• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 6
  • 2
  • 1
  • 1
  • 1
  • Tagged with
  • 11
  • 11
  • 4
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Impact of access control and copyright in e-learning from user's perspective in the United Kingdom

Akmayeva, Galina January 2017 (has links)
The widespread adoption of E-Learning has largely been driven by the recommendations of educational technologists seeking to convey the benefits of E-Learning as a valuable accessory to teaching and possible solution for distance-based education. Research in the E-Learning domain has mainly focused on providing and delivering content andinfrastructure. Security issues are usually not taken as central concern in most implementations either because systems are usually deployed in controlled environments, or because they take the one-to-one tutoring approach, not requiring strict security measures. The scope of this research work is to investigate the impact of Access Control and Copyright in E-Learning system. An extensive literature review, theories from the field of information systems, psychology and cognitive sciences, distance and online learning, as well as existing E-Learning models show that research in E-learning is still hardly concerned with the issues of security. It is obvious that E-learning receives a new meaning as technology advances and business strategies change. The trends of learning methods have also led to the adjustment of National Curriculum and standards. However, research has also shown that any strategy or development supported by the Internet requires security and is therefore faced with challenges. This thesis is divided into six Chapters. Chapter 1 sets the scene for the research rationale and hypotheses, and identifies the aims and objectives. Chapter 2 presents the theoretical background and literature review. Chapter 3 is an in-depth review of the methods and methodology with clear justification of their adaptation and explains the underlying principles. Chapter 4 is based on the results and limitations obtained from the six case studies observations supported with literature review and ten existing models, while Chapter 5 is focused on the questionnaire survey. Chapter 6 describes the proposed Dynamic E-Learning Access Control and Copyright Framework (DEACCF) and the mapping of the threats from the Central Computing and Telecommunications Agency (CCTA) Risk Analysis and Management Method (CRAMM) to Annualised Loss Expectancy (ALE). Chapter 7 presents the conclusions and recommendations, and the contribution to knowledge with further development plans for future work.
2

Network Security Analysis and Summary in Taiwan

Fang, Jia-Ching 30 July 2003 (has links)
With the increasing reliance on the Internet and computers, threats also increase. More and more foundations, companies and tools of computer network security emerge to defense the Internet. To prevent the attacks form crackers, plenty of resources about network security were developed on the Internet and people can get the resource they want as long as they know where the professional network security information is. But from another point of view, too much information would become a great burden to general users on the Internet, because they have no idea what information is the most important. This make them confuse, and the only thing they can do is do nothing. They need summarized security information and the advise for his own system and services, instead of all system security information. In this research, we integrate the systems in TWCERT/CC and discover the most helpful information to those who access the Internet in Taiwan, such as, the most threatened vulnerabilities in Taiwan. The information is like the SANS TOP 20. The unity of the entire system in TWCERT/CC could give administrators more specific and summarized information and their prior job is to fix the most vulnerable holes according to the information offered. Key words: network security, critical Internet security vulnerabilities, incident report, SAS, Security Auditing System, TWCERT/CC
3

Validation of Machine Learning and Visualization based Static Code Analysis Technique / Validering av Machine Learning and Visualization bygger statisk kod analysteknik

