Global ETD Search

391	Automating Security Risk and Requirements Management for Cyber-Physical Systems Hansch, Gerhard 15 October 2020 (has links) No description available. 510 Management von Sicherheitsrisiken Generieren von Sicherheitsanforderungen IT-Sicherheitsmanagement Kontinuierliches Risikomanagement Cybersecurity engineering Security risk management Machine-readable security requirements Risk-driven security Security engineering Security requirements Security risk assessment Security risk mitigation Security risk monitoring Cybersecurity compliance Automotive security CPS security IIoT security OT security Informatik (PPN619939052)
392	Analysis, evaluation, measurements and implementation of network security systems and their critical points of failure during COVID-19 / Analys, utvärdering, mätningar och implementering av nätverkssäkerhetssystem och deras kritiska felpunkter under COVID-19 Olmedilla Belinchón, Adrián January 2023 (has links) This study analyses the evolution of the COVID-19 pandemic from a cybersecurity perspective, highlighting the different types of cyber-attacks experienced that happened around the world. In addition, this thesis shows the different types of cyber-attacks produced due to the lack of security employed during the pandemic crisis and how were the reactions of the different organizations to solving the problem. Furthermore, there are different statistics and graphical tables that show the evolution and how it covered the main types of cyber-attacks by the majority of organizations. The analysis reveals a view of those different attacks that can show in various forms. How the cybercriminals leverage the different vulnerabilities of corporate networks in a never-explored perspective makes this review different from other present papers on the COVID-19 pandemic. In addition, the study manifests the different recommendations proposed by the different experts to avoid a similar situation in times of crisis, making that study a guide to avoid similar situations in the future. In fact, the information extracted from different specialized sources will be used to carry out an objective study. / Den här studien analyserar utvecklingen av covid-19-pandemin ur ett cybersäkerhetsperspektiv, och lyfter fram de olika typer av cyberattacker som upplevts runt om i världen. Dessutom visar denna avhandling de olika typerna av cyberattacker som skapats på grund av bristen på säkerhet som användes under pandemikrisen och hur de olika organisationerna reagerade på att lösa problemet. Dessutom finns det olika statistik och grafiska tabeller som visar utvecklingen och hur den täckte huvudtyperna av cyberattacker från majoriteten av organisationer. Analysen visar en syn på de olika attackerna som kan visa sig i olika former. Hur cyberbrottslingarna utnyttjar de olika sårbarheterna i företagsnätverk i ett aldrig utforskat perspektiv gör att denna recension skiljer sig från andra nuvarande artiklar om covid-19-pandemin. Dessutom visar studien de olika rekommendationerna som föreslagits av de olika experterna för att undvika en liknande situation i kristider, vilket gör den studien till en guide för att undvika liknande situationer i framtiden. Faktum är att informationen från olika specialiserade källor kommer att användas för att genomföra en objektiv studie. / Este estudio analiza la evolución de la pandemia de COVID-19 desde una perspectiva de ciberseguridad, destacando los diferentes tipos de ciberataques experimentados en todo el mundo. Además, esta tesis muestra los diferentes tipos de ciberataques producidos por la falta de seguridad empleada durante la crisis de la pandemia y cómo fueron las reacciones de las diferentes organizaciones ante la solución del problema. Además, existen diferentes estadísticas y tablas gráficas que muestran la evolución y cómo se cubrieron los principales tipos de ciberataques por parte de la mayoría de las organizaciones. El análisis revela una visión de esos diferentes ataques que pueden manifestarse de diversas formas. La forma en que los ciberdelincuentes aprovechan las diferentes vulnerabilidades de las redes corporativas en una perspectiva nunca explorada hace que esta revisión sea diferente de otros documentos actuales sobre la pandemia de COVID-19. Además, el estudio pone de manifiesto las diferentes recomendaciones propuestas por los diferentes expertos para evitar una situación similar en tiempos de crisis, convirtiendo dicho estudio en una guía para evitar situaciones similares en el futuro. De hecho, se utilizará la información extraída de diferentes fuentes especializadas para realizar un estudio objetivo. COVID-19 Cyber-attack Internet security Cybersecurity threats Remote Work Cybersecurity Awareness COVID-19 cyber-attack Internetsäkerhet Cybersäkerhetshot Fjärrarbete Cybersäkerhetsmedvetenhet COVID-19 Ataque cibernético Seguridad en Internet Amenazas a la seguridad cibernética Trabajo remoto Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
