A Control Theoretic Approach for Resilient Network Services

Vempati, Jagannadh Ambareesh

12 1900

Resilient networks have the ability to provide the desired level of service, despite challenges such as malicious attacks and misconfigurations. The primary goal of this dissertation is to be able to provide uninterrupted network services in the face of an attack or any failures. This dissertation attempts to apply control system theory techniques with a focus on system identification and closed-loop feedback control. It explores the benefits of system identification technique in designing and validating the model for the complex and dynamic networks. Further, this dissertation focuses on designing robust feedback control mechanisms that are both scalable and effective in real-time. It focuses on employing dynamic and predictive control approaches to reduce the impact of an attack on network services. The closed-loop feedback control mechanisms tackle this issue by degrading the network services gracefully to an acceptable level and then stabilizing the network in real-time (less than 50 seconds). Employing these feedback mechanisms also provide the ability to automatically configure the settings such that the QoS metrics of the network is consistent with those specified in the service level agreements.

Control Theory

Resilient

Network

DDoS

Feedback control

Graceful Degradation

System Identification

Computer Science

Computer networks -- Security measures.

Feedback control systems.

Control theory.

System identification.

Awareness and training: the influence on end-user' attitude towards information security policy compliance

Snyman, Mmabatho Charity

02 1900

Research accentuates that end-users‘ noncompliance with information security policy (ISP) is a key concern for government just as it is for the private sector. Although awareness and training programmes are important factors impacting employees‘ intentions to comply with an organisation‘s ISP, it can be argued that there is insufficient empirical evidence to support this assertion. To address this gap, this study seeks to expand research on ISP compliance by focusing on attitudes as targets of change. A research model based on the Theory of Planned Behaviour was proposed to illustrate the influence of ISP awareness training on end-users‘ attitudes towards complying with their organisation‘s ISP. Relevant hypotheses were developed to test the research conceptualisation. A survey and an experiment was undertaken to collect the data from a sample of 173 end-users of a single government organisation in one province. The data was captured and analysed using a Statistical Package for Social Sciences (SPSS). Furthermore, Structural Equation Modelling (SEM) was used to test whether the overall model appears to be a good fit to support the hypotheses. The reliability, validity, and model fit were found to be statistically significant, and three out of five research hypotheses were supported. Overall this study contributes to the existing body of knowledge by providing an understanding of the methods that can be used to encourage end-users‘ ISP compliance behaviour through an attitudinal shift, thereby targeting end-users‘ attitude as a means to improve information security policy compliance. Implications of the findings are further discussed in the paper. / Information Technology / M. Tech. (Information Technology)

Attitudes

Information security

Information security policy

Awareness training

Intentions to comply

Information security compliance

Self-efficacy

005.8

Computer security -- Government policy

Data protection -- Government policy

Computer networks -- Security measures

Compliance auditing

Information technology -- Management

A framework for the protection of mobile agents against malicious hosts

Biermann, Elmarie

30 September 2004

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance / Computing / D.Phil.

Computer security

Communication networks

Countermeasure classification

Mobile agent security framework

Security framework requirements

Threats classification

Malicious hosts

Mobile agent security

005.8

Mobile agents (Computer software)

Computer security

Computer networks -- Security measures

Applying mobile agents in an immune-system-based intrusion detection system

Zielinski, Marek Piotr

30 November 2004

Nearly all present-day commercial intrusion detection systems are based on a hierarchical architecture. In such an architecture, the root node is responsible for detecting intrusions and for issuing responses. However, an intrusion detection system (IDS) based on a hierarchical architecture has many single points of failure. For example, by disabling the root node, the intrusion-detection function of the IDS will also be disabled. To solve this problem, an IDS inspired by the human immune system is proposed. The proposed IDS has no single component that is responsible for detecting intrusions. Instead, the intrusion-detection function is divided and placed within mobile agents. Mobile agents act similarly to white blood cells of the human immune system and travel from host to host in the network to detect intrusions. The IDS is fault-tolerant because it can continue to detect intrusions even when most of its components have been disabled. / Computer Science (School of Computing) / M. Sc. (Computer Science)