Mahmood, Waqas, Akhtar, Muhammad Faheem January 2009 (has links)
Software security has always been an afterthought in software development which results into insecure software. Companies rely on penetration testing for detecting security vulnerabilities in their software. However, incorporating security at early stage of development reduces cost and overhead. Static code analysis can be applied at implementation phase of software development life cycle. Applying machine learning and visualization for static code analysis is a novel idea. Technique can learn patterns by normalized compression distance NCD and classify source code into correct or faulty usage on the basis of training instances. Visualization also helps to classify code fragments according to their associated colors. A prototype was developed to implement this technique called Code Distance Visualizer CDV. In order test the efficiency of this technique empirical validation is required. In this research we conduct series of experiments to test its efficiency. We use real life open source software as our test subjects. We also collected bugs from their corresponding bug reporting repositories as well as faulty and correct version of source code. We train CDV by marking correct and faulty version of code fragments. On the basis of these trainings CDV classifies other code fragments as correct or faulty. We measured its fault detection ratio, false negative and false positive ratio. The outcome shows that this technique is efficient in defect detection and has low number of false alarms. / Software trygghet har alltid varit en i efterhand inom mjukvaruutveckling som leder till osäker mjukvara. Företagen är beroende av penetrationstester för att upptäcka säkerhetsproblem i deras programvara. Att införliva säkerheten vid tidigt utvecklingsskede minskar kostnaderna och overhead. Statisk kod analys kan tillämpas vid genomförandet av mjukvaruutveckling livscykel. Tillämpa maskininlärning och visualisering för statisk kod är en ny idé. Teknik kan lära mönster av normaliserade kompressionständning avstånd NCD och klassificera källkoden till rätta eller felaktig användning på grundval av utbildning fall. Visualisering bidrar också till att klassificera code fragment utifrån deras associerade färger. En prototyp har utvecklats för att genomföra denna teknik som kallas Code Avstånd VISUALISERARE CDV. För att testa effektiviteten hos denna teknik empirisk validering krävs. I denna forskning vi bedriver serie experiment för att testa dess effektivitet. Vi använder verkliga livet öppen källkod som vår test ämnen. Vi har också samlats in fel från deras motsvarande felrapportering förråd samt fel och rätt version av källkoden. Vi utbildar CDV genom att markera rätt och fel version av koden fragment. På grundval av dessa träningar CDV klassificerar andra nummer fragment som korrekta eller felaktiga. Vi mätt sina fel upptäckt förhållandet falska negativa och falska positiva förhållandet. Resultatet visar att den här tekniken är effektiv i fel upptäckt och har låga antalet falsklarm. / waqasmah@gmail.com +46762316108
4

Identifying Threat Factors of Vulnerabilities in Ethereum Smart Contracts

Noor, Mah, Murad, Syeda Hina January 2023 (has links)
Ethereum is one of the top blockchain platforms that represents this second generation of blockchain technology. However, the security vulnerabilities associated with smart contracts pose significant risks to confidentiality, integrity, and availability of applications supported by Ethereum. While several studies have enumerated various security issues in smart contracts, only a handful have identified the factors that determine the severity and potential of these issues to pose significant risks in practice. As its first contribution, this thesis presents a framework that identifies such factors and highlights the most critical security threats and vulnerabilities of Ethereum smart contracts. To achieve this, we conduct a comprehensive literature review to identify and categorize the vulnerabilities, assess their potential impact, and evaluate the likelihood of exploitation in real-life contracts. We classify the identified vulnerabilities based on their nature and severity and proposed mitigation recommendations. Our theoretical contribution is to establish a correlation between the security vulnerabilities of smart contracts and their potential impact on the security of smart contracts by identifying factors that pose a (practical) threat. Our practical contribution involves developing a tool based on staticanalysis that can automatically detect at least one critical securityissue with the highest threat factor. For the target vulnerability, wechoose the usage of input from external users without any validation.This vulnerability, as we call it, Missing Input Validation (MIV), actsas a root cause for further (well-known and well-researched) issues,for instance, the flow of tainted values into sensitive operations suchas the transfer of cryptocurrencies and self destruct instruction. Weimplement the tool MIV Checker and evaluate its efficacy on a test setof 36 smart contracts. Our evaluation results show that MIV Checkercorrectly detects 87.6 % of instances of MIV in the dataset.
5

Three Essays on Cryptocurrency and Blockchain: The Perspective of Influencer Movement Effect, Exchange Security and Regulation

