Spelling suggestions: "subject:"bread"" "subject:"tread""
1 |
Security evaluation of a smart lock system / Säkerhetsutvärdering av ett smart låssystemHassani, Raihana January 2020 (has links)
Cyber attacks are an increasing problem in the society today. They increase dramatically, especially on IoT products, such as smart locks. This project aims to evaluate the security of the Verisure smartlock system in hopes of contributing to a safer development of IoT products and highlighting theexisting flaws of today’s society. This is achieved by identifying and attempting to exploit potential vulnerabilities with threat modeling and penetration testing. The results showed that the system is relatively secure. No major vulnerabilities were found, only a few weaknesses, including the possibility of a successful DoS attack, inconsistent password policy, the possibility of gaining sensitive information of a user and cloning the key tag used for locking/unlocking the smart lock. / Cyberattacker är ett ökande problem i samhället idag. De ökar markant, särskilt mot IoT-produkter, såsom smarta lås. Detta projekt syftar till att utvärdera säkerheten i Verisures smarta låssystem i hopp om att bidra till en säkrare utveckling av IoT-produkter och belysa de befintliga bristerna i dagens samhälle. Detta uppnås genom att identifiera och försöka utnyttja potentiella sårbarheter med hotmodellering och penetrationstestning. Resultaten visade att systemet är relativt säkert. Inga större sårbarheter hittades, bara några svagheter, inklusive möjligheten till en lyckad DoS-attack, inkonsekvent lösenordspolicy, möjligheten att få känslig information från en användare och kloning av nyckelbrickan som används för att låsa/låsa upp smarta låset.
|
2 |
Ethical hacking of a premium robot vacuum : Penetration testing of the Roborock S7 robot vacuum cleaner / Etiskt hackande av en högkvalitativ robotdammsugare : Penetrationstestande av robotdammsugaren Roborock S7Dahlberg Sundström, Tobias, Nilsson, Johan January 2022 (has links)
With the advancements made in the field of data science, smart IoT devices are be-coming increasingly common. Consequently, this creates an increased number of targets for hackers to potentially exploit. This is a study about ethically hacking a robot vacuum, the Roborock S7, and evaluating the security of the target system. The DREAD and Stride threat models are used in order to find potential exploits. These exploits are then tested on the vacuum. Four tests were done on the system: scan-ning, denial-of-service attack, man-in-the-middle sniffing and man-in-the-middle tampering. The study found that the vacuum is relatively secure against web threats with weaknesses found surrounding its handling of its own network and lack of re-sistance to denial-of-service attacks on the DHCP protocol. / Med de framsteg som sker inom datavetenskap och teknologi blir IoT-enheter allt vanligare i hemmen. Detta medför en ökad mängd enheter med potentiella sårbar-heter som hackare kan utnyttja. Denna rapport handlar om att etiskt hacka en ro-botdammsugare av modell Roborock S7 och utvärdera dess säkerhet mot internet-hot. DREAD och STRIDE används som hotmodeller för att hitta sårbarheter. Sår-barheterna testas sedan på dammsugaren. Fyra tester utfördes på system: scanning, denial-of-service-attack, man-in-the-middle-avlyssning och man-in-the-middle-av-lyssning med manipulering. Rapporten hittade att dammsugaren är resonabelt säker mot internethot men med svagheter i hur enheten hanterar sitt egna nätverk samt ett bristande motstånd mot en denial-of-service-attack genom DHCP-protokollet.
