Integrating the Meta Attack Language in the Cybersecurity Ecosystem: Creating new Security Tools Using Attack Simulation Results

Grönberg, Frida, Thiberg, Björn

January 2022

Cyber threat modeling and attack simulations arenew methods to assess and analyze the cybersecurity of ITenvironments. The Meta Attack Language (MAL) was createdto formalize the underlying attack logic of such simulationsby providing a framework to create domain specific languages(DSLs). DSLs can be used in conjunction with modeling softwareto simulate cyber attacks. The goal of this project was to examinehow MAL can be integrated in a wider cybersecurity context bydirectly combining attack simulation results with other tools inthe cybersecurity ecosystem. The result was a proof of conceptwhere a small DSL is created for Amazon EC2. Informationis gathered about a certain EC2 instance and used to create amodel and run an attack simulation. The resulting attack pathwas used to perform an offensive measure in Pacu, an AWSexploitation framework. The result was examined to arrive atconclusions about the proof of concept itself and about integratingMAL in the cybersecurity ecosystem in a more general sense. Itwas found that while the project was successful in showing thatintegrating MAL results in such manner is possible, the CADmodeling process is not an optimal route and that other domainsthan the cloud environment could be targeted. / Cyberhotsmodellering och attacksimuleringar är nya metoder för att bedöma och analysera cybersäkerheten i en IT-miljö. Meta Attack Language (MAL) skapades för att formalisera den underliggande attacklogiken för sådana simuleringar genom att tillhandahålla ett ramverk för att skapa domain-specific languages (DSL). En DSL kan användas tillsammans med modelleringsprogramvara för att simulera cyberattacker. Målet med detta projekt var att undersöka hur MAL kan integreras i ett bredare sammanhang genom att direkt kombinera MAL-resultat med andra verktyg inom IT-säkerhet. Resultatet blev ett koncepttest där en mindre DSL skapades för Amazon EC2. Information samlades in om en viss EC2-instans och användes för att skapa en modell och genomföra en attacksimulering. Den resulterande attackvägen användes för att utföra en offensiv åtgärd i Pacu, ett ramverk för AWS-exploatering. Resultatet undersöktes för att nå slutsatser om konceptet i sig och om att integrera MAL i IT-säkerhetens ekosystem i allmänhet. Det visade sig att även om projektet lyckades visa att det är möjligt att integrera MAL-resultat på ett sådant sätt, är CAD-modelleringsprocessen inte en optimal metodik och lämpar sig illa för syftet. Det visade sig också att andra domäner än molnmiljön skulle vara en givande riktning. / Kandidatexjobb i elektroteknik 2022, KTH, Stockholm

Meta Attack Language

Attack Simulation

Amazon EC2

Cybersecurity

Elektroteknik och elektronik

Survey of ongoing and NextGeneration Cybersecurity of Maritime Communication Systems / Undersökning av dagens och nästa generations cybersäkerhetför sjöfartskommunikationssytem

Björnlund, Pontus, Faqiri, Feraidon

January 2023

The maritime industry is growing more and more for every year that passes. As the industry grows it also becomes a more attractive target for cyber criminals. The amount ofcyberattacks in the industry are few, but it is growing at an alarming rate. This literaturestudy identifies the most common datacom systems and infrastructure in the maritimeindustry and their vulnerabilities. This paper also identifies possible solutions and improvements that can be made to existing datacom systems to make them less susceptible tocyber attacks. The results show that there are many solutions that could be implementedthat would increase the cyber security in the industry, but many of them require international cooperation to implement. Therefore standards are suggested to be implemented inorder to push organisations to update their systems. Additionally, this paper delves intothe aviation industry to examine how the datacom infrastructure utilized in the maritimeindustry could be adopted to enhance both efficiency and security

