Global ETD Search

301	Exploring the Viability of PageRank for Attack Graph Analysis and Defence Prioritization / Undersökning av PageRanks användbarhet för analys av attackgrafer och prioritering av försvar Dypbukt Källman, Marcus January 2023 (has links) In today's digital world, cybersecurity is becoming increasingly critical. Essential services that we rely on every day such as finance, transportation, and healthcare all rely on complex networks and computer systems. As these systems and networks become larger and more complex, it becomes increasingly challenging to identify and protect against potential attacks. This thesis addresses the problem of efficiently analysing large attack graphs and prioritizing defences in the field of cybersecurity. The research question guiding this study is whether PageRank, originally designed for ranking the importance of web pages, can be extended with additional parameters to effectively analyze large vulnerability-based attack graphs. To address this question, a modified version of the PageRank algorithm is proposed, which considers additional parameters present in attack graphs such as Time-To-Compromise values. The proposed algorithm is evaluated on various attack graphs to assess its accuracy, efficiency, and scalability. The evaluation shows that the algorithm exhibits relatively short running times even for larger attack graphs, demonstrating its efficiency and scalability. The algorithm achieves a reasonably high level of accuracy when compared to an optimal defence selection, showcasing its ability to effectively identify vulnerable nodes within the attack graphs. In conclusion, this study demonstrates that PageRank is a viable alternative for the security analysis of attack graphs. The proposed algorithm shows promise in efficiently and accurately analyzing large-scale attack graphs, providing valuable insight for identifying threats and defence prioritization. / I dagens digitala värld blir cybersäkerhet allt viktigare. Viktiga tjänster som vi förlitar oss på varje dag, inom t.ex. finans, transport och hälsovård, är alla beroende av komplexa nätverk och datorsystem. I takt med att dessa system och nätverk blir större och mer komplexa blir det allt svårare att identifiera och skydda sig mot potentiella attacker. Denna uppsats studerar problemet med att effektivt analysera stora attackgrafer och prioritera försvar inom cybersäkerhet. Den forskningsfråga som styr denna studie är om PageRank, ursprungligen utformad för att rangordna webbsidor, kan utökas med ytterligare parametrar för att effektivt analysera stora attackgrafer. För att besvara denna fråga föreslås en modifierad version av PageRank-algoritmen, som beaktar ytterligare parametrar som finns i attackgrafer, såsom ”Time-To-Compromise”-värden. Den föreslagna algoritmen utvärderas på olika attackgrafer för att bedöma dess noggrannhet, effektivitet och skalbarhet. Utvärderingen visar att den föreslagna algoritmen uppvisar relativt korta körtider även för större attackgrafer, vilket visar på hög effektivitet och skalbarhet. Algoritmen uppnår en rimligt hög nivå av noggrannhet jämfört med det optimala valet av försvar, vilket visar på dess förmåga att effektivt identifiera sårbara noder inom attackgraferna. Sammanfattningsvis visar denna studie att PageRank är ett potentiellt alternativ för säkerhetsanalys av attackgrafer. Den föreslagna algoritmen visar lovande resultat när det gäller att effektivt och noggrant analysera storskaliga attackgrafer, samt erbjuda värdefull information för att identifiera hot och prioritera försvar. Cybersecurity PageRank Attack Graphs Threat analysis Threat modelling Cybersäkerhet PageRank Attackgrafer Hotanalys Hotmodellering Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik
302	A Study on inculcating cyber awareness among undergraduate students by introducing interactive visualization-based cybersecurity modules into STEM education. Jyothirmai, Kothakapu January 2021 (has links) No description available. Curriculum Development Curricula Computer Science Computer Engineering