|
3 |
La peur dans les chansons de geste (1100-1250) : poétique et anthropologie / Fear in the chansons de geste (1100-1250) : poetics and anthropologyLonghi, Blandine 29 November 2011 (has links)
L’étude explore les différentes composantes, anthropologiques aussi bien que littéraires, du rapport entre l’émotion du public et l’émotion des personnages. Cette problématique est au cœur du fonctionnement des chansons de geste qui reposent sur un paradoxe : susciter la peur par la description de faits violents et de protagonistes terrifiants, tout en célébrant l’intrépidité de leurs héros. La distance entre le public et les personnages relève en partie de raisons idéologiques : la représentation de figures inquiétantes cristallise l’angoisse collective sur des cibles désignées par les institutions dominantes, tandis que le déni de la peur par les héros participe à la construction d’une image idéalisée de la chevalerie. Par ailleurs, au-delà du lien entre les œuvres et leur contexte historique, la recherche d’un effet de peur procède d’une poétique spécifique. Ce sentiment soude l’auditoire dans l’inquiétude et dans l’admiration, permettant l’exaltation épique et la glorification du courage héroïque. La sublimation de la peur tient à une esthétique de la terreur qui transforme les motifs effrayants en objet de contemplation et la répulsion en attraction. Grâce à cette transfiguration du réel, le public peut opérer un transfert psychique qui confère aux textes une dimension cathartique. Les actions des héros impavides jouent ainsi le rôle d’exutoire pour les pulsions refoulées, et les poèmes contribuent à conjurer l’anxiété liée aux tensions et aux crises de la société féodale. / This work explores the various components, from an anthropological as well as a literary point of view, of the relationship between the emotions of the public and the emotions of the characters. This problem is at the heart of epic texts, which are based on a paradox: to create fear through the depiction of violent events and frightening characters, while celebrating the fearlessness of their heroes. The distance between the audience and the heroes is due to ideological reasons: on the one hand, the representation of disturbing figures crystallizes collective dread on targets designated by the dominant institutions, on the other hand, the heroes’s denial of fear by heroes allows the construction of an idealized image of chivalry. Moreover, beyond the link between the texts and their historical context, the search for a fear effect proceeds from a specific poetics. This emotion enables the epic exaltation and glorification of the hero’s courage by bringing the audience together in the same feelings of worry and admiration. The sublimation of fear depends on an aesthetics of terror which turns the reasons for fear into an object of contemplation and the attraction into repulsion. With this transfiguration of reality, the audience can make a psychic transfer which gives the texts a cathartic dimension. The feats of intrepid heroes are an outlet for repressed instincts, and the poems help to exorcise the dread related to tensions and to the crisis of feudal society.
|
4 |
Not Yet a Child of the Finite and the Infinite : Kierkegaardian Existentialism in William Golding’s <em>Free Fall</em>Davén, Krister January 2009 (has links)
<p>In William Golding’s Free Fall, the novel ends without its protagonist, Sammy Mountjoy, receiving the atonement he seeks. As a consequence, the novel ends in an unresolved manner, leaving Sammy in a state of suspension. Despite having a metaphysical awakening in a Nazi POW camp, the consequences of his enlightenment do not reflect the way the Sammy retrospectively narrates the tale of his life. The existentialist theories of Danish thinker and writer Søren Kierkegaard offer a solution to the dilemma. Kierkegaard’s theories concerning the aesthetic, ethical and religious spheres of life, as well as his concept of ‘existential dread’, may be used to show that Sammy is able to make a ‘leap of faith’ from the aesthetic to the ethical sphere. However, because of his inability to make the last leap into the metaphysical sphere of life, he does not attain the insight he needs, namely that he is ‘a child of the finite and infinite’. The essay relates the ways Sammy Mountjoy fits into the Sartrean and Kierkegaardian expressions of existentialism, soon moving on to describe the details of Kierkegaard’s thought concerning the three spheres of life and the concept of ‘dread’. Sammy’s preoccupation with the present, his focus on the exterior rather than the interior and his inability to commit himself to people or situations fit neatly into the criterion for the aesthetic sphere of life. This, in turn, leads him to a state of dread, which reaches its climax in the dark cupboard. When released from his imprisonment Sammy has reached a state of awareness concerning the “vital morality” between people, previously a foreign concept. However, Kierkegaard points out that also the ethical sphere is flawed, leaving the religious/metaphysical sphere as Sammy’s ultimate destination. By failing to make the final ‘leap of faith’, due to a misguided conception of the boundaries between the ethical and the Absolute, Sammy falls short of the resolution he desires and the forgiveness he seeks from the three people that have influenced him the most. Thus an explanation is proposed to the unresolved manner in which Free Fall ends.</p>
