Global ETD Search

341	Russia’s war against Ukraine : The effect on IT security in Sweden’s municipalities / Rysslands krig mot Ukraina : Effekten på IT-säkerheten i Sveriges kommuner Götlind, Hampus, Olsson, Rickard January 2023 (has links) This report aims to look at how Russia’s war in Ukraine has affected the work with IT security at Swedish municipalities, what actions have been taken, if any, and see if there has been an increase in attacks towards the municipalities’ networks. This was done by sending out a questionnaire to all of Sweden’s 290 municipalities via email with four questions regarding their IT security. 103 of Sweden’s municipalities responded to the email. Ten municipalities declined to participate in the report, which means that 32% (93) of Sweden’s municipalities participated in this survey. We chose to evaluate the Swedish municipalities and their preparedness in case of war for several reasons. They are a uniform group which we believed adhere to the same guidelines and regulations regarding cybersecurity, and the fact that they store and engage with critical and sensitive data about Sweden and its population, making them prime targets for attacks by foreign powers. The results were presented anonymously and based on the voluntary responses of the municipalities. Answers were then compiled and sorted into the five main categories from the NIST framework for cybersecurity. The report concludes that Swedish municipalities have taken significant actions to protect their networks in response to Russia’s war and aggressions towards Ukraine. For example, 18 municipalities reported that they had trained their staff in some way, which was the most common measure, and 11 municipalities had implemented two-factor authentication. However, more can be done in terms of responding to threats and enhancing recovery plans and systems. In summary, there seemed to be a lack of consensus on how municipalities should handle their own IT-security, as there was a high variation in the responses. The follow-up questions revealed a significant increase in attacks towards the municipalities’ networks, with many considering their networks potential targets for future attacks from foreign powers. cybersecurity security controls survey performance evaluation Russia Ukraine war municipalities information security management risk assessment cybersäkerhet säkerhetskontroller undersökning prestationsutvärdering Ryssland Ukraina krig kommuner informationssäkerhetshantering riskbedömning. Computer Systems Datorsystem
342	Cyberkrig under förstoringsglaset : En kvalitativ studie som utreder begreppet cyberkrig utifrån olika aspekter samt delger privata och statliga aktörers perspektiv på området. Ahlandsberg, Natalie, Berntsson, Lisa January 2023 (has links) I en alltmer digitaliserad värld blir den virtuella verkligheten lika viktig som den fysiska. Sverige ligger i framkant när det kommer till digitalisering, men samtidigt halkar landet efter i cybersäkerhet. Sammantaget kan det innebära att krig även kan förekomma i den virtuella verkligheten. I svensk media har begreppet cyberkrig fått en ökad uppmärksamhet men det har visat sig att begreppet inte har en gemensam definition i Sverige. Vilka anledningar ligger bakom det, hur kan cyberkrig alternativt definieras och hur förhåller sig begreppet cyberkrig till statliga myndigheter ur ett informations-och cybersäkerhetsperspektiv i en alltmer digitaliserad värld? Denna kvalitativa studie syftar till att utreda dessa frågetecken genom att delge privata och statliga aktörers perspektiv för att bidra med en fördjupad förståelse för begreppet cyberkrig. Studiens litteratur- och artikelstudie, samt semistrukturerade intervjuer ger en möjlighet att undersöka individuella perspektiv, doktriner och rapporter från olika myndigheter i både Sverige och internationellt. Utifrån resultatet i detta arbete dras slutsatsen att begreppet cyberkrig används i det offentliga rummet men att det inte nödvändigtvis brukas bland statliga aktörer och i formella sammanhang. Statliga aktörer såsom Försvarsmakten, MSB och FOI föredrar i stället att använda sig av begreppet cyberoperationer.Ett annat begrepp som visat sig vara fundamental för att kunna skapa en förståelse för begreppet cyberkrig är cyberdomänen. Författarna till detta arbete har tillsammans framställt en alternativ definition av cyberkrig enligt följande ”Cyberkrig innebär att en nation eller organisation inom cyberdomänen angriper eller försöker skada en annan nations digitala infrastruktur. Konsekvenserna ska kunna likställas med ett väpnat angrepp i enlighet med artikel 2(4) i FN-stadgan”. / In an increasingly digitalized world, the virtual reality is becoming as significant as the physical one. Sweden is at the forefront of digitalization, but at the same time, it is slipping behind in cybersecurity. Together, this may mean that warfare also can occur in virtual reality. The concept of cyberwarfare has received increased attention in Swedish media; however, it has become clear that the concept does not have a definition in Sweden. What are the reasons behind this, how can