Global ETD Search

401	Guardians of the Grid: Enhancing Cybersecurity of Blockchain-Based Renewable Energy Marketplace JAYARAM, GILY January 2024 (has links) Blockchain technology emerged as a potent tool for revolutionizing energy systems, offering secure transactions and efficient resource management. Blockchain offers transparency by enabling decentralized transactions. Despite adopting blockchainbased solutions, some cybersecurity issues persist in Decentralized Renewable Energy Marketplaces (DREMs). Specifically, data privacy, security, and verifiability remain a concern for prosumers and grid operators. To address such issues, several blockchainbased solutions utilize technologies such as Self-Sovereign Identities (SSIs), Digital Machine Identities (DMIs), and Zero-knowledge Proofs (ZKPs). In this work, we first review the literature to gain insight into cybersecurity issues within DREMs addressed using blockchain technology. Based on our review, we conceptualize a framework that leverages SSIs, DMIs, and ZKPs to address these issues. This work-in-progress shows the potential of these technologies to enhance security, privacy, and trust in decentralized energy transactions, paving the way for more resilient and efficient energy systems. Energy sector Blockchain technology Self-Sovereign Identity Digital Machine Identity Cybersecurity Privacy Security Verifiability Blockchain forensics Decentralize marketplace. Engineering and Technology Teknik och teknologier
402	AI som ett forensiskt verktyg : En undersökning av GPT:s potential för att upptäcka makro malware Mourad, Ahmed, Tulehag, Joel January 2024 (has links) I en tid där teknologin tagit en enorm framfart och integrerats djupt i både privatlivetoch arbetslivet, har levnadssättet underlättats avsevärt. Dessa förbättringar haremellertid inte genomförts felfritt, och lett till de tusentals säkerhetsbrister som kanäventyra funktionsdugligheten av digitala enheter. Bristerna har sedan exploaterats avaktörer i syfte att uppnå social eller ekonomisk vinning. Syftet med denna uppsats är att undersöka malwares storskaliga utveckling och vilkadrivkrafter som ligger bakom denna. Vidare utforskas förebyggande metoder motskadlig kod samt möjligheten att tillämpa artificiell intelligens som ett verktyg i dessasammanhang. Studien tillämpar en blandad metodansats genom en systematisklitteratursökning i kombination med ett kvantitativt experiment för att adresserabristerna i problemområdet. Resultatet tyder på att malwareutvecklingen och drivkrafterna varierar mellan olikaaktörer. Det förekommer attacker mot stater med politiska mål för att påverka samhälletnegativt, medan majoriteten av cyberangripare drivs av kapitalet och informationen somfinns att införskaffa och sälja på den svarta marknaden. För att effektivt motverkapotentiella attacker framhävs vikten av att ständigt hålla systemet och applikationernapå enheten uppdaterade. Det konstateras även att artificiell intelligens kan identifieraoch analysera den skadliga koden vilket påvisar dess kapacitet att fungera som enkomponent i antivirusprogram. / In an era where technology has made enormous progress and has become deeplyintegrated into private and professional lives, lifestyles have been considerablyfacilitated. However, these improvements have yet to be implemented flawlessly,leading to thousands of security vulnerabilities that can compromise digital devices.Actors have exploited these vulnerabilities to achieve social or economic gains. This thesis aims to explore the large-scale development of malware and the drivingforces behind it. Furthermore, it investigates preventive methods against malicioussoftware and the possibility of applying artificial intelligence as a tool in these contexts.The study applies a mixed method approach through a systematic literature searchcombined with a quantitative experiment to address the deficiencies in the problem area. The results indicate that the development of malware and driving forces vary amongdifferent actors. There are attacks against states and political targets to negativelyimpact society, while the majority of cyber attackers are driven by the capital andinformation that can be acquired and sold on the black market. To effectively counterpotential attacks, the importance of continuously keeping the system and applicationson the device updated is highlighted. It is also noted that artificial intelligence canidentify and analyze malicious code, demonstrating its capacity to function as acomponent in antivirus programs. Malware Cybersecurity AI VBA Macro Antivirus Malicious Software Malware Cybersäkerhet AI VBA-Makro Antivirus Skadlig kod Computer and Information Sciences Data- och informationsvetenskap
403	Investigating Security Measures in Common Data Environments: Insights from AEC Industry Case Studies Abegaz, Kaleab January 2024 (has links) Data exchange is a vital aspect of the construction industry, which means there is need for a consistent platform to manage documents that can be relied on. An important digital information management system in the Architectural, Engineering, and Construction (AEC) sector is Building Information Modeling (BIM). However, problems exist regarding secure and compatible systems for data sharing. The study explores why adaptable and tailored security measures are needed to suit project specifications. Through this examination of centralized versus decentralized Common Data Environments (CDEs), it emerges that open BIM systems are impractical when compared to closed ones. The findings highlight the crucial role that standardization and customization play towards efficient, safe and flexible BIM implementations. It also recommends further research for future studies as well as emphasizes transparency in implementing CDE-based security protocols. Common Data Environment (CDE) Building Information Modeling (BIM) cybersecurity data security interoperability centralized CDE decentralized CDE open BIM closed BIM ISO 19650 PAS 1192 Construction Management Byggproduktion