Next Generation Cybersecurity

Maritime Communication Systems

Cyber Attacks

Maritime Infrastructure

Communication Systems

Kommunikationssystem

Cybersecure and Resilient Power Systems with Distributed Energy Resources

Zografopoulos, Ioannis

08 1900

Power systems constitute a pillar of the critical infrastructure and, as a result, their cybersecurity is paramount. Traditional power system architectures are moving from their original centralized nature to a distributed paradigm. This transition has been propelled by the rapid penetration of distributed energy resources (DERs) such as rooftop solar panels, battery storage, etc. However, with the introduction of new DER devices, technologies, and operation models, the threat surface of power systems is inadvertently expanding. This dissertation provides a comprehensive overview of the cybersecurity landscape of DER-enabled power systems outlining potential attack entry points, system vulnerabilities, and the corresponding cyberattack impacts. Cyber-physical energy systems (CPES) testbeds are crucial tools to study power systems and perform vulnerability analyses, test security defenses, and evaluate the impact of cyberattacks in a controlled manner without impacting the actual electric grid. This work also attempts to provide bottom-up security solutions to secure power systems from their lowest abstraction layer, i.e., hardware. Specifically, custom-built hardware performance counters (HPCs) are proposed for the detection of malicious firmware, e.g., malware, within DER inverter controllers. The experimental results prove that HPCs are an effective host-based defense and can accurately identify malicious firmware with minimum performance overheads. Also, methodologies to secure communication protocols and ensure the nominal operation of DER devices using physics-informed schemes are presented. First, DERauth, a battery-based secure authentication primitive that can be used to enhance the security of DER communication, is proposed and evaluated in a CPES testbed. Then, a physics-based attack detection scheme that leverages system measurements to construct models of autonomous DER agents is presented. These measurement-based models are then used to discern between nominal and malicious DER behavior. The dissertation concludes by discussing how the proposed defense mechanisms can be used synergistically in an automated framework for grid islanding to improve power system security and resilience, before it provides prospective directions for future research.

cybersecurity

power systems

cyber-physical systems

distributed energy resources

embedded systems

resilience

TASK, KNOWLEDGE, SKILL, AND ABILITY: EQUIPPING THE SMALL-MEDIUM BUSINESSES CYBERSECURITY WORKFORCE

Vijaya Raghavan, Aadithyan

11 July 2023

No description available.

Electrical Engineering

Computer Science

Computer Engineering

Cybersecurity Framework

Knowledge

Malware

Skills

Social Engineering

Tasks

Web Attacks

Detecting Manipulated and Adversarial Images: A Comprehensive Study of Real-world Applications

Alkhowaiter, Mohammed

01 January 2023

The great advance of communication technology comes with a rapid increase of disinformation in many kinds and shapes; manipulated images are one of the primary examples of disinformation that can affect many users. Such activity can severely impact public behavior, attitude, and belief or sway the viewers' perception in any malicious or benign direction. Additionally, adversarial attacks targeting deep learning models pose a severe risk to computer vision applications. This dissertation explores ways of detecting and resisting manipulated or adversarial attack images. The first contribution evaluates perceptual hashing (pHash) algorithms for detecting image manipulation on social media platforms like Facebook and Twitter. The study demonstrates the differences in image processing between the two platforms and proposes a new approach to find the optimal detection threshold for each algorithm. The next contribution develops a new pHash authentication to detect fake imagery on social media networks, using a self-supervised learning framework and contrastive loss. In addition, a fake image sample generator is developed to cover three major image manipulating operations (copy-move, splicing, removal). The proposed authentication technique outperforms the state-of-the-art pHash methods. The third contribution addresses the challenges of adversarial attacks to deep learning models. A new adversarial-aware deep learning system is proposed using a classical machine learning model as the secondary verification system to complement the primary deep learning model in image classification. The proposed approach outperforms current state-of-the-art adversarial defense systems. Finally, the fourth contribution fuses big data from Extra-Military resources to support military decision-making. The study proposes a workflow, reviews data availability, security, privacy, and integrity challenges, and suggests solutions. A demonstration of the proposed image authentication is introduced to prevent wrong decisions and increase integrity. Overall, the dissertation provides practical solutions for detecting manipulated and adversarial attack images and integrates our proposed solutions in supporting military decision-making workflow.

Image Authentication

Manipulation Detection

Adversarial Attacks Detection

Fake News Detection

Cybersecurity

Computer Vision

Computer Engineering

Cryptography and Computer Communications Security. Extending the Human Security Perimeter through a Web of Trust

Adeka, Muhammad I.

January 2015

This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work. / Petroleum Technology Development Fund (PTDF), Abuja, Nigeria.

