Global ETD Search

11	A Novel Framework For Detecting Subdomain State Against Takeover Attacks Jayaprakash, Rigved, Kalariyil Venugopal, Vishnu January 2022 (has links) The Domain Name System (DNS) oversees the internet's architecture, providing pointers to both internal and external services. Consequently, enterprises increase their attack surface while simultaneously increasing their exposure to potential cyber threats. Subdomain takeovers happen when a subdomain leads to a website that no longer exists. As a result, the subdomain will be in control of an attacker. A compromised subdomain may be the access point to many attacks like information threats, phishing attacks, infrastructure intrusion and many more. Subdomain takeover attacks are one of the overlooked attack surfaces related to cyber security. This thesis aims to investigate the subdomain takeover attacks, how the attacks happen, the attack methodology by an attacker and drawbacks in the current strategies and tools, which are countermeasures for subdomain takeover attacks. The research focuses on resolving an intrusion from happening within the perspective of an enterprise standpoint. A new custom framework which resolves the subdomain takeover attacks was developed. A comparative study of the newly developed framework and the existing open-source tools and their response to an attack scenario too is made. Also, a comparison of the leading cloud platforms was conducted and their existing security features and mitigation measures for similar attacks and threats. Domain Name Servers Subdomain Subdomain Takeovers Open-source tools Google Cloud Platform Dangling DNS Entry Second Order Subdomain Takeover Subdomain Enumeration and Discovery subdomain validation Computer Sciences Datavetenskap (datalogi)
12	Machine Learning implementation for Stress-Detection Madjar, Nicole, Lindblom, Filip January 2020 (has links) This project is about trying to apply machine learning theories on a selection of data points in order to see if an improvement of current methodology within stress detection and measure selecting could be applicable for the company Linkura AB. Linkura AB is a medical technology company based in Linköping and handles among other things stress measuring for different companies employees, as well as health coaching for selecting measures. In this report we experiment with different methods and algorithms under the collective name of Unsupervised Learning, to identify visible patterns and behaviour of data points and further on we analyze it with the quantity of data received. The methods that have been practiced on during the project are “K-means algorithm” and a dynamic hierarchical clustering algorithm. The correlation between the different data points parameters is analyzed to optimize the resource consumption, also experiments with different number of parameters are tested and discussed with an expert in stress coaching. The results stated that both algorithms can create clusters for the risk groups, however, the dynamic clustering method clearly demonstrate the optimal number of clusters that should be used. Having consulted with mentors and health coaches regarding the analysis of the produced clusters, a conclusion that the dynamic hierarchical cluster algorithm gives more accurate clusters to represent risk groups were done. The conclusion of this project is that the machine learning algorithms that have been used, can categorize data points with stress behavioral correlations, which is usable in measure testimonials. Further research should be done with a greater set of data for a more optimal result, where this project can form the basis for the implementations. / Detta projekt handlar om att försöka applicera maskininlärningsmodeller på ett urval av datapunkter för att ta reda på huruvida en förbättring av nuvarande praxis inom stressdetektering och åtgärdshantering kan vara applicerbart för företaget Linkura AB. Linkura AB är ett medicintekniskt företag baserat i Linköping och hanterar bland annat stressmätning hos andra företags anställda, samt hälso-coachning för att ta fram åtgärdspunkter för förbättring. I denna rapport experimenterar vi med olika metoder under samlingsnamnet oövervakad maskininlärning för att identifiera synbara mönster och beteenden inom datapunkter, och vidare analyseras detta i förhållande till den mängden data vi fått tillgodosett. De modeller som har använts under projektets gång har varit “K-Means algoritm” samt en dynamisk hierarkisk klustermodell. Korrelationen mellan olika datapunktsparametrar analyseras för att optimera resurshantering, samt experimentering med olika antal parametrar inkluderade i datan testas och diskuteras med expertis inom hälso-coachning. Resultaten påvisade att båda algoritmerna kan generera kluster