Exploring the Viability of PageRank for Attack Graph Analysis and Defence Prioritization / Undersökning av PageRanks användbarhet för analys av attackgrafer och prioritering av försvar

Dypbukt Källman, Marcus

January 2023

In today's digital world, cybersecurity is becoming increasingly critical. Essential services that we rely on every day such as finance, transportation, and healthcare all rely on complex networks and computer systems. As these systems and networks become larger and more complex, it becomes increasingly challenging to identify and protect against potential attacks. This thesis addresses the problem of efficiently analysing large attack graphs and prioritizing defences in the field of cybersecurity. The research question guiding this study is whether PageRank, originally designed for ranking the importance of web pages, can be extended with additional parameters to effectively analyze large vulnerability-based attack graphs. To address this question, a modified version of the PageRank algorithm is proposed, which considers additional parameters present in attack graphs such as Time-To-Compromise values. The proposed algorithm is evaluated on various attack graphs to assess its accuracy, efficiency, and scalability. The evaluation shows that the algorithm exhibits relatively short running times even for larger attack graphs, demonstrating its efficiency and scalability. The algorithm achieves a reasonably high level of accuracy when compared to an optimal defence selection, showcasing its ability to effectively identify vulnerable nodes within the attack graphs. In conclusion, this study demonstrates that PageRank is a viable alternative for the security analysis of attack graphs. The proposed algorithm shows promise in efficiently and accurately analyzing large-scale attack graphs, providing valuable insight for identifying threats and defence prioritization. / I dagens digitala värld blir cybersäkerhet allt viktigare. Viktiga tjänster som vi förlitar oss på varje dag, inom t.ex. finans, transport och hälsovård, är alla beroende av komplexa nätverk och datorsystem. I takt med att dessa system och nätverk blir större och mer komplexa blir det allt svårare att identifiera och skydda sig mot potentiella attacker. Denna uppsats studerar problemet med att effektivt analysera stora attackgrafer och prioritera försvar inom cybersäkerhet. Den forskningsfråga som styr denna studie är om PageRank, ursprungligen utformad för att rangordna webbsidor, kan utökas med ytterligare parametrar för att effektivt analysera stora attackgrafer. För att besvara denna fråga föreslås en modifierad version av PageRank-algoritmen, som beaktar ytterligare parametrar som finns i attackgrafer, såsom ”Time-To-Compromise”-värden. Den föreslagna algoritmen utvärderas på olika attackgrafer för att bedöma dess noggrannhet, effektivitet och skalbarhet. Utvärderingen visar att den föreslagna algoritmen uppvisar relativt korta körtider även för större attackgrafer, vilket visar på hög effektivitet och skalbarhet. Algoritmen uppnår en rimligt hög nivå av noggrannhet jämfört med det optimala valet av försvar, vilket visar på dess förmåga att effektivt identifiera sårbara noder inom attackgraferna. Sammanfattningsvis visar denna studie att PageRank är ett potentiellt alternativ för säkerhetsanalys av attackgrafer. Den föreslagna algoritmen visar lovande resultat när det gäller att effektivt och noggrant analysera storskaliga attackgrafer, samt erbjuda värdefull information för att identifiera hot och prioritera försvar.

Cybersecurity

PageRank

Attack Graphs

Threat analysis

Threat modelling

Cybersäkerhet

PageRank

Attackgrafer

Hotanalys

Hotmodellering

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik

A Study on inculcating cyber awareness among undergraduate students by introducing interactive visualization-based cybersecurity modules into STEM education.

Jyothirmai, Kothakapu

January 2021

No description available.

Curriculum Development

Curricula

Computer Science

Computer Engineering

Analysing Perceptions of Six Cyberattacks / Analys av uppfattningar om sex olika cyber attacker

