Global ETD Search

61	Investigating Attacks on Industrial Control Systems Using Deterministic Replay Simulation Gregory Walkup (6623090) 10 June 2019 (has links) From factories to power grids, industrial systems are increasingly being digitally controlled and networked. While networking these systems together improves their efficiency and convenience, it also opens them up to attack by malicious actors. When these attacks occur, forensic investigators need to quickly be able to determine what was compromised and which corrective actions should be taken. In this thesis, a method is proposed for investigating attacks on industrial control systems by simulating the logged inputs of the system over time using a model constructed from the control programs that make up the system. When evaluated, this led to the detection of attacks which perturbed the normal operation of the system by comparing the simulated output to the actual output. It also allowed for dependency tracing between the inputs and outputs of the system, so that attacks could be traced from their unwanted effects to their source and vice-versa. This method can thus greatly aid investigators in recovering the complete attack story using only logs of inputs and outputs to an industrial control system. Simulation and Modelling Computer System Security industrial control systems cybersecurity simulation
62	Propuesta de implementación de un modelo de gestión de ciberseguridad para el centro de operaciones de seguridad (SOC) de una empresa de telecomunicaciones Vilcarromero Zubiate, Ladi Lizeth, Vilchez Linares, Evit 06 August 2018 (has links) La seguridad nacional y económica de los países depende del funcionamiento confiable de su infraestructura crítica. Las amenazas de ciberseguridad explotan la creciente complejidad de dichos sistemas, colocando la economía, la seguridad pública y la salud en riesgo. Al igual que el riesgo financiero y de reputación, el riesgo de ciberseguridad afecta a los objetivos estratégicos de una empresa. Puede aumentar los costos y afectar los ingresos. Puede dañar la capacidad de una organización para Innovar, brindar servicios, ganar y mantener a los clientes. Así mimo, la información se ha convertido en uno de los activos más importantes para cualquier organización, y el aseguramiento de la misma como un punto primordial para lograr ventajas competitivas y generación del valor, basando en el adecuado resguardo de la Confidencialidad, Disponibilidad e Integridad de la Información. El propósito del presente trabajo es desarrollar y proponer un método que permita gestionar la ciberseguridad en empresas del sector telecomunicaciones sobre la base de una adecuada gestión del riesgo y la medición de controles según un nivel de madurez. Este método propuesto se encuentra basado en el Cyber Security Framework (CSF) del National Institute of Standards and Technology (NIST) promulgada por el Presidente Obama mediante la Orden Ejecutiva (EO) 13636. / The national and economic security of the countries depends on the reliable operation of their critical infrastructure. Cybersecurity threats exploit the increasing complexity of these systems, putting the economy, public safety and health at risk. Like financial and reputation risk, cybersecurity risk affects the strategic objectives of a company. It can increase costs and affect income. It can damage the ability of an organization to innovate, provide services, earn and maintain customers. Likewise, information has become one of the most important assets for any organization, and the assurance of it as a fundamental point to achieve competitive advantages and generation of value, based on the appropriate protection of Confidentiality, Availability and Integrity of the information. The purpose of this paper is to develop and propose a method for managing cybersecurity in companies in the telecommunications sector on the basis of an adequate risk management and the measurement of controls according to a level of maturity. This proposed method is based on the Cyber Security Framework (CSF) of the National Institute of Standards and Technology (NIST) promulgated by President Obama through Executive Order (EO) 13636. / Trabajo de investigación Ciberseguridad Infraestructuras Criticas Telecomunicaciones CSF NIST Cybersecurity Critical Infrastructures Telecommunications
63	The freedom of information hacked: console cowboys, computer wizards, and personal freedom in the digital age Kelly, Nicholas M. 01 May 2016 (has links) “The Freedom of Information Hacked: Console Cowboys, Computer Wizards, and Personal Freedom in the Digital Age” examines depictions of computer hackers in fiction, the media, and popular culture, assessing how such depictions both influence and reflect popular conceptions of hackers and what they do. In doing so, the dissertation demonstrates the central concerns of hacker stories—concerns about digital security, privacy, and the value of information—have become the concerns of digital culture as a whole, hackers laying bare collective hopes and fears regarding digital networks. Cybersecurity Hackers Hacking Science Fiction SF Technology English Language and Literature
