Global ETD Search

451	Sécurité informationnelle des systèmes cyberphysiques et risques à la santé et sécurité : quelle responsabilité pour le fabricant ? Fournier-Gendron, Hugo 12 1900 (has links) No description available. responsabilité civile responsabilité extracontractuelle responsabilité du fait des biens responsabilité du fabricant défaut de sécurité risques de développement sécurité informationnelle cybersécurité système cyberphysique internet des objets objets connectés robots civil liability extra-contractual liability liability from the act of a thing manufacturer liability safety defect cyber-security cybersecurity cyber security cyber-physical system internet of things connected thing
452	Mieux vaut prévenir et guérir : la réaction du public envers la posture de cyber-résilience des entreprises après un vol de données Toma, Traian 08 1900 (has links) Les recherches montrent que les clients ne prennent guère de mesures pour se protéger des crimes qui peuvent découler d’une brèche de renseignements confidentiels au sein d’une entreprise. Plutôt, ils considèrent que la firme — hébergeuse de leurs informations personnelles — a la responsabilité absolue en matière de la confidentialité continue de leurs données. Les commerces qui manquent de protéger adéquatement les informations clients risquent en contrepartie de subir des torts réputationnels ruineux. Cela dit, peu de travaux explicatifs sont effectués sur la résilience des entreprises face à la réaction négative du public après un vol de données. Ainsi, une étude expérimentale basée sur des vignettes de cas a été menée à l’aide du modèle de la victime « idéale ». Les mises en situation illustrent : (1) une entreprise victime décrite comme ayant une forte posture de cyber-résilience ; (2) une entreprise victime décrite comme ayant une faible posture de cyber-résilience. Un échantillon final de 664 participants a été aléatoirement affecté à l’une des deux conditions expérimentales principales. Les résultats révèlent que, comparativement à une faible posture de cyber-résilience, une bonne posture de cyber-résilience minimise les attitudes négatives des clients et favorise leurs intentions comportementales positives vis-à-vis la firme victime. À la lumière de ces résultats, la cyber-résilience, qui a principalement fait l’objet d’une attention conceptuelle, acquiert un fondement empirique. Par ailleurs, ce projet de recherche contribue plus généralement au développement de la victimologie des entreprises. / Research shows that customers take few measures to protect themselves from crimes that may follow data theft at a business. They rather consider that the firm—the host of their personal information—holds exclusive responsibility over the continued confidentiality of their data. Companies that fail to properly secure customer information may, in return, risk experiencing ruinous reputational harm. That said, little explanatory research is done on the resilience of businesses to negative public reaction after data theft. Consequently, a vignette-based experimental study was conducted using the “ideal” victim model. The scenarios feature: (1) a breached business described as having a strong cyber-resilience posture; (2) a breached business described as having a weak cyber-resilience posture. A final sample of 664 participants was randomly assigned to one of the two main experimental conditions. Results reveal that compared to a weak cyber-resilience posture, a good cyber-resilience posture minimizes negative customer attitudes and promotes positive customer behavioural intentions towards the company. Considering these results, cyber-resilience, which has mainly received conceptual attention, gains empirical support. Furthermore, this research project contributes more broadly to the evolution of the victimology of businesses. Cybersécurité Cyber-résilience Brèche de données Réputation Réaction sociale Gestion des risques Communication de crise Faute de la victime Victime idéale Vignettes de cas Cybersecurity Cyber-resilience Data breach Social reaction Risk management Crisis communication Victim blaming Ideal victim Vignettes