för riskgrupper, men där den dynamiska modellen tydligt påvisar antalet kluster som ska användas för optimalt resultat. Efter konsultering med mentorer samt expertis inom hälso-coachning så drogs en slutsats om att den dynamiska modellen levererar tydligare riskkluster för att representera riskgrupper för stress. Slutsatsen för projektet blev att maskininlärningsmodeller kan kategorisera datapunkter med stressrelaterade korrelationer, vilket är användbart för åtgärdsbestämmelser. Framtida arbeten bör göras med ett större mängd data för mer optimerade resultat, där detta projekt kan ses som en grund för dessa implementeringar. BigQuery Cloud Computing Clustering Dynamic clustering algorithm Google Cloud Platform Health coaching HRV-values K-Means algorithm Machine learning Stress Unsupervised learning. Computer and Information Sciences Data- och informationsvetenskap
13	Autentiseringsprocesser i molnbaserade datortjänster Göthesson, Richard, Hedman, Gustav January 2016 (has links) Tidigare forskning har påvisat brister i olika former av autentiseringsprocesser som leder till autentiseringsattacker. Målet med vår studie är att presentera ett antal riktlinjer som företag och privatpersoner kan följa för att minimera risken för autentiseringsattacker. Metoderna som användes för att komma fram till dessa riktlinjer var kvalitativa där en praktisk observationsstudie, en litteraturstudie samt en enkätundersökning låg till grund för vår insamlade data. Resultatet av studien pekar på att Google Cloud Platform, Amazon Web Services och Microsoft Azure alla har en stark autentiseringsprocess i jämförelse med kritik från tidigare forskning. Enkätundersökningen visade dessutom att olika former av alternativ autentisering, såsom Two Factor Authentication (2FA) och Multi Factor Authentication (MFA), rekommenderas för ett starkt försvar mot autentiseringsattacker.Uppsatsens resultat pekar även på att användarens egenansvar i autentiseringsprocessen är av stor vikt för att minimera risken för autentiseringsattacker. Säkra lösenord bör konstrueras och frekvent bytas ut. Även alternativ autentisering och begränsning av användarens tillgång till känslig information bör tillämpas. / Previous research has shown deficiencies in various forms of authentication processes that lead to authentication attacks. The goal of our study is to present a number of guidelines that businesses and individuals can follow to minimize the risk of authentication attacks. The methods used to reach these guidelines were qualitative. They consisted of a practical observational study, a literature review and a survey, which formed the basis of our collected data. The results of the study indicate that Google Cloud Platform, Amazon Web Services and Microsoft Azure all have a strong authentication process in comparison with the criticism of previous research. The survey also showed that different forms of authentication methods, such as the Two Factor Authentication (2FA) and Multi Factor Authentication (MFA), are recommended for a strong defense against authentication attacks.The thesis’ results also points to the user’s own responsibility in the authentication process are essential to minimize the risk of authentication attacks. Secure passwords should be designed and frequently replaced. Alternative authentication and restricted access to sensitive information for the user should also be applied. molnbaserade datortjänster autentiseringsattacker autentisering Microsoft Azure Google Cloud Platform Amazon Web Services authentication cloud computing guidelines authentication attacks Engineering and Technology Teknik och teknologier
14	Bezpečná implementace technologie blockchain / Secure Implementation of Blockchain Technology Kovář, Adam January 2020 (has links) This thesis describes basis of blockchain technology implementation for SAP Cloud platform with emphasis to security and safety of critical data which are stored in blockchain. This diploma thesis implements letter of credit to see and control business process administration. It also compares all the possible technology modification. Thesis describes all elementary parts of software which are necessary to implement while storing data and secure integrity. This thesis also leverages ideal configuration of each programable block in implementation. Alternative configurations of possible solutions are described with pros and cons as well. Another part of diploma thesis is actual working implementation as a proof of concept to cover letter of credit. All parts of code are design to be stand alone to provide working concept for possible implementation and can source as a help to write productive code. User using this concept will be able to see whole process and create new statutes for whole letter of credit business process.
