de mitigació d'errors per a millorar la seguretat. La present tesi realitza aportacions en tres de les principals tècniques de mitigació d'errors de corrupció de memòria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) i Automatic Software Diversification. SSP és una tècnica de protecció molt efectiva contra atacs de desbordament de buffer en pila, però és sensible a atacs de força bruta, en particular al perillós atac denominat byte-for-byte. S'ha proposat una nova modificació del SSP, RenewSSP, la qual elimina els atacs de força bruta. Pot ser usada de manera completament transparent amb els programes existents sense introduir sobrecàrrega. El RenewSSP és especialment beneficiós en dos àrees d'aplicació: servidors de xarxa (provat en Apache) i llançadors d'aplicacions eficients (provat en Android). ASLR és un concepte genèric, del qual hi ha multitud de dissenys i implementacions. S'han analitzat les dos implementacions més rellevants de Linux (Vanilla Linux i PaX patch), trobant-se en ambdues tant debilitats com elements millorables. Tenint en compte les millores tecnològiques en el suport a l'execució (compiladors i llibreries), s'ha proposat un nou disseny de l'ASLR: ASLR-NG, el qual, maximitza l'entropia, soluciona el problema de la fragmentació i elimina les debilitats trobades. Igual que la solució proposada per al SSP, la nova proposta d'ASLR és transparent per a les aplicacions i compatible a nivell binari sense introduir sobrecàrrega. ASLR-NG ha sigut implementat com un pedaç del nucli de Linux per a la versió 4.1. La diversificació de programari és una tècnica que cobrix una àmplia gamma de fa\-llades, inclosos els errors de memòria. La principal dificultat per a aplicar esta tècnica radica en la generació de les "variants", que són programes que tenen un comportament idèntic entre ells davant d'entrades normals, però tenen un comportament diferenciat en presència d'entrades anormals. S'ha proposat una nova forma de generar variants de forma automàtica a partir d'un mateix codi font, emprant l'emulació de sistemes. Una de les màximes d'esta investigació ha sigut l'aplicabilitat dels resultats, per la qual cosa s'ha fet especial insistència en el desenrotllament de prototips sobre sistemes reals al mateix temps que es duia a terme l'estudi teòric. Com a resultat, les propostes d'esta tesi són directament aplicables a sistemes reals, algunes d'elles ja estan sent explotades en la pràctica. / Marco Gisbert, H. (2015). Cyber-security protection techniques to mitigate memory errors exploitation [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/57806 / TESIS
264	JamaicaEye : What does cyber security look like in one of the most recently developed CCTV networks? Svensson, Elina, Rydén, Annika January 2019 (has links) The issue approached in this study is the possible gaps in cybersecurity in the Closed-Circuit TV system (CCTV) currently being implemented in Jamaica. During 2018, the government of Jamaica together with systems developers from MSTech Solutions developed and started to implement a video surveillance system with the aim to cover the entire nation to reduce criminal activities and create a safer society. To address potential problems of cybersecurity in this system, the purpose of this study was to explore which cybersecurity domains and factors were the most important in the JamaicaEye project. In order to examine such a purpose, the cybersecurity of the system is put into contrast with the cybersecurity domains of the C2M2 model to unveil similarities and differences in cybersecurity strategy and application. To be able to collect in-depth data of the JamaicaEye project, a hybrid of a field-and a case- study took place in Ocho Rios, Jamaica, during approximately 9 weeks. Data collection was carried out through interviews with representatives from the Jamaican government and the systems developer, MSTech Solutions. After compiling and transcribing the collected data from the interview the color coding and comparison of the results with the cybersecurity capability maturity model, C2M2, started. The C2M2 model was chosen as the theoretical framework for this study. The results of mapping the theoretical data with the empirical data gave underlying material and a perspective on the most important cybersecurity factors in the JamaicaEye system. This study will be a foundation for future expansion of the project in Jamaica, but also similar projects in other nations that are in need for cybersecurity development, management and assessment. Mainly, this study will be useful for those in the industry of development, analysis and assessment, and cybersecurity of CCTV systems. Cybersecurity CCTV system CCTV network CCTV surveillance risk management threats vulnerabilities JamaicaEye implementation Computer and Information Sciences Data- och informationsvetenskap
265	Reference Model to Identify the Maturity Level of Cyber Threat Intelligence on the Dark Web Santos, Ricardo Meléndez, Gallardo, Anthony Aguilar, Aguirre, Jimmy Armas 01 January 2021 (has links) El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / In this article, we propose a reference model to identify the maturity level of the cyber intelligence threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of three phases: (1) Identification of information assets using cyber threat intelligence tools. (2) Diagnosis of the exposure of information assets. (3) Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru, with data obtained by the institution. The measurement was made with artifacts that allowed to obtain an initial value of the current panorama of the company. Preliminary results showed 196 emails and passwords exposed on the dark web of which one corresponded to the technology manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls, the “Advanced” level was reached. / Revisión por pares Cyber threat intelligence Cybersecurity Dark web Maturity model Information assets Intelligence tool Maturity levels Reference modeling Technology managers
266	Dopad bezpečnosti IIoT na proaktivní údržbu firemních aktiv / Impact of IIoT security on proactive maintenance of company's assets Chomyšyn, Maxim January 2020 (has links) This work examines possible safety risks associated with the operation of IIoT technologies in industrial production. The content of this document is an analysis of used IIoT technologies, their purpose and method of implementation into production processes and the company's technology strategy. The outcome of this analysis will serve to develop possible risk scenarios and their associated impacts. Finally, I recommend possible changes that either eliminate these risks completely or at least minimize them.