64	Threat Intelligence in Support of Cyber Situation Awareness Gilliam, Billy Paul 01 January 2017 (has links) Despite technological advances in the information security field, attacks by unauthorized individuals and groups continue to penetrate defenses. Due to the rapidly changing environment of the Internet, the appearance of newly developed malicious software or attack techniques accelerates while security professionals continue in a reactive posture with limited time for identifying new threats. The problem addressed in this study was the perceived value of threat intelligence as a proactive process for information security. The purpose of this study was to explore how situation awareness is enhanced by receiving advanced intelligence reports resulting in better decision-making for proper response to security threats. Using a qualitative case study methodology a purposeful sample of 13 information security professionals were individually interviewed and the data analyzed through Nvivo 11 analytical software. The research questions addressed threat intelligence and its impact on the security analyst's cognitive situation awareness. Analysis of the data collected indicated that threat intelligence may enhance the security analyst's situation awareness, as supported in the general literature. In addition, this study showed that the differences in sources or the lack of an intelligence program may have a negative impact on determining the proper security response in a timely manner. The implications for positive social change include providing leaders with greater awareness through threat intelligence of ways to minimize the effects of cyber attacks, which may result in increasing business and consumer confidence in the protection of personal and confidential information. Cybersecurity Situation Awareness Threat Intelligence Databases and Information Systems
65	Strategies to Reduce the Fiscal Impact of Cyberattacks Smith, Shirley Denise 01 January 2019 (has links) A single cyberattack event involving 1 major corporation can cause severe business and social devastation. In this single case study, a major U.S. airline company was selected for exploration of the strategies information technology administrators and airline managers implemented to reduce the financial devastation that may be caused by a cyberattack. Seven participants, of whom 4 were airline managers and 3 were IT administrators, whose primary responsibility included implementation of strategies to plan for and respond to cyberattacks participated in the data collection process. This study was grounded on the general systems theory. Data collection entailed semistructured face-to-face and telephone interviews and collection and review of public documents. The data analysis process of this study involved the use of Yin's 5-step process of compiling, disassembling, reassembling, interpreting, and concluding, which provided a detailed analysis of the emerging themes. The findings produced results that identified strategies organizational managers and administrators of a U.S. airline implemented to reduce the fiscal influence of cyberattacks, such as proactive plans for education and training, active management, and an incident response plan. The findings of this study might affect social change by offering all individuals a perspective on creating effective cyberculture. An understanding of cyberculture could include the focus of a heightened understanding, whereby, to ensure the security of sensitive or privileged data and information and of key assets, thus, reducing the fiscal devastation that may be caused by cyberattacks. cyberattack cybercrimes cyberespionage cyberhacker cyber resiliency cybersecurity Databases and Information Systems
66	Offensive and Defensive Security for Everyday Computer Systems Markwood, Ian 29 June 2018 (has links) This dissertation treats a variety of topics in the computer security domain which have direct impact on everyday life. The first extends false data injection attacks against state estimation in electric power grids and then provides a novel power flow model camouflage method to hamper these attacks. The second deals with automotive theft response, detailing a method for a car to intelligently identify when it has been stolen, based on collected behavioral traits of its driver. The third demonstrates a new attack against the content integrity of the PDF file format, caus- ing humans and computers to see different information within the same PDF documents. This dissertation lastly describes some future work efforts, identifying some potential vulnerabilities in the automated enforcement of copyright protection for audio (particularly music) in online systems such as YouTube. algorithms cyber-physical systems cybersecurity online services Computer Sciences