cyberwarfare be alternatively defined, and how does the concept of cyberwarfare relate to Swedish authorities’ defense work in an increasingly digitalized world? This qualitative study aims to investigate these questions by sharing the perspectives of private and state actors to contribute to a deeper understanding of the concept of cyberwarfare. This study’s literature and article study, as well as semi-structured interviews, provide an opportunity to examine individuals’ perspectives and other material such as doctrines and reports from various authorities in Sweden and internationally. Based on the results of this work, it is concluded that the concept of cyberwarfare is used in the public sphere, but not in a formal context and among state actors. State actors such as the Swedish Armed Forces, MSB, and FOI prefer to use the concept of cyberoperations. Another concept that has proved to be fundamental to creating an understanding of the concept of cyber war is the cyber domain. The authors of this study have defined cyberwarfare as when “a nation or organization in the cyber domain attacks or attempts to damage the digital infrastructure of another nation. The consequences must be equivalent to an armed attack following Article 2(4) of the UN Charter”. Cyberwarfare warfare cyberdomain cyberoperation cybersecurity information security Cyberkrig krigföring cyberdomän cyberoperation cybersäkerhet informationssäkerhet Information Systems, Social aspects
343	KONSTEN ATT BALANSERA SÄKERHET OCH ÖPPENHET : En kvalitativ studie av offentliga organisationers hantering av säkerhetshot / THE ART OF BALANCING SECURITY AND OPENNESS : A qualitative study of public organizations' management of security threats Johansson, Matthias, Påander, Erik January 2023 (has links) Offentliga organisationer har flera krafter som trycker och påverkar deras säkerhetspraktik, dessa är både externa men även interna. För att förstå hur den offentliga organisationen hanterar dessa krafter som kräver öppenhet respektive IT-säkerhet har studien använt sig av kvalitativ datainsamling i form av intervjuer med medarbetare med olika roller inom den offentliga sektorn. Studien har inspirerats av induktion som ansats och utvecklat sitt teoretiska ramverk efter det att empirin färdigställts. Teoretiska begrepp som används i analysen är bland annat det politiska systemet, skugg-IT och Information Security Awareness. Empirin består av intervjuer med personer som är anställda hos en offentlig organisation. Utmaningar för IT-säkerhetspraktiken uppstår i form av syn på utbildning och svårigheten att nå ut till personal som följd av den komplexitet som är inneboende i den offentliga organisationen. Studien ger insyn och förslag på hur detta skulle kunna hanteras för att göra arbetet att upprätthålla säkerheten mer effektiv. Arbetet utmynnar i framtagandet av ett ramverk som visualiserar det förlopp som aktualiseras i studien, där knyts sambandet mellan olika krafter och synpunkter som påverkar varandra. / Public organizations face various forces that exert pressure and influence their security practices, both externally and internally. To understand how public organizations manage these forces, which require both transparency and IT security, this study employed qualitative data collection in the form of interviews with employees in different roles within the public sector. The study was inspired by an inductive approach and developed its theoretical framework after the completion of empirical data gathering. The theoretical concepts used in the analysis include the political system, shadow IT, and Information Security Awareness. The empirical data consists of interviews with individuals employed by a public organization. Challenges for IT security practices arise in the form of differing views on education and the difficulty of reaching personnel due to the inherent complexity of the public organization. The study provides insight and suggestions on how to address these challenges in order to make the task of maintaining security more effective. The work culminates in the development of a framework that visualizes the progression highlighted in the study, establishing connections between the various forces and perspectives that influence one another. Public organization Shadow IT ISA SETA Cybersecurity Information and IT security Offentlig organisation Skugg-IT ISA SETA Cybersäkerhet Information- och IT-säkerhet Information Systems