Computer security

Intrusion detection system

Immune system

Mobile agent

Fault-tolerance

Anomaly detection

System call monitoring

Computer immunology

005.8

Computer security

Mobile agents (Computer software)

Computer networks -- Security measures

Selection of mobile agent systems based on mobility, communication and security aspects

Lall, Manoj

30 June 2005

The availability of numerous mobile agent systems with its own strengths and weaknesses poses a problem when deciding on a particular mobile agent system. In this dissertation, factors based on mobility, communication and security of the mobile agent systems are presented and used as a means to address this problem. To facilitate in the process of selection, a grouping scheme of the agent system was proposed. Based on this grouping scheme, mobile agent systems with common properties are grouped together and analyzed against the above-mentioned factors. In addition, an application was developed using the Aglet Software Development Toolkit to demonstrate certain features of agent mobility, communication and security. / Theoretical Computing / M. Sc. (Computer Science)

Mobile agent systems

Mobile agents

KQML

Execution environment

Distributed systems

Agent Communication Language

Agent Mobility

Agent Security

Computational environment

Data state

006.3

Mobile agents (Computer software)

Mobile computing

Computer networks -- Security measures

Information security risk management in small-scale organisations: a case study of secondary schools’ computerised information systems

Moyo, Moses

11 December 2014

Threats to computerised information systems are always on the rise and compel organisations to invest a lot of money and time amongst other technical controls in an attempt to protect their critical information from inherent security risks. The computerisation of information systems in secondary schools has effectively exposed these organisations to a host of complex information security challenges that they have to deal with in addition to their core business of teaching and learning. Secondary schools handle large volumes of sensitive information pertaining to educators, learners, creditors and financial records that they are obliged to secure. Computerised information systems are vulnerable to both internal and external threats but ease of access sometimes manifest in security breaches, thereby undermining information security. Unfortunately, school managers and users of computerised information systems are ignorant of the risks to their information systems assets and the consequences of the compromises that might occur thereof. One way of educating school managers and users about the risks to their computerised information systems is through a risk management programme in which they actively participate. However, secondary schools do not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources to fund such programmes. This qualitative case study was conducted in two secondary schools that use computerised information systems to support everyday administrative operations. The main objective of this research study was to assist secondary schools that used computerised information systems to develop a set of guidelines they would use to effectively manage information security risks in their computerised information systems. This study educated school managers and computerised information systems users on how to conduct simple risk management exercises. The Operationally Critical Threats, Assets and Vulnerability Evaluation for small-scale organisations risk management method was used to evaluate the computerised information systems in the two schools and attain the goals of the research study. Data for this study were generated through participatory observation, physical inspections and interview techniques. Data were presented, analysed and interpreted qualitatively. This study found that learners‟ continuous assessment marks, financial information, educators‟ personal information, custom application software, server-computers and telecommunication equipment used for networking were the critical assets. The main threats to these critical assets were authorised and unauthorised systems users, malware, system crashes, access paths and incompatibilities in software. The risks posed by these threats were normally led to the unavailability of critical information systems assets, compromise of data integrity and confidentiality. This also led to the loss of productivity and finance, and damage to school reputation. The only form of protection mechanism enforced by secondary schools was physical security. To mitigate the pending risks, the study educated school managers and users in selecting, devising and implementing simple protection and mitigation strategies commensurate with their information systems, financial capabilities and their level of skills. This study also recommended that secondary schools remove all critical computers from open-flow school networks, encrypt all critical information, password-protect all computers holding critical information and train all users of information systems of personal security. The study will be instrumental in educating school managers and computerised information systems users in information security awareness and risk management in general. / Science Engineering and Technology / M.Sc. (Information Systems)