303	Analysing Perceptions of Six Cyberattacks / Analys av uppfattningar om sex olika cyber attacker Lundén, Viktor January 2022 (has links) The main topic of this degree project is the analysis of the general public’s perceptions on six different types of cyberattacks and their security measures taken against these cyberattacks. One of the goals of this degree project was to investigate if the perceptions of the cyberattacks were accurate and if lower educated people have different perceptions from higher educated people. While there may be plenty of research about cybersecurity and cyberattacks in general, there is little research in regards to the general public’s perceptions on different types of cyberattacks, especially regarding an international demographic. This degree project can help strengthen cybersecurity on different computer systems by analysing how people from an international demographic perceive these six different cyberattacks and how they counteract these cyberattacks. In order to collect data from international respondents, online surveys were used. Multiple websites were used to send the survey, with the main website being SurveySwap. The analysis contains comparisons between facts found in literature and perceptions of respondents and more. Two-sample t-tests and chi-squared tests were used to compare perceptions between lower educated people and higher educated people. According to the results, respondents in general seemed to have good understanding of some cyberattacks. However there were also some cyberattacks that the respondents in general did not have good understanding of. The results also indicated that there was probably no difference between perceptions from the lower educated respondents and higher educated respondents. The results of this degree project can be used in similar research to further investigate the perceptions among the general public of different cyberattacks. / Ämnet för denna examensarbete är analysen av allmänhetens uppfattningar omsex olika typer av cyberattacker och allmänhetens säkerhetsåtgärder vidtagnamot dessa cyberattacker. Ett av målen med denna examensarbete var attundersöka om uppfattningarna om cyberattackerna var korrekta och om lågutbildademänniskor har andra uppfattningar om cyberattackerna än högutbildade människor.Även om det kan finnas mycket forskning om cybersäkerhet och cyberattackeri allmänhet, finns det liten forskning om allmänhetens uppfattningar om olikatyper av cyberattacker, särskilt när det gäller en internationell demografi.Denna examensarbete kan hjälpa till att förstärka cybersäkerheten genom attanalysera hur demografisk internationella människor uppfattar dessa sex olikacyberattacker och hur de motverkar dessa cyberattacker.För att samla in data från internationella respondenter användes enkäter iInternet. Flera webbplatser användes för att skicka enkäten, huvudwebbplatsenvar SurveySwap. Analysen innehåller jämförelser mellan fakta som finns ilitteratur och uppfattningar från respondenter med mera. T-tester och chitvå-tester användes för att jämföra uppfattningar mellan lågutbildade ochhögutbildade människor.Enligt resultaten verkade respondenterna i allmänhet ha god förståelse förvissa typer av cyberattacker. Däremot hade respondenterna i allmänhet svagareförståelse för vissa andra typer av cyberattacker. Resultaten tydde också på attdet sannolikt inte fanns någon skillnad mellan uppfattningar om cyberattackermellan lågutbildade respondenter och högutbildade respondenter. Resultatenav denna examensarbete kan användas i liknande forskning för att ytterligareundersöka hur allmänheten uppfattar olika cyberattacker Cybersecurity Cyberattacks General perception Surveys Target groups Subgroups Cybersäkerhet Cyberattacker Allmänuppfattning Enkäter Målgrupper Undergrupper Computer and Information Sciences Data- och informationsvetenskap
304	Hacking and Evaluating the Cybersecurity of an Internet Connected 3D Printer Backlund, Linus, Ridderström, Linnéa January 2021 (has links) Over the last few years, internet-connectivity hascome to be an expected feature of professional 3D printers.Connectivity does however come at a cost concerning the securityof the device. This project aimed to evaluate the cybersecurityof the Ultimaker S5 3D printer. The system was tested for themost likely and severe vulnerabilities based upon a threat modelmade on the product. The results show that the system’s localwebapplication is vulnerable to some common web-attacks thatallow the attacker to perform actions on the victims printer. / De senaste åren har internetuppkoppling blivit en självklar funktion hos professionella 3D skrivare. Upp-koppling kommer dock ofta på bekostnad av enhetens säkerhet. Detta projekt syftade till att utvärdera cybersäkerheten hos 3D skrivaren Ultimaker S5. En hotmodell gjordes och systemet penetrationstestades baserat på denna. Resultaten visar att enhetens lokala webbapplikationen är sårbar för några vanliga web-attcker som låter attackeraren exekvera oönskade funktioner på offrets skrivare. / Kandidatexjobb i elektroteknik 2021, KTH, Stockholm Cybersecurity Offensive Security Penetration Testing Hacking Internet of Things 3D printer Elektroteknik och elektronik