344	Ethical Hacking of a Smart IoT Camera : A Penetration Test on D-Link DCS 8515-LH Smart Camera / Etisk hackning av en smart IoT-Kamera : Ett Penetrationstest på D-Link DCS 8515-LH Smart Kamera Zhuang, Chunyu January 2023 (has links) The trending usage of IoT devices raises serious security concerns. IoT devices have complete access to users’ network environments. In the eyes of hackers, the value of IoT devices is exceptionally high. From minor disturbances to major crimes, all could happen in no time with compromised IoT devices. As the IoT devices collects sensitive data, properly protect users’ privacy is also a crucial aspect for IoT devices. Thus, IoT devices need to be secure enough against modern cyber-attacks. In this work, a smart camera DCS-8515LH from D-Link is under penetration tests. Threat modeling is first performed as an analysis of the IoT system following by a dozen cyber attacks targeting this smart camera. The penetration tests provide valuable information that can reveal the smart camera’s vulnerability and weakness, such as security misconfiguration, vulnerability to DoS attacks. The smart camera is discovered to be vulnerable to DoS attacks and exploits on the zero-configuration protocol. Several weaknesses which violate the users’ privacy exist in the mobile application and Android storage system. This work evaluated all the vulnerabilities and weaknesses discovered from a security aspect. This report exposes attacks that are effective on the smart camera and also serves as a fundamental basis for future penetration tests on this smart camera. / I detta arbete är en smart kamera DCS-8515LH från D-Link under penetrationstester. Hotmodellering utförs först som en analys av IoT-systemet följt av ett dussin cyberattacker riktade mot denna smarta kamera. Penetrationstesterna ger värdefull information som kan avslöja den smarta kamerans sårbarhet och svaghet, såsom säkerhetsfelkonfiguration, sårbarhet för Dos-attacker. Den smarta kameran har upptäckts vara sårbar för DoS-attacker och utnyttjande av nollkonfigurationsprotokollet. Flera svagheter som kränker användarnas integritet finns i mobilapplikationen och Android-lagringssystemet. Detta arbete utvärderade alla sårbarheter och svagheter som upptäckts ur en säkerhetsaspekt. Den här rapporten avslöjar attacker som är effektiva på den smarta kameran och fungerar också som en grundläggande bas för framtida penetrationstester på denna smarta kamera. Cybersecurity IoT security IoT camera IoT devices Penetration testing Ethical hacking Threat modeling Cybersäkerhet IoT säkerhet IoT Kamera Penetrationstestning Etisk hacking Hotmodellering Computer and Information Sciences Data- och informationsvetenskap
345	ENHANCING SECURITY IN DOCKER WEB SERVERS USING APPARMOR AND BPFTRACE Avigyan Mukherjee (15306883) 19 April 2023 (has links) <p>Dockerizing web servers has gained significant popularity due to its lightweight containerization approach, enabling rapid and efficient deployment of web services. However, the security of web server containers remains a critical concern. This study proposes a novel approach to enhance the security of Docker-based web servers using bpftrace to trace Nginx and Apache containers under attack, identifying abnormal syscalls, connections, shared library calls, and file accesses from normal ones. The gathered metrics are used to generate tailored AppArmor profiles for improved mandatory access control policies and enhanced container security. BPFtrace is a high-level tracing language allowing for real-time analysis of system events. This research introduces an innovative method for generating AppArmor profiles by utilizing BPFtrace to monitor system alerts, creating customized security policies tailored to the specific needs of Docker-based web servers. Once the profiles are generated, the web server container is redeployed with enhanced security measures in place. This approach increases security by providing granular control and adaptability to address potential threats. The evaluation of the proposed method is conducted using CVE’s found in the open source literature affecting nginx and apache web servers that correspond to the classification system that was created. The Apache and Nginx containers was attacked with Metasploit, and benchmark tests including ltrace evaluation in accordance with existing literature were conducted. The results demonstrate the effectiveness of the proposed approach in mitigating security risks and strengthening the overall security posture of Docker-based web servers. This is achieved by limiting memcpy and memset shared library calls identified using bpftrace and applying rlimits in 9 AppArmor to limit their rate to normal levels (as gauged during testing) and deny other harmful file accesses and syscalls. The study’s findings contribute to the growing body of knowledge on container security and offer valuable insights for practitioners aiming to develop more secure web server deployments using Docker. </p> Data security and protection System and network security Networking and communications Docker security Webserver Containerization