67	Better Safe than Sorry: The Relationship Between Locus of Control, Perception of Risk, and Cyber Misbehaviors Johnson, Kim 22 March 2018 (has links) Information security is of vital importance to organizations. Breaches in security very often stem from behaviors of the system operator. Cyber misbehaviors on the part of employees can have devastating repercussions on the well-being of an organization. Up to now, research has mainly focused on how to protect information systems from outside attack, and only recently have researchers turned to the part the operator plays in keeping the systems safe. The present study investigated some individual differences that may play a role in people’s cyber behavior. The purpose of the study was to determine if locus of control was related to an individual’s perception of cyber risk and likelihood of engaging in cyber misbehaviors. Internal locus of control was found to be associated with higher perception of cyber risk, and higher cyber risk perception was found to lead to fewer cyber misbehaviors. The trait sensation seeking was also explored but no firm conclusions could be drawn from those results. Gaining an understanding of some of the differences between individuals that make some more likely to commit cyber misbehaviors-- as well as the dynamics behind these relationships—should be greatly beneficial in helping develop deterrents to cyber misbehavior and keeping information systems safer. cyber risk cyber safety cybersecurity information security Psychology
68	Elliptic curve cryptography, zero-knowledge proof, and Lamport's hash chain in a distributed authentication system Chang, Simon Yi-Fan January 2013 (has links) Thesis (M.S.C.S.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / This paper proposes a novel distributed authentication system that uses robust alternatives in cryptographic algorithms to grant a third-party access to personal data without compromising a user's credentials. The paper examines briefly the concept of distributed authentication systems, and discusses how elliptic curve cryptography and Lamport's hash chain can operate in a zero-knowledge proof to establish and manage trust. The paper also discusses how this design avoids some of the most common flaws in distributed authentication systems. Finally, based on results from tests conducted with included source codes, the paper argues that increasing number of rounds of zero-knowledge proof yields substantially faster performance than increasing the modulus for elliptic curve calculations while maintaining comparable levels of security. / 2031-01-01 Computer science Cryptography Zero-knowledge proof Cybersecurity Distributed Authentication Systems
69	Network Defense and Team Cognition: A Team-Based Cybersecurity Simulation January 2016 (has links) abstract: This research evaluates a cyber test-bed, DEXTAR (Defense Exercises for Team Awareness Research), and examines the relationship between good and bad team performance in increasingly difficult scenarios. Twenty-one computer science graduate students (seven three-person teams), with experience in cybersecurity, participated in a team-based cyber defense exercise in the context of DEXTAR, a high fidelity cybersecurity testbed. Performance measures were analyzed in addition to team process, team behavior, and workload to examine the relationship between good and bad teams. Lessons learned are reported that will inform the next generation of DEXTAR. / Dissertation/Thesis / Masters Thesis Applied Psychology 2016 Cognitive psychology cybersecurity human systems team cognition team performance
70	Identifying Financial Frauds on Darkweb January 2018 (has links) abstract: Data breaches have been on a rise and financial sector is among the top targeted. It can take a few months and upto a few years to identify the occurrence of a data breach. A major motivation behind data breaches is financial gain, hence most of the data ends up being on sale on the darkweb websites. It is important to identify sale of such stolen information on a timely and relevant manner. In this research, we present a system for timely identification of sale of stolen data on darkweb websites. We frame identifying sale of stolen data as a multi-label classification problem and leverage several machine learning approaches based on the thread content (textual) and social network analysis of the user communication seen on darkweb websites. The system generates alerts about trends based on popularity amongst the users of such websites. We evaluate our system using the K-fold cross validation as well as manual evaluation of blind (unseen) data. The method of combining social network and textual features outperforms baseline method i.e only using textual features, by 15 to 20 % improved precision. The alerts provide a good insight and we illustrate our findings by cases studies of the results. / Dissertation/Thesis / Masters Thesis Computer Science 2018 Computer science cybersecurity darkweb data theft financial stolen data

Search results