|
5 |
Not Yet a Child of the Finite and the Infinite : Kierkegaardian Existentialism in William Golding’s Free FallDavén, Krister January 2009 (has links)
In William Golding’s Free Fall, the novel ends without its protagonist, Sammy Mountjoy, receiving the atonement he seeks. As a consequence, the novel ends in an unresolved manner, leaving Sammy in a state of suspension. Despite having a metaphysical awakening in a Nazi POW camp, the consequences of his enlightenment do not reflect the way the Sammy retrospectively narrates the tale of his life. The existentialist theories of Danish thinker and writer Søren Kierkegaard offer a solution to the dilemma. Kierkegaard’s theories concerning the aesthetic, ethical and religious spheres of life, as well as his concept of ‘existential dread’, may be used to show that Sammy is able to make a ‘leap of faith’ from the aesthetic to the ethical sphere. However, because of his inability to make the last leap into the metaphysical sphere of life, he does not attain the insight he needs, namely that he is ‘a child of the finite and infinite’. The essay relates the ways Sammy Mountjoy fits into the Sartrean and Kierkegaardian expressions of existentialism, soon moving on to describe the details of Kierkegaard’s thought concerning the three spheres of life and the concept of ‘dread’. Sammy’s preoccupation with the present, his focus on the exterior rather than the interior and his inability to commit himself to people or situations fit neatly into the criterion for the aesthetic sphere of life. This, in turn, leads him to a state of dread, which reaches its climax in the dark cupboard. When released from his imprisonment Sammy has reached a state of awareness concerning the “vital morality” between people, previously a foreign concept. However, Kierkegaard points out that also the ethical sphere is flawed, leaving the religious/metaphysical sphere as Sammy’s ultimate destination. By failing to make the final ‘leap of faith’, due to a misguided conception of the boundaries between the ethical and the Absolute, Sammy falls short of the resolution he desires and the forgiveness he seeks from the three people that have influenced him the most. Thus an explanation is proposed to the unresolved manner in which Free Fall ends.
|
6 |
American Magic and Dread in Don DeLillo¡¦s White NoiseLee, I-hsien 31 August 2009 (has links)
This thesis aims to explore how the idea of American Dream is presented in White Noise, how the Dream is represented as ¡§American magic,¡¨ and how eventually it turns into ¡§American dread,¡¨ the ultimate American nightmare. In Chapter One, I provide a brief historical survey on the concept of the American Dream, the idea that mainly shaped the American nation in history. I turn to Jim Cullen¡¦s The American Dream: A Short History of an Idea That Shaped a Nation and Andrew Delbanco¡¦s The Real American Dream: A Meditation on Hope to explore how the idea of the American Dream changes through the course of American history as well as construct a historical background of the American Dream. Chapter Two explores how the American Dream in White Noise is exposed and transformed into what DeLillo terms in the novel as the ¡§American magic¡¨ via the novel¡¦s extreme emphasis on the issue of mass media, the operation of simulated magic. First, I briefly analyze the American Dream succeeded in White Noise based on my survey of the American Dream in the previous chapter. Reading DeLillo¡¦s ¡§American magic¡¨ as the simulated dream in White Noise in light of Baudrillard¡¦s theory of simulacra and simulation, I argue that White Noise is in fact a novel based on the critique of the American Dream due to the falsehood of the protagonists¡¦ American Dream televised through media and consumer culture. In Chapter Three, by recalling the novel¡¦s emphasis on the protagonists¡¦ fear of death, I aim to examine the true reason for such fatal fear. While many may read White Noise simply as a postmodern representation of man¡¦s uncontrollable natural fear of death, I examine the connection of this major theme of fear towards death to DeLillo¡¦s American magic and point out the possibility of American magic acting both as a cause and reinforcement of this fear as well as relating it to the larger issue of DeLillo¡¦s ¡§American dread¡¨ ¡Xa portrayal of the American Dream and magic brought to its extremity and stirred towards a possible apocalyptic end.