15	En nystart på måndag : En fallstudie om implementation och användning av en molnbaserad IT-plattform / A fresh start on Monday : A case study on the implementation and use of a cloud-based IT platform Olofsson, Amie, Vänehem, Liv January 2022 (has links) Digitization has changed the conditions in which organizations can operate and conduct their business through digital workplaces. In order to meet the organizational requirements and technologies that digitalization entails, the digital workplace needs to be adaptable as well as strategically coordinated. Organizations also need to provide digital tools and systems to be able to work in the digital workplace. For that reason, the importance of the underlying technologies becomes crucial in the digital workplace. The purpose of this study is to achieve a deeper understanding of individual experiences in relation to the implementation and usage of a new IT platform. To answer the purpose of this study, we used a case study in which we conducted semi-structured interviews together with observations. This resulted in findings based on individual experiences that show both aspects of challenges and opportunities with the use of the IT platform. The conclusions that we established through this study are that learning and education in how the platform is expected to be used, as well as the platform's complexity, affect understanding and use of the IT platform. More businesses and organizations are going digital, and the conditions under which they operate and conduct business through digital workplaces are constantly changing. This study looks at how digital tools are used in one specific organization and how they might be made more efficient. Something that we believe can benefit both learning and development in other digital organizations' work. Virtual teams organizational learning cloud computing adoption VHRD digital workplace system implementation work OS cloud platform virtual organization cloud-based system Information Systems, Social aspects
16	Cost optimization in the cloud : An analysis on how to apply an optimization framework to the procurement of cloud contracts at Spotify Ekholm, Harald, Englund, Daniel January 2020 (has links) In the modern era of IT, cloud computing is becoming the new standard. Companies have gone from owning their own data centers to procuring virtualized computational resources as a service. This technology opens up for elasticity and cost savings. Computational resources have gone from being a capital expenditure to an operational expenditure. Vendors, such as Google, Amazon, and Microsoft, offer these services globally with different provisioning alternatives. In this thesis, we focus on providing a cost optimization algorithm for Spotify on the Google Cloud Platform. To achieve this we construct an algorithm that breaks up the problem in four different parts. Firstly, we generate trajectories of monthly active users. Secondly, we split these trajectories up in regions and redistribute monthly active users to better describe the actual Google Cloud Platform footprint. Thirdly we calculate usage per monthly active users quotas from a representative week of usage and use these to translate the redistributed monthly active users trajectories to usage. Lastly, we apply an optimization algorithm to these trajectories and obtain an objective value. These results are then evaluated using statistical methods to determine the reliability. The final model solves the problem to optimality and provides statistically reliable results. As a consequence, we can give recommendations to Spotify on how to minimize their cloud cost, while considering the uncertainty in demand. cloud computing Spotify monte carlo MC stochastic processes stochastic programming Google Cloud Platform GCP IT computational resources optimization cost optimization forecast procurement Mathematics Matematik Probability Theory and Statistics Sannolikhetsteori och statistik Mathematical Analysis Matematisk analys Computational Mathematics Beräkningsmatematik
17	Virtual machine experience design : a predictive resource allocation approach for cloud infrastructures / Design de l'expérience utilisateur dans les machines virtuelles : l'approche de l'allocation de ressources prédictive pour les infrastructures cloud Pérennou, Loïc 23 October 2019 (has links) L’un des principaux défis des fournisseurs de services cloud est d’offrir aux utilisateurs une performance acceptable, tout en minimisant les besoins en matériel et énergie. Dans cette thèse CIFRE menée avec Outscale, un fournisseur de cloud, nous visons à optimiser l’allocation des ressources en utilisant de nouvelles sources d’information. Nous caractérisons la charge de travail pour comprendre le stress résultant sur