Global ETD Search

91	ENHANCING SECURITY IN DOCKER WEB SERVERS USING APPARMOR AND BPFTRACE Avigyan Mukherjee (15306883) 19 April 2023 (has links) <p>Dockerizing web servers has gained significant popularity due to its lightweight containerization approach, enabling rapid and efficient deployment of web services. However, the security of web server containers remains a critical concern. This study proposes a novel approach to enhance the security of Docker-based web servers using bpftrace to trace Nginx and Apache containers under attack, identifying abnormal syscalls, connections, shared library calls, and file accesses from normal ones. The gathered metrics are used to generate tailored AppArmor profiles for improved mandatory access control policies and enhanced container security. BPFtrace is a high-level tracing language allowing for real-time analysis of system events. This research introduces an innovative method for generating AppArmor profiles by utilizing BPFtrace to monitor system alerts, creating customized security policies tailored to the specific needs of Docker-based web servers. Once the profiles are generated, the web server container is redeployed with enhanced security measures in place. This approach increases security by providing granular control and adaptability to address potential threats. The evaluation of the proposed method is conducted using CVE’s found in the open source literature affecting nginx and apache web servers that correspond to the classification system that was created. The Apache and Nginx containers was attacked with Metasploit, and benchmark tests including ltrace evaluation in accordance with existing literature were conducted. The results demonstrate the effectiveness of the proposed approach in mitigating security risks and strengthening the overall security posture of Docker-based web servers. This is achieved by limiting memcpy and memset shared library calls identified using bpftrace and applying rlimits in 9 AppArmor to limit their rate to normal levels (as gauged during testing) and deny other harmful file accesses and syscalls. The study’s findings contribute to the growing body of knowledge on container security and offer valuable insights for practitioners aiming to develop more secure web server deployments using Docker. </p> Data security and protection System and network security Networking and communications Docker security Webserver Containerization
92	IS THE FUTURE OF BEAUTY PERSONALIZED? : CASE STUDY FOR MICROBIOME SKINCARE BRAND SKINOME Kanaska, Santa Daniela January 2022 (has links) The researcher takes a user-centric empirical approach to estimate different consumer group participant views on the personalization technology adoption within the skincare industry. In addition, the study aims to highlight the main identified opportunities and concerns that users associate with the personalized technology solutions within the industry, such as skincare and product quizzes, in-depth questionnaires, smart skin analysis tools, and others. The empirical study sample consists of 17 subjects who represent three different generation groups (Generations X, Y, and Z). For data analysis purposes, the author has performed content and discourse analysis, sentiment assessment, and word cloud visualizations using the Python word cloud library. The conducted sentiment analysis shows that the Gen X group’s users overall have a negative attitude towards personalization technology adoption for the skincare (average sentiment: 0.294) in comparison to Gen Y and Gen Z consumers whose sentiment analysis results showed neutral and positive tendencies. The content analysis showed that Gen Y and Gen Z consumers are more concerned about the data governance and its associated risks than Gen X consumers for whom the results and skin health-related improvements were indicated as having higher importance. According to the gathered data, the majority of Gen Y and Gen Z consumer group participants see personalization technology as the future of the skincare industry; nevertheless, Gen X consumers believe that personalization within the skincare will not be attached to one brand and will be more focussed on addressing specific skin conditions and concerns as well as will be more evidence-based. / Forskaren använder sig av en användarcentrerad empirisk metod för att uppskatta olika konsumentgruppers åsikter om hur tekniken för att ge personliga hudvårdsråd används inom hudvårdsbranschen. Dessutom syftar studien till att belysa de viktigaste identifierade möjligheterna och farhågorna som användarna förknippar med dessa tekniska lösningar inom branschen, såsom hudvårds- och produkttester, djupgående frågeformulär, smarta hudanalysverktyg och andra. Den empiriska studiens urval består av 17 personer som representerar tre olika generationsgrupper (generationerna X, Y och Z). Författaren har för analysen av datan genomfört en innehålls- och diskursanalys, en känsloutvärdering samt en ordmolnsanalys med hjälp