|
7 |
Etude évolutive de la dissociation péri-traumatique chez des victimes confrontées au Réel de la mort dans le cadre d'actes terroristes / An evolutionary study of peritraumatic dissociation among victims confronted with the real of death during terrorist attacksCedile, Elisabeth 12 June 2019 (has links)
Cette recherche a étudié l’évolution psychique de neuf victimes directes des attentats qui ont touché Paris durant l’année 2015 et dont les symptômes étaient atypiques, voire, inexistants, a priori. Si les symptomatologies d’états de stress post traumatiques caractéristiques sont communément admises, tant par les soignants, que par les acteurs juridiques de la réparation en dommage corporel, les états de dissociation péri et post traumatiques, lorsqu’ils sont identifiés, ne sont, en revanche, jamais envisagés autrement que comme des temps de latences augurant de futurs états de stress post traumatiques sévères. A l’aide des contenus d’entretiens cliniques réalisés à trois mois puis dix-huit mois des attentats, accompagnés de deux passations d’une échelle d’évaluation des états de stress post traumatiques (PCL/S), l’évolution psychologique de neuf victimes directes, sans symptômes caractéristiques apparents, a ainsi été effectuée. Cette étude a permis de démontrer que chez certains sujets, la confrontation au Réel de la mort se fait dans une telle violence qu’elle engendre la mise en marche de mécanismes de défense archaïques tel le déni de l’effroi décrit par Lebigot (2005) puis le clivage, et non des tableaux caractéristiques d’état de stress post traumatiques. Chez deux tiers des sujets, il a été démontré que la réassociation par le langage et le retour aux processus de symbolisation étaient néanmoins possibles, sans effondrement pathologique, mais en respectant une progression lente vers l’élaboration du traumatisme, dans le cadre d’alliances thérapeutiques étayantes et ininterrompues. Chez un tiers des sujets, en revanche, la permanence de tels tableaux cliniques, c’est-à-dire asymptomatiques pour deux d’entre eux, ou caractérisé par une amnésie dissociative pour l’un d’entre eux, n’a pas permis de déterminer le caractère adaptatif et non pathologique de tels mécanismes dissociatifs. L’ensemble des résultats démontre néanmoins la nécessité d’accroître les connaissances sur le sens, le repérage et la fonction de tels mécanismes, qui ne sont pas toujours identifiés, du fait même de leur origine qui exclue toute capacité de verbalisation de la part des victimes, mais qui nécessitent cependant des proposition soins appropriées. / This research studied the psychological evolution of nine direct victims of the terrorist attacks that struck Paris in 2015 and whose symptoms were, at first glance, atypical, or even non-existent. While the symptomatologies of post-traumatic stress disorder are commonly recognised, both by carers and legal bodies involved in physical injury compensation, peri and post-traumatic dissociative disorders, when they are identified, are never perceived as anything other than periods of latency, predicting future severe post-traumatic stress disorder.The psychological evolution of the nine direct victims lacking apparent typical symptoms was thus studied based on the content of clinical interviews carried out three months and eighteen months after the attacks, backed by two assessments using the PCLS rating scale for post-traumatic stress disorder. This study has enabled us to show that with some subjects the confrontation with the real of death occurred in such violence that it triggered archaic defence mechanisms, such as denial of the dread as described by Lebigot (2005) then splitting, and not the typical presentations of post-traumatic stress disorder. With two-thirds of the subjects, it was shown that reassociation through language and a return to the process of symbolisation were still possible, without a pathologic breakdown, by respecting a slow progression towards the formulation of the trauma as part of continuous and substantiated therapeutic relationships. However, with one third of subjects the permanence of such clinical presentations, i.e. asymptomatic for two of them or characterised by dissociative amnesia for one of them, made it impossible to determine the adaptive and non-pathological character of such dissociative mechanisms. Nevertheless, the combined results show there is a need to learn more about the meaning, identification and function of these mechanisms which are not always identified, precisely because of their cause which excludes all ability on the part of victims to express themselves, but which nonetheless require that appropriate treatment be offered.
