Global ETD Search

1	IT-världens Paradise Hotel – lita inte på någon! : En kvalitativ studie om Zero Trust inom svenska företag och myndigheter Michel, Johan, Nordgren, Amanda, Boqvist, David January 2023 (has links) In today's world, network security is of utmost importance for companies and authorities as data and information are increasingly being stored and transmitted through cloud solutions. This has led to a higher risk of cyberattacks. To enhance security during this transition, Zero Trust has emerged as a promising concept, with its direction from an internal IT-environment to a more secure cloud solution. Its main motto "never trust, always verify" emphasizes the importance of a high level of security. This study aims to highlight the significance of Zero Trust and compare the attitudes of Swedish companies and authorities towards its implementation. The study was conducted using semi-structured interviews with IT experts who possess knowledge in this domain. Additionally, a literature review was conducted to connect the outcomes of the interviews with the existing research in the field of Zero Trust. The results indicate that several barriers must be considered during the implementation phase. These include cost-related issues, lack of expertise, and outdated systems that cannot handle Zero Trust at the required security level. Despite these challenges, the respondents' attitudes towards Zero Trust were positive. They believed that it could be applied to sporadic and isolated parts of the network infrastructure, and that striving towards it at a theoretical level was essential. Zero Trust network security cybersecurity Zero Trust nätverkssäkerhet cybersäkerhet Computer and Information Sciences Data- och informationsvetenskap
2	Autonomic Zero Trust Framework for Network Protection Durflinger, James 05 1900 (has links) With the technological improvements, the number of Internet connected devices is increasing tremendously. We also observe an increase in cyberattacks since the attackers want to use all these interconnected devices for malicious intention. Even though there exist many proactive security solutions, it is not practical to run all the security solutions on them as they have limited computational resources and even battery operated. As an alternative, Zero Trust Architecture (ZTA) has become popular is because it defines boundaries and requires to monitor all events, configurations, and connections and evaluate them to enforce rejecting by default and accepting only if they are known and accepted as well as applies a continuous trust evaluation. In addition, we need to be able to respond as quickly as possible, which cannot be managed by human interaction but through autonomous computing paradigm. Therefore, in this work, we propose a framework that would implement ZTA using autonomous computing paradigm. The proposed solution, Autonomic ZTA Management Engine (AZME) framework, focusing on enforcing ZTA on network, uses a set of sensors to monitor a network, a set of user-defined policies to define which actions to be taken (through controller). We have implemented a Python prototype as a proof-of-concept that checks network packets and enforce ZTA by checking the individual source and destination based on the given policies and continuously evaluate the trust of connections. If an unaccepted connection is made, it can block the connection by creating firewall rule at runtime. Zero Trust Autonomous Computing IoT Network Security Cyber Security
3	Decentralized Reservation of Spatial Volumes by Autonomous Vehicles : Investigating the Applicability of Blockchain and Smart Contracts Westerlund, Robin January 2020 (has links) Background: Due to the rising popularity of autonomous unmanned vehicles, and the lack of well-defined rules to follow, a solution is needed when the physical space is crowded to a point where it becomes a hazard. Partitioning space discretely is currently done in some cases, allowing vehicles to reserve partitions to operate within. This idea is expanded upon to ultimately propose a blockchain-based solution to the inefficiency of safety margins. Objectives: The main objective was to explore whether a blockchain-based system can be used by vehicles to automatically reserve the volumes of space they need for a limited time. The solution to congestion becomes a method for vehicles to communicate between each other to exchange the remainder of their reservations once they are no longer needed, even while disconnected from the main blockchain network, in exchange for the same currency used to reserve the volumes. Methods: An Ethereum private blockchain network is set up, and a smart contract is developed and deployed onto this blockchain. An emulation program used the smart contract functions to reserve and exchange volumes to evaluate the functionality, several isolated tests evaluated the network performance, and aspects that could not be tested were theoretically analyzed. Results: The system functions as intended, although a level of trust is required during exchanges. There is no risk of two vehicles reserving the same volume at the same time. The results indicate that some performance aspects will be affected by an increasing number of users, although the entire effect can be placed on synchronization time if the network parameters are adjusted. This likely affects the overall efficiency but not as much as it would with the original parameters. Conclusions: The proposed solution is viable to use, although further development is necessary before it is ready for release. The necessity currently is not evident, although projections suggest that this solution, or a similar one, will be necessary in the future. reservations smart contracts blockchain zero-trust Software Engineering Programvaruteknik