005.80968

Computer security -- South Africa

Risk management -- South Africa

Computer seizure as technique in forensic investigation

Ndara, Vuyani

19 March 2014

The problem encountered by the researcher was that the South African Police Service Cyber-Crimes Unit is experiencing problems in seizing computer evidence. The following problems were identified by the researcher in practice: evidence is destroyed or lost because of mishandling by investigators; computer evidence is often not obtained or recognised, due to a lack of knowledge and skills on the part of investigators to properly seize computer evidence; difficulties to establish authenticity and initiate a chain of custody for the seized evidence; current training that is offered is unable to cover critical steps in the performance of seizing computer evidence; computer seizure as a technique requires specialised knowledge and continuous training, because the information technology industry is an ever-changing area. An empirical research design, followed by a qualitative research approach, allowed the researcher to also obtain information from practice. A thorough literature study, complemented by interviews, was done to collect the required data for the research. Members of the South African Police Cyber-crime Unit and prosecutors dealing with cyber-crime cases were interviewed to obtain their input into, and experiences on, the topic. The aim of the study was to explore the role of computers in the forensic investigation process, and to determine how computers can be seized without compromising evidence. The study therefore also aimed at creating an understanding and awareness about the slippery nature of computer evidence, and how it can find its way to the court of law without being compromised. The research has revealed that computer crime is different from common law or traditional crimes. It is complicated, and therefore only skilled and qualified forensic experts should be used to seize computer evidence, to ensure that the evidence is not compromised. Training of cyber-crime technicians has to be priority, in order to be successful in seizing computers. / Department of Criminology / M.Tech. (Forensic Investigation)

Forensic

Digital forensic

Computer

Digital evidence

Investigators

Technicians

Chain of custody

Seizure

Cyber-crime

Cyber-crime technicians

363.25968

Computer crimes -- Investigation

Computer security

Forensic sciences -- Data processing

Crime scene searches

Electronic evidence

Computer networks -- Security measures

Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrols

Weber, Lyle

04 1900

Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Bring Your Own Device (BYOD) is a technological trend which individuals of all ages are embracing. BYOD involves an employee of an organisation using their own mobile devices to access their organisations network. Several incremental risks will arise as a result of adoption of a BYOD program by an organisation. The research aims to assist organisations to identify what incremental risks they could potentially encounter if they adopt a BYOD program and how they can use a framework like COBIT 5 in order to reduce the incremental risks to an acceptable level. By means of an extensive literature review the study revealed 50 incremental risks which arise as a result of the adoption of a BYOD program. COBIT 5 was identified as the most appropriate framework which could be used to map the incremental risks against. Possible safeguards were identified from the mapping process which would reduce the incremental risks to an acceptable level. It was identified that 13 of the 37 COBIT 5 processes were applicable for the study.

Theses -- Accountancy

Dissertations -- Accountancy

Computer networks -- Security measures

Computer security -- Risk assessment

Dissertations -- Computer auditing

Theses -- Computer auditing

UCTD

Information security risk management in small-scale organisations : a case study of secondary schools’ computerised information systems