267	Impact of mobile botnet on long term evolution networks: a distributed denial of service attack perspective Kitana, Asem 31 March 2021 (has links) In recent years, the advent of Long Term Evolution (LTE) technology as a prominent component of 4G networks and future 5G networks, has paved the way for fast and new mobile web access and application services. With these advantages come some security concerns in terms of attacks that can be launched on such networks. This thesis focuses on the impact of the mobile botnet on LTE networks by implementing a mobile botnet architecture that initiates a Distributed Denial of Service (DDoS) attack. First, in the quest of understanding the mobile botnet behavior, a correlation between the mobile botnet impact and different mobile device mobility models, is established, leading to the study of the impact of the random patterns versus the uniform patterns of movements on the mobile botnet’s behavior under a DDoS attack. Second, the impact of two base transceiver station selection mechanisms on a mobile botnet behavior launching a DDoS attack on a LTE network is studied, the goal being to derive the effect of the attack severity of the mobile botnet. Third, an epidemic SMS-based cellular botnet that uses an epidemic command and control mechanism to initiate a short message services (SMS) phishing attack, is proposed and its threat impact is studied and simulated using three random graphs models. The simulation results obtained reveal that (1) in terms of users’ mobility patterns, the impact of the mobile botnet behavior under a DDoS attack on a victim web server is more pronounced when an asymmetric mobility model is considered compared to a symmetric mobility model; (2) in terms of base transceiver station selection mechanisms, the Distance-Based Model mechanism yields a higher threat impact on the victim server compared to the Signal Power Based Model mechanism; and (3) under the Erdos-and-Reyni Topology, the proposed epidemic SMS-based cellular botnet is shown to be resistant and resilient to random and selective cellular device failures. / Graduate Mobile Botnet LTE Long Term Evolution Network Distributed Denial of Service Attack DDoS Cellular Botnet Botnet Cybersecurity Cyber Security Cyber Attacks
268	Between Defence and Offence: An Analysis Of The US "Cyber Strategic Culture" / Between Defence and Offence: An Analysis Of The US "Cyber Strategic Culture" Persoglia, Davide January 2018 (has links) The present thesis deals with the US strategic approach and posture to cybersecurity from a national point of view. On such a topic much has been written already, nonetheless the present work finds a degree of originality by tackling such object of analysis shifting the focus to a ideational perspective. By drawing insights from the meta-theory of Constructivism and the rich research tradition on strategic culture, the present thesis aims at understanding what kind of norms seem to be informing/mirroring what has been labelled the US "cyber strategic culture", and if it is possible to speak of a "shift", or at least track an evolution regarding them, in a historical timeframe that runs from the early 2000s up to the present days. To pursue the stated research agenda, a methodology grounded in discourse and thematic analysis is utilised, with an analytical framework centred around two opposite "thematic normative categories" (themes) called "defensiveness" and "offensiveness", each characterised by a "story" made up by three sub-themes, delineating specific strategic behaviours. A set of official strategies, all tackling cybersecurity and published during the mentioned timeframe by both the White House and the military, form the primary sources to which such methodology is applied, with particular...
269	Zajištění bezpečnosti online platebních služeb / Ensuring security of online payment services Havlíková, Nikola January 2019 (has links) Ensuring security of online payment services Abstract The thesis is devoted to the topic of ensuring security of online payment services, especially in the context of identification and authentication of the client in the Internet when performing acts related to the provision of payment services. The issue of the customer identity is described especially in the context of know your customer principle governed by legal regulation in the area of combating money laundering and financing of terrorism, and in the context of the obligation to carry out a strong customer authentication (SCA) brought by the PSD2 directive and related RTS. The aim of the thesis is to describe and critically evaluate the legislation in the area of ensuring security of online payment services, meaning the binding legislation, soft law and rules created by entities operating on the payment services market. In this context, the thesis also deals with the question of proportionality of legislation in connection to the positive user experience and the possibility of implementing innovative FinTech solutions. The thesis is divided into four chapters, supplemented by introduction to the respective subject matter and conclusion summarizing the observations made in the thesis. The first chapter is devoted to the general definition of the...
270	Enhancing Supply Chain Cybersecurity with Blockchain Hämäläinen, Ari, Nadesan, Rekha January 2022 (has links) Supply chains have become targets for hostile cyber actors. Motivations for cyber crimes include intellectual property theft, customer data theft and industrial espionage. The cyber threat landscape in which businesses operate is constantly evolving. The consequences of a successful cyber attack can be devastating for a business. Increasing the resilience of the supply chain in the digital environment is a complex task because the supply chain consists of different organisations with varying levels of cybersecurity defence capability. Orchestrating cybersecurity improvement in a supply chain requires visibility into the security posture of each participating organisation and this is generally lacking. This thesis studies the potential use of blockchain for enhancing the cybersecurity of the supply chain. The study simulates a permissioned blockchain among supply chain members to monitor digital assets important for cybersecurity. The blockchain is analysed to extract insights from the perspective of a supply chain cybersecurity oversight role. The study finds that a blockchain can provide visibility by sharing cybersecurity-related information among supply chain members. It can also provide a digital forensic record for incident response and forensic investigations. Cybersecurity blockchain supply chain digital forensics informationssäkerhet säkerhet cybersäkerhet totalförsvaret Other Computer and Information Science Annan data- och informationsvetenskap

Search results