av Pythons ordmolnsbibliotek. Den genomförda känslighetsanalysen visar att användare i gruppen Gen X överlag har en negativ inställning till att införa teknik för att erhålla personliga hudvårdsråd (genomsnittlig känsla: 0,294) i jämförelse med konsumenter i generationerna Y och Z, vars känslighetsanalysresultat visade neutrala och positiva tendenser. Innehållsanalysen visade att Gen Y- och Gen Z-konsumenterna är mer oroade över datastyrningen och de därmed förknippade riskerna än Gen X-konsumenterna, för vilka resultaten och förbättringarna av hudhälsan angavs ha större betydelse. Resultaten av studien visar att en majoritet av Gen Y- och Gen Z-konsumentgruppens deltagare ser att utvecklandet och användandet av teknik för att ge personliga hudvårdsråd är framtiden för hudvårdsbranschen. Gen Xkonsumenterna tror dock att tekniken för personliga hudvårdsråd inte kommer att vara knuten till ett märke och att den kommer att vara mer inriktad på att hantera specifika hudtillstånd och problem samt vara mer evidensbaserad. personalization beauty tech Artificial Intelligence Recommender systems AI ethics data security teknik för personliga hudvårdsråd skönhetsteknik Artificiell Intelligens Rekommendationssystem AI-etik datasäkerhet Computer and Information Sciences Data- och informationsvetenskap
93	<strong>Deep Learning-Based Anomaly Detection in TLS Encrypted Traffic</strong> Kehinde Ayano (16650471) 03 August 2023 (has links) <p> The growing trend of encrypted network traffic is changing the cybersecurity threat scene. Most critical infrastructures and organizations enhance service delivery by embracing digital platforms and applications that use encryption to ensure that data and Information are moved across networks in an encrypted form to improve security. While this protects data confidentiality, hackers are also taking advantage of encrypted network traffic to hide malicious software known as malware that will easily bypass the conventional detection mechanisms on the system because the traffic is not transparent for the monitoring mechanism on the system to analyze. Cybercriminals leverage encryption using cryptographic protocols such as SSL/TLS to launch malicious attacks. This hidden threat exists because of the SSL encryption of benign traffic. Hence, there is a need for visibility in encrypted traffic. This research was conducted to detect malware in encrypted network traffic without decryption. The existing solution involves bulk decryption, analysis, and re-encryption. However, this method is prone to privacy issues, is not cost-efficient, and is time-consuming, creating huge overhead on the network. In addition, limited research exists on detecting malware in encrypted traffic without decryption. There is a need to strike a balance between security and privacy by building an intelligent framework that can detect malicious activity in encrypted network traffic without decrypting the traffic prior to inspection. With the payload still encrypted, the study focuses on extracting metadata from flow features to train the machine-learning model. It further deployed this set of features as input to an autoencoder, leveraging the construction error of the autoencoder for anomaly detection. </p> Data and information privacy Data security and protection System and network security Cybersecurity Privacy Encrypted Traffic Network Security Machine Learning Deep Learning
94	Defeating Critical Threats to Cloud User Data in Trusted Execution Environments Adil Ahmad (13150140) 26 July 2022 (has links) <p>In today’s world, cloud machines store an ever-increasing amount of sensitive user data, but it remains challenging to guarantee the security of our data. This is because a cloud machine’s system software—critical components like the operating system and hypervisor that can access and thus leak user data—is subject to attacks by numerous other tenants and cloud administrators. Trusted execution environments (TEEs) like Intel SGX promise to alter this landscape by leveraging a trusted CPU to create execution contexts (or enclaves) where data cannot be directly accessed by system software. Unfortunately, the protection provided by TEEs cannot guarantee complete data security. In particular, our data remains unprotected if a third-party service (e.g., Yelp) running inside an enclave is adversarial. Moreover, data can be indirectly leaked from the enclave using traditional memory side-channels.</p> <p><br></p> <p>This dissertation takes a significant stride towards strong user data protection in cloud machines using TEEs by defeating the critical threats of adversarial cloud services and memory side-channels. To defeat these threats, we systematically explore both software and hardware designs. In general, we designed software solutions to avoid costly hardware changes and present faster hardware alternatives.