4	Implementing a Zero Trust Environmentfor an Existing On-premises Cloud Solution / Implementering av en Zero Trust miljö för en existerande påplats molnlösning Pero, Victor, Ekman, Linus January 2023 (has links) This thesis project aimed to design and implement a secure system for handling and safeguarding personal data. The purpose of the work is to prevent unauthorized actors from gaining access to systems and data. The proposed solution is a Zero Trust architecture which emphasizes strong security measures by design and strict access controls. The system must provide minimal access for users and should be integrated with the existing cloud-based infrastructure. The result is a system that leverages Keycloak for identity management and authentication services, GitLab to provide a code hosting solution, GPG for commit signing, and OpenVPN for network access. Through the utilization of Gitlab, Keycloak and OpenVPN the system achieved a comprehensive design for data protection, user authentication and network security. This report also highlights alternative methods, future enhancements and potential improvements to the completed system. / Målet med denna rapport är att designa och implementera ett säkert system för hantering och skydd av personlig data. Syftet med arbetet är att förhindra obehöriga att få tillgång till system och data. Den föreslagna lösningen är en Zero Trustarkitektur som betonar skärpta säkerhetsåtgärder genom design och strikta åtkomstkontroller. Systemet måste ge minimal åtkomst för användare som brukar det och integreras med den befintliga molnbaserade infrastrukturen. Resultatet är ett system som använder Keycloak för hantering av identiteter och autentisering, GitLab för att tillhandahålla ett kodarkiv där användare kan ladda upp sin kod, GPG för att signera commits, och OpenVPN för nätverksåtkomst. Genom användning av GitLab, Keycloak och OpenVPN uppnådde systemet en omfattande design för dataskydd, användarautentisering och nätverkssäkerhet. Denna rapport nämner också alternativa metoder, framtida och potentiella förbättringar av det färdiga systemet. Zero Trust GitLab Keycloak OpenVPN data protection network security access control Zero Trust GitLab Keycloak OpenVPN dataskydd nätverkssäkerhet åtkomstkontroll Computer Engineering Datorteknik
5	Inställningen till Zero Trust på svenska företag : Ett examensarbete i samarbete med Orange Cyberdefense / The attitude to Zero Trust in Swedish companies : A thesis in collaboration with Orange Cyberdefense Björkman, Jonathan, Råsberg, Fredrik January 2022 (has links) Dagens IT-miljöer genomgår en förändring. De tydliga gränserna mellan ett företags inre miljö och den externa miljön har förändrats och håller på att suddas ut. Zero Trust har lyfts fram som en lösning för att bättre skydda dagens IT-miljöer men trots det är det få som använder det. Syftet med denna studie var att undersöka vad några svenska företag har för inställning till Zero Trust och om de ser några hinder med att implementera det i sina miljöer. För att besvara syftet valdes en kvalitativ ansats där sex semistrukturerade intervjuer genomfördes. Målet var att söka beskrivande och förklarande kunskap för att bidra till en ökad förståelse kring ämnet Zero Trust. Studien uppnådde även viss form av normativ kunskap vilket resulterade i ett antal rekommendationer riktade mot företag. Studiens resultat visar att inställningen till Zero Trust är välvillig vilket beror på att de upplever krav från ledning, regelverk och kunder. De hinder som studien identifierar är föråldrade resurser (legacy), komplexitet, tid och kostnad som avgörande hinder för att implementera Zero Trust. Studien visar även visa att företagen är delade i uppfattningen om användaren av en resurs kommer påverkas negativt eller gagnas av Zero Trust. Studien landar i ett antal rekommendationer varav en menar att företag, för att behålla den välvilliga inställningen till Zero Trust måste vara lyhörda mot krav från omvärlden. Vidare rekommenderas även att företagen håller sig uppdaterade om ämnet, att de har en planering för arbetet som krävs och att de tar aktiva val för att undvika onödiga kostnader. / Today's IT environments are undergoing a change. The clear boundaries between a company's internal environment and the external environment have changed and are being blurred. Zero Trust has been highlighted as a solution to better protect today's IT environments, but despite this, few use it. The purpose of this study was to investigate what some Swedish companies have to say about Zero Trust and whether they see any obstacles in implementing it in their environments. To answer the purpose, a qualitative approach was chosen in which six semi-structured interviews were conducted. The goal was to seek descriptive and explanatory knowledge to contribute to an increased understanding of the subject Zero Trust. The study also achieved some form of normative knowledge, which resulted in a few recommendations aimed at companies. The results of the study show that the attitude towards Zero Trust is benevolent, which is