l’orchestrateur, et la compétition pour les ressources disponibles qui dégrade la qualité de service. Nous proposons un modèle pour prédire la durée d’exécution des VMs à partir de caractéristiques prédictives disponibles au démarrage. Enfin, nous évaluons la sensibilité aux erreurs d’un algorithme de placement des VMs de la littérature qui se base sur ces prédictions. Nous ne trouvons pas d’intérêt à coupler note système prédictif avec cet algorithme, mais nous proposons d’autres façons d’utiliser les prédictions pour optimiser le placement des VMs. / One of the main challenges for cloud computing providers remains to offer trustable performance for all users, while maintaining an efficient use of hardware and energy resources. In the context of this CIFRE thesis lead with Outscale, apublic cloud provider, we perform an in-depth study aimed at making management algorithms use new sources of information. We characterize Outscale’s workload to understand the resulting stress for the orchestrator, and the contention for hardware resources. We propose models to predict the runtime of VMs based on features which are available when they start. We evaluate the sensitivity with respect to prediction error of a VM placement algorithm from the literature that requires such predictions. We do not find any advantage in coupling our prediction model and the selected algorithm, but we propose alternative ways to use predictions to optimize the placement of VMs. Apprentissage automatique Orchestrateur Qualité de service Placement de machine virtuelle Infrastructure à la demande (IaaS) Plateforme cloud Machine learning Orchestrator Quality of service Virtual machine placement Infrastructure as a Service (IaaS) Cloud platform 004.678 2 005.447 6
18	A Qualitative Comparative Analysis of Data Breaches at Companies with Air-Gap Cloud Security and Multi-Cloud Environments T Richard Stroupe Jr. (17420145) 20 November 2023 (has links) <p dir="ltr">The purpose of this qualitative case study was to describe how multi-cloud and cloud-based air gapped system security breaches occurred, how organizations responded, the kinds of data that were breached, and what security measures were implemented after the breach to prevent and repel future attacks. Qualitative research methods and secondary survey data were combined to answer the research questions. Due to the limited information available on successful unauthorized breaches to multi-cloud and cloud-based air gapped systems and corresponding data, the study was focused on the discovery of variables from several trustworthily sources of secondary data, including breach reports, press releases, public interviews, and news articles from the last five years and qualitative survey data. The sample included highly trained cloud professionals with air-gapped cloud experience from Amazon Web Services, Microsoft, Google and Oracle. The study utilized unstructured interviews with open-ended questions and observations to record and document data and analyze results.</p><p dir="ltr">By describing instances of multi-cloud and cloud-based air gapped system breaches in the last five years this study could add to the body of literature related to best practices for securing cloud-based data, preventing data breach on such systems, and for recovering from breach once it has occurred. This study would have significance to companies aiming to protect secure data from cyber attackers. It would also be significant to individuals who have provided their confidential data to companies who utilize such systems. In the primary data, 12 themes emerged. The themes were Air Gap Weaknesses Same as Other Systems, Misconfiguration of Cloud Settings, Insider Threat as Attack Vector, Phishing as Attack Vector, Software as Attack Vector, and Physical Media as Attack Vector, Lack of Reaction to Breaches, Better Authentication to Prevent Breaches, Communications, and Training in Response to Breach, Specific Responses to Specific Problems, Greater Separation of Risk from User End, and Greater Separation of Risk from Service End. For secondary data, AWS had four themes, Microsoft Azure had two, and both Google Cloud and Oracle had three.</p> Cloud computing air-gapped systems cloud-based air-gapped systems cybersecurity cybersecurity breach multi-cloud environments security measures cybersecurity attack Amazon Web Services (AWS) Google Cloud Platform Microsoft Azure Cloud oracle cloud infrastructure
