• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 3
  • 1
  • Tagged with
  • 5
  • 5
  • 5
  • 4
  • 4
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Security and privacy in perceptual computing

Jana, Suman 18 September 2014 (has links)
Perceptual, "context-aware" applications that observe their environment and interact with users via cameras and other sensors are becoming ubiquitous on personal computers, mobile phones, gaming platforms, household robots, and augmented-reality devices. This dissertation's main thesis is that perceptual applications present several new classes of security and privacy risks to both their users and the bystanders. Existing perceptual platforms are often completely inadequate for mitigating these risks. For example, we show that the augmented reality browsers, a class of popular perceptual platforms, contain numerous inherent security and privacy flaws. The key insight of this dissertation is that perceptual platforms can provide stronger security and privacy guarantees by controlling the interfaces they expose to the applications. We explore three different approaches that perceptual platforms can use to minimize the risks of perceptual computing: (i) redesigning the perceptual platform interfaces to provide a fine-grained permission system that allows least-privileged application development; (ii) leveraging existing perceptual interfaces to enforce access control on perceptual data, apply algorithmic privacy transforms to reduce the amount of sensitive content sent to the applications, and enable the users to audit/control the amount of perceptual data that reaches each application; and (iii) monitoring the applications' usage of perceptual interfaces to find anomalous high-risk cases. To demonstrate the efficacy of our approaches, first, we build a prototype perceptual platform that supports fine-grained privileges by redesigning the perceptual interfaces. We show that such a platform not only allows creation of least-privileged perceptual applications but also can improve performance by minimizing the overheads of executing multiple concurrent applications. Next, we build DARKLY, a security and privacy-aware perceptual platform that leverages existing perceptual interfaces to deploy several different security and privacy protection mechanisms: access control, algorithmic privacy transforms, and user audit. We find that DARKLY can run most existing perceptual applications with minimal changes while still providing strong security and privacy protection. Finally, We introduce peer group analysis, a new technique that detects anomalous high-risk perceptual interface usages by creating peer groups with software providing similar functionality and comparing each application's perceptual interface usages against those of its peers. We demonstrate that such peer groups can be created by leveraging information already available in software markets like textual descriptions and categories of applications, list of related applications, etc. Such automated detection of high-risk applications is essential for creating a safer perceptual ecosystem as it helps the users in identifying and installing safer applications with any desired functionality and encourages the application developers to follow the principle of least privilege. / text
2

RBAC Attack Exposure Auditor. Tracking User Risk Exposure per Role-Based Access Control Permissions

Damrau, Adelaide 01 May 2023 (has links) (PDF)
Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access security requirements. However, if not properly maintained, RBAC produces the problem of role explosion. What happens when security administrations cannot maintain the increasing number of roles and their assigned permissions provisioned to the organization users? This paper attempts to solve this problem by implementing a scalable RBAC system and assigning each permission a risk value score determined by the severity of risk it would expose the organization to if someone had unauthorized access to that permission. Using RBAC’s role and permission design, each user will be assigned a risk value score determined by the summation of their roles’ risk based on permission values. This method allows security administrators to view the users and roles with the highest level of risk, therefore prioritizing the highest risk users and roles when maintaining user roles and permissions.
3

Permission Based Risk Assessment for Enhancing Privacy of Android Users

Rashid Idris, Muhammad January 2018 (has links)
Mobile applications tend to access data beyond their intended functionality and share this data with third parties for various purposes including marketing, profiling and advertisement. This data also includes user’s personal information and access to this personal information without user’s consent put user’s privacy at risk. User’s Inability to easily find privacy friendly apps and befuddling permission requests paves the way for malicious apps to get access to user’s personal information. Keeping in mind the different level of privacy aware users, we have presented a privacy enforcement framework in this thesis. This framework not only helps user to find alternative privacy friendly apps but also encourage users to review their privacy settings on the smartphone. An app discovery tool is developed to search privacy friendly apps amongst the group with similar functionality. The search results are sorted by privacy friendly score which is calculated using simplified version of risk assessment method known as EBIOS. Threat posed to personal information by various apps are then highlighted and presented to user in an easy-to-understand way before installing the app. We have validated the results of our discovery tool by comparing them to the manual inspection of various functional groups i.e., group of applications with similar functionality. Two list of permissions, one created by subjective and manual analysis of abstract functionality of functional group called expert opinion and other created by our tool based on permissions requested by functional group are compared. Our tool has correctly identified the permissions which are similar to expert opinion. / Mobila applikationer tenderar att ta del av data utanför deras tilltänkta funktionalitet och delar den här datan med tredjehands parter för olika syften som marknadsföring, profilering och reklam. Datan inkluderar även personlig information och tillgång till den personliga informationen utan användarens medvetande sätter användarens integritet i risk. Användares oförmåga att enkelt hitta integritetsvänliga appar och förvirrande godkännande förfrågningar öppnar vägen för illvilliga appar att få tillgång till användarens personliga information. Med tanke på hur olika användare uppmärksammar integritetnivåer presenterar vi ett integritetsupprätthållande ramverk i den här uppsatsen. Ramverket hjälper inte bara användare att hitta integritetsvänliga appar utan uppmuntrar även användaren att granska integritetsinställningarna i sin telefon. Ett applikationsupptäckarverktyg utvecklades för att söka efter integritetsvänliga appar inom samma funktionsområde. Sökresultatet är sorterat efter en integritetsvänlighetspoäng beräknad med en förenklad version av riskbedömningsmetoden känd som EBIOS. Hot mot personlig information från olika appar uppmärksammas och presenteras på ett användarvänligt sätt innan appen installeras. Vi har validerat resultatet från vårt applikationsupptäckarverktyg genom att jämföra det med en manuell inspektion av appar inom samma funktionsområde, exempelvist grupper av applikationer med liknande funktion. Två listor togs fram, en framtagen genom subjektiv och manuell analys av normal funktionalitet kallad expertutlåtande och en framtagen av vårt applikationsupptäckarverktyg baserat på funktionsområde. Vårt verktyg har korrekt identifierat godkännande i likhet med expertutlåtandet.
4