Mohit, Hossein 07 1900 (has links)
The unprecedented growth of the cryptocurrency market over the past decade has attracted significant interest from various stakeholders, including investors, policymakers, and researchers. Cryptocurrencies, digital currencies that operate on blockchain technology, are revolutionary because they offer financial transactions without the need for traditional banking systems. This innovative approach to finance has reshaped the global economic landscape, presenting unique opportunities and substantial challenges. Cryptocurrency, spearheaded by the introduction of Bitcoin in 2008 by the pseudonymous Satoshi Nakamoto, represents a significant shift from traditional fiat currencies to a decentralized digital economy. Bitcoin and its contemporaries rely on a peer-to-peer network, utilizing cryptographic techniques to ensure transaction security and user anonymity, a characteristic has fueled both adoption and controversy. As the market has grown, so have the complexities associated with its expansion, notably in regulation, security, and market dynamics. This dissertation explores these complexities through three distinct but interconnected essays, each focusing on a different aspect of the cryptocurrency environment.
6

Automated secure code review for web- applications / Automatiserad kodgranskning för webbapplikationer

Gholami, Sadeq, Amri, Zeineb January 2021 (has links)
Carefully scanning and analysing web- applications is important, in order to avoid potential security vulnerabilities, or at least reduce them. Traditional code reviewing methods, such as manual code reviews, have various drawbacks when performed on large codebases. Therefore it is appropriate to explore automated code reviewing tools and study their performance and reliability. The literature study helped identify various prerequisites, which facilitated the application of automated code reviewing tools. In a case study, two static analysis tools, CodeQL and Semgrep, were used to find security risks in three open source web- applications with already known vulnerabilities. The result of the case study indicates that the automated code reviewing tools are much faster and more efficient than the manual reviewing, and they can detect security vulnerabilities to a certain acceptable degree. However there are vulnerabilities that do not follow a pattern and are difficult to be identified with these tools, and need human intelligence to be detected. / Det är viktigt att skanna och analysera webbapplikationer noggrant för att undvika potentiella säkerhetsproblem eller åtminstone minska dem. Traditionella kodgranskningsmetoder, såsom manuella kodgranskningar, har olika nackdelar när de utförs på stora kodbaser. Därför är det lämpligt att utforska automatiserade verktyg för kodgranskning och studera deras prestanda och tillförlitlighet. Litteraturstudien hjälpte till att identifiera olika förutsättningar, som underlättade tillämpningen av automatiserade kodgranskningsverktyg. I en fallstudie användes två statiska analysverktyg, CodeQL och Semgrep, för att hitta säkerhetsrisker i tre open sourcewebbapplikationer med redan kända sårbarheter. Resultatet av fallstudien indikerar att de automatiska kodgranskningsverktygen är mycket snabbare och effektivare än de manualla kodgranskningar och att de kan upptäcka säkerhetsproblem i viss acceptabel grad. Det finns emellertid sårbarheter som inte följer ett mönster och som är svåra att identifiera med dessa verktyg, och behöver mänsklig intelligens för att upptäckas.
7

Säkerheten i webbapplikationer mot SQL- injektionsattacker : En studie av tekniker, säkerhetspåverkan och förekommande skyddslösningar

