Spelling suggestions: "subject:"data ultrafiltration"" "subject:"mata ultrafiltration""
1 |
Monitoring and Preventing Data Exfiltration in Android-hosted Unmanned Aircraft System ApplicationsMalik, Akshat 06 August 2019 (has links)
With the dominance of Android in the smartphone market, malware targeting Android users has increased over time. Android applications are now being used to control unmanned aircraft systems (UAS) making smartphones the storehouse for all the data that is generated by the UAS. This data can be sensitive in nature which puts the user at the risk of data exfiltration. As most Android-hosted UAS applications are proprietary software, their source code cannot be studied or modified. This thesis discusses an external monitoring system which is devised in order to assess the threat of data exfiltration.
The system is further used to analyze the network behavior of the popular Android-hosted UAS application, DJI GO 4. Current methods to limit data exfiltration are discussed along with their limitations and are categorized based on the ease of deployment.
Even though the Android framework provides a permission system which helps to limit the capabilities of an application, this security mechanism is coarse-grain in nature. The user either allows access to the required permissions or the application fails to function. Moreover, there is no system in place to provide finer control over the existing permissions that are granted to an application. This thesis proposes a fine-grain and application-specific access control mechanism based on system call interposition. The solution focuses on limiting the I/O operations of the target application without any framework or application modification. / Master of Science / Advances in smartphone technology has led major consumer and commercial unmanned aircraft system (UAS) manufacturers to provide users with the feature to fly the UAS using their smartphones. The UAS generate and store large amounts of data which may be sensitive in nature. This has led the U.S. Department of Defense to ban the use of all commercial off-the-shelf UAS due to the threat of data leakage. This thesis discusses an external monitoring system which maps the network behavior of an Android-hosted UAS application, along with the existing methods to limit data leakage. To overcome the limitations of existing techniques, a fine-grain and application-specific access control mechanism is proposed. The solution provides users with the ability to enforce custom security policies to safeguard their data.
|
2 |
Skydd och incidentrespons inom IT-säkerhet : En studie kring utvecklingen av ransomware / Protection and incident response within IT-security: A study about the development of ransomwareEricson, Christoffer, Derek, Nick January 2023 (has links)
Cybersäkerhet är ett konstant växande hot mot organisationer, genom det ständigt ökade digitaliserade samhället, dock finns tecken på att medvetenheten hos organisationer ökar vad gäller cyberattacker och cybersäkerhet. Cyberattacker kan skapa konsekvenser som kan förhindra organisationens verksamhet. Detta lägger grunden till arbetet, att se hur försvarsförmågan har utvecklats. I värsta fall medför en cyberattack konsekvenser som kan äventyra en organisations överlevnadsförmåga. I och med det nya hotet ransomware, där hotaktören krypterar offrets filer och sedan kräver en lösensumma, har konsekvenserna kraftigt kommit att bli mer fatala. Metoderna för ransomware utvecklas av hotaktörerna vilket kan bidra till mer än bara ekonomiska konsekvenser för organisationen. Mot ransomware gäller i stort samma skyddsåtgärder som mot alla former av cyberattacker, däremot finns en del särskilt viktiga aspekter som belyses i detta arbete, till exempel implementering av backups, adekvat dataskydd samt god Patch Management (d.v.s. protokoll för att åtgärda sårbarheter i programvara). I arbetet sammanställs en branschkonsensus för hur organisationer skall arbeta gentemot cyberattacker, specifikt ransomwareattacker. Detta har gjorts genom en litteratur- och kvalitativ intervjustudie, som sedan har analyserats och diskuterats. Intervjustudien har genomförts hos organisationer som bedöms lämpliga för detta då de dagligen arbetar med cybersäkerhet. En av rekommendationerna är att ha en bra backuprutin, där man skapar, distribuerar och testar dessa. Genom arbetet belyses även hur god patch management bör implementeras. Slutligen presenteras även en ny metod, Ransomware 3.0 där hotaktörer stjäl en organisations IT-miljö för att sedan radera denna lokalt hos organisationen och sedan säljer tillbaka denna, som används av hotaktörerna, som hittills varit okänd, där vidare forskning bör vidtas. / Cybersecurity is a constantly growing threat against organisations due to the increasingly digitalisation of society, although there are signs that the consciousness at organisations has increased regarding cyberattacks and cybersecurity. Cyberattacks can create consequences that can restrain an organisations operations. This creates the foundation for this study, to see how the defence capabilities has developed. A cyberattack can, in the worst case scenario, threaten an organisations ability to survive. In regards to the new threat, ransomware, where the threat actor encrypts the victim’s files and demands a ransom, the consequences can be fatal. The new methods associated with ransomware, where the threat actor also exfiltrates the victim’s files, strongly impact the organisations ability to operate. This could lead to economic consequences, as well as damages towards stakeholder relations. Most protective measures applies towards ransomware, however there are some especially important aspects that are presented in this paper, such as implementation of backups, sufficient data protection as well as good Patch Management (protocol to patch vulnerabilities in software). In this paper, an industry consensus on how organisations should work against cyberattacks, especially ransomware, is compiled. This was performed through a litterature and a qualitative interview study. Both studies has been analysed and discussed.The interview study has been accomplished by interviewing appropriate organisations that work with cyber security daily. One of the recommendations is to have a good backup protocol, which implies creating, distributing and testing these backups. This paper also presents how a good patch management should be implemented. Finally, this paper presents a new method, Ransomware 3.0 where the threat actor steals an organisations IT environment, and then destroys the local copy at the organisation to then sell it back, that is used by the threat actors, that is still uncommon knowledge, where continued research have to be conducted.
|
3 |
Electromagnetic Physical Security: Addressing Exploitation Risks and Building TrustMd Faizul Bari (20373786) 10 December 2024 (has links)
<p dir="ltr">Unintentional electromagnetic emission (called emanation) from electronic devices and cables contains a significant correlation with the source signal and can be used to recover otherwise confidential data. In our work, EM emanation has been exploited to recover keystrokes from USB keyboards. Also, such emission has been utilized to form a covert channel for data exfiltration from air-gapped devices without being detected by IDS. To protect sensitive information, an automated emanation detection system has been proposed by developing two emanation detection algorithms (CNN-based and harmonic-based) through the characterization of emanation signals from a wide range of devices. Apart from emanation, data theft can happen due to the failure of access control methods. Traditional wireless devices are susceptible to various spoofing attacks as they only use digital signature-based authentication systems, ignoring the physical signatures completely. To circumvent that, RF-PUF was proposed to use device-specific signatures to be used for trust augmentation in traditional methods. By forming an extensive experimental dataset, we established RF-PUF as a strong PUF with a low-power overhead that outperformed the state-of-the-art methods and is robust against typical attacks. For real-time authentication, we proposed DIRAC, which forms dynamic device clusters and incrementally learns as more device data becomes available. Since our root of trust is in the physical signature of the ICs, they also need to be secured. However, counterfeited ICs may jeopardize that goal. We have proposed RF-PSF, which uses device-specific physical properties to authenticate its process technology which is a big part of the cloned IC detection.</p>
|
Page generated in 0.1245 seconds