Increasing Efficiency and Scalability in AWS IAM by Leveraging an Entity-centric Attribute- & Role-based Access Control (EARBAC) Model

Karlsson, Rasmus, Jönrup, Pontus January 2023 (has links)
Cloud computing is becoming increasingly popular among all types of companies due to its inherent benefits. However, because of its infrastructure, it might be difficult to manage access rights between users and resources. To address these difficulties, Amazon Web Services (AWS) provides Identity and Access Management (IAM) and features that support the use of different access control models, for example, Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC). Access control models are used for authorisation within systems to decide who gets access to what. Therefore, to determine what constitutes an efficient (the average time it takes to perform a task in AWS IAM) and secure access control model, a thorough study of background material and related work was conducted. Through this study, it was found that RBAC lacked scalability whilst ABAC lacked administrative capabilities. It was also found that flexibility and scalability were two important factors when designing access control models. Furthermore, by conducting a survey and designing an access control model for AWS through various iterations, a new access control model called Entity-centric Attribute- & Role-based Access Control (EARBAC) was developed. In an experiment comparing it with the RBAC model, the EARBAC model was found to be both efficient and secure, in addition to its flexibility and scalability. Furthermore, EARBAC was also found to be 27% faster than RBAC in AWS IAM. These results suggest that the model is useful when developing cloud infrastructures in AWS.
5

Quishing i Sikte:Försvarsstrategier och Verktyg : -En Studie om medarbetares Medvetenhet om QR-kod Phishing och En Undersökning av Anti-Phishing-Verktyg

Ivarsson, Anton, Stefanescu, Adrian January 2024 (has links)
Denna studie undersöker det växande fenomenet quishing (QR-kod phishing) i ljuset av den ökande användningen av QR-koder under COVID-19-pandemin. QR-koder, som är en lösning för beröringsfri interaktion, har blivit allt vanligare och utnyttjas alltmer frekvent i skadliga phishing-attacker mot företag och deras anställda. Under 2023 observerades en dramatisk ökning på över 2 400 procent i en omfattande quishing-kampanj. Undersökningen granskar tidigare studier och forskning om quishing och framhäver behovet av att öka medvetenheten bland anställda och hur man kan implementera effektiva skyddsåtgärder. En central del av studien inkluderar en enkätundersökning och en Attack Simulation Training (AST) som genomförs i samarbete med en Managed Security Service Provider (MSSP). Målet med undersökningen är att belysa anställdas medvetenhet om quishing, deras reaktioner och vad som ligger till grund för de anställdas agerande. Vidare inkluderar studien ett experiment rörande hur effektivt MDO (Microsoft Defender for Office) och andra säkerhetslösningar upptäcker inbäddade QR-koder i olika bildformat och rörliga animationer i epost. Resultaten från enkätundersökningen och ASTn ger insikter som stärker förståelsen för företagens och de anställdas handlande i förhållande till en av många varianter av phishing.Utifrån detta kan rekommendationer för förbättringar, verktyg och policys för att motverka hotet utvecklas och anpassas till hur det verkliga förhållandet är i dagsläget. Studien strävar efter att bidra till en mer omfattande förståelse av quishing och främja framtidens säkerhetskultur inom företagsmiljöer. / This study explores the rising trend of quishing (QR code phishing) in the context of the increased use of QR codes during the COVID-19 pandemic. QR codes, which facilitate contactless interactions, have become more prevalent and are increasingly exploited in malicious phishing attacks targeting companies and their employees. In 2023, a significant surge of over 2,400 percent was observed in a major quishing campaign. The research reviews previous studies on quishing and underscores the necessity of raising employee awareness and implementing effective protective measures. A key component of the study involves a survey and an Attack Simulation Training (AST) conducted in partnership with a Managed Security Service Provider (MSSP). The objective is to assess employees' awareness of quishing, their responses, and the factors influencing their behavior. Additionally, the study includes an experiment to evaluate how effectively Microsoft Defender for Office (MDO) and other security solutions detect embedded QR codes in various image formats and animations in emails. The findings from the survey and AST provide valuable insights into how companies and employees respond to different types of phishing attacks. Based on these insights, recommendations for improvements, tools, and policies can be developed and tailored to the current threat landscape. The study aims to enhance the overall understanding of quishing and promote a stronger security culture within corporate environments.

Page generated in 0.2043 seconds