453	Role Based Access Control (RBAC) in the context of Smart Grids : Implementing and Evaluating a Role Based Access Control System for Configuration Loading in a Substation from a Desktop / Rollbaserad åtkomstkontroll (RBAC) för smarta nät : Implementering och utvärdering av ett rollbaserat åtkomstkontrollsystem för konfigurationsinläsning i en transformatorstation från en datorapplikation. Ducornaud, Gatien January 2023 (has links) Access control is a crucial aspect of cybersecurity, and Role Based Access Control (RBAC) is a typical framework for controlling the access to specific resources. However, in the context of Smart Grids, the usual authentication solution of using a trusted identity provider might not be possible to provide authentication of a user, as systems cannot rely on external services. This, in addition to devices in a substation being usually strictly controlled, means that having an RBAC limited to a desktop application can be necessary. Moreover, the cost of adding additional layers of security needs to be considered too, as the cost of adding specific features can vary significantly. This thesis thus looks into the existing solutions for desktop applications in substations, explains their viability and implements an RBAC system using Group Nesting in Windows user management, in the context of a configuration loading application on a main computer in a substation. It is then used to evaluate the cost of this new solution, in terms of maintainability, usability and flexibility, compared to the gained security. This is done by using static analysis of both codebases, and evaluation of usability and security. It shows that security can be added for a reasonable cost using Group Nesting in Smart Grids if the focus is to delegate some tasks to the directory, improving on the security of the application and the system as a whole. / Åtkomstkontroll är en viktig aspekt av cybersäkerhet, och rollbaserad åtkomstkontroll (RBAC) är ett typiskt ramverk för att kontrollera åtkomsten till specifika resurser. I smarta nät kan det dock hända att den vanliga autentiseringslösningen med en betrodd identitetsleverantör inte är tillräcklig för att autentisera en användare, eftersom systemen inte kan förlita sig på externa tjänster. Detta, förutom att enheterna i en transformatorstation vanligtvis är strikt kontrollerade, innebär att det kan vara nödvändigt att ha en RBAC som är begränsad till en datorapplikation. Dessutom måste kostnaden för att lägga till ytterligare säkerhetslager också beaktas, eftersom kostnaden för att lägga till specifika funktioner kan variera avsevärt. Denna avhandling omfattar därför dels undersökning av de befintliga lösningarna för datorapplikation i transformatorstationer, dels redogörelse av genomförbarheten och dels implementeringen av ett RBAC-system. Implementationen använder funktionen Group Nesting i Windows-användarhantering och integrerades i en applikation för konfigurationsinläsning på en huvuddator i en transformatorstation. Därefter utvärderas kostnaden för denna nya lösning i fråga om underhållbarhet, användbarhet och flexibilitet i förhållande till den ökade säkerheten. Detta görs med hjälp av statisk analys av de båda mjukvarulösningarna och utvärdering av användbarhet och säkerhet. Det visar att säkerheten kan ökas till en rimlig kostnad med hjälp av Group Nesting i smarta nät, om fokus ligger på att delegera vissa uppgifter till en katalog, vilket förbättrar säkerheten i applikationen och systemet som helhet. / Le contrôle ’daccès est un aspect essentiel de la cybersécurité, et utiliser des rôles pour implémenter cela est souvent le modèle recommandé. Pour autant, dans le contexte des réseaux électriques intelligents, il ’nest pas toujours possible de posséder un parti tiers fiable qui puisse faire autorité car il ne faut pas dépendre de systèmes extérieurs. ’Cest particulièrement vrai dans une sous-station où les ordinateurs connectés ont un rôle strictement défini. Ainsi il peut être nécessaire ’davoir un système de contrôle ’daccès basé sur les rôles (RBAC, Role-Based Access Control) uniquement contenu sur un ordinateur. Il faut de plus pouvoir estimer le coût de cette sécurité supplémentaire. Ce rapport évalue les solutions existantes dans cette situation et leur viabilité, et implémente un RBAC grâce à ’limbrication de groupe ’dutilisateur Windows, pour une application desktop pour le chargement de configuration pour l´ordinateur central ’dune sous-station. Cette implémentation est ensuite utilisée pour estimer les coûts associés à ’lajout ’dun RBAC en termes de maintenabilité, ’dutilisabilité et de flexibilité par rapport aux gains de sécurité. Cela est fait à travers des outils ’danalyse statique sur le code avant et après implémentation et ’dautres techniques ’danalyse de la sécurité et de la maintenabilité. Cela permet de montrer que, avec ’limbrication de groupes, il est possible ’dobtenir un niveau de sécurité satisfaisant tout en limitant les coûts associés, grâce au fait de déléguer les fonctions de gestion ’dutilisateur à un système de directory (répertoire). Role Based Access Control (RBAC) Cybersecurity Smart Grid Substation Desktop Applications Cybersécurité Réseau électrique intelligent Sous-Station Application Desktop Rollbaserad åtkomstkontroll (RBAC) Cybersäkerhet Smarta nät Transformatorstation datorapplikation Software Engineering Programvaruteknik Computer and Information Sciences Data- och informationsvetenskap