346	Att definiera “Cyber-Pearl Harbor” Validering av DSLP-ramverket i “Offensive Cyberspace Operations Targeting Ukraine: a Cyber Pearl-Harbor Eishayea, Eleshwa, Lilja, Jonathan January 2023 (has links) Användningen av cyberattacker mot organisationer, sjukvård och individer har ökat parallellt med digitaliseringen. Nationer har också blivit offer för dessa typer av attacker, som ofta kombineras med andra medel för krigföring såsom markanfall och missilattacker. En Cyber-Pearl Harbor (härefter förkortad CPH) är en term uppmärksammad av Leon Panetta som enligt honom består av kombinerade attacker som resulterar i mänsklig död, fysisk förstörelse och som lamslår en hel nation. Gazmend Huskaj använder sig av Panettas definition för utformande av ett ramverk (“DSLP-ramverket”) som är tänkt användas för att kunna klassificera en händelse som en CPH. Syftet med denna studie är att utforska om DSLP-ramverket kan valideras då termen har brukats de senaste 25 åren utan att en global definition tagit fäste, det är därför inte säkert att de kriterier som presenteras i ramverket överensstämmer med vad cybersäkerhetsexperter anser att en CPH är. Forskningsfrågan som utvecklades från denna studie blev följande: “Hur kan ramverket "DSLP-ramverk" från "Offensive Cyberspace Operations Targeting Ukraine: a Cyber Pearl-Harbor" (2023) valideras för klassificering av cyberattacker som Cyber Pearl-Harbor?”. En kvalitativ fallstudie genomfördes med en litteraturöversikt över termen CPH samt en semistrukturerad intervju där 3 experter utfrågades, vilket sedan analyserades via en tematisk analys. Som ett första steg för att besvara denna studies frågeställning applicerades ramverket på tre verkliga fall, detta för att avgöra huruvida dessa fall kan klassificeras som en CPH eller inte. Dessa tre verkliga fall var en attack mot en publik sjukvårdssektor i Costa Rica, ett TV-torn i Kiev, Ukraina samt dagligvarukedjan Coop i Sverige. Resultatet av valideringen av DSLP-ramverket var att endast fallet med TV-kornet i Kiev, Ukraina kunde klassificeras som en CPH. Den kognitiva effekten av eventet var dock inte förlamande nog att paralysera hela Ukraina, vilket gör klassificeringen diskutabel. Det andra steget bestod av en tematisk analys som gjordes på de tre experterna, vilket resulterade i skapandet av fyra huvudteman: Begreppets betydelse, Försvar mot Cyber-Pearl Harbor, Probabilitet och Kombinerade anfall. Följande slutsatser kom att dras i denna studie: Avsaknaden av en internationell/global standard gör det svårare att 1) göra upp om en gemensam definition av termen samt 2) klassificera en CPH i verklig kontext. Kombinationer av flera attacker och verktyg är en annan aspekt som understryks vid definiering av en CPH. Huruvida en CPH har skett eller inte varierar från expert till expert, och detsamma gäller probabiliteten för att en CPH kan ske i dagens kontext. Baserat på dessa slutsatser blir det svårt att validera DSLP-ramverket. Ytterligare forskning och data, intervjuer med experter och förtydligande behövs för att skapa en universell definition och därmed en gemensam grund att utgå ifrån. / The use of cyberattacks against organizations, health care and individuals have increased along with the constant digitalisation. Nations have also fallen victim to cyberattacks, often combined with other means of war like boots on the ground or missiles. A Cyber-Pearl Harbor (further shortened as CPH) is a term mentioned by Leon Panetta described in his words as “combined attacks that result in human death and physical destruction and that paralyzes an entire nation”. Gazmend Huskaj used Panettas definition in order to create a framework (“DSLP-framework”) for classifying an event as a CPH. This study strives to see if the DSLP-framework can be validated since the term has been widely used for the last 25 years, however a universal definition of the term seems to be missing, therefore it is not certain that the criterias presented in the framework is accurate to what cybersecurity experts consider a CPH to be. The research question developed from this study's problem became the following: “How can the framework “DSLP-Framework” from “Offensive Cyberspace Operations Targeting Ukraine: a Cyber Pearl-Harbor” (2023) be validated for classification of cyberattacks as Cyber Pearl-Harbor?”. A qualitative case study was conducted through a literature overview regarding the term CPH and a semistructured interview with three experts, which were later analyzed through a thematic analysis. As a first step to answering the research question, the framework was applied to three real life cases in order to determine whether or not they can be classified as a CPH. The following cases were an attack on a public health sector in Costa Rica, a TV-tower in Kyiv, Ukraine and the grocery company Coop in Sweden. The result from applying each case to the DSLP-framework was that only the case of the TV-tower in Kyiv could be classified as a CPH. However, the cognitive effects of the event were not crippling enough to paralyze the entirety of Ukraine, making the classification debatable. The second step was done through the use of thematic analysis on the interviews with the experts, in which four main themes were created: The meaning of the concept, Defense against Cyber-Pearl Harbor, Probability and Combined attacks. The following conclusions were drawn in this study: The absence of an international standard makes it harder to 1) conclude a common definition of the term and 2) classify a CPH in real context. The combinations of attacks and tools is another important aspect to highlight when defining a CPH. Whether a CPH has happened or not varies from expert to expert, and the same goes for the probability of a CPH occurring in today's context. Based on these conclusions, it is hard to validate the DSLP-framework. Further research and data, interviews with experts and clarification is needed in order to create a universal definition and therefore a common ground to start from. Cyber-Pearl Harbor cyberattacks cybersecurity hybrid operations Russia-Ukraine war Cyber-Pearl Harbor cyberattacker cybersäkerhet hybridoperationer Ryssland-Ukraina kriget Computer Sciences Datavetenskap (datalogi)