since they experience demands from management, regulations, and customers. The barriers that the study identifies are outdated resources (legacy), complexity, time, and cost as crucial barriers to implementing the Zero Trust. The study also shows that companies are divided on whether the user of a resource will be negatively affected or benefited by Zero Trust. The study lands in a few recommendations, one of which is that companies, in order to maintain the benevolent attitude to Zero Trust, must be responsive to demands from the outside world. Furthermore, it is also recommended that companies stay up to date on the subject, that they have a plan for the work required and that they make active choices to avoid unnecessary costs. Attitude IT-environments IT-security IT-environments Obstacles Zero Trust Hinder Inställning IT-miljöer IT-säkerhet Zero Trust Information Systems
6	A ZERO-TRUST-BASED IDENTITY MANAGEMENT MODEL FOR VOLUNTEER CLOUD COMPUTING albuali, abdullah 01 December 2021 (has links) (PDF) Non-conventional cloud computing models such as volunteer and mobile clouds have been increasingly popular in cloud computing research. Volunteer cloud computing is a more economical, greener alternative to the current model based on data centers in which tens of thousands of dedicated servers facilitate cloud services. Volunteer clouds offer numerous benefits: no upfront investment to procure the many servers needed for traditional data center hosting; no maintenance costs, such as electricity for cooling and running servers; and physical closeness to edge computing resources, such as individually owned PCs. Despite these benefits, such systems introduce their own technical challenges due to the dynamics and heterogeneity of volunteer computers that are shared not only among cloud users but also between cloud and local users. The key issues in cloud computing such as security, privacy, reliability, and availability thus need to be addressed more critically in volunteer cloud computing.Emerging paradigms are plagued by security issues, such as in volunteer cloud computing, where trust among entities is nonexistent. Thus, this study presents a zero-trust model that does not assign trust to any volunteer node (VN) and always verifies using a server-client topology for all communications, whether internal or external (between VNs and the system). To ensure the model chooses only the most trusted VNs in the system, two sets of monitoring mechanisms are used. The first uses a series of reputation-based trust management mechanisms to filter VNs at various critical points in their life-cycle. This set of mechanisms helps the volunteer cloud management system detect malicious activities, violations, and failures among VNs through innovative monitoring policies that affect the trust scores of less trusted VNs and reward the most trusted VNs during their life-cycle in the system. The second set of mechanisms uses adaptive behavior evaluation contexts in VN identity management. This is done by calculating the challenge score and risk rate of each node to calculate and predict a trust score. Furthermore, the study resulted in a volunteer computing as a service (VCaaS) cloud system using undedicated hosts as resources. Both cuCloud and the open-source CloudSim platform are used to evaluate the proposed model.The results shows that zero-trust identity management for volunteer clouds can execute a range of applications securely, reliably, and efficiently. With the help of the proposed model, volunteer clouds can be a potential enabler for various edge computing applications. Edge computing could use volunteer cloud computing along with the proposed trust system and penalty module (ZTIMM and ZTIMM-P) to manage the identity of all VNs that are part of the volunteer edge computing architecture. edge computing identity management IoT security volunteer cloud computing zero trust
7	Dopad COVID-19 na bezpečnostní politiku států v oblasti kybernetické bezpečnosti / Impact of COVID-19 on Security Policies of States in the Area of Cyber Security Rieger, Anastasiya January 2022 (has links) CHARLES UNIVERSITY FACULTY OF SOCIAL SCIENCES Master of International Security Systems Anastasiya Neskoromna/Rieger Impact of COVID 19 on Security Policies of States in the Area of Cyber Security Abstract Prague 2022 Author: Ms. Anastasiya Neskoromna/Rieger Supervisor: prof. David Erkomashvile, Ph.D. Academic Year: 2021/2022 Abstract The SARS-Cov-19 or in different wording the global Covid pandemic outburst have created an unprecedented scenario for various organizations, agencies and structures. The COVID-19 pandemic in 2020 has become an extraordinary and shocking event for the world community and the global economy. On the part of the authorities, the COVID-19 pandemic is accompanied by sometimes harsh and ambiguous decisions, the consequences of which are felt by people in many countries of the world: movement between countries was stopped, businesses and enterprises were closed, the restriction was created, those who were sick or at risk of infection were isolated. There was also no possible assumption regarding how long such a mode of life will last. Many factors as a consequential chain of reactions from the pandemic in the aggregate have created a pleasant environment for altering and modifying the cybercrime landscape. This work aims to analyze the factorial presence of modification in the sphere...