Hanna Malko, Ranim January 2023 (has links)
Web applications constitute an essential part of our daily lives, providing us access to significant online services and information. Despite their advantages, they are also vulnerable to security threats, particularly SQL injection attacks. SQL injection is a vulnerability that arises when an attacker inserts malicious SQL queries through user input parameters in a web application. This attack can have severe consequences, such as exposing sensitive information. The purpose of this study is to investigate and analyze the security of web applications against SQL injection attacks. This is achieved by examining SQL injection techniques, their impact on security and integrity, as well as the most common protective solutions. The goal of the study is to enhance and improve the security of applications and protect users from potential security risks. To achieve this, a combination of literature study and practical investigations is conducted. A literature review is performed to identify SQL injection techniques, security risks, and the most prevalent protective solutions. Subsequently, these factors are evaluated and analyzed to determine the effectiveness of the techniques using the penetration testing tool SQLmap. The results of the study indicate that the most common and effective attack techniques are Inband SQL injection and Inferential SQL injection. These techniques can have severe implications for users, businesses, and society at large, such as unauthorized access to protected data, data manipulation in databases, and the compromise of confidentiality and data integrity. To safeguard against such attacks, it is crucial to employ defensive coding practices, including the use of prepared statements with parameterized queries and input validation. However, manual implementation remains challenging. A combination of automated prevention techniques and best coding practices should be employed to ensure a reliable database protected against SQL injections, even concerning stored procedures that are difficult to prevent with existing automated prevention techniques. / Webbapplikationer utgör en viktig del av vårt dagliga liv och ger oss tillgång till betydelsefulla onlinetjänster och information. Trots deras fördelar är de också sårbara för säkerhetshot, särskilt SQL-injektionsattacker. SQL-injektion är en sårbarhet som uppstår när en angripare infogar skadliga SQL-frågor genom användarens inmatningsparametrar i en webbapplikation. Attacken medför allvarliga konsekvenser, såsom exponering av känslig information. Syftet med denna studie är att undersöka och analysera säkerheten i webbapplikationer mot SQL-injektionsattacker. Detta genomförs genom att undersöka SQL-injektionstekniker, deras påverkan på säkerhet och integritet, samt de vanligaste skyddslösningarna. Målet med studien är att öka och förbättra säkerheten hos applikationer samt skydda användarna från potentiella säkerhetsrisker. För att åstadkomma detta genomförs en kombination av litteraturstudier och praktiska undersökningar. En litteraturstudie genomförs för att identifiera SQL-injektionstekniker, säkerhetsrisker och de vanligast förekommande skyddslösningarna. Därefter utvärderas och analyseras dessa faktorer för att kunna fastställa effektiviteten hos teknikerna genom användning av penetrationstestningsverktyget SQLmap. Resultaten av studien visar att de vanligaste och mest effektiva attackteknikerna är Inband SQL-injektion och Inferential SQL-injektion. Dessa tekniker kan få allvarliga konsekvenser för användare, företag och samhället i stort, såsom åtkomst till skyddade data, manipulering av data i databasen och förlust av sekretess och dataintegritet. För att skydda mot sådana attacker är det avgörande att använda defensiva kodningsmetoder, inklusive användning av förberedda satser med parametriserade frågor och indatavalidering. Trots detta utgör manuell implementering en utmaning. En kombination av automatiserade förebyggande tekniker och bästa kod-praxis bör användas för att säkerställa en pålitlig databas som är skyddade mot SQL-injektioner, även när det gäller lagrade procedurer som är svåra att förhindra med befintliga automatiserade förebyggande tekniker.
8

Övervakning och analys av blåtandstrafik för att säkerställa integritet och säkerhet / Montioring and analysis of Bluetooth traffic to ensure integrity and security

Sulehria, Ibrahim, Haddad, Noor January 2024 (has links)
I dagens samhälle används Bluetooth Low Energy (BLE) alltmer, särskilt inom IoT-enheter (Internet of Things). Detta ökar behovet av säker kommunikation och att identifiera samt åtgärda potentiella sårbarheter. Problemet som denna studie adresserar är risken för passiv avlyssning och säkerhetsbrister i BLE-kommunikation, vilket kan leda till datamissbruk och integritetsintrång. Detta arbete fokuserar på att undersöka säkerheten inom BLE-signalering och presenterar även en praktisk laboration för att öka kunskapsnivån inom analys och hantering av blåtandstrafik. Säkerhetsbrister utvärderas genom att analysera trafiken mellan BLE-enheter, med specifik fokus på passiv avlyssning och de potentiella riskerna med detta. Genom praktiska experiment med tre olika blåtandsenheter, inklusive smarta LED-lister och ett smart hopprep, undersöktes hur signaleringsdata kan extraheras och missbrukas. Resultaten visar att även om nyare versioner av blåtand tillhandahåller förbättrade säkerhetsmekanismer, utnyttjas dessa inte alltid korrekt i produkter med lägre säkerhetskrav. Arbetet ger insikter i hur befintliga säkerhetsmekanismer kan förbättras och betonar vikten av kontinuerliga säkerhetsuppdateringar från tillverkare. / Today, Bluetooth Low Energy (BLE) is increasingly used, particularly in IoT devices (Internet of Things). This increase raises the need for secure communication and identifying as well as addressing potential vulnerabilities. The problem addressed by this study is the risk of passive eavesdropping and security flaws in BLE communication, which can lead to data misuse and privacy breaches. This work focuses on examining the security of BLE signaling and also presents a practical lab to enhance knowledge in analyzing and managing Bluetooth traffic. Security vulnerabilities are evaluated by analyzing the traffic between BLE devices, with a specific focus on passive eavesdropping and its potential risks. Through practical experiments with three different Bluetooth devices, including smart LED strips and a smart jump rope, the study investigated how signaling data can be extracted and misused. The results show that although newer versions of Bluetooth provide improved security mechanisms, these are not always correctly implemented in products with lower security requirements. The study provides insights into how existing security mechanisms can be improved and emphasizes the importance of continuous security updates from manufacturers.
9