454	Operativ cybersäkerhet: för och nackdelar med AI verktyg : En Förstudie Jepsson, David, Tillman, Axel January 2023 (has links) Denna studie undersöker för- och nackdelarna med att implementera artificiell intelligens (AI)som ett verktyg inom en Security Operations Center (SOC). Syftet med studien är att undersökaom och hur AI-verktyg kan underlätta incidenthantering inom en SOC, samt vilka nyautmaningar som uppstår.Studien har genomförts genom kvalitativa intervjuer med fyra personer med expertkunskaperinom både AI och cybersäkerhet. Experterna utfrågades om deras syn på AI som ett verktyg, hurde ser på AI och cybersäkerhet, samt hur AI kan appliceras relaterat till de 4 stegen inom NISTincidenthantering; förberedelser, detektion & analys, Identifiera, utrotning & återhämtning samtpost-incident aktivitet.Resultaten visar på både fördelar och nackdelar med att använda AI-verktyg inom SOC inklusiveeffektivare konfigurering av SIEM, lägre antal falska positiva larm, lättad arbetsbörda förSOC-analytiker och hantering av "zero-day" incidenter. Nackdelar inkluderar lägre förklarbarhetav större AI-modeller, juridiska utmaningar och beroendet av bra indata. Slutligen visar studienatt användningen av AI som ett verktyg i SOC kan vara fördelaktigt och att mer forskningbehövs för att utforska specifika tekniker och verktyg. Artificial Intelligence AI Tools Cybersecurity IT Security Explainable Artificial Intelligence Incident Management Security Operations Center (SOC) Artificiell Intelligens AI-verktyg Cybersäkerhet IT-säkerhet Explainable AI Incidenthantering Security Operations Center SIEM NIST Computer Systems Datorsystem
455	Internet of Things and Cybersecurity in a Smart Home Kiran Vokkarne (17367391) 10 November 2023 (has links) <p dir="ltr">With the ability to connect to networks and send and receive data, Internet of Things (IoT) devices involve associated security risks and threats, for a given environment. These threats are even more of a concern in a Smart Home network, where there is a lack of a dedicated security IT team, unlike a corporate environment. While efficient user interface(UI) and ease of use is at the front and center of IoT devices within Smart Home which enables its wider adoption, often security and privacy have been an afterthought and haven’t kept pace when needed. Therefore, a unsafe possibility exists where malicious actors could exploit vulnerable devices in a domestic home environment.</p><p dir="ltr">This thesis involves a detailed study of the cybersecurity for a Smart Home and also examines the various types of cyberthreats encountered, such as DDoS, Man-In-Middle, Ransomware, etc. that IoT devices face. Given, IoT devices are commonplace in most home automation scenarios, its crucially important to detect intrusions and unauthorized access. Privacy issues are also involved making this an even more pertinent topic. Towards this, various state of the art industry standard tools, such as Nmap, Nessus, Metasploit, etc. were used to gather data on a Smart Home environment to analyze their impacts to detect security vulnerabilities and risks to a Smart Home. Results from the research indicated various vulnerabilities, such as open ports, password vulnerabilities, SSL certificate anomalies and others that exist in many cases, and how precautions when taken in timely manner can help alleviate and bring down those risks.</p><p dir="ltr">Also, an IoT monitoring dashboard was developed based on open-source tools, which helps visualize threats and emphasize the importance of monitoring. The IoT dashboard showed how to raise alerts and alarms based on specific threat conditions or events. In addition, currently available cybersecurity regulations, standards, and guidelines were also examined that can help safeguard against threats to commonly used IoT devices in a Smart Home. It is hoped that the research carried out in this dissertation can help maintain safe and secure Smart Homes and provide direction for future work in the area of Smart Home Cybersecurity.</p> Data and information privacy Data security and protection Hardware security Software and application security Information security management Software architecture Internet of things (IoT) Data Internet of Things (IoT) devices cybersecurity standards Smart Home User Interfaces SMART HOME SECURITY SYSTEM monitoring adaptation
