Robust security for the electricity network

Fuloria, Shailendra

January 2012

No description available.

004

Security control computations for large power systems

Bakirtzis, Anastasios Gregory

12 1900

No description available.

A security model for a virtualized information environment

Tolnai, Annette

15 August 2012

D.Phil. / Virtualization is a new infrastructure platform whose trend is sweeping through IT like a blaze. Improving the IT industry by higher utilization from hardware, better responsiveness to changing business conditions and lower cost operations is a must have in the new generation of virtualization solutions. Virtualization is not just one more entry in the long line of “revolutionary” products that have hit the technology marketplace. Many parts of the technology ecosystem will be affected as the paradigm shifts from the old one-to-one correspondence between software and hardware to the new approach of software operating on any hardware that happens to be most suitable to use at the time. This brings along with it security concerns, which need to be addressed. Security evolving in and around the virtualized system will become more pertinent the more virtualization is employed into everyday IT technology and use. In this thesis, a security model for virtualization will be developed and presented. This model will cover the different facets needed to address virtualization security.

Computer security

Providing security services for mobile ad hoc networks

Dong, Ying, 董穎

January 2007

published_or_final_version / abstract / Electrical and Electronic Engineering / Doctoral / Doctor of Philosophy

Computer networks - Security measures.

Servicing a Connected Car Service

Svensson, Benjamin, Varnai, Kristian

January 2015

Increased wireless connectivity to vehicles invites both existing and new digital methods of attack, requiring the high prioritisation of security throughout the development of not just the vehicle, but also the services provided for it. This report examines such a connected car service used by thousands of customers every day and evaluates it from a security standpoint. The methods used for this evaluation include both direct testing of vulnerabilities, as well as the examination of design choices made which more broadly affect the system as a whole. With the results are included suggestions for solutions where necessary, and in the conclusion, design pitfalls and general considerations for system development are discussed.

Systems security

Network security

Distributed systems security

Penetration testing

Computer Sciences

Datavetenskap (datalogi)

Key management for mobile ad-hoc networks

Budakoglu, Caner.

10 April 2008

No description available.

Wireless communication systems

Protecting the physical layer: threats and countermeasures to communication system and smart power grid. / CUHK electronic theses & dissertations collection

January 2013

Bi, Suzhi. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 113-119). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese.

Computer networks--Security measures

EPA-RIMM-V: Efficient Rootkit Detection for Virtualized Environments

Vibhute, Tejaswini Ajay

12 July 2018

The use of virtualized environments continues to grow for efficient utilization of the available compute resources. Hypervisors virtualize the underlying hardware resources and allow multiple Operating Systems to run simultaneously on the same infrastructure. Since the hypervisor is installed at a higher privilege level than the Operating Systems in the software stack it is vulnerable to rootkits that can modify the environment to gain control, crash the system and even steal sensitive information. Thus, runtime integrity measurement of the hypervisor is essential. The currently proposed solutions achieve the goal by relying either partially or entirely on the features of the hypervisor itself, causing them to lack stealth and leaving themselves vulnerable to attack. We have developed a performance sensitive methodology for identifying rootkits in hypervisors from System Management Mode (SMM) while using the features of SMI Transfer Monitor (STM). STM is a recent technology from Intel and it is a virtual machine manager at the firmware level. Our solution extends a research prototype called EPA-RIMM, developed by Delgado and Karavanic at Portland State University. Our solution extends the state of the art in that it stealthily performs measurements of hypervisor memory and critical data structures using firmware features, keeps performance perturbation to acceptable levels and leverages the security features provided by the STM. We describe our approach and include experimental results using a prototype we have developed for Xen hypervisor on Minnowboard Turbot, an open hardware platform.

Rootkits (Computer software)

Computer Sciences

Securing the 'Internet of Things' : decentralised security for wireless networks of embedded systems

King-Lacroix, Justin

January 2016

The phrase 'Internet of Things' refers to the pervasive instrumentation of physical objects with sensors and actuators, and the connection of those sensors and actuators to the Internet. These sensors and actuators are generally based on similar hardware as, and have similar capabilities to, wireless sensor network nodes. However, they operate in a completely different network environment: wireless sensor network nodes all generally belong to a single entity, whereas Internet of Things endpoints can belong to different, even competing, ones. This difference has profound implications for the design of security mechanisms in these environments. Wireless sensor network security is generally focused on defence against attack by external parties. On the Internet of Things, such an insider/outsider distinction is impossible; every entity is both an endpoint for legitimate communications, and a possible source of attack. We argue that that under such conditions, the centralised models that underpin current networking standards and protocols for embedded systems are simply not appropriate, because they require such an insider/outsider distinction. This thesis serves as an exposition in the design of decentralised security mechanisms, applied both to applications, which must perform access control, and networks, which must guarantee communications security. It contains three main contributions. The first is a threat model for Internet of Things networks. The second is BottleCap, a capability-based access control module, and an exemplar of decentralised security architecture at the application layer. The third is StarfishNet, a network-layer protocol for Internet of Things wireless networks, and a similar exemplar of decentralised security architecture at the network layer. Both are evaluated with microbenchmarks on prototype implementations; StarfishNet's association protocol is additionally validated using formal verification in the protocol verification tool Tamarin.

Towards practical location systems with privacy protection

Chen, Zhuo

02 September 2015

With the rapid growth of mobile, ubiquitous and wearable computing, location-based services become an indispensable part of mobile internet. These services rely on the geographical position of the mobile devices and provide location-dependent contents or services to users, such as location-based in- stant messaging, POI browsing, map navigation, and location-based virtual reality games. Most existing systems implement these location-based services by always storing and transmitting raw, plaintext GPS coordinates. However, location information is arguably a private asset of individual user, and the disclosure of such information could lead to severe privacy disclosure of other even more sensitive information, such as religion, sexuality, medical condition, or political affiliation. To address this issue, researchers have proposed a series of techniques to protect user location privacy against location-based service providers. How- ever, it is challenging to apply these theoretical and sophisticated techniques ii to practical location systems because of the computational or network over- head imposed on the mobile devices as well as the complexity of the secure protocols and algorithms for application developers. In this thesis, I will study two real-life privacy-preserving location systems and show how they can be adopted by developers with little security background. The rst is outdoor proximity detection that determines whether two users (or a user and an ob- ject) are within a given distance threshold. This is a fundamental service in many geo-social or map services. For example, \People nearby" in Wechat and QQ interconnect users because of their locality and/or mutual interests in some topics, such as food and movies. The second is indoor location mon- itoring and tracking. Wearable devices such as smart watch and bracelets continually broadcast Bluetooth Low Energy signals, which can be easily cap- tured by monitoring devices such as WiFi routers and Bluetooth scanners. As more and more wearable devices emerge, unauthorized monitoring and track- ing by adversary becomes great privacy threats not only in the cyberworld, but also in the physical world. To protect location privacy, I develop a real- life location monitoring system that is based on Bluetooth Low Energy (BLE) privacy feature that changes the device physical address periodically. To en- able users to better control their privacy level while still providing monitoring and tracking service to authorized parties (e.g., for child and elderly care), I extend BLE privacy by enriching its privacy semantics with a comprehensive set of metrics, such as simple opt-in/out, k-anonymity, and granularity-based anonymity. Both systems have been posted online and evaluated in terms of accuracy and user study.