393	DESIGN AND DEVELOPMENT OF A REAL-TIME CYBER-PHYSICAL TESTBED FOR CYBERSECURITY RESEARCH Vasileios Theos (16615761) 03 August 2023 (has links) <p>Modern reactors promise enhanced capabilities not previously possible including integration with the smart grid, remote monitoring, reduced operation and maintenance costs, and more efficient operation. . Modern reactors are designed for installation to remote areas and integration to the electric smart grid, which would require the need for secure undisturbed remote control and the implementation of two-way communications and advanced digital technologies. However, two-way communications between the reactor facility, the enterprise network and the grid would require continuous operation data transmission. This would necessitate a deep understanding of cybersecurity and the development of a robust cybersecurity management plan in all reactor communication networks. Currently, there is a limited number of testbeds, mostly virtual, to perform cybersecurity research and investigate and demonstrate cybersecurity implementations in a nuclear environment. To fill this gap, the goal of this thesis is the development of a real-time cyber-physical testbed with real operational and information technology data to allow for cybersecurity research in a representative nuclear environment. In this thesis, a prototypic cyber-physical testbed was designed, built, tested, and installed in PUR-1. The cyber-physical testbed consists of an Auxiliary Moderator Displacement Rod (AMDR) that experimentally simulates a regulating rod, several sensors, and digital controllers mirroring Purdue University Reactor One (PUR-1) operation. The cyber-physical testbed is monitored and controlled remotely from the Remote Monitoring and Simulation Station (RMSS), located in another building with no line of sight to the reactor room. The design, construction and testing of the cyber-physical testbed are presented along with its capabilities and limitations. The cyber-physical testbed network architecture enables the performance of simulated cyberattacks including false data injection and denial of service. Utilizing the RMSS setup, collected information from the cyber-physical testbed is compared with real-time operational PUR-1 data in order to evaluate system response under simulated cyber events. Furthermore, a physics-based model is developed and benchmarked to simulate physical phenomena in PUR-1 reactor pool and provide information about reactor parameters that cannot be collected from reactor instrumentation system.</p> advanced nuclear reactors I&C Architecture Cybersecurity Digital Twin (DT) Penetration Testing Cyberattack Nuclear Reactor PUR-1 Industrial Control System (ICS)
394	Increasing Effectiveness of U.S. Counterintelligence: Domestic and International Micro-Restructuring Initiatives to Mitigate Ferguson, Cody J. 20 August 2012 Approved for public release; distribution is unlimited. / Cyberespionage is a prolific threat that undermines the power projection capacity of the United States through reduced economic prowess and a narrowing of the technical advantage employed by the American military. International attempts to limit hostile cyber activity through the development of institutions, normative patterns of behavior, or assimilation of existing laws do not provide the American national security decision maker with a timely or effective solution to address these threats. Unfortunately, the stove-piped, redundant and inefficient nature of the U.S. counterintelligence community does not deliver a viable alternative to mitigating cyberespionage in an effective manner. Instituting a domestic and international micro-restructuring approach within the Department of Defense (DoD) addresses the need for increased effectiveness within an environment of fiscal responsibility. Domestic restructuring places emphasis on developing a forcing mechanism that compels the DoD counterintelligence services to develop joint approaches for combating cyberespionage by directly addressing the needs of the Combatant Commands. International restructuring places an emphasis on expanding cybersecurity cooperation to like-minded nations and specifically explores the opportunity and challenges for increased cyber cooperation with Taiwan. This approach recognizes that Taiwan and the United States are both negatively affected from hostile cyber activity derived from within the People’s Republic of China. Counterintelligence Reform Restructuring Effectiveness Counterespionage Counter-espionage Cyberespionage Cyber-espionage Cybersecurity Cyber-security Cyberattack Cyber-attack Taiwan Naval Criminal Investigative Service NCIS AFOSI Law Enforcement Micro-restructing