|
8 |
StrideLang : Creation of a Domain-Specific Threat Modeling Language using STRIDE, DREAD and MAL / StrideLang : Skapandet av ett Domän-Specifikt Hotmodellerings-Språk med STRIDE, DREAD och MALCerovic, Lazar January 2022 (has links)
Cybersecurity is still one of the main challenges of the digital era for organizations and individuals alike. Threat modeling is an important tool for building systems that are reliable and secure. The research question for this study is to create a domain specific language (DSL) with the Meta Attack Language (MAL), STRIDE and DREAD. One of the main challenges is to choose a DSL that is suitable for threat modeling. The purpose of the study is to provide people with threat modeling with additional tools that can be used in attack simulations. MAL is a meta language used for creating DSL that can be used for attack simulations. An example of a MAL project that usually serves as a template for other DSL is coreLang, which models the general IT infrastructure. STRIDE is a model used in threat modeling to enumerate and categorization of cyberthreats. DREAD is a model used for risk assessment that scores each threat by a value between one and ten. The proposed method for answering the research question is the Design Research Science Method (DRSM), which is often used for creating artifacts. Evaluation of the results is done with tests written in Java using the Junit framework. The result of the study is the creation of strideLang that maps attack steps in coreLang (MAL implementation of the general IT infrastructure DSL) to STRIDE and DREAD models. The primary source of error in the investigation is the risk assessment with DREAD, which can be somewhat inaccurate depending on what specific DSL is used. It would have been valuable if the study incorporated feedback from domain experts specifically with risk assessment. The nature of the STRIDE and DREAD models is that the models are very subjective in practice. However, this study does provide insights in how a DSL can be created based on DREAD and STRIDE. Future work might investigate a different DSL, incorporate tools such as SecuriCAD and compare different threat models. / Cybersäkerhet är fortfarande en av de främsta utmaningarna i den digitala eran för såväl organisationer som individer. Hotmodellering är ett viktigt verktyg för att bygga tillförlitliga och säkra system. Huvudmålet för denna studie är att skapa ett domänspecifikt språk (DSL) med Meta Attack Language (MAL), STRIDE och DREAD. En av de främsta utmaningarna för att nå målet med studien är att hitta ett domänspecifikt språk som är lämpligt för denna typ av hotmodellering. Syftet med studien är att förse personer som arbetar med hotmodellering med ytterligare verktyg för att kunna använda i sina attacksimuleringar. MAL är ett metaspråk som används för att skapa domän-specifika språk och utföra attacksimuleringar. Ett exempel på ett MAL projekt som oftast används som en mall för att skapa nya domänspecifika och modellerar den generella IT infrastrukturen. STRIDE modellen används för att lista och kategorisera digitala hot. DREAD brukar användas tillsammans med STRIDE och används för att risk bedöma digitala hot genom att betygsätta hoten med ett värde mellan ett och tio. Den valda metoden för att lösa forskningsfrågan är Design Research Science Method (DSRM), som används oftast i samband med skapandet av artefakter. Evaluering av resultatet gjordes med tester skrivna i Java med ramverket JUnit. Studien resulterade med skapande av strideLang som mappar attack steg i coreLang till STRIDE och DREAD modellerna. Den främsta felkällan i denna studie är riskbedömningen med DREAD eftersom noggrannheten på riskbedömningen kan variera från specifika domän i IT infrastrukturen. Det hade varit värdefullt om studien integrera domänexperters bedömning i studien främst för DREAD bedömningen. STRIDE och DREAD modellerna är subjektiva vilket betyder att olika experter kan komma till olika slutsatser för samma hot. Däremot så kan studien förse med intressanta insikter om hur ett domän-specifikt språk kan skapas baserat på DREAD och STRIDE modellerna. Framtida studier kan undersöka en mer specifik domän inom IT infrastrukturen, integrera verktyg som SecuriCAD och jämföra olika modeller som används inom hotmodelleringen