Moyo, Moses

11 December 2014

Threats to computerised information systems are always on the rise and compel organisations to invest a lot of money and time amongst other technical controls in an attempt to protect their critical information from inherent security risks. The computerisation of information systems in secondary schools has effectively exposed these organisations to a host of complex information security challenges that they have to deal with in addition to their core business of teaching and learning. Secondary schools handle large volumes of sensitive information pertaining to educators, learners, creditors and financial records that they are obliged to secure. Computerised information systems are vulnerable to both internal and external threats but ease of access sometimes manifest in security breaches, thereby undermining information security. Unfortunately, school managers and users of computerised information systems are ignorant of the risks to their information systems assets and the consequences of the compromises that might occur thereof. One way of educating school managers and users about the risks to their computerised information systems is through a risk management programme in which they actively participate. However, secondary schools do not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources to fund such programmes. This qualitative case study was conducted in two secondary schools that use computerised information systems to support everyday administrative operations. The main objective of this research study was to assist secondary schools that used computerised information systems to develop a set of guidelines they would use to effectively manage information security risks in their computerised information systems. This study educated school managers and computerised information systems users on how to conduct simple risk management exercises. The Operationally Critical Threats, Assets and Vulnerability Evaluation for small-scale organisations risk management method was used to evaluate the computerised information systems in the two schools and attain the goals of the research study. Data for this study were generated through participatory observation, physical inspections and interview techniques. Data were presented, analysed and interpreted qualitatively. This study found that learners‟ continuous assessment marks, financial information, educators‟ personal information, custom application software, server-computers and telecommunication equipment used for networking were the critical assets. The main threats to these critical assets were authorised and unauthorised systems users, malware, system crashes, access paths and incompatibilities in software. The risks posed by these threats were normally led to the unavailability of critical information systems assets, compromise of data integrity and confidentiality. This also led to the loss of productivity and finance, and damage to school reputation. The only form of protection mechanism enforced by secondary schools was physical security. To mitigate the pending risks, the study educated school managers and users in selecting, devising and implementing simple protection and mitigation strategies commensurate with their information systems, financial capabilities and their level of skills. This study also recommended that secondary schools remove all critical computers from open-flow school networks, encrypt all critical information, password-protect all computers holding critical information and train all users of information systems of personal security. The study will be instrumental in educating school managers and computerised information systems users in information security awareness and risk management in general. / Science Engineering and Technology / M. Sc. (Information Systems)

005.80968

Computer security -- South Africa

Risk management -- South Africa

A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)

Tekle, Solomon Mekonnen

07 1900

The insider threat problem is extremely challenging to address, as it is committed by insiders who are trusted and authorized to access the information resources of the organization. The problem is further complicated by the multifaceted nature of insiders, as human beings have various motivations and fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders. Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This research presents a novel insider threat prevention and prediction model, combining several approaches, techniques and tools from the fields of computer science and criminology. The model is a Privacy- Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive), opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud Diamond similar to crimes committed within the physical landscape. The model intends to act within context, which implies that when the model offers predictions about threats, it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information about insiders for the purposes of prediction, there is a need to collect current information, as the motives and behaviours of humans are transient. Context-aware systems are used in the model to collect current information about insiders related to motive and ability as well as to determine whether insiders exploit any opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any rationalizations the insider may have via neutralization mitigation, thus preventing the insider from committing a future crime. However, the model collects private information and involves entrapment that will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this thesis argues that an insider prediction model must be privacy-preserving in order to prevent further cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from being tempted to commit a crime in future. The model involves four major components: context awareness, opportunity facilitation, neutralization mitigation and privacy preservation. The model implements a context analyser to collect information related to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan. The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs keystroke and linguistic features based on typing patterns to collect information about any change in an insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime. Research demonstrates that most of the insiders who have committed a crime have experienced a negative emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers without their consent or denial of a wage increase. However, there may also be personal problems such as a divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model also assesses the capability of insiders to commit a planned attack based on their usage of computer applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and skill as well as assessing the number of systems errors and warnings generated while using the applications. The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a motivated and capable insider will exploit any opportunity in the organization involving a criminal act. Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of nullifying the rationalizations that the insider may have had for committing the crime. All information about insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders. The model also intends to identify any new behaviour that may result during the course of implementation. This research contributes to existing scientific knowledge in the insider threat domain and can be used as a point of departure for future researchers in the area. Organizations could use the model as a framework to design and develop a comprehensive security solution for insider threat problems. The model concept can also be integrated into existing information security systems that address the insider threat problem / Information Science / D. Phil. (Information Systems)

Insider threat

Fraud diamond

Context-aware system

Information security

Privacy preservation

005.8

Computer networks -- Security measures

Computer networks -- Access control

Data protection

Penetration testing (Computer security)

Computer crimes

Hackers

Computer security