456	Nu får det vara slutlekt : Cybersäkerhetskraven för privata aktörer i ljuset av NIS2-direktivet / The Fun is Over : Cybersecurity Requirements for the Private Sector in light of the NIS2 Directive Dison, Ellinor January 2023 (has links) Cybersecurity threats have grown to become a global threat to private actors and states. While work processes are becoming more efficient, rapid technological developments are exposing network and information systems to vulnerabilities. The private sector plays a significant role in keeping the EU and Sweden safe in cyberspace since technological development is essentially controlled by private actors. When it comes to socially important activities, private actors both own and operate large parts of the market, which in turn means that attacks on private actors affecting trade secrets can pose a threat to market competition and economic prosperity. This thesis maps out how the EU has chosen to combat this with the NIS and NIS2 Directives. Specifically, this thesis maps out changes in cybersecurity requirements for private actors providing digital solutions in the light of NIS2. The previous NIS has shown to be inherently flawed with regards to the EU goal of achieving a high common level of security for network and information systems. The need for renewed legislation is therefore great and, as the investigation shows, NIS2 entails a change in the content, structure, and scope of important and essential entities. In short, the NIS2 Directive requires entities to perform their due diligence and document appropriate and proportionate measures based on an all-risk analysis. The increased and broadened requirements in NIS2, which are certainly justified by the increased cybersecurity threats, must also be weighed against an overly burdensome bureaucracy for authorities and private actors. In addition, this thesis analyzes the format of NIS2 and its potential impact on the internal market of the EU. Given the fact that it is a market regulation, a proportionality assessment is required in relation to the competitive disadvantages that an overly burdensome legislation may result in for private actors. At the same time, sanctions and enforcement measures must be sufficiently dissuasive. In conclusion, this thesis argues NIS2 to bring important changes, albeit still posing risks of further fragmenting the cybersecurity levels in the union due to the flexibility given to member states. However, NIS2 is a key step in the right direction towards achieving a high common level of cybersecurity across member states. NIS2 digital infrastructure digital providers NIS information security cybersecurity digitalization essential entity important entities EU Regulation EU Law NIS2 digital infrastruktur digitala leverantörer NIS EU-CyCLONe informationssäkerhet cybersäkerhet digitalisering väsentlig entitet viktiga entiteter EU-förordning EU-rätt Law and Society Juridik och samhälle
457	Measuring Data Protection: A Causal Artificial Intelligence Modeling Approach Robert R Morton II (20374230) 05 December 2024 (has links) <p dir="ltr">The research delves into the intricate challenge of quantifying data protection, a concept that has evolved from ancient ethical codes to the complex landscape of modern cybersecurity. The research underscores the pressing need for a scientific approach to cybersecurity, emphasizing the importance of measurable security properties and a robust theoretical foundation. It highlights the historical evolution of confidentiality, tracing its roots from ancient civilizations to the contemporary digital era, where the proliferation of technology has amplified both the important ortance and complexity of safeguarding sensitive information. The research identifies key challenges in measuring data protection, including the dynamic nature of threats, the gap between theoretical models and real-world implementations, and the difficulty of accurately modeling risks. It also explores societal challenges related to data protection, such as data breaches, surveillance, social media privacy erosion, and the lack of adequate regulations and enforcement.