Lundén, Viktor

January 2022

The main topic of this degree project is the analysis of the general public’s perceptions on six different types of cyberattacks and their security measures taken against these cyberattacks. One of the goals of this degree project was to investigate if the perceptions of the cyberattacks were accurate and if lower educated people have different perceptions from higher educated people. While there may be plenty of research about cybersecurity and cyberattacks in general, there is little research in regards to the general public’s perceptions on different types of cyberattacks, especially regarding an international demographic. This degree project can help strengthen cybersecurity on different computer systems by analysing how people from an international demographic perceive these six different cyberattacks and how they counteract these cyberattacks. In order to collect data from international respondents, online surveys were used. Multiple websites were used to send the survey, with the main website being SurveySwap. The analysis contains comparisons between facts found in literature and perceptions of respondents and more. Two-sample t-tests and chi-squared tests were used to compare perceptions between lower educated people and higher educated people. According to the results, respondents in general seemed to have good understanding of some cyberattacks. However there were also some cyberattacks that the respondents in general did not have good understanding of. The results also indicated that there was probably no difference between perceptions from the lower educated respondents and higher educated respondents. The results of this degree project can be used in similar research to further investigate the perceptions among the general public of different cyberattacks. / Ämnet för denna examensarbete är analysen av allmänhetens uppfattningar omsex olika typer av cyberattacker och allmänhetens säkerhetsåtgärder vidtagnamot dessa cyberattacker. Ett av målen med denna examensarbete var attundersöka om uppfattningarna om cyberattackerna var korrekta och om lågutbildademänniskor har andra uppfattningar om cyberattackerna än högutbildade människor.Även om det kan finnas mycket forskning om cybersäkerhet och cyberattackeri allmänhet, finns det liten forskning om allmänhetens uppfattningar om olikatyper av cyberattacker, särskilt när det gäller en internationell demografi.Denna examensarbete kan hjälpa till att förstärka cybersäkerheten genom attanalysera hur demografisk internationella människor uppfattar dessa sex olikacyberattacker och hur de motverkar dessa cyberattacker.För att samla in data från internationella respondenter användes enkäter iInternet. Flera webbplatser användes för att skicka enkäten, huvudwebbplatsenvar SurveySwap. Analysen innehåller jämförelser mellan fakta som finns ilitteratur och uppfattningar från respondenter med mera. T-tester och chitvå-tester användes för att jämföra uppfattningar mellan lågutbildade ochhögutbildade människor.Enligt resultaten verkade respondenterna i allmänhet ha god förståelse förvissa typer av cyberattacker. Däremot hade respondenterna i allmänhet svagareförståelse för vissa andra typer av cyberattacker. Resultaten tydde också på attdet sannolikt inte fanns någon skillnad mellan uppfattningar om cyberattackermellan lågutbildade respondenter och högutbildade respondenter. Resultatenav denna examensarbete kan användas i liknande forskning för att ytterligareundersöka hur allmänheten uppfattar olika cyberattacker

Cybersecurity

Cyberattacks

General perception

Surveys

Target groups

Subgroups

Cybersäkerhet

Cyberattacker

Allmänuppfattning

Enkäter

Målgrupper

Undergrupper

Computer and Information Sciences

Data- och informationsvetenskap

Hacking and Evaluating the Cybersecurity of an Internet Connected 3D Printer

Backlund, Linus, Ridderström, Linnéa

January 2021

Over the last few years, internet-connectivity hascome to be an expected feature of professional 3D printers.Connectivity does however come at a cost concerning the securityof the device. This project aimed to evaluate the cybersecurityof the Ultimaker S5 3D printer. The system was tested for themost likely and severe vulnerabilities based upon a threat modelmade on the product. The results show that the system’s localwebapplication is vulnerable to some common web-attacks thatallow the attacker to perform actions on the victims printer. / De senaste åren har internetuppkoppling blivit en självklar funktion hos professionella 3D skrivare. Upp-koppling kommer dock ofta på bekostnad av enhetens säkerhet. Detta projekt syftade till att utvärdera cybersäkerheten hos 3D skrivaren Ultimaker S5. En hotmodell gjordes och systemet penetrationstestades baserat på denna. Resultaten visar att enhetens lokala webbapplikationen är sårbar för några vanliga web-attcker som låter attackeraren exekvera oönskade funktioner på offrets skrivare. / Kandidatexjobb i elektroteknik 2021, KTH, Stockholm