395	Bankernas utmaningar under digitaliseringens framfart : En kvalitativ studie om hur banker hanterar förtroenderelaterade frågor gentemot sina kunder under den digitala utvecklingen Thomas, Tomas, Poli, Tobil January 2017 (has links) Bakgrund: Banksektorn genomgår en digital utveckling och förändringen sker i en allt snabb takt. Nya marknadsförhållanden med regelverk, en förändrad konkurrenssituation och ett förändrat kundbeteende har ställt banksektorn inför nya utmaningar och möjligheter som bankerna behöver förhålla sig till för att upprätthålla och stärka förtroendet gentemot sina kunder. Syfte: Studiens huvudsyfte är att undersöka hur banker hanterar förtroenderelaterade frågor under den ökade digitaliseringen inom banksektorn. Vidare syftar studien till att skapa en djupare förståelse för robotiserade rådgivningsprocesser och dess påverkan på bankkundernas förtroende i samband med att den fysiska kontakten mellan bank och kund minskar. Metod: Studien är utav en kvalitativ karaktär med en abduktiv forskningsansats och baseras på intervjuer med fem respondenter med relevanta yrkesroller som berör digitalisering- och förtroendefrågor inom den svenska banksektorn. Slutsats: Studiens resultat påvisar att digitaliseringen medför nya möjligheter och utmaningar som bankerna kan dra nytta av förutsatt att dem hanterar den digitala utvecklingen på ett korrekt sätt. Resultatet tyder vidare på att bankerna behöver förhålla sig till dem förändrade marknadsförhållandena och ständigt bemöta kundernas förväntansbild. / Background: The banking industry is facing a digital transformation and the change is taking place at a rapid pace. New market conditions, a changing competitive situation and a changing customer behavior have put the banking industry in front of new challenges and opportunities that banks needs to manage to maintain and strengthen their customers trust towards themselves. Purpose: The main purpose of the study is to investigate how banks handles trust-related issues in the context of the increased digitalization in the banking industry. Furthermore, the study aims to create a deeper understanding of robo-advising and its impact on banking customers' trust while the physical contact between banks and customers decreases. Method: The study is of a qualitative character and follows an abductive research effort. The study is based on interviews with five respondents with relevant professional roles that concern digitalization and trust within the Swedish banking industry. Conclusion: The study's results show that digitalization brings new opportunities and challenges that banks can benefit from, given they handle the digital development properly. The result further indicates that banks need to manage the changing market conditions and constantly respond to customers' expectations. Digitalization trust advise consultation robo-advisor diffusion adoption competition CRM cybersecurity communication information customer relationship Digitalisering förtroende rådgivning robotrådgivning diffusion adoption konkurrens CRM cybersäkerhet kommunikation information kundrelation Business Administration Företagsekonomi
396	Integration of CTI into security management Takacs, Gergely January 2019 (has links) Current thesis is a documentative approach to sum up experiences of a practical projectof implementing Cyber Threat Intelligence into an existing information securitymanagement system and delivering best practices using action design researchmethodology. The project itself was delivered to a multinational energy provider in 2017.The aim of the CTI-implementation was to improve the information security posture ofthe customer. The author, as participant of the delivery team presents an extensive reviewof the current literature on CTI and puts the need for threat intelligence into context. Theauthor claims that traditional security management is not able to keep up with currentcybersecurity threats which makes a new approach required. The thesis gives an insightof an actually working and continuously developed CTI-service and offers possible bestpractices for InfoSec professionals, adds theoretical knowledge to the body of knowledgeand opens up new research areas for researchers. Cyber Threat Intelligence CTI security management information security InfoSec operational CTI technical CTI threat intelligence TIP threat information portal cybersecurity threat management risk management InfoSec management Computer Systems Datorsystem
397	Prise en compte des risques de cyber-attaques dans le domaine de la sécurité des systèmes cyber-physiques : proposition de mécanismes de détection à base de modèles comportementaux / Addressing cyber-attack risks for the security of cyber-physical systems : proposition of detection mechanisms based on behavioural models Sicard, Franck 11 October 2018 (has links) Les systèmes de contrôle-commande industriels (Industrial Control System, ICS) sont des infrastructures constituées par un ensemble de calculateurs industriels reliés en réseau et permettant de contrôler un système physique. Ils assurent le pilotage de réseaux électriques (Smart Grid), de systèmes de production, de transports, de santé ou encore de systèmes d’armes. Pensés avant tout pour assurer productivité et respect de la mission dans un environnement non malveillant, les ICS sont, depuis le 21ème siècle, de plus en plus vulnérables aux attaques (Stuxnet, Industroyer, Triton, …) notamment avec l’arrivée de l’industrie 4.0. De nombreuses études ont contribué à sécuriser les ICS avec des approches issues du domaine de la sécurité (cryptographie, IDS, etc…) mais qui ne tiennent pas compte du comportement du système physique et donc des conséquences de l’acte de malveillance en lui-même. Ainsi, une sécurisation se limitant exclusivement à l’analyse des informations qui transitent sur un réseau