347	ARTIFICIAL INTELLIGENCE-BASED SOLUTIONS FOR THE DETECTION AND MITIGATION OF JAMMING AND MESSAGE INJECTION CYBERATTACKS AGAINST UNMANNED AERIAL VEHICLES Joshua Allen Price (15379817) 01 May 2023 (has links) <p>This thesis explores the usage of machine learning (ML) algorithms and software-defined radio (SDR) hardware for the detection of signal jamming and message injection cyberattacks against unmanned aerial vehicle (UAV) wireless communications. In the first work presented in this thesis, a real-time ML solution for classifying four types of jamming attacks is proposed for implementation with a UAV using an onboard Raspberry Pi computer and HackRF One SDR. Also presented in this thesis is a multioutput multiclass convolutional neural network (CNN) model implemented for the purpose of identifying the direction in which a jamming sample is received from, in addition to detecting and classifying the jamming type. Such jamming types studied herein are barrage, single-tone, successive-pulse, and protocol-aware jamming. The findings of this chapter forms the basis of a reinforcement learning (RL) approach for UAV flightpath modification as the next stage of this research. The final work included in this thesis presents a ML solution for the binary classification of three different message injection attacks against ADS-B communication systems, namely path modification, velocity drift and ghost aircraft injection attacks. The collective results of these individual works demonstrate the viability of artificial-intelligence (AI) based solutions for cybersecurity applications with respect to UAV communications.</p> Deep learning Machine Learning Unmanned Aerial Vehicle Convolutional Neural Network Software-Defined Radio
348	ARTIFICIAL INTELLIGENCE-BASED GPS SPOOFING DETECTION AND IMPLEMENTATION WITH APPLICATIONS TO UNMANNED AERIAL VEHICLES Mohammad Nayfeh (15379369) 30 April 2023 (has links) <p>In this work, machine learning (ML) modeling is proposed for the detection and classification of global positioning system (GPS) spoofing in unmanned aerial vehicles (UAVs). Three testing scenarios are implemented in an outdoor yet controlled setup to investigate static and dynamic attacks. In these scenarios, authentic sets of GPS signal features are collected, followed by other sets obtained while the UAV is under spoofing attacks launched with a software-defined radio (SDR) transceiver module. All sets are standardized, analyzed for correlation, and reduced according to feature importance prior to their exploitation in training, validating, and testing different multiclass ML classifiers. Two schemes for the dataset are proposed, location-dependent and location-independent datasets. The location-dependent dataset keeps the location specific features which are latitude, longitude, and altitude. On the other hand, the location-independent dataset excludes these features. The resulting performance evaluation of these classifiers shows a detection rate (DR), misdetection rate (MDR), and false alarm rate (FAR) better than 92%, 13%, and 4%, respectively, together with a sub-millisecond detection time. Hence, the proposed modeling facilitates accurate real-time GPS spoofing detection and classification for UAV applications.</p> <p><br></p> <p>Then, a three-class ML model is implemented on a UAV with a Raspberry Pi processor for classifying the two GPS spoofing attacks (i.e., static, dynamic) in real-time. First, several models are developed and tested utilizing the prepared dataset. Models evaluation is carried out using the DR, F-score, FAR, and MDR, which all showed an acceptable performance. Then, the optimum model is loaded to the onboard processor and tested for real-time detection and classification. Location-dependent applications, such as fixed-route public transportation, are expected to benefit from the methodology presented herein as the longitude, latitude, and altitude features are characterized in the implemented model.</p> Global Positioning System Machine Learning Software-Defined Radio Spoofing attacks Unmanned Aerial Vehicle