Cybersecurity

Offensive Security

Penetration Testing

Hacking

Internet of Things

3D printer

Elektroteknik och elektronik

Security Analysis of Volvo’s Infotainment System

Ismail, Dana, Aslan, Porsev

January 2022

Today’s car development is progressing rapidly, and new car models are constantly being produced. These new vehicles are adapted to today’s digital society and all its needs. An important issue is how well security is involved in this technological development. With all these successes, there are also possible vulnerabilities. Thus, the cybersecurity aspect is a crucial part in the development of modern vehicles due to possible exploitation that have taken place and can take place in the future. The main problem researched within this thesis was to investigate the safety of Volvo’s Vehicle Infotainment System (IV). To analyze such a complex system, a threat model was created by gathering necessary data, inspecting a physical rig sent by the manufacturer, and receiving feedback from industry experts. Furthermore, several attack simulations were performed on the threat model, generating several attack paths and probabilistic graphs that were analyzed. This work resulted in a threat model that represented the physical IV. The model included identifications of interesting entry points from which an attacker can start different attacks. After investigation, the Bluetooth network and the operating system of the Infotainment Head Unit (IHU) were both chosen as entry points for the attack simulations. The attack simulations made on the model were tested in different scenarios because this resulted in a more comprehensive outcome. The results of the attack simulations were that in comparison to a low- security scenario, the high-security cases decreased the success rate of compromising the targeted asset. However, enabling every possible defenses, there were no attack paths generated, but the results showed that an attacker still can perform other sorts of attacks. It is concluded that if one assumes that the threat model within this work is somewhat identical to the physical IV, there is a possibility of exploiting vulnerabilities if not all defenses are enabled for all components. These results are sought to increase the relevancy of the cybersecurity aspects within the vehicle industry, especially on infotainment systems. / Dagens bilutveckling går snabbt framåt och nya bilmodeller produceras ständigt. Dessa nya fordon är anpassade till dagens digitala samhälle och alla dess behov. En viktig fråga är hur väl säkerheten är involverad i denna tekniska utveckling. Med alla dessa framgångar finns det också möjliga sårbarheter. Därför är cybersäkerhetsaspekten en viktig del i utvecklingen av moderna fordon på grund av möjliga utnyttjanden som har skett och kan ske i framtiden. Huvudproblemet som undersöktes inom ramen för denna avhandling var att undersöka säkerheten hos Volvos infotainmentsystem. För att analysera ett så komplext system skapades en hotmodell genom att samla in nödvändig data, inspektera en fysisk rigg som skickats av tillverkaren och få feedback från branschexperter. Dessutom utfördes flera attacksimuleringar på hotmodellen, vilket genererade flera attackvägar och probabilistiska grafer som analyserades. Detta arbete resulterade i en hotmodell som representerade det fysiska infotainmentsystemet. Modellen innehöll identifieringar av intressanta ingångspunkter från vilka en angripare kan starta olika attacker. Efter undersökning valdes Bluetooth-nätverket och operativsystemet för IHU som ingångspunkter för attacksimuleringarna. De angreppssimuleringar som gjordes på modellen testades i olika scenarier eftersom detta gav ett mer omfattande resultat. Resultaten av angreppssimuleringarna var att i jämförelse med ett scenario med låg säkerhet, minskade högsäkerhetsfallet framgångsfrekvensen för att lyckas med attacken. Om alla tänkbara försvarsmekanismer aktiverades genererades inga angreppsvägar, men resultaten visade att en angripare fortfarande kan utföra andra typer av angrepp. Slutsatsen är att om man antar att hotmodellen inom detta arbete är något identisk med den fysiska infotainmentsystemet, finns det en möjlighet att utnyttja sårbarheter om inte alla försvar är aktiverade för alla komponenter. Dessa resultat syftar till att öka relevansen av cybersäkerhetsaspekterna inom fordonsindustrin, särskilt när det gäller infotainmentsystem.