Strengthening Cyber Defense : A Comparative Study of Smart Home Infrastructure for Penetration Testing and National Cyber Ranges / Stärkning av cyberförsvar : En jämförande studie av smarta heminfrastrukturer för penetrationstestning och nationella cyberanläggningar

Shamaya, Nina, Tarcheh, Gergo January 2024 (has links)
This thesis addresses the critical issue of security vulnerabilities within the Internet of Things (IoT) ecosystem, with a particular emphasis on everyday devices such as refrigerators, vacuum cleaners, and cameras. The widespread adoption of IoT devices across various sectors has raised significant concerns regarding their security, underscoring the need for more effective penetration testing methods to mitigate potential cyberattacks. In response to this need, the first part of this thesis presents an approach to creating a penetration testing environment specifically tailored for IoT devices. Unlike existing studies that primarily focus on isolated or specific device testing, this work integrates various common household IoT appliances into a single testbed, enabling the testing of a complex system. This setup not only reflects a more realistic usage scenario but also allows for a comprehensive analysis of network traffic and interactions between different devices, thereby potentially identifying new, complex security vulnerabilities. The second part of the thesis undertakes a comparative study of cyber range infrastructures and architectures, an area relatively unexplored in existing literature. This study aims to provide nuanced insights and practical recommendations for developing robust, scalable cyber range infrastructures at a national level. By examining different frameworks, this research contributes to the foundational knowledge necessary for advancing national cybersecurity defenses. Overall, the findings from this research aim to contribute to improving IoT security and guiding the development of robust national cyber range frameworks. / Denna avhandling tar upp de säkerhetsbrister som finns inom det ekosystem som omfattar Internet of Things (IoT) enheter, med särskilt fokus på vardagliga apparater som kylskåp, dammsugare och kameror. Den stora spridningen av IoT-enheter inom olika sektorer har väckt många säkerhetsfrågor, vilka betonar behovet av effektivare metoder för penetrationstestning för att förhindra möjliga cyberattacker. För att möta detta behov presenterar den första delen av avhandlingen en metod för att skapa en penetrationstestningsmiljö särskilt anpassad för IoT-enheter. Till skillnad från tidigare studier, vilka främst fokuserar på enskilda eller specifika enhetstestningar, kombinerar detta arbete olika hushållsapparater i en enda testbädd, vilket möjliggör testningen av ett komplext system. Detta upplägg speglar inte bara en mer realistisk användningssituation, utan tillåter också en mer omfattande analys av nätverkstrafik och interaktioner mellan olika enheter, vilket potentiellt kan identifiera nya, komplexa säkerhetsbrister. Den andra delen av avhandlingen genomför en jämförande studie av cyberanläggningars infrastrukturer och arkitekturer, ett område som är relativt outforskat i befintlig litteratur. Denna studie syftar till att ge insikter och praktiska rekommendationer för att utveckla robusta, skalbara infrastrukturer för cyberanläggningar på nationell nivå. Genom att undersöka olika ramverk bidrar denna forskning till den grundläggande kunskap som behövs för att förbättra nationella cybersäkerhetsförsvar. Sammanfattningsvis syftar resultaten från denna forskning till att förbättra IoT-säkerheten och vägleda utvecklingen av robusta nationella ramverk för cyberanläggningar.
10