</p><p dir="ltr">The core of the research lies in developing a causal model that examines the interplay of security controls, vulnerabilities,and threats, providing a deeper understanding of the factors influencing data exposure. The model is built upon a comprehensive literature review, synthesizing key findings and establishing a taxonomy of security protections. The research outlines a structured approach to building and utilizing causality models, incorporating essential elements such as identifying key variables, visualizing causal relationships using Directed (A)cyclic Graphs (DAGs), and determining appropriate research methodologies. The model is rigorously validated through various techniques, including assessing model fit, examining confounding factors. The research also explores a general set of experiments for both interventions and counterfactual studies.</p><p dir="ltr">The research concludes by highlighting potential future research directions, particularly emphasizing the need for standardized data protection metrics and the development of adaptive security systems. It underscores the importance of consistent measurements that enable organizations to compare their security performance effectively and adapt to the evolving threat landscape. The development of adaptive security systems, capable of dynamically modifying defense mechanisms in response to new threats, is also identified as a crucial research avenue. The research's contribution lies in providing a systematic approach to studying data protection, from problem identification to model development, validation, and future directions, ultimately aiming to enhance the protection of sensitive information.</p> Autonomous agents and multiagent systems Data and information privacy Data security and protection data protection artificial intelligence causality modeling secrecy privacy deception trust risk modeling risk management adaptive agents supply-chain close-access remote physical lawful access
458	An Image-based ML Approach for Wi-Fi Intrusion Detection System and Education Modules for Security and Privacy in ML Rayed Suhail Ahmad (18476697) 02 May 2024 (has links) <p dir="ltr">The research work presented in this thesis focuses on two highly important topics in the modern age. The first topic of research is the development of various image-based Network Intrusion Detection Systems (NIDSs) and performing a comprehensive analysis of their performance. Wi-Fi networks have become ubiquitous in enterprise and home networks which creates opportunities for attackers to target the networks. These attackers exploit various vulnerabilities in Wi-Fi networks to gain unauthorized access to a network or extract data from end users' devices. The deployment of an NIDS helps detect these attacks before they can cause any significant damages to the network's functionalities or security. Within the scope of our research, we provide a comparative analysis of various deep learning (DL)-based NIDSs that utilize various imaging techniques to detect anomalous traffic in a Wi-Fi network. The second topic in this thesis is the development of learning modules for security and privacy in Machine Learning (ML). The increasing integration of ML in various domains raises concerns about its security and privacy. In order to effectively address such concerns, students learning about the basics of ML need to be made aware of the steps that are taken to develop robust and secure ML-based systems. As part of this, we introduce a set of hands-on learning modules designed to educate students on the importance of security and privacy in ML. The modules provide a theoretical learning experience through presentations and practical experience using Python Notebooks. The modules are developed in a manner that allows students to easily absorb the concepts regarding privacy and security of ML models and implement it in real-life scenarios. The efficacy of this process will be obtained from the results of the surveys conducted before and after providing the learning modules. Positive results from the survey will demonstrate the learning modules were effective in imparting knowledge to the students and the need to incorporate security and privacy concepts in introductory ML courses.</p> Data and information privacy Data security and protection System and network security Adversarial machine learning Deep learning adversarial machine learning (AdvML) Adversarial Machine Learning Privacy Preserving Machine Learning PPML AML Cyber Security AWID AWID3 Cybersecurity Education Intrusion Detection Wi-Fi Networks Deep Learning Wireless Intrusion Detection Security and Privacy