404	Ontology Based Security Threat Assessment and Mitigation for Cloud Systems Kamongi, Patrick 12 1900 (has links) A malicious actor often relies on security vulnerabilities of IT systems to launch a cyber attack. Most cloud services are supported by an orchestration of large and complex systems which are prone to vulnerabilities, making threat assessment very challenging. In this research, I developed formal and practical ontology-based techniques that enable automated evaluation of a cloud system's security threats. I use an architecture for threat assessment of cloud systems that leverages a dynamically generated ontology knowledge base. I created an ontology model and represented the components of a cloud system. These ontologies are designed for a set of domains that covers some cloud's aspects and information technology products' cyber threat data. The inputs to our architecture are the configurations of cloud assets and components specification (which encompass the desired assessment procedures) and the outputs are actionable threat assessment results. The focus of this work is on ways of enumerating, assessing, and mitigating emerging cyber security threats. A research toolkit system has been developed to evaluate our architecture. We expect our techniques to be leveraged by any cloud provider or consumer in closing the gap of identifying and remediating known or impending security threats facing their cloud's assets. Ontology Cybersecurity Cloud Computing Vulnerability Ranking Threat Risk Prediction Assessment Mitigation Systems Computer networks -- Security measures. Computer security. Cloud computing -- Security measures. Ontologies (Information retrieval)
405	Automating Security Risk and Requirements Management for Cyber-Physical Systems Hansch, Gerhard 15 October 2020 (has links) No description available. 510 Management von Sicherheitsrisiken Generieren von Sicherheitsanforderungen IT-Sicherheitsmanagement Kontinuierliches Risikomanagement Cybersecurity engineering Security risk management Machine-readable security requirements Risk-driven security Security engineering Security requirements Security risk assessment Security risk mitigation Security risk monitoring Cybersecurity compliance Automotive security CPS security IIoT security OT security Informatik (PPN619939052)
406	Analysis, evaluation, measurements and implementation of network security systems and their critical points of failure during COVID-19 / Analys, utvärdering, mätningar och implementering av nätverkssäkerhetssystem och deras kritiska felpunkter under COVID-19 Olmedilla Belinchón, Adrián January 2023 (has links) This study analyses the evolution of the COVID-19 pandemic from a cybersecurity perspective, highlighting the different types of cyber-attacks experienced that happened around the world. In addition, this thesis shows the different types of cyber-attacks produced due to the lack of security employed during the pandemic crisis and how were the reactions of the different organizations to solving the problem. Furthermore, there are different statistics and graphical tables that show the evolution and how it covered the main types of cyber-attacks by the majority of organizations. The analysis reveals a view of those different attacks that can show in various forms. How the cybercriminals leverage the different vulnerabilities of corporate networks in a never-explored perspective makes this review different from other present papers on the COVID-19 pandemic. In addition, the study manifests the different recommendations proposed by the different experts to avoid a similar situation in times of crisis, making that study a guide to avoid similar situations in the future. In fact, the information extracted from different specialized sources will be used to carry out an objective study. / Den här studien analyserar utvecklingen av covid-19-pandemin ur ett cybersäkerhetsperspektiv, och lyfter fram de olika typer av cyberattacker som upplevts runt om i världen. Dessutom visar denna avhandling de olika typerna av cyberattacker som skapats på grund av bristen på säkerhet som användes under pandemikrisen och hur de olika organisationerna reagerade på att lösa problemet. Dessutom finns det olika statistik och grafiska tabeller som visar utvecklingen och hur den täckte huvudtyperna av cyberattacker från majoriteten av organisationer. Analysen visar en syn på de olika attackerna som kan visa sig i olika former. Hur cyberbrottslingarna utnyttjar de olika sårbarheterna i företagsnätverk i ett aldrig utforskat perspektiv gör att denna recension skiljer sig från andra nuvarande artiklar om covid-19-pandemin. Dessutom visar studien de olika rekommendationerna som föreslagits av de olika experterna för att undvika en liknande situation i kristider, vilket gör den studien till en guide för att undvika liknande situationer i framtiden. Faktum är att informationen från olika specialiserade