8	Study of Information Behavior of Opportunistic Insiders with Malicious Intent Sinha, Vikas 05 1900 (has links) Enterprises have focused on mechanisms to track insiders who may intentionally exceed and misuse their authorized access. However, there is an opportunity to understand why a trusted individual would want to exploit the trust and seek information with the intent of a malicious outcome. The detection of insider rogue or nefarious activities with information to which a user is already authorized is extremely difficult. Such insider threats require more deliberation than just considering it to be a problem that can be mitigated only by software or hardware enhancements. This research expects to help gain an early understanding of antecedents to such information behavior and provide an opportunity to develop approaches to address relevant character traits which could lead to a higher propensity of information misuse. This research proposes a theoretical framework and a conceptual research model to understand the antecedent factors to opportunistic information-seeking behavior of individuals. The study follows the three-essay format. Essay 1 explores the scholarly literature published about insider behavior to understand information behavior and proposes the theoretical framework for the study. PRISMA methodology was used for the thematic literature review. Essay 2 is a quantitative study of 424 university students surveyed using an online instrument for their responses to various scenarios in the context of academic dishonesty. Academic dishonesty is proposed as a proxy for information misuse. Essay 3 is a qualitative study engaging senior executives from various industries to understand their perspectives on the behavioral characteristics of individuals as they try to protect their corporate information from being misused and protect their reputation and liability from malicious use of their information. Malicious Information Behavior Opportunistic Information Behavior Insider Threat Information Security Moral Resiliency Social Resiliency Zero-Trust
9	DNS-Tunnel och Försvarsmakten : Hur funkar det och vad innebär det? / DNS-Tunneling and the Swedish armed forces : Process and implications of its usage Lindstedt, Rickard January 2023 (has links) Det säkerhetspolitiska läget i norra europa har stadigt försämrats sedan den ryska occupationen av Krim år 2014. Som ett resultat av detta ökar cyberattacker mot Sverige och resterande EU både i omfattning och frekvens. En av de största hoten är de cyberattacker som genomförs av aktörer som APT 28 och APT29 som har främmande staters stöd. Syftet med cyberattacker varierar stort dock är en av dessa åtkomsten till data/information. För att kunna uppnå det här målet måste aktören ha förmåga till att exfltrera data ur ett system eller nätverk. Det fnns fertalet metoder för att åstadkomma detta där en av metoderna är att exfltrera data över ett alternativt protokoll så som DNS-tunnling. Försvarsmakten nyttjar en rad olika system i syfte att uppnå sina mål och har särskilt utbildade enheter för att försvara dessa. Då varje användare indirekt bidrar till systemet och nätverkets säkerhet/skydd behöver samtliga användare ha en förståelse för hur deras användande påverkar systemet/nätverket. Skapandet av en DNS-tunnel ger användaren möjlighet att skicka ett protokolls (I det här fallet IPv4) data genom ett annat genom en process som heter inkapsling av data. Detta gör det svårare för system att automatiskt detektera illasinnad exfltration och således svårare att blokera trafken. Försvarsmakten bör regelbundet öva underrättelsefunktionerna i nyttjandet av STRIX och TAXII för att hantera hot i cyberdomänen och sprida dessa till övriga organisation. Detta skulle således möjliggöra för Cyberförsvaret att orientera resterande Försvarsmakt mer regelbundet och på så sätt även kunna anpassa de automatiska detektionsmetoder över tid för att bättre kunna fånga upp illasinnad exfltrering av data. Försvarsmakten bör utveckla underrättelsefunktionen så att den kan agera som en tolk mellan Cyberförsvaret och resterande Försvarsmakt. / The security in northern Europe has steadily become worse since the Russian occupation of Crimea in 2014. As a result of this the frequency and magnitude of hostile cyberoperations targeting Sweden and the EU has increased. One of the biggest threats are the cyberoperations that are carried out by state sponsored actors such as APT28 and APT29. The Cyberattacks can have a wide range of objectives, one of them being the acquisition of data/information. In order to accomplish that objective an adversary would require a method to exfltrate the data from the system or network. There are however multiple different methods that can be used, one being exfltration through an alternate protocol such as DNS-tunneling. The Swedish armed forces use a variety of different systems in order to accomplish its missions/tasks. In order to be able to defend the systems from any malicious activity the Swedish armed forces have specially trained units tasked specifically with the defnece of the armed forces systems. This however is not enough as every user in a system is part of that systems defence. This means that every service member must have an understanding of what implications activities in the cyber domain have upon activities in the other domains. The creation of a DNS-tunnel enables a user to send data of one protocol (in this case IPv4 data) over the DNS protocol through the process of encapsulation. This makes it harder for automated processes to detect the malicious exfltration and subsequently block the traffic. The Swedish armed forces should regularly train its intelligence community in order to handle cyber threat intelligence according to STIX and TAXII. This should allow the cyber defnece to more readily share their intelligence with the rest of the armed forces and use the established intelligence community as a translator that can deduce the implications of the threats on the day to day activity of the Army, Navy, Air Force and Home guard. DNS Försvarsmakten Exfltrering Zero Trust Modell Defensiva Cyber Operationer (DCO) STIX TAXII Social Sciences Interdisciplinary
10	SDP And VPN For Remote Access : A Comparative Study And Performance Evaluation Sintaro, Abel Tariku, Komolafe, Yemi Emmanuel January 2021 (has links) Remote access is a way of providing access to networks from outside the premises of the network. Virtual Private Network (VPN) is one solution used to provide remote access. Software-Defined Perimeter (SDP) is another solution that is capable of providing access to resources from a remote location. These two technologies use different security models yet provide comparable remote access functionalities. This