459	Energy efficiency in AES encryption on ARM Cortex CPUs : Comparative analysis across modes of operation, data sizes, and key lengths Dupré, Gene January 2024 (has links) This thesis examines the energy efficiency of Advanced Encryption Standard (AES) encryption across various modes of operation (ECB, CBC, CFB, OFB, CTR, GCM, and CCM) on ARM Cortex-A53, Cortex-A72, and Cortex-A76 processors, using Raspberry Pi models 3, 4, and 5 as the experimental platforms. The study primarily investigates the impact of key lengths (128, 192, and 256 bits) and data sizes on energy consumption during encryption tasks. Using an experimental setup with the Raspberry Pi single-board computers, energy consumption was measured and analyzed through repeated encryption operations and data collection via a power meter interfaced with a database. The results reveal only modest increases in energy consumption with larger key lengths across all tested modes and data sizes, suggesting that while key length incrementally affects energy usage, the impact remains relatively minor, thus not significantly compromising energy efficiency for enhanced security. The analysis further shows that ECB mode consistently exhibits the lowest energy consumption, with CTR and CBC not far behind, followed by OFB and then CFB being the least effective among the traditional modes, with AEAD modes like GCM and CCM demanding substantially higher energy, reflecting their more complex processing requirements. Additionally, the study highlights the influence of data size on energy efficiency, showing a decrease in energy consumption per kilobyte with increasing file size up to a certain point, beyond which the benefits diminish. This thesis contributes to a deeper understanding of the trade-offs between security features and energy efficiency in AES encryption on ARM processors, offering insights into scenarios where energy consumption is a critical concern. The findings underscore the importance of selecting appropriate encryption modes and configurations based on the specific requirements and constraints of hardware environments aimed at optimizing energy efficiency in cryptographic operations. Future research could expand on a broader array of ARM-based devices to improve the biases from the Raspberry Pi boards and enhance the reliability of the conclusions drawn from the data. AES encryption ARM Cortex processors encryption modes data size impact key length energy efficiency embedded systems cryptographic analysis ECB CBC CTR OFB CFB GCM CCM encryption efficiency cybersecurity power-efficient cryptography energy profiles Information Systems, Social aspects
460	Malicious Intent Detection Framework for Social Networks Fausak, Andrew Raymond 05 1900 (has links) Many, if not all people have online social accounts (OSAs) on an online community (OC) such as Facebook (Meta), Twitter (X), Instagram (Meta), Mastodon, Nostr. OCs enable quick and easy interaction with friends, family, and even online communities to share information about. There is also a dark side to Ocs, where users with malicious intent join OC platforms with the purpose of criminal activities such as spreading fake news/information, cyberbullying, propaganda, phishing, stealing, and unjust enrichment. These criminal activities are especially concerning when harming minors. Detection and mitigation are needed to protect and help OCs and stop these criminals from harming others. Many solutions exist; however, they are typically focused on a single category of malicious intent detection rather than an all-encompassing solution. To answer this challenge, we propose the first steps of a framework for analyzing and identifying malicious intent in OCs that we refer to as malicious mntent detection framework (MIDF). MIDF is an extensible proof-of-concept that uses machine learning techniques to enable detection and mitigation. The framework will first be used to detect malicious users using solely relationships and then can be leveraged to create a suite of malicious intent vector detection models, including phishing, propaganda, scams, cyberbullying, racism, spam, and bots for open-source online social networks, such as Mastodon, and Nostr. Artificial Intelligence (AI) Machine Learning (ML) Deep Learning (DL) Natural Language Processing (NLP) Cybersecurity Malicious Intent Detection Anomaly Detection Threat Intelligence Behavior Analysis Text Classification Sentiment Analysis Predictive Modeling Neural Networks Supervised Learning Unsupervised Learning Reinforcement Learning Data Mining Feature Extraction Algorithmic Bias Ethics in AI Cyber Threats Intrusion Detection Systems (IDS) Phishing Detection Social Engineering Online Behavior Analysis Artificial Intelligence Computer Science Statistics

Search results