305	Security Analysis of Volvo’s Infotainment System Ismail, Dana, Aslan, Porsev January 2022 (has links) Today’s car development is progressing rapidly, and new car models are constantly being produced. These new vehicles are adapted to today’s digital society and all its needs. An important issue is how well security is involved in this technological development. With all these successes, there are also possible vulnerabilities. Thus, the cybersecurity aspect is a crucial part in the development of modern vehicles due to possible exploitation that have taken place and can take place in the future. The main problem researched within this thesis was to investigate the safety of Volvo’s Vehicle Infotainment System (IV). To analyze such a complex system, a threat model was created by gathering necessary data, inspecting a physical rig sent by the manufacturer, and receiving feedback from industry experts. Furthermore, several attack simulations were performed on the threat model, generating several attack paths and probabilistic graphs that were analyzed. This work resulted in a threat model that represented the physical IV. The model included identifications of interesting entry points from which an attacker can start different attacks. After investigation, the Bluetooth network and the operating system of the Infotainment Head Unit (IHU) were both chosen as entry points for the attack simulations. The attack simulations made on the model were tested in different scenarios because this resulted in a more comprehensive outcome. The results of the attack simulations were that in comparison to a low- security scenario, the high-security cases decreased the success rate of compromising the targeted asset. However, enabling every possible defenses, there were no attack paths generated, but the results showed that an attacker still can perform other sorts of attacks. It is concluded that if one assumes that the threat model within this work is somewhat identical to the physical IV, there is a possibility of exploiting vulnerabilities if not all defenses are enabled for all components. These results are sought to increase the relevancy of the cybersecurity aspects within the vehicle industry, especially on infotainment systems. / Dagens bilutveckling går snabbt framåt och nya bilmodeller produceras ständigt. Dessa nya fordon är anpassade till dagens digitala samhälle och alla dess behov. En viktig fråga är hur väl säkerheten är involverad i denna tekniska utveckling. Med alla dessa framgångar finns det också möjliga sårbarheter. Därför är cybersäkerhetsaspekten en viktig del i utvecklingen av moderna fordon på grund av möjliga utnyttjanden som har skett och kan ske i framtiden. Huvudproblemet som undersöktes inom ramen för denna avhandling var att undersöka säkerheten hos Volvos infotainmentsystem. För att analysera ett så komplext system skapades en hotmodell genom att samla in nödvändig data, inspektera en fysisk rigg som skickats av tillverkaren och få feedback från branschexperter. Dessutom utfördes flera attacksimuleringar på hotmodellen, vilket genererade flera attackvägar och probabilistiska grafer som analyserades. Detta arbete resulterade i en hotmodell som representerade det fysiska infotainmentsystemet. Modellen innehöll identifieringar av intressanta ingångspunkter från vilka en angripare kan starta olika attacker. Efter undersökning valdes Bluetooth-nätverket och operativsystemet för IHU som ingångspunkter för attacksimuleringarna. De angreppssimuleringar som gjordes på modellen testades i olika scenarier eftersom detta gav ett mer omfattande resultat. Resultaten av angreppssimuleringarna var att i jämförelse med ett scenario med låg säkerhet, minskade högsäkerhetsfallet framgångsfrekvensen för att lyckas med attacken. Om alla tänkbara försvarsmekanismer aktiverades genererades inga angreppsvägar, men resultaten visade att en angripare fortfarande kan utföra andra typer av angrepp. Slutsatsen är att om man antar att hotmodellen inom detta arbete är något identisk med den fysiska infotainmentsystemet, finns det en möjlighet att utnyttja sårbarheter om inte alla försvar är aktiverade för alla komponenter. Dessa resultat syftar till att öka relevansen av cybersäkerhetsaspekterna inom fordonsindustrin, särskilt när det gäller infotainmentsystem. Threat Modeling Attack Simulations Risk Analysis Cybersecurity Infotainment System Vehicle Security Hotmodeller Attacksimuleringar Riskanalys Cybersäkerhet Infotainmentsystem Fordonssäkerhet Computer Engineering Datorteknik