</p> <p><br></p> <p>We designed 4 solutions for this dissertation. Our Chancel system prevents data leaks from adversarial services by restricting data access capabilities through robust and efficient compiler-enforced software sandboxing. Moreover, our Obliviate and Obfuscuro systems leverage strong cryptographic randomization and prevent information leakage through memory side-channels. We also propose minimal CPU extensions to Intel SGX called Reparo that directly close the threat of memory side-channels efficiently. Importantly, each designed solution provides principled protection by addressing the underlying root-cause of a problem, instead of enabling partial mitigation.</p> <p><br></p> <p>Finally, in addition to the stride made by our work, future research thrust is required to make TEEs ubiquitous for cloud usage. We propose several such research directions to pursue the essential goal of strong user data protection in cloud machines.</p> Data security and protection Hardware security System and network security Cloud data protection Trusted Execution Environments (TEEs) Intel Software Guard eXtensions (SGX) Oblivious RAM (ORAM) Hardware extensions Compiler-aided protection
95	Language-Based Techniques for Policy-Agnostic Oblivious Computation Qianchuan Ye (18431691) 28 April 2024 (has links) <p dir="ltr">Protecting personal information is growing increasingly important to the general public, to the point that major tech companies now advertise the privacy features of their products. Despite this, it remains challenging to implement applications that do not leak private information either directly or indirectly, through timing behavior, memory access patterns, or control flow side channels. Existing security and cryptographic techniques such as secure multiparty computation (MPC) provide solutions to privacy-preserving computation, but they can be difficult to use for non-experts and even experts.</p><p dir="ltr">This dissertation develops the design, theory and implementation of various language-based techniques that help programmers write privacy-critical applications under a strong threat model. The proposed languages support private structured data, such as trees, that may hide their structural information and complex policies that go beyond whether a particular field of a record is private. More crucially, the approaches described in this dissertation decouple privacy and programmatic concerns, allowing programmers to implement privacy-preserving applications modularly, i.e., to independently develop application logic and independently update and audit privacy policies. Secure-by-construction applications are derived automatically by combining a standard program with a separately specified security policy.</p><p><br></p> Data and information privacy Data security and protection Programming languages Dependent types Algebraic data types Oblivious computation Multiparty computation Privacy policies Information flow control Functional languages
96	New Theoretical Techniques For Analyzing And Mitigating Password Cracking Attacks Peiyuan Liu (18431811) 26 April 2024 (has links) <p dir="ltr">Brute force guessing attacks continue to pose a significant threat to user passwords. To protect user passwords against brute force attacks, many organizations impose restrictions aimed at forcing users to select stronger passwords. Organizations may also adopt stronger hashing functions in an effort to deter offline brute force guessing attacks. However, these defenses induce trade-offs between security, usability, and the resources an organization is willing to investigate to protect passwords. In order to make informed password policy decisions, it is crucial to understand the distribution over user passwords and how policy updates will impact this password distribution and/or the strategy of a brute force attacker.</p><p dir="ltr">This first part of this thesis focuses on developing rigorous statistical tools to analyze user password distributions and the behavior of brute force password attackers. In particular, we first develop several rigorous statistical techniques to upper and lower bound the guessing curve of an optimal attacker who knows the user password distribution and can order guesses accordingly. We apply these techniques to analyze eight password datasets and two PIN datasets. Our empirical analysis demonstrates that our statistical techniques can be used to evaluate password composition policies, compare the strength of different password distributions, quantify the impact of applying PIN blocklists, and help tune hash cost parameters. A real world attacker may not have perfect knowledge of the password distribution. Prior work introduced an efficient Monte Carlo technique to estimate the guessing number of a password under a particular password cracking model, i.e., the number of guesses an attacker would check before this particular password. This tool can also be used to generate password guessing curves, but there is no absolute guarantee that the guessing number and the resulting guessing curves are accurate. Thus, we propose a tool called Confident Monte Carlo that uses rigorous statistical techniques to upper and lower bound the guessing number of a particular password as well as the attacker's entire guessing curve. Our empirical analysis also demonstrate that this tool can be used to help inform password policy decisions, e.g., identifying and warning users with weaker passwords, or tuning hash cost parameters.