källor kommer att användas för att genomföra en objektiv studie. / Este estudio analiza la evolución de la pandemia de COVID-19 desde una perspectiva de ciberseguridad, destacando los diferentes tipos de ciberataques experimentados en todo el mundo. Además, esta tesis muestra los diferentes tipos de ciberataques producidos por la falta de seguridad empleada durante la crisis de la pandemia y cómo fueron las reacciones de las diferentes organizaciones ante la solución del problema. Además, existen diferentes estadísticas y tablas gráficas que muestran la evolución y cómo se cubrieron los principales tipos de ciberataques por parte de la mayoría de las organizaciones. El análisis revela una visión de esos diferentes ataques que pueden manifestarse de diversas formas. La forma en que los ciberdelincuentes aprovechan las diferentes vulnerabilidades de las redes corporativas en una perspectiva nunca explorada hace que esta revisión sea diferente de otros documentos actuales sobre la pandemia de COVID-19. Además, el estudio pone de manifiesto las diferentes recomendaciones propuestas por los diferentes expertos para evitar una situación similar en tiempos de crisis, convirtiendo dicho estudio en una guía para evitar situaciones similares en el futuro. De hecho, se utilizará la información extraída de diferentes fuentes especializadas para realizar un estudio objetivo. COVID-19 Cyber-attack Internet security Cybersecurity threats Remote Work Cybersecurity Awareness COVID-19 cyber-attack Internetsäkerhet Cybersäkerhetshot Fjärrarbete Cybersäkerhetsmedvetenhet COVID-19 Ataque cibernético Seguridad en Internet Amenazas a la seguridad cibernética Trabajo remoto Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
407	DESIGN AND DEVELOPMENT OF A REAL-TIME CYBER-PHYSICAL TESTBED FOR CYBERSECURITY RESEARCH Vasileios Theos (16615761) 03 August 2023 (has links) <p>Modern reactors promise enhanced capabilities not previously possible including integration with the smart grid, remote monitoring, reduced operation and maintenance costs, and more efficient operation. . Modern reactors are designed for installation to remote areas and integration to the electric smart grid, which would require the need for secure undisturbed remote control and the implementation of two-way communications and advanced digital technologies. However, two-way communications between the reactor facility, the enterprise network and the grid would require continuous operation data transmission. This would necessitate a deep understanding of cybersecurity and the development of a robust cybersecurity management plan in all reactor communication networks. Currently, there is a limited number of testbeds, mostly virtual, to perform cybersecurity research and investigate and demonstrate cybersecurity implementations in a nuclear environment. To fill this gap, the goal of this thesis is the development of a real-time cyber-physical testbed with real operational and information technology data to allow for cybersecurity research in a representative nuclear environment. In this thesis, a prototypic cyber-physical testbed was designed, built, tested, and installed in PUR-1. The cyber-physical testbed consists of an Auxiliary Moderator Displacement Rod (AMDR) that experimentally simulates a regulating rod, several sensors, and digital controllers mirroring Purdue University Reactor One (PUR-1) operation. The cyber-physical testbed is monitored and controlled remotely from the Remote Monitoring and Simulation Station (RMSS), located in another building with no line of sight to the reactor room. The design, construction and testing of the cyber-physical testbed are presented along with its capabilities and limitations. The cyber-physical testbed network architecture enables the performance of simulated cyberattacks including false data injection and denial of service. Utilizing the RMSS setup, collected information from the cyber-physical testbed is compared with real-time operational PUR-1 data in order to evaluate system response under simulated cyber events. Furthermore, a physics-based model is developed and benchmarked to simulate physical phenomena in PUR-1 reactor pool and provide information about reactor parameters that cannot be collected from reactor instrumentation system.</p> advanced nuclear reactors I&C Architecture Cybersecurity Digital Twin (DT) Penetration Testing Cyberattack Nuclear Reactor PUR-1 Industrial Control System (ICS)
408	Increasing Effectiveness of U.S. Counterintelligence: Domestic and International Micro-Restructuring Initiatives to Mitigate Ferguson, Cody J. 20 August 2012 Approved for public release; distribution is unlimited. / Cyberespionage is a prolific threat that undermines the power projection capacity of the United States through reduced economic prowess and a narrowing of the technical advantage employed by the American military. International attempts to limit hostile cyber activity through the development of institutions, normative patterns of behavior, or assimilation of existing laws do not provide the American national security decision maker with a timely or effective solution to address these threats. Unfortunately, the stove-piped, redundant and inefficient nature of the U.S. counterintelligence community does not deliver a viable alternative to mitigating cyberespionage in an effective manner. Instituting a domestic and international micro-restructuring approach within the Department of Defense (DoD) addresses the need for increased effectiveness within an environment of fiscal responsibility. Domestic restructuring places emphasis on developing a forcing mechanism that compels the DoD counterintelligence services to develop joint approaches for combating cyberespionage by directly addressing the needs of the Combatant Commands. International restructuring places an emphasis on expanding cybersecurity cooperation to like-minded nations and specifically explores the opportunity and challenges for increased cyber cooperation with Taiwan. This approach recognizes that Taiwan and the United States are both negatively affected from hostile cyber activity derived from within the People’s Republic of China. Counterintelligence Reform Restructuring Effectiveness Counterespionage Counter-espionage Cyberespionage Cyber-espionage Cybersecurity Cyber-security Cyberattack Cyber-attack Taiwan Naval Criminal Investigative Service NCIS AFOSI Law Enforcement Micro-restructing
409	Bankernas utmaningar under digitaliseringens framfart : En kvalitativ studie om hur banker hanterar förtroenderelaterade frågor gentemot sina kunder under den digitala utvecklingen Thomas, Tomas, Poli, Tobil January 2017 (has links) Bakgrund: Banksektorn genomgår en digital utveckling och förändringen sker i en allt snabb takt. Nya marknadsförhållanden med regelverk, en förändrad konkurrenssituation och ett förändrat kundbeteende har ställt banksektorn inför nya utmaningar och möjligheter som bankerna behöver förhålla sig till för att upprätthålla och stärka förtroendet gentemot sina kunder. Syfte: Studiens huvudsyfte är att undersöka hur banker hanterar förtroenderelaterade frågor under den ökade digitaliseringen inom banksektorn. Vidare syftar studien till att skapa en djupare förståelse för robotiserade rådgivningsprocesser och dess påverkan på bankkundernas förtroende i samband med att den fysiska kontakten mellan bank och kund minskar. Metod: Studien är utav en kvalitativ karaktär med en abduktiv forskningsansats och baseras på intervjuer med fem respondenter med relevanta yrkesroller som berör digitalisering- och förtroendefrågor inom den svenska banksektorn. Slutsats: Studiens resultat påvisar att digitaliseringen medför nya möjligheter och utmaningar som bankerna kan dra nytta av förutsatt att dem hanterar den digitala utvecklingen på ett korrekt sätt. Resultatet tyder vidare på att bankerna behöver förhålla sig till dem förändrade marknadsförhållandena och ständigt bemöta kundernas förväntansbild. / Background: The banking industry is facing a digital transformation and the change is taking place at a rapid pace. New market conditions, a changing competitive situation and a changing customer behavior have put the banking industry in front of new challenges and opportunities that banks needs to manage to maintain and strengthen their customers trust towards themselves. Purpose: The main purpose of the study is to investigate how banks handles trust-related issues in the context of the increased digitalization in the banking industry. Furthermore, the study aims to create a deeper understanding of robo-advising and its impact on banking customers' trust while the physical contact between banks and customers decreases. Method: The study is of a qualitative character and follows an abductive research effort. The study is based on interviews with five respondents with relevant professional roles that concern digitalization and trust within the Swedish banking industry. Conclusion: The study's results show that digitalization brings new opportunities and challenges that banks can benefit from, given they handle the digital development properly. The result further indicates that banks need to manage the changing market conditions and constantly respond to customers' expectations. Digitalization trust advise consultation robo-advisor diffusion adoption competition CRM cybersecurity communication information customer relationship Digitalisering förtroende rådgivning robotrådgivning diffusion adoption konkurrens CRM cybersäkerhet kommunikation information kundrelation Business Administration Företagsekonomi
410	Integration of CTI into security management Takacs, Gergely January 2019 (has links) Current thesis is a documentative approach to sum up experiences of a practical projectof implementing Cyber Threat Intelligence into an existing information securitymanagement system and delivering best practices using action design researchmethodology. The project itself was delivered to a multinational energy provider in 2017.The aim of the CTI-implementation was to improve the information security posture ofthe customer. The author, as participant of the delivery team presents an extensive reviewof the current literature on CTI and puts the need for threat intelligence into context. Theauthor claims that traditional security management is not able to keep up with currentcybersecurity threats which makes a new approach required. The thesis gives an insightof an actually working and continuously developed CTI-service and offers possible bestpractices for InfoSec professionals, adds theoretical knowledge to the body of knowledgeand opens up new research areas for researchers. Cyber Threat Intelligence CTI security management information security InfoSec operational CTI technical CTI threat intelligence TIP threat information portal cybersecurity threat management risk management InfoSec management Computer Systems Datorsystem

Search results