混合式的Java網頁應用程式分析工具 / A hybrid security analyzer for Java web applications

江尚倫 Unknown Date (has links)
近年來網路應用蓬勃的發展,經由網頁應用程式提供服務或從事商業行為已經成為趨勢,因此網頁應用程式自然而然成為網路攻擊者的目標,攻擊手法也隨著時間不斷的翻新。已經有許多的方法被提出用來防範這些攻擊,增加網頁應用程式的安全性,如防火牆的機制以及加密連線,但是這些方法所帶來的效果有限,最根本的方法應為回歸原始的網頁應用程式設計,確實的找出應用程式本身的弱點,才能杜絕不斷變化的攻擊手法。以程式分析的技術來發現這些弱點是常見的方法之一,程式分析又分為靜態分析和動態分析,兩種分析技術都能有效的找出這些弱點。我們整理了近幾年的網頁應用程式分析技術,多採用靜態分析,然而比較後發現靜態分析的技術對於Java的網頁應用程式的分析,無法達到精確的分析結果,原因在於Java語言所具有的特性,如:變數的多型、反射機制的應用等。靜態分析在處理這些問題具有先天上的缺陷,由於並沒有實際的去執行程式,所以無法獲得這些執行時期才有的資訊。 本研究的重點將放在動態的程式分析技術上,也就是於程式執行期間所進行的分析,來解決分析Java網頁應用程式的上述問題。為了在程式執行期間得到可利用的分析資訊,我們運用了AspectJ的插碼技術。我們的工具會先將負責收集資訊的模組插入應用程式的源碼,並以單元測試的方式執行程式,於程式執行的過程中將分析資訊傳遞給分析模組,利用Java 語言的特性進行汙染資料的追蹤 。另外,我們考慮到以動態分析的方式偵測弱點會因為執行的路徑,導致一些潛在的弱點無法被發現,所以我們利用了線上分析的概念,設計出了線上的污染資料流分析模組,我們的工具結合了上述兩個分析模組所產生的分析結果,提供開網頁應用程式弱點資訊。 / In recent years, development of web application is flourishing and the increasing population of using internet, providing customer service and making business through network has been a prevalent trend. Consequently, the web applications have become the targets of the web hackers. With the progress of information technology, the technique of web attack becomes timeless and widespread. Some approaches have been taken to prevent from web attacks, such as firewall and encrypted connection. But these approaches have a limited effect against these attack techniques. The basic method should be taken is to eliminate the vulnerabilities inside the web application. Program analysis is common technique for detecting these vulnerabilities. There are two major program analysis approaches: static analysis and dynamic analysis. Both these approaches can detect vulnerabilities effectively. We reviewed several program analysis tools. Most of them are static analysis tool. However, we noticed that it is insufficient to analysis Java program in a static way due to the characteristic of Java language, e.g., polymorphism, reflection and more. Static has its congenital defects in examining these features, because static analysis happens when the program is not executing and lacks of runtime information. In this thesis, we focus on dynamic analysis of programs, where the analysis occurs when the program is executing, to solve the problems mentioned above in Java web application. In order to retrieving the runtime analysis information, we utilize the instrumentation mechanism provided by AspectJ. We instrument designed module in to the program and gather the needed information and execute the program in a unit testing approach. Our dynamic analysis module retrieves the information from instrumented executing program and utilizes the characteristic of Java to perform the tainted data tracking. We considered the dynamic tracking mechanism will leave some vulnerabilities undiscovered when the program is not completely executed. Hence we adopt the online analysis concept and design an online analysis module to find out the potential vulnerabilities which cannot be detected by dynamically tracking the tainted data. Our analysis tool finally integrates these two analysis results and provides the most soundness analysis result for developers.

Page generated in 0.0671 seconds