349	What are the motivations and barriers for incorporating multi-factor authentication among IT students? Henriksson, Adam January 2022 (has links) The need for greater account security has grown as the globe has become more digitally connected. One of the solutions available today is multi-factor authentication, which enables users to add additional authentication factors to secure their accounts. However, multi-factor authentication has not become widespread in organisations due to a lack of user accessibility and knowledge of the subject's importance. This study aimed to identify possible motivations and barriers to adopting multi-factor authentication from students at the University of Skövde to motivate possible improvements in the education and tools of multi-factor authentication. Ten students from the Network and system administration program at the University of Skövde were interviewed in the spring of 2022. The answers received were analysed qualitatively with thematic analysis. The results from the analysed answers formed a theme named ‘NSA students consider themselves secure’ derived from the three categories found during the coding. All students were familiar with multi-factor authentication and its importance for account security. Despite this, not all the students used it for their private accounts, stating that they considered it inconvenient and not required. The students who used multi-factor authentication did not use it for every account they owned, instead opting to secure important services like email, social media and crypto-wallets. Based on the results, improvements regarding usability in authenticator applications and teaching users about the cybersecurity risks and advantages of utilising MFA may increase its adoption rate. / <p>Adam Lasu Henriksson</p> IT Cybersecurity Information security MFA 2FA Information Systems Learning Lärande Information Systems, Social aspects
350	Security of Embedded Software : An Analysis of Embedded Software Vulnerabilities and Related Security Solutions Gaboriau-Couanau, Clément January 2017 (has links) The increased use of computer systems for storing private data or doing critical operations leads to some security issues gathered in the area cybersecurity. This neologism leads people to think about the security of information systems and general-purpose computers. However, with the growth of the Internet of Things, embedded systems are also concerned with these issues. The speed of development of this area often leads to a backwardness in the security features. The thesis investigates the security of embedded systems by focusing on embedded software. After classifying the vulnerabilities which could be encountered in this field, a first part of this work introduces the realisation of a document gathering guidelines related to secure development of embedded software. This realisation is based on an analysis of the literature review, but also on the knowledge of engineers of the company. These guidelines are applied to the project of a client. The result of their application allows us to prove their consistency and to write a set of recommendations to enhance the security of the project. The thesis presents the implementation of some of them. Particularly, it introduces a way to secure an Inter-Process Communication (IPC) mean: D-Bus, through a proof of concept. The result shows that the security policy of D-Bus is efficient against some attacks. Nevertheless, it also points out that some att acks remain feasible. The solution is implemented on an embedded board to analyse the computational overhead related to this embedded aspect. As expected, a more complex and detailed a policy is, the higher the overhead tends to be. Nevertheless, this computational overhead is proportional to the number of rules of the policy. / Den ökade användningen av datorsystem för att lagra privata data eller göra kritiska operationer leder till vissa säkerhetsproblem som samlas i området cybersäkerhet. Denna neologism leder människor att tänka på säkerhetssystemen för informationssystem och allmänt tillgängliga datorer. Men med tillväxten av saker i saken är inbyggda system också berörda av dessa frågor. Utvecklingshastigheten för detta område leder ofta till en underutveckling säkerhetsfunktionerna.Avhandlingen undersöker säkerheten för inbyggda system genom att fokusera på inbyggd programvara. Efter att ha klassificerat de sårbarheter som kan uppstå i det här fältet introducerar en första del av det här arbetet realisationen av ett dokument av riktlinjer om säker utveckling av inbyggd programvara. Denna insikt bygger på en analys av litteraturgranskningen, men också på kunskap om ingenjörer i företaget. Dessa riktlinjer tillämpas på en kunds projekt.Resultatet av deras ansökan gör det möjligt för oss att bevisa deras konsistens och att skriva rekommendationer för att förbättra projektets säkerhet. Avhandlingen presenterar genomförandet av några av dem. Ett sätt införs särskilt patt säkra en interprocesskommunikation (IPC) menande: DBus, genom ett konceptbevis. Resultatet visar att D-Busens säkerhetspolitik är effektiv mot vissa attacker. Det påpekar emellertid också att vissa attacker fortfarande är möjliga. Lösningen implementeras på ett inbyggd kort för att analysera beräkningsoverhead som är relaterad till denna inbyggda aspekt. Som förväntat är en mer komplex och detaljerad politik, desto högr e överhuvudtaget tenderar att vara. Ändå är denna beräkningskostnad proportionell mot antalet av regler av säkerhetspolitiken. Embedded Software Cybersecurity Guideline Inter-Process Communication (IPC) D-Bus Monitoring Inbyggd Programvara Cybersäkerhet Riktlinje Interprocesskommunikation (IPC) D-Bus Övervakning Computer Sciences Datavetenskap (datalogi)

Search results