306	A Hands-on Modular Laboratory Environment to Foster Learning in Control System Security Deshmukh, Pallavi Prafulla 07 July 2016 (has links) Cyber-Physical Systems (CPSes) form the core of Industrial Control Systems (ICS) and critical infrastructures. These systems use computers to control and monitor physical processes in many critical industries including aviation, industrial automation, transportation, communications, waste treatment, and power systems. Increasingly, these systems are connected with corporate networks and the Internet, making them susceptible to risks similar to traditional computing systems experiencing cyber-attacks on a conventional IT network. Furthermore, recent attacks like the Stuxnet worm have demonstrated the weaknesses of CPS security, which has gained much attention in the research community to develop more effective security mechanisms. While this remains an important topic of research, often CPS security is not given much attention in undergraduate programs. There can be a significant disconnect between control system engineers with CPS engineering skills and network engineers with an IT background. This thesis describes hands-on courseware to help students bridge this gap. This courseware incorporates cyber-physical security concepts into effective learning modules that highlight real-world technical issues. A modular learning approach helps students understand CPS architectures and their vulnerabilities to cyber-attacks via experiential learning, and acquire practical skills through actively participating in the hands-on exercises. The ultimate goal of these lab modules is to show how an adversary would break into a conventional CPS system by exploiting various network protocols and security measures implemented in the system. A mock testbed environment is created using commercial-off-the-shelf hardware to address the unique aspects of a CPS, and serve as a cybersecurity trainer for students from control system or IT backgrounds. The modular nature of this courseware, which uses an economical and easily replicable hardware testbed, make this experience uniquely available as an adjunct to a conventional embedded system, control system design, or cybersecurity courses. To assess the impact of this courseware, an evaluation survey is developed to measure the understanding of the unique aspects of CPS security addressed. These modules leverage the existing academic subjects, help students understand the sequence of steps taken by adversaries, and serve to bridge theory and practice. / Master of Science cybersecurity trust embedded security modular education security lab hands-on learning embedded systems cyber-physical systems control systems
307	Social Exchange Theory in the Context of X (Twitter) and Facebook Social Media Platforms with a Focus on Privacy Concerns among Saudi Students Alqahtani, Sameer Mohammed S. 12 1900 (has links) The current research examines the use of social media and its security settings using the Social Exchange Theory (SET) within a Saudi student environment. This research includes an introduction, literature review, methodology, results, and conclusion with the results section presenting the findings from the three essays. The first essay employs the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) methodology of SET. PRISMA's systematic and exhaustive approach to literature evaluation increases the likelihood of obtaining high-quality, reproducible findings. In the second essay, which focuses on awareness of X's (Twitter) security settings, a quantitative research approach was utilized. A sample of former and current Saudi students (graduate and undergraduate) at the University of North Texas participated in the investigation. This research provides an empirical examination of the use of X (Twitter) and its security features within this community by employing statistical analysis of the data from respondents. Likewise, the same sample of Saudi students from the University of North Texas was used for the third essay in which the use of Facebook's security settings was examined. Having a consistent sample across both studies enables a comparison and a greater understanding of the security awareness and practices of this group across various social media platforms. The findings across the different studies extend our understanding of the role of culture in privacy and security concerns related to social media. Cybersecurity Privacy Twitter X Facebook Social Exchange Theory (SET) Theory of Planned Behavior (TPB) Social media Security settings