industriel n’est pas suffisante. Notre approche amène un changement de paradigme dans les mécanismes de détection en y intégrant la modélisation du comportement du système cyber-physique.Cette thèse propose des mécanismes de détection d’attaques en se positionnant au plus proche de la physique. Ils analysent les données échangées entre le système de contrôle-commande et le système physique, et filtrent les échanges au travers de modèles déterministes qui représentent le comportement du système physique soumis à des lois de commande. A cet effet, une méthodologie de conception a été proposée dans laquelle l’ensemble des ordres est identifié afin de détecter les attaques brutales. Pour faire face aux autres attaques, en particulier celles plus sournoises, comme les attaques par séquences, nous proposons une stratégie de détection complémentaire permettant d’estimer l’occurrence d’une attaque avant que ses conséquences ne soient destructives. A cet effet, nous avons développé des concepts de distance d’un état caractérisé comme critique auquel nous avons adjoint un second mécanisme dit de trajectoire dans le temps permettant de caractériser une intention de nuire.L’approche proposée hybride ainsi deux techniques orientées sécurité (sonde IDS) et sûreté (approche filtre) pour proposer une stratégie de détection basée sur quatre mécanismes lié :• A la détection de contexte : basé sur l’état courant de l’ICS, un ordre émis par l’API peut être bloqué s’il conduit vers un état critique (attaque brutale).• Aux contraintes combinatoires (attaque par séquences) : vérifiées par les concepts de distance et de trajectoire (évolution de la distance).• Aux contraintes temporelles (attaque temporelle) : vérifiées par des fenêtres temporelles sur l’apparition d’évènements et d’indicateurs surveillant la durée moyenne d’exécution.• Aux sur-sollicitations basées sur un indicateur surveillant les commandes envoyées afin de prévenir un vieillissement prématuré (attaque sur les équipements).L’approche proposée a été appliquée sur différents exemples de simulation et sur une plateforme industrielle réelle où la stratégie de détection a montré son efficacité face à différents profils d’attaquant. / Industrial Control Systems (ICSs) are infrastructures composed by several industrial devices connected to a network and used to control a physical system. They control electrical power grid (Smart Grid), production systems (e.g. chemical and manufacturing industries), transport (e.g. trains, aircrafts and autonomous vehicles), health and weapon systems. Designed to ensure productivity and respect safety in a non-malicious environment, the ICSs are, since the 21st century, increasingly vulnerable to attacks (e.g. Stuxnet, Industroyer, Triton) especially with the emergence of the industry 4.0. Several studies contributed to secure the ICS with approaches from the security field (e.g. cryptography, IDS) which do not take into account the behavior of the physical system and therefore the consequences of the malicious act. Thus, a security approach limited exclusively to the analysis of information exchanged by industrial network is not sufficient. Our approach creates a paradigm shift in detection mechanisms by integrating the behavioral modeling of the cyber-physical system.This thesis proposes detection mechanisms of attacks by locating detection closer to physical system. They analyze the data exchanged between the control system and the physical system, and filter the exchanges through deterministic models that represent the behavior of the physical system controlled by control laws. For this purpose, a design methodology has been proposed in which all actions are identified in order to instantly detect brutal attacks. To deal with other attacks, especially the more sneaky, such as sequential attacks, we propose a complementary detection strategy to estimate the occurrence of an attack before its consequences are destructive. To this end, we have developed the concepts of distance of a state identified as critical to which we have added a second mechanism called trajectory which leads to a temporal notion that characterize an intention to harm.As part of this thesis, the proposed approach combines two techniques oriented security (IDS probe) and safety (filter approach) to propose a detection strategy based on four mechanisms related to:• Context detection: based on the current state of the system, an order sent by the PLC can be blocked by the control filter if it leads to a critical state (brutal attack).• Combinatorial constraints (sequential attack): verified by the concepts of distance (risk indicator for the current state) and trajectory (indicator of the intention to harm by studying the evolution of the distance on a sequence).• Temporal constraints (temporal attack): verified by time windows on the appearance of events and an indicator monitoring the average duration of execution.• Over-solicitation monitoring mechanism: based on an indicator monitoring orders sent to the actuators to prevent premature ageing of the production equipment (attack on the equipment).The proposed approach has been applied to various simulation examples and an industrial platform where the detection strategy has shown its effectiveness against different scenarios corresponding to attacker profiles. Détection à base de modèles Surveillance Contrôle-Commande Systèmes à évènements discrets Cybersécurité Systèmes Cyber-Physiques Model-Based Detection System Monitoring Industrial Control Systems Discrete-Event Systems Cybersecurity Cyber-Physical Systems 004