Threat Modeling

Attack Simulations

Risk Analysis

Cybersecurity

Infotainment System

Vehicle Security

Hotmodeller

Attacksimuleringar

Riskanalys

Cybersäkerhet

Infotainmentsystem

Fordonssäkerhet

Computer Engineering

Datorteknik

A Hands-on Modular Laboratory Environment to Foster Learning in Control System Security

Deshmukh, Pallavi Prafulla

07 July 2016

Cyber-Physical Systems (CPSes) form the core of Industrial Control Systems (ICS) and critical infrastructures. These systems use computers to control and monitor physical processes in many critical industries including aviation, industrial automation, transportation, communications, waste treatment, and power systems. Increasingly, these systems are connected with corporate networks and the Internet, making them susceptible to risks similar to traditional computing systems experiencing cyber-attacks on a conventional IT network. Furthermore, recent attacks like the Stuxnet worm have demonstrated the weaknesses of CPS security, which has gained much attention in the research community to develop more effective security mechanisms. While this remains an important topic of research, often CPS security is not given much attention in undergraduate programs. There can be a significant disconnect between control system engineers with CPS engineering skills and network engineers with an IT background. This thesis describes hands-on courseware to help students bridge this gap. This courseware incorporates cyber-physical security concepts into effective learning modules that highlight real-world technical issues. A modular learning approach helps students understand CPS architectures and their vulnerabilities to cyber-attacks via experiential learning, and acquire practical skills through actively participating in the hands-on exercises. The ultimate goal of these lab modules is to show how an adversary would break into a conventional CPS system by exploiting various network protocols and security measures implemented in the system. A mock testbed environment is created using commercial-off-the-shelf hardware to address the unique aspects of a CPS, and serve as a cybersecurity trainer for students from control system or IT backgrounds. The modular nature of this courseware, which uses an economical and easily replicable hardware testbed, make this experience uniquely available as an adjunct to a conventional embedded system, control system design, or cybersecurity courses. To assess the impact of this courseware, an evaluation survey is developed to measure the understanding of the unique aspects of CPS security addressed. These modules leverage the existing academic subjects, help students understand the sequence of steps taken by adversaries, and serve to bridge theory and practice. / Master of Science

cybersecurity

trust

embedded security

modular education

security lab

hands-on learning

embedded systems

cyber-physical systems

control systems

Navigating Cybersecurity Challenges : Analysing cyber threats and protective strategies for SMEs

Paleczek, Anna-Maria

January 2024

Cybersecurity is a critical concern for all organisations in today’s digital landscape, butespecially for small to medium sized enterprises (SMEs). This thesis investigates the maincyber threats currently relevant for small to medium sized companies as well as whatchallenges these types of companies face in implementing effective cybersecurity measures.Another aim was to identify strategies to help SMEs overcome these challenges and enhancetheir protection against cyberthreats.The data collection method chosen for this thesis was semi-structured interviews based on acomprehensive literature review and with a total of six knowledgeable people in the field. Theresults showed that social engineering and phishing, web-based attacks, malware, maliciousinsiders as well as denial-of-service attacks were the most common cyberthreats faced bySMEs in the last few years. Challenges SMEs face was related to a tendency to underestimatethe risk by management and personnel as well as a general lack of knowledge and awarenessat the companies. Other challenges were resource and technological issues. To protect theirbusiness, most interview participants recommended following a standard like the ones fromthe ISO/IEC 27000 family or an alternative like the SSF 1101. Inventory and risk assessment isrecommended as the first step to take along with hiring employees specifically qualified incybersecurity or taking help from consultants.

cybersecurity

small to medium sized enterprises

small to medium sized businesses

sme

smb

cyber threats

Information Systems

Balancing Security and Efficiency in Isolated QR Code-Based Authentication Systems in Real Estate

