A Model for Calculating Damage Potential in Computer Systems

January 2019

abstract: For systems having computers as a significant component, it becomes a critical task to identify the potential threats that the users of the system can present, while being both inside and outside the system. One of the most important factors that differentiate an insider from an outsider is the fact that the insider being a part of the system, owns privileges that enable him/her access to the resources and processes of the system through valid capabilities. An insider with malicious intent can potentially be more damaging compared to outsiders. The above differences help to understand the notion and scope of an insider. The significant loss to organizations due to the failure to detect and mitigate the insider threat has resulted in an increased interest in insider threat detection. The well-studied effective techniques proposed for defending against attacks by outsiders have not been proven successful against insider attacks. Although a number of security policies and models to deal with the insider threat have been developed, the approach taken by most organizations is the use of audit logs after the attack has taken place. Such approaches are inspired by academic research proposals to address the problem by tracking activities of the insider in the system. Although tracking and logging are important, it is argued that they are not sufficient. Thus, the necessity to predict the potential damage of an insider is considered to help build a stronger evaluation and mitigation strategy for the insider attack. In this thesis, the question that seeks to be answered is the following: `Considering the relationships that exist between the insiders and their role, their access to the resources and the resource set, what is the potential damage that an insider can cause?' A general system model is introduced that can capture general insider attacks including those documented by Computer Emergency Response Team (CERT) for the Software Engineering Institute (SEI). Further, initial formulations of the damage potential for leakage and availability in the model is introduced. The model usefulness is shown by expressing 14 of actual attacks in the model and show how for each case the attack could have been mitigated. / Dissertation/Thesis / Masters Thesis Computer Science 2019

Computer science

Availability Attack

Insider attack

Threat Value

Multimedia transaction tracking from a mutual distrust perspective.

Wong, Angela S. L.

January 2007

In this thesis, we present a novel, elegant and simple method for secure transaction authentication and non-repudiation for trading multimedia content. Multimedia content can be video, images, text documents, music, or any form of digital signal, however here we will focus particular on still images with application to video. We will provide proof that not only can receiving parties within a transaction be untrustworthy, but the owner, or members within an owning party, also cannot be trusted. Known as the insider attack, this attack is particularly prevalent in multimedia transactions. Thus the focus of the thesis is on the prevention of piracy, with particular emphasis on the case where the owner of a document is assumed to be capable of deceit, placing the system under the assumption of mutual distrust. We will introduce a concept called staining, which will be used to achieve authentication and non-repudiation. Staining is composed of two key components: (1) public-key cryptography; and (2) steganographic watermarking. The idea is to watermark a multimedia document after encryption, thereby introducing a stain on the watermark. This stain is due to the non-commutative nature of the scheme, so that decryption will be imperfect, leaving a residue of the cryptographic process upon the watermark. Essentially, secrets from the owner (the watermark) and the receiver (the cryptographic key) are entangled rather than shared, as in most schemes. We then demonstrate our method using image content and will test several different common cryptographic systems with a spread-spectrum type watermark. Watermarking and cryptography are not usually combined in such a manner, due to several issues such as the rigid nature of cryptography. Contrary to the expectation that there will be severe distortions caused to the original document, we show that such an entanglement is possible without destroying the document under protection. We will then attack the most promising combination of systems by introducing geometric distortions such as rotation and cropping, as well as compressing the marked document, to demonstrate that such a method is robust to typical attacks. / http://proxy.library.adelaide.edu.au/login?url= http://library.adelaide.edu.au/cgi-bin/Pwebrecon.cgi?BBID=1297339 / Thesis (Ph.D.) - University of Adelaide, School of Electrical and Electronic Engineering, 2007

Digital watermarking

Data encryption (Computer science)

Multimedia systems.

Edge-based blockchain enabled anomaly detection for insider attack prevention in Internet of Things

Tukur, Yusuf M., Thakker, Dhaval, Awan, Irfan U.

31 March 2022

Yes / Internet of Things (IoT) platforms are responsible for overall data processing in the IoT System. This ranges from analytics and big data processing to gathering all sensor data over time to analyze and produce long-term trends. However, this comes with prohibitively high demand for resources such as memory, computing power and bandwidth, which the highly resource constrained IoT devices lack to send data to the platforms to achieve efficient operations. This results in poor availability and risk of data loss due to single point of failure should the cloud platforms suffer attacks. The integrity of the data can also be compromised by an insider, such as a malicious system administrator, without leaving traces of their actions. To address these issues, we propose in this work an edge-based blockchain enabled anomaly detection technique to prevent insider attacks in IoT. The technique first employs the power of edge computing to reduce the latency and bandwidth requirements by taking processing closer to the IoT nodes, hence improving availability, and avoiding single point of failure. It then leverages some aspect of sequence-based anomaly detection, while integrating distributed edge with blockchain that offers smart contracts to perform detection and correction of abnormalities in incoming sensor data. Evaluation of our technique using real IoT system datasets showed that the technique remarkably achieved the intended purpose, while ensuring integrity and availability of the data which is critical to IoT success. / Petroleum Technology Development Fund(PTDF) Nigeria, Grant/Award Number:PTDF/ED/PHD/TYM/858/16

Internet of Things (IoT)

Insider attack prevention

Edge computing

Sequence-based anomaly detection

Data