308	Open Source Security and Quality Assessment : Analysera beroenden i program / Open Source Security and Quality Assessment : Analyze dependencies in programs Gibro, Edvin, Glansholm, Bacilika, Holta, Viktor, Karlsson, Simon, Kjellin, Jessica, Randow, Max, Simonson, Erik, Söderström, Jakob January 2024 (has links) Denna rapport behandlar projektet: Open Source Security and Quality Assessment (OSSQA) som utvecklades på uppdrag av cybersäkerhetsföretaget Advenica AB. Detta projekt genomfördes av åtta studenter i kursen TDDD96, Kandidatprojekt i programvaruutveckling på Linköpings universitet, under våren 2024. Rapporten presenterar projektets genomförande, resultat och slutsatser och går dessutom in i detalj på bland annat hur värde skapades för kunden, vilka erfarenheter som har lyckats samlas in av medlemmarna i gruppen under projektet samt andra relevanta aspekter av projektet. Resultatet av projektet blev en produkt som analyserar mjukvaruprojekt och betygsätter dess beroenden för att till sist presentera ett resultat på säkerheten och kvaliteten på hela projektet. Den resulterande produkten ansågs ha god användarvänlighet som uppmättes till 77,5 poäng enligt SUS-metoden. Kunden fick därmed en produkt levererad som uppnådde deras förväntningar och som var enkel både att använda och att vidareutveckla. Projektgruppen har även lyckats samla in många värdefulla erfarenheter. SBOM CycloneDX System Anatomy OpenSSF Scorecard Cybersecurity Software Development Datavetenskap Datateknik Systemanatomi Programvaruutveckling Cybersäkerhet Software Engineering Programvaruteknik
309	British Library Unplugged : A Media Analysis of Institutional Pressures during a Cyber Attack on a National Library Lindström, Emilie, Spirkina, Sasha January 2024 (has links) This thesis explores the legitimacy of national libraries, by analysing the media's portrayal of the British Library during a major cyber attack by the Rhysida group in October 2023. Using diverse media sources, the research examines how media narratives reflect institutional pressures during prolonged disruption. The research employs a mixed-method approach, combining quantitative media coverage mapping with qualitative thematic analysis. The mapping categorises news articles based on content type, publication section, and perspectives represented. Thematic analysis identifies key themes such as the disruption of library services, cybersecurity concerns, and critiques of digital fragility. The findings reveal a complex interplay between the library's historical role as a national institution and its modern digital vulnerabilities. Additionally, the study discusses the broader implications of digital practices for the institutional identity of libraries, and the perceived responsibilities of national libraries in safeguarding cultural and intellectual heritage against cyber threats. Cybersecurity British Library Institutional Pressures Legitimacy News Media Coverage Thematic Analysis Institutional Theory National Library Information Studies Biblioteks- och informationsvetenskap
310	MODELING RISK IN THE FRONT-END OF THE OSS DEBIAN SUPPLY-CHAIN USING MODELS OF NETWORK PROPAGATION Sahithi Kasim (18859078) 24 June 2024 (has links) <p dir="ltr">Our research revolves around the evolving landscape of Open-Source Software (OSS) supply chains, emphasizing their critical role in contemporary software development while investigating the escalating security concerns associated with their integration. As OSS continues to shape the software ecosystem, our research acknowledges the paradigm shift in the software supply chain, highlighting its complexity and the associated security challenges. Focusing on Debian packages, we employ advanced network science methods to comprehensively assess the structural dynamics and vulnerabilities within the OSS supply chain. The study is motivated by the imperative to understand, model, and mitigate security risks from interconnected software components.</p><p dir="ltr">Our research questions delve into 1) identifying high-risk packages 2) comparing risk profiles between source and build stages and 3) predicting future vulnerabilities. Data collection involves collecting source code repositories, build-info information, and vulnerability data of Debian packages. Leveraging a multifaceted methodology, we perform the following things: graph construction, subsampling, metrics creation, explorative data analysis, and statistical investigations on the Debian package network. This statistical approach integrates the Wilcoxon test, Chi-Square test, and advanced network dynamics modeling with machine learning, to explore evolving trends and correlations between different stages of the OSS supply chain.</p><p dir="ltr">Our goals include providing actionable insights for industry practitioners, policymakers, and developers to enhance risk management in the OSS supply chain. The expected outcomes encompass an enriched understanding of vulnerability propagation, the identification of high-risk packages, and the comparison of network-based risk metrics against traditional software engineering measures. Ultimately, our research contributes to the ongoing discourse on securing open-source ecosystems, offering practical strategies for risk mitigation and fostering a safer and more resilient OSS supply chain.</p> Data security and protection Open Source Software OSS Debian Network Science Security Risk

Search results