Seeth, Axel, Fors, Robin

January 2024

Background. As the real estate sector increasingly integrates smart technology, the security of access control systems like QR code-based authentication needs rigorous enhancement. The prevalent use of QR codes in access management presents unique challenges in security and power efficiency, particularly in standalone systems that operate independently of continuous power sources. Objectives. This thesis aims to develop and explore a secure and efficient QR code-based authentication system tailored for real estate. It focuses on improving security measures against potential breaches and optimising power consumption to extend the lifespan of battery-operated devices. Methods. The research employs a mixed-methods approach, beginning with a comprehensive analysis of existing QR code-based systems to identify common vulnerabilities through threat modeling and a literature review. This is followed by the development of a security framework that addresses these vulnerabilities while considering hardware limitations. The performance of the suggested solution is evaluated. Lastly, a Proof of Concept (PoC) is implemented to validate the effectiveness of the proposed solutions under simulated real-world conditions. Results. The study successfully identifies multiple security vulnerabilities in current QR code systems and introduces a security model that mitigates these risks effectively. The implemented PoC demonstrates a improvement in security without compromising the power efficiency of the authentication system. Power consumption measurements indicate a balanced trade-off between system security and operational longevity. Conclusions. The thesis concludes that enhancing QR code-based authentication systems with a security framework can elevate the security level while maintaining efficient power use. This research contributes to the field by providing a scalable model for secure real estate management that can adapt to various operational environments and hardware configurations. / Bakgrund. I takt med att fastighetssektorn integrerar alltmer smart teknik behöver säkerheten för åtkomstkontrollsystem som använder QR-kodbaserad autentisering förbättras. Den utbredda användningen av QR-koder i åtkomsthantering innebär unika utmaningar för säkerhet och effektivitet, särskilt i fristående system som fungerar oberoende av kontinuerliga strömkällor. Syfte. Arbetet syftar till att utveckla och undersöka ett säkert och effektivt QR-kodbaserat autentiseringssystem anpassat för digitala fastigheter. Arbetet fokuserar på att förbättra säkerhetsåtgärder mot potentiella intrång och optimera energiförbrukning för att förlänga livslängden på batteridrivna enheter. Metod. Forskningen använder olika metoder som börjar med en analys av befintliga QR-kodsystem för att identifiera vanliga sårbarheter genom hotmodellering och en litteraturöversikt. Detta följs av utvecklingen av en säkerhetsram som adresserar dessa sårbarheter samtidigt som hårdvarubegränsningar tas i beaktande. Prestandan hos de föreslagna lösningarna utvärderas. Slutligen skapas en Proof of Concept (PoC) för att validera effektiviteten hos de föreslagna lösningarna under simulerade realistiska förhållanden. Resultat. Studien identifierar flera säkerhetssårbarheter i nuvarande QR-kodsystem och introducerar en säkerhetsmodell som minskar dessa risker. Den genomförda PoC:en visar en förbättring i säkerhet utan att kompromissa med energieffektiviteten i autentiseringssystemet. Mätningar av energiförbrukningen indikerar en balanserad avvägning mellan systemets säkerhet och operationell livslängd. Slutsatser. Arbetet drar slutsatsen att förbättring av QR-kodbaserade autentiseringssystem med ett säkerhetsramverk kan höja säkerhetsnivån samtidigt som effektiv energianvändning bibehålls. Denna forskning bidrar till området genom att tillhandahålla en skalbar modell för säker förvaltning av digitala fastigheter som kan anpassas till olika driftsmiljöer och hårdvarukonfigurationer.