</p><p dir="ltr">The second part of this thesis focuses on developing stronger password hashing algorithms to protect user passwords against offline brute force attacks. In particular, we establish that the memory hard function Scrypt, which has been widely deployed as password hash function, is maximally bandwidth hard. We also present new techniques to construct and analyze depth robust graph with improved concrete parameters. Depth robust graph play an essential rule in the design and analysis of memory hard functions.</p> Cryptography Data security and protection Memory Hard Function Password Security Statistical Analysis Cryptography Theoretical Bounds Depth-Robust Graph Password Dataset Password Distribution Bandwidth Hardness Password Cracking Model
97	A Comprehensive and Comparative Examination of Healthcare Data Breaches: Assessing Security, Privacy, and Performance Al Kinoon, Mohammed 01 January 2024 (has links) (PDF) The healthcare sector is pivotal, offering life-saving services and enhancing well-being and community life quality, especially with the transition from paper-based to digital electronic health records (EHR). While improving efficiency and patient safety, this digital shift has also made healthcare a prime target for cybercriminals. The sector's sensitive data, including personal identification information, treatment records, and SSNs, are valuable for illegal financial gains. The resultant data breaches, increased by interconnected systems, cyber threats, and insider vulnerabilities, present ongoing and complex challenges. In this dissertation, we tackle a multi-faceted examination of these challenges. We conducted a detailed analysis of healthcare data breaches using the VERIS (Vocabulary for Event Recording and Incident Sharing) dataset. We delve into the trends of these breaches, investigate the attack vectors, and identify patterns to inform effective mitigation strategies. We conducted a spatiotemporal analysis of the VERIS and the Office of Civil Rights (OCR) datasets. We explored the geographical and temporal distribution of breaches and focused on the types of targeted assets to decipher the attackers' motives. Additionally, we conducted a detailed analysis of hospitals' online presence, focusing on their security and performance features. By comparing government, non-profit, and private hospitals in the U.S., we examined their security practices, content, and domain attributes to highlight the differences and similarities in the digital profiles of these hospital types. Furthermore, we expand our scope to include a comparative sector-based study investigating data breaches across various critical sectors. This broader view provides a contextual understanding of the healthcare sector's unique vulnerabilities compared to other sectors. Overall, this dissertation contributes fundamental insights into healthcare data breaches and hospitals' digital presence and underscores the urgent need for enhanced understanding and implementation of robust security measures in this vitally important sector, striving for a balance between technological advancement and data security. Web security SSL Certificates Healthcare Data Breaches Measurement Data Confidentiality Data Security Data Analysis Computer Sciences Health Information Technology Information Security
98	Exploring individual privacy concerns in mixed reality use situations : A qualitative study Ahmed, Hiwa January 2024 (has links) This Master’s thesis explores the nuanced dimensions of privacy concerns in mixed reality (MR) environments. As MR technologies increasingly integrate into daily life, understanding how individuals perceive and navigate privacy within these contexts becomes crucial. This qualitative study employs semi structured interviews to gather insights from users actively engaged with MR, aiming to identify key privacy issues and the impact of social interactions on privacy dynamics. The research reveals that privacy concerns in MR are influenced by a complex interplay of technology features, user interactions, and contextual settings. Participants ex pressed apprehensions about data security, unauthorized information access, and a lack of control over personal data shared within MR environments. The findings highlight the need for enhanced privacy safeguards and transparent data management practices to foster trust and security in MR applications. This study contributes to the growing discourse on privacy in immersive technologies by providing empirical evidence and proposing recommendations for designing privacy aware MR systems. It aims to inform developers and policy- makers in the development of robust privacy frameworks that align with user expectations and legal standards, thereby enhancing user engagement and trust in MR technology. Mixed reality privacy concerns qualitative study user perceptions data security technology interaction. Information Systems, Social aspects