Examining Cooperative System Responses Against Grid Integrity Attacks

Parady, Alexander D

01 January 2022

Smart grid technologies are integral to society’s transition to sustainable energy sources, but they do not come without a cost. As the energy sector shifts away from a century’s reliance on fossil fuels and centralized generation, technology that actively monitors and controls every aspect of the power infrastructure has been widely adopted, resulting in a plethora of new vulnerabilities that have already wreaked havoc on critical infrastructure. Integrity attacks that feedback false data through industrial control systems, which result in possible catastrophic overcorrections and ensuing failures, have plagued grid infrastructure over the past several years. This threat is now at an all-time high and shows little sign of cooling off. To combat this trajectory, this research explores the potential for simulated grid characteristics to examine robust security measures by use of a cyber-physical system (CPS) testbed constructed across the University of Central Florida (UCF) Resilient, Intelligent and Sustainable Energy Systems (RISES) Lab Cluster. This thesis explores hypothesized defense mechanisms and awareness algorithms to protect against unforeseen vulnerabilities brought on by grid attacks that will test the boundaries of commercial cybersecurity standards. Through an extensive probe across proposed defenses and vulnerability analysis of industrial systems, a blueprint for future research is outlined that will yield results that have the potential to ripple improvements across the power sector. The sanctity of critical infrastructure is of the highest priority for global powers. As such, this research bolsters the tools at the disposal of international entities and seeks to protect the ever-expanding lifestyle that reliable access to energy provides.

Critical Infrastructure

Smart Grid

Cybersecurity

Power Systems

Cooperative System

Cyberattack

Computer Engineering

Information Security

Malware Analysis Skills Taught in University Courses

Gorugantu, Swetha

07 June 2018

No description available.

Computer Science

Computer Engineering

Educational Evaluation

Curriculum Development

Cybersecurity

Malware

Malware Analysis

Software Reverse Engineering

How Secure are you Online? : A Cybersecurity Assessment of the Recommendations Provided to Swedish Citizens / Hur säker är du online? : En cybersäkerhetsbedömning av rekommendationerna till svenska medborgare

Papadopoulos, Nikolaos

January 2021

With computers, mobile phones and other smart devices being an increasingly part of peoples lives. It is important now, more than ever that people know how to operate them safely and stay protected in the cyber landscape. For citizens to understand how to stay protected online, it is important to understand what to stay safe from. This thesis is therefore examining the cyber threat landscape to understand what threats pose the greatest threat to users. To understand the prerequisites people have in defending themselves, the thesis also examines and evaluates what are recommendations provided to the general public. The results show that the biggest threat is malware with phishing being the usual access vector for it. Recommendations seem to fall behind in reflecting the most prevalent threats, but manage to stay relevant nonetheless.

cybersecurity

recommendations

citizen

individuals

cyber threat landscape

Computer Sciences

Datavetenskap (datalogi)

Making the Most of Limited Cybersecurity Budgets with AnyLogic Modeling

George Joseph Hamilton (13149225)

26 July 2022

<p>In an increasingly interconnected world, technology is now central to the operations of most businesses. In this environment, businesses of all sizes face an ever-growing threat from cyberattacks. Successful cyberattacks can result in data breaches, which may lead to financial loss, business interruptions, regulatory fines, and reputational damage. In 2021, the losses from cyber attacks in the United States were estimated at $6.9 Billion.</p> <p>Confronting the threat of cyberattacks can be particularly challenging for small businesses, which must defend themselves using a smaller budget and less in-house talent while balancing the pursuit of growth. Risk assessments are one method for organizations to determine how to best use their cybersecurity budgets. However, for small businesses, a risk assessment may require a significant portion of the budget which could otherwise be used to implement cybersecurity controls.</p> <p>This research builds on existing research from Lerums et al. for simulating a phishing attack to present a model that very small businesses may use in place of or as a precursor to a risk assessment. The updated model includes sensible default values for the cost and effectiveness of cybersecurity controls as well as the number of cyberattacks expected per year. Default values are based on academic literature, technical reports, and vendor estimates, but they may all be changed by organizations using the model. The updated model can also be tailored by non-technical users to reflect their network, relevant threat actors, and budget. Lastly, the updated model can output an optimized control set that yields the maximum annual net return and the single control with the greatest annual return on investment based on a user's inputs.</p> <p>After construction, the updated model is tested on organizations with 5, 25, and 50 employees facing varied sets of threat actors and attacks per year. Key takeaways include the high net return of all security controls tested, benefits of defense-in-depth strategies for maximizing return across multiple attack types, and the role of threat actors in tempering high estimates of security control effectiveness.</p> <p>    </p> <p>All code and releases are open source and available from: <a href="https://github.com/gjhami/AttackSimulation" target="_blank">https://github.com/gjhami/AttackSimulation</a>.</p>

cyberscurity

budgeting

small business

return on investment

simulation

cyberattack