Authentication

Cybersecurity

QR Code

Power Efficiency

Real Estate

Autentisering

Cybersäkerhet

Energieffektivitet

Fastigheter

QR-kod

Computer Systems

Datorsystem

Cyber-security protection techniques to mitigate memory errors exploitation

Marco Gisbert, Héctor

04 November 2016

Tesis por compendio / [EN] Practical experience in software engineering has demonstrated that the goal of building totally fault-free software systems, although desirable, is impossible to achieve. Therefore, it is necessary to incorporate mitigation techniques in the deployed software, in order to reduce the impact of latent faults. This thesis makes contributions to three memory corruption mitigation techniques: the stack smashing protector (SSP), address space layout randomisation (ASLR) and automatic software diversification. The SSP is a very effective protection technique used against stack buffer overflows, but it is prone to brute force attacks, particularly the dangerous byte-for-byte attack. A novel modification, named RenewSSP, has been proposed which eliminates brute force attacks, can be used in a completely transparent way with existing software and has negligible overheads. There are two different kinds of application for which RenewSSP is especially beneficial: networking servers (tested in Apache) and application launchers (tested on Android). ASLR is a generic concept with multiple designs and implementations. In this thesis, the two most relevant ASLR implementations of Linux have been analysed (Vanilla Linux and PaX patch), and several weaknesses have been found. Taking into account technological improvements in execution support (compilers and libraries), a new ASLR design has been proposed, named ASLR-NG, which maximises entropy, effectively addresses the fragmentation issue and removes a number of identified weaknesses. Furthermore, ASLR-NG is transparent to applications, in that it preserves binary code compatibility and does not add overheads. ASLR-NG has been implemented as a patch to the Linux kernel 4.1. Software diversification is a technique that covers a wide range of faults, including memory errors. The main problem is how to create variants, i.e. programs which have identical behaviours on normal inputs but where faults manifest differently. A novel form of automatic variant generation has been proposed, using multiple cross-compiler suites and processor emulators. One of the main goals of this thesis is to create applicable results. Therefore, I have placed particular emphasis on the development of real prototypes in parallel with the theoretical study. The results of this thesis are directly applicable to real systems; in fact, some of the results have already been included in real-world products. / [ES] La creación de software supone uno de los retos más complejos para el ser humano ya que requiere un alto grado de abstracción. Aunque se ha avanzado mucho en las metodologías para la prevención de los fallos software, es patente que el software resultante dista mucho de ser confiable, y debemos asumir que el software que se produce no está libre de fallos. Dada la imposibilidad de diseñar o implementar sistemas libres de fallos, es necesario incorporar técnicas de mitigación de errores para mejorar la seguridad. La presente tesis realiza aportaciones en tres de las principales técnicas de mitigación de errores de corrupción de memoria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) y Automatic Software Diversification. SSP es una técnica de protección muy efectiva contra ataques de desbordamiento de buffer en pila, pero es sensible a ataques de fuerza bruta, en particular al peligroso ataque denominado byte-for-byte. Se ha propuesto una novedosa modificación del SSP, llamada RenewSSP, la cual elimina los ataques de fuerza bruta. Puede ser usada de manera completamente transparente con los programas existentes sin introducir sobrecarga. El RenewSSP es especialmente beneficioso en dos áreas de aplicación: Servidores de red (probado en Apache) y lanzadores de aplicaciones eficientes (probado en Android). ASLR es un concepto genérico, del cual hay multitud de diseños e implementaciones. Se han analizado las dos implementaciones más relevantes de Linux (Vanilla Linux y PaX patch), encontrándose en ambas tanto debilidades como elementos mejorables. Teniendo en cuenta las mejoras tecnológicas en el soporte a la ejecución (compiladores y librerías), se ha propuesto un nuevo diseño del ASLR, llamado ASLR-NG, el cual: maximiza la entropía, soluciona el problema de la fragmentación y elimina las debilidades encontradas. Al igual que la solución propuesta para el SSP, la nueva propuesta de ASLR es transparente para las aplicaciones y compatible a nivel binario sin introducir sobrecarga. ASLR-NG ha sido implementado como un parche del núcleo de Linux para la versión 4.1. La diversificación software es una técnica que cubre una amplia gama de fallos, incluidos los errores de memoria. La principal dificultad para aplicar esta técnica radica en la generación de las "variantes", que son programas que tienen un comportamiento idéntico entre ellos ante entradas normales, pero tienen un comportamiento diferenciado en presencia de entradas anormales. Se ha propuesto una novedosa forma de generar variantes de forma automática a partir de un mismo código fuente, empleando la emulación de sistemas. Una de las máximas de esta investigación ha sido la aplicabilidad de los resultados, por lo que se ha hecho especial hincapié en el desarrollo de prototipos sobre sistemas reales a la par que se llevaba a cabo el estudio teórico. Como resultado, las propuestas de esta tesis son directamente aplicables a sistemas reales, algunas de ellas ya están siendo explotadas en la práctica. / [CA] La creació de programari suposa un dels reptes més complexos per al ser humà ja que requerix un alt grau d'abstracció. Encara que s'ha avançat molt en les metodologies per a la prevenció de les fallades de programari, és palès que el programari resultant dista molt de ser confiable, i hem d'assumir que el programari que es produïx no està lliure de fallades. Donada la impossibilitat de dissenyar o implementar sistemes lliures de fallades, és necessari incorporar tècniques de mitigació d'errors per a millorar la seguretat. La present tesi realitza aportacions en tres de les principals tècniques de mitigació d'errors de corrupció de memòria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) i Automatic Software Diversification. SSP és una tècnica de protecció molt efectiva contra atacs de desbordament de buffer en pila, però és sensible a atacs de força bruta, en particular al perillós atac denominat byte-for-byte. S'ha proposat una nova modificació del SSP, RenewSSP, la qual elimina els atacs de força bruta. Pot ser usada de manera completament transparent amb els programes existents sense introduir sobrecàrrega. El RenewSSP és especialment beneficiós en dos àrees d'aplicació: servidors de xarxa (provat en Apache) i llançadors d'aplicacions eficients (provat en Android). ASLR és un concepte genèric, del qual hi ha multitud de dissenys i implementacions. S'han analitzat les dos implementacions més rellevants de Linux (Vanilla Linux i PaX patch), trobant-se en ambdues tant debilitats com elements millorables. Tenint en compte les millores tecnològiques en el suport a l'execució (compiladors i llibreries), s'ha proposat un nou disseny de l'ASLR: ASLR-NG, el qual, maximitza l'entropia, soluciona el problema de la fragmentació i elimina les debilitats trobades. Igual que la solució proposada per al SSP, la nova proposta d'ASLR és transparent per a les aplicacions i compatible a nivell binari sense introduir sobrecàrrega. ASLR-NG ha sigut implementat com un pedaç del nucli de Linux per a la versió 4.1. La diversificació de programari és una tècnica que cobrix una àmplia gamma de fa\-llades, inclosos els errors de memòria. La principal dificultat per a aplicar esta tècnica radica en la generació de les "variants", que són programes que tenen un comportament idèntic entre ells davant d'entrades normals, però tenen un comportament diferenciat en presència d'entrades anormals. S'ha proposat una nova forma de generar variants de forma automàtica a partir d'un mateix codi font, emprant l'emulació de sistemes. Una de les màximes d'esta investigació ha sigut l'aplicabilitat dels resultats, per la qual cosa s'ha fet especial insistència en el desenrotllament de prototips sobre sistemes reals al mateix temps que es duia a terme l'estudi teòric. Com a resultat, les propostes d'esta tesi són directament aplicables a sistemes reals, algunes d'elles ja estan sent explotades en la pràctica. / Marco Gisbert, H. (2015). Cyber-security protection techniques to mitigate memory errors exploitation [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/57806 / Compendio