99	Relax the Reliance on Honesty in Distributed Cryptographic Protocols Tiantian Gong (19838595) 14 October 2024 (has links) <p dir="ltr">Distributed cryptographic protocols typically assume a bounded number of malicious parties (who behave arbitrarily) in the system---and in turn, a lower bound on the number of <i>honest</i> parties (who follow and only follow a protocol faithfully/honestly without performing unspecified computations)---for their respective security guarantees to hold. However, when deploying these protocols in practice, the nature of computing parties does not necessarily align nicely with the protocols' assumptions. Specifically, there may be only a few honest/compliant parties, or none exists. Instead, non-malicious parties may be <i>semi-honest</i> (who follow the protocol specifications but are curious to learn as much information as possible from semi-honest parties' transcripts) or <i>rational</i> (who take actions that maximize their utilities instead of actions benefiting the protocol the most, e.g., performing extra computations or not following protocols). In such cases, the security guarantees of such protocols may deviate greatly in real life from what is theoretically promised, leaving a huge gap between theory and practice. </p><p dir="ltr">In this thesis, I bridge such a gap by enhancing the fault tolerance of various distributed cryptographic primitives by <i>relaxing the assumption on the existence of honest parties</i>.</p><p dir="ltr">First, in the context of <b>secure multi-party computations</b>, without honest parties, my goal is to induce honest (i.e., not compromising correctness) and non-curious (i.e., not harming privacy) behaviors from rational participants via game theoretic and cryptographic techniques. In particular, I first demonstrate how to ensure protocol correctness and deter collusion among parties to recover secrets---which also breaks privacy---in multiserver private information retrieval with a singleton access structure. Then for primitives with more general (non-singleton) access structures, I introduce a distinct treatment through the lens of verifiable secret sharing. The two solutions are designed with a public bulletin board, commitment schemes, digital signature schemes, zkSNARKs (zero-knowledge succinct non-interactive arguments of knowledge), and distinct incentive structures tailored for varying access structures underlying the schemes.</p><p dir="ltr">Second, in <b>permissionless blockchain systems</b>, for protocols without privacy guarantees like computation outsourcing and consensus, my goal is to incentivize rational parties to behave correctly. This means to act according to the protocol specifications or as implied by the security requirements of the primitive, e.g., fairly distribute rewards to participants based on contributions in proof-of-work (PoW) blockchains. Specifically, I present a defense against an undercutting attack in PoW blockchains from a game theory perspective and propose a decentralized computation outsourcing protocol built on permissionless blockchain systems based on multi-unit auctions.</p> Cryptography Data and information privacy Data security and protection Private information retrieval Multiparty computation Secret sharing Decentralized computation outsourcing Collusion deterrence Mechanism design
100	Investigating Security Measures in Common Data Environments: Insights from AEC Industry Case Studies Abegaz, Kaleab January 2024 (has links) Data exchange is a vital aspect of the construction industry, which means there is need for a consistent platform to manage documents that can be relied on. An important digital information management system in the Architectural, Engineering, and Construction (AEC) sector is Building Information Modeling (BIM). However, problems exist regarding secure and compatible systems for data sharing. The study explores why adaptable and tailored security measures are needed to suit project specifications. Through this examination of centralized versus decentralized Common Data Environments (CDEs), it emerges that open BIM systems are impractical when compared to closed ones. The findings highlight the crucial role that standardization and customization play towards efficient, safe and flexible BIM implementations. It also recommends further research for future studies as well as emphasizes transparency in implementing CDE-based security protocols. Common Data Environment (CDE) Building Information Modeling (BIM) cybersecurity data security interoperability centralized CDE decentralized CDE open BIM closed BIM ISO 19650 PAS 1192 Construction Management Byggproduktion

Search results