398	Unités arithmétiques et cryptoprocesseurs matériels pour la cryptographie sur courbe hyperelliptique / Hardware arithmetic units and cryptoprocessors for hyperelliptic curve cryptography Gallin, Gabriel 29 November 2018 (has links) De nombreux systèmes numériques nécessitent des primitives de cryptographie asymétrique de plus en plus performantes mais aussi robustes aux attaques et peu coûteuses pour les applications embarquées. Dans cette optique, la cryptographie sur courbe hyperelliptique (HECC) a été proposée comme une alternative intéressante aux techniques actuelles du fait de corps finis plus petits. Nous avons étudié des cryptoprocesseurs HECC matériels performants, flexibles et robustes contre certaines attaques physiques. Tout d’abord, nous avons proposé une nouvelle architecture d’opérateurs exécutant, en parallèle, plusieurs multiplications modulaires (A × B) mod P, où P est un premier générique de quelques centaines de bits et configurable dynamiquement. Elle permet le calcul de la grande majorité des opérations nécessaires pour HECC. Nous avons développé un générateur d’opérateurs, distribué en logiciel libre, pour l'exploration de nombreuses variantes de notre architecture. Nos meilleurs opérateurs sont jusqu'à 2 fois plus petits et 2 fois plus rapids que les meilleures solutions de l'état de l'art. Ils sont aussi flexibles quant au choix de P et atteignent les fréquences maximales du FPGA. Dans un second temps, nous avons développé des outils de modélisation et de simulation pour explorer, évaluer et valider différentes architectures matérielles pour la multiplication scalaire dans HECC sur les surfaces de Kummer. Nous avons implanté, validé et évalué les meilleures architectures sur différents FPGA. Elles atteignent des vitesses similaires aux meilleures solutions comparables de l’état de l’art, mais pour des surfaces réduites de moitié. La flexibilité obtenue permet de modifier lors de l'exécution les paramètres des courbes utilisées. / Many digital systems require primitives for asymmetric cryptography that are more and more efficient but also robust to attacks and inexpensive for embedded applications. In this perspective, and thanks to smaller finite fields, hyperelliptic curve cryptography (HECC) has been proposed as an interesting alternative to current techniques. We have studied efficient and flexible hardware HECC cryptoprocessors that are also robust against certain physical attacks. First, we proposed a new operator architecture able to compute, in parallel, several modular multiplications (A × B) mod P, where P is a generic prime of a few hundred bits and configurable at run time. It allows the computation of the vast majority of operations required for HECC. We have developed an operator generator, distributed in free software, for the exploration of many variants of our architecture. Our best operators are up to 2 times smaller and twice as fast as the best state-of-the-art solutions. They are also flexible in the choice of P and reach the maximum frequencies of the FPGA. In a second step, we developed modeling and simulation tools to explore, evaluate and validate different hardware architectures for scalar multiplication in HECC on Kummer surfaces. We have implemented, validated and evaluated the best architectures on various FPGA. They reach speeds similar to the best comparable solutions of the state of the art, but for halved surfaces. The flexibility obtained makes it possible to modify the parameters of the curves used during execution. Cybersécurité Cryptographie à clé publique Cryptographie sur courbe hyperelliptique FPGA Multiplication modulaire Opérateurs arithmétiques matériels Cryptoprocesseurs matériels Exploration d'architectures Systèmes embarqués Cybersecurity Asymetric cryptography Hyperelliptic curve cryptography FPGA Modular multiplication Hardware arithmetic units Hardware cryptoprocessors Architectural exploration Embedded systems
399	Wireless Sensing in Vehicular Networks:Road State Inference and User Authentication Tulay, Halit Bugra 27 September 2022 (has links) No description available. Electrical Engineering Engineering Computer Engineering Computer Science wireless sensing vehicular ad hoc networks VANET road state inference traffic monitoring user authentication Sybil attack detection cybersecurity pyhsical layer security intelligent transportation systems DSRC
400	La contribution des dynamiques internationales formelles au renforcement de la cybersécurité canadienne Vodouhe, Carolle 05 1900 (has links) No description available. Canada convention de Budapest cybersécurité cybercriminalité infrastructures critiques cybercrimes de type 1 MSP Canada Budapest Convention cybersecurity cybercriminality critical infrastructure cybercrimes type 1 MSP

Search results