|
9 |
Etisk hackning av en smart foderautomat / Ethical hacking of a Smart Automatic Feed DispenserLokrantz, Julia January 2021 (has links)
Sakernas internet (IoT) syftar till det nät av enheter som samlar och delar data över internet. De senaste åren har användandet av konsument-IoT ökat explosionsartat och åtföljts av en ökad oro kring säkerheten i dessa enheter, då många system visat sig ha bristande säkerhetsimplementeringar. Denna studie undersöker säkerheten i en smart foderautomat för husdjur och redogör för ekonomiska orsaker till förekomsten av sårbarheter. Metoden bygger på att hotmodellera foderautomaten med STRIDE- och DREAD-modellerna följt av en penetrationstestningsfas för några av de allvarligaste hoten. Resultatet visar på att foderautomaten Trixie TX9 har otillräcklig kryptering av nätverksnamn och lösenord till Wi-Fi, är sårbar mot flödesattacker och att analys av trafiken till/från enheten kan avgöra vilket tillstånd den är i. Vidare har foderautomaten flera öppna nätverkstjänster, där bland annat en Telnettjänst som kan nås genom svaga, hårdkodade inloggningsuppgifter som finns publicerade på internet. Ekonomiska orsaker till förekomsten av sårbarheter är främst asymmetrisk information och motstridande incitament. Det är idag svårt för tillverkare att ta betalt för säkerhet då marknaden drivs av snabba lanseringar och utökade funktioner till ett pressat pris. / Internet of things (IoT) refers to the web of connected devices that collect and share data through the internet. The use of consumer-IoT has increased dramatically in recent years, accompanying an increasing concern about the security of these devices as many systems have proven to have insufficient security measures. This study aims to investigate the security level of a smart food dispenser for pets, and account for the underlying economic reasons for the occurrences of vulnerabilities. The method used in this study consists of conducting threat modeling of the food dispenser using STRIDE as well as DREAD models. This is then followed by a penetration-testing phase for some of the more serious threats. The results indicate that the food-dispenser Trixie TX9 has insufficient encryption of network names and passwords, is susceptible to flooding-attacks, and analysis of the incoming/outgoing data traffic from the device can deduct which state it is currently in. Furthermore, the food dispenser has several open network services, Telnet is one among them, which can be accessed through weak, hardcoded credentials that are published on the internet. The economic reasons for these security weaknesses are asymmetrical information and misaligned economic incentives. Manufacturers struggle to charge consumers for an increased level of security as the main market driving factors are swift and regular product launches as well as an expansion of new features available at competitively low prices.
|
10 |
Ethical Hacking of a Robot Vacuum CleanerTorgilsman, Christoffer, Bröndum, Eric January 2020 (has links)
This study revolves around the safety of IoT devices, more specifically how safe the robot vacuum cleaner Ironpie m6 is. The method is based on threat modeling the device, using the DREAD and STRIDE models. The threats with the highest estimated severity were then penetration tested to see which security measures are implemented to protect against them. Using client side manipulation one vulnerability was found in Trifo’s mobile application ”Trifo home” which could be used to harm customers property. / Den här studien kretsar kring IoT enheters säkerhet, mer specifikt hur säker robotdammsugaren Ironpie m6 är. Metoden är baserad på att hotmodellera enheten med hjälp av DREAD och STRIDE modellerna. Dem allvarligaste hoten blev penetrationstestade för att se vilka säkerhetsåtgärder som har blivit implementerade for att skydda produkten från dem. En sårbarhet upptäcktes i Trifos mobilapplikation ”Trifo Home” som kunde exploiteras via manipulation av klient sidan. Denna sårbarhet kunde användas för att skada kunders ägodelar.
|
Page generated in 0.0437 seconds