19	Introducing the Modern and Future Development of “Web Applications” Using JHipster Development Platform. Vilcinskaite, Milena January 2021 (has links) Generating web applications with correct structure and modern functionalities using a development platform is not widely known for students in academia around the world. Modern web development is moving further towards advancement where different functionalities adapted for web application development increase and become more central in today's market. Introducing modern concepts in web application development to the students in academia at an early stage is essential in order to provide better insight of how to suitably develop and maintain the structure of modern "Web Applications". This thesis describes the work carried out to investigate how a web application can effectively be developed and structured by the undergraduate students in the course II1302 Projects and project methods at the Royal Institute of Technology (KTH) using a development platform. The case study is conducted as a research method for this thesis. The research method revolved around experimentation with an example application to identify the possibilities of using a development platform in conjunction to improve the teaching of modern web application development early in education, and then apply the development platform in the course's future projects. This thesis identifies pertinent fields of knowledge throughout the development of a web application using the development platform to learn about the relevant concepts and definitions of modern and future technologies used in web application development. The implementation of the web application covers the areas such as automation, deployment, and monitoring. These areas are utilized in the form of the following aspects: DevOps, CI/CD, integration cloud deployment, IoT simulated device, MVC design pattern architecture for both frontend and backend, programming frameworks, i.e., Angular JS frontend framework and Spring Boot backend framework. A description of how the application is managed and what technologies and resources are used is presented. These aspects are used throughout the process of web application development. The requirements of using the development platform aim to be relevant to the students' studies at a sufficient difficulty level in course II1302. The students are expected to have an extended knowledge in basic web application development. / Att generera webbapplikationer med rätt struktur och moderna funktioner med hjälp av en utvecklingsplattform är inte allmänt känt för studenter inom akademin runt om i världen. Modern webbutveckling går vidare mot avancemang där olika funktioner anpassade för webbapplikationsutveckling ökar och blir mer centrala på dagens marknad. Att introducera moderna koncept inom webbapplikationsutveckling för studenter i akademin på ett tidigt stadium är viktigt för att ge bättre insikt om hur man på ett lämpligt sätt kan utveckla och behålla strukturen för moderna "Web Applications". Denna avhandling beskriver arbetet med att undersöka hur en webbapplikation effektivt kan utvecklas och struktureras av studenterna i kursen II1302 Projekt och projektmetoder vid Royal Institute of Technology (KTH) med hjälp av en utvecklingsplattform. Fallstudien genomförs som en forskningsmetod för denna avhandling. Forskningsmetoden kretsade kring experiment med en exempelapplikation för att identifiera möjligheterna att använda en utvecklingsplattform tillsammans för att förbättra undervisningen i modern webbapplikationsutveckling tidigt i utbildningen och sedan tillämpa utvecklingsplattformen i kursens framtida projekt. Denna avhandling identifierar relevanta kunskapsområden genom utvecklingen av en webbapplikation med hjälp av utvecklingsplattformen för att lära sig relevanta begrepp och definitioner av modern och framtida teknik som används i webbapplikationsutveckling. Implementeringen av webbapplikationen täcker områden som automatisering, distribution och övervakning. Dessa områden används i form av följande aspekter: DevOps, CI/CD, integration av moln, IoT -simulerad enhet, MVC -designmönsterarkitektur för både frontend och backend, programmeringsramar, dvs Angular JS frontend framework och Spring Boot backend framework. En beskrivning av hur applikationen hanteras och vilken teknik och resurser som används presenteras. Dessa aspekter används under hela processen för webbapplikationsutveckling. Kraven för att använda utvecklingsplattformen syftar till att vara relevanta för studenternas studier med tillräcklig svårighetsgrad i kurs II1302. Studenterna förväntas ha en utökad kunskap inom grundläggande webbapplikationsutveckling. Google Cloud Platform Simulated IoT device Web application development JHipster application structure generator CI/CD integration Angular JS Student experience Student project. Google Cloud Plattform Simulerad IoT-enhet Webb applikationsutveckling JHipster applikationsstruktur generator CI/CD integration Angular JS Student erfarenhet Studentprojekt. Computer Engineering Datorteknik

Search results