Discovering Location Patterns in iOS Users Utilizing Machine Learning Methods For Purposes of Digital Forensics Investigations

Milos Stankovic (9741251)

06 August 2024

<p dir="ltr">The proliferation of mobile devices and big data has put digital forensic investigators at a disadvantage. Despite all the technological advances, the tools and methods used during the investigations must catch up. With smartphones becoming integral to crime scenes, often containing multiple instances, courts and law enforcement offices greatly depend on their data. In addition to traditional data on smartphones, such as call logs, text messages, and emails, sensor data can drastically increase the chances of resolving and painting the complete picture of the events required for a successful investigation. While sensor data are collected frequently, it often creates a lot of noise due to the amount of entries over some time. In attempting to decipher the data and link them to the relevant events, digital forensics investigators are prone to missing or simply disregarding the data extracted from smartphones. Interpreting sensor data such as location and various phone activities already collected and extracted can lead to finding two main links required for the investigation: time and location. Knowing an individual's time and location can significantly improve the investigation process and aid in the final outcome. Despite smartphones being capable of collecting sensor data and discovering these two variables, data interpretation and correlation between them still need to be improved. The statement is particularly true for smartphones with newer operating system versions. Due to the special forensic software required to extract the data and the ability to interpret them, digital forensic investigators are either strained for time or are unequipped for processing them.</p><p dir="ltr">In order to mitigate the gap, automation of the process capable of handling large amounts of data while classifying the time and the location appropriate for the investigation is necessary. Reducing investigation times and increasing prediction accuracy will allow faster resolving times while freeing up desperately needed resources for digital forensic investigators. Therefore, this study presents a novel approach to identifying and predicting user locations using machine learning based on various sensor data collected from multiple smartphones. As the first step in achieving the goal, a user study was conducted, collecting real-world data for training and testing of the machine learning models. The process includes engineering the necessary procedures and methodologies required to extract raw data and process them for successful model training. The results showed that the models are capable of differentiating between the three different locations using XGBoost with score test accuracy over 0.88. Additionally, Random Forest Entropy and Random Forest Gini achieved accuracy over 0.85. As for for the results where only two locations were predicted Random Forest Entropy and Random Forest Gini achieved accuracy test score per model over 0.97. </p>

Digital forensics

User Identification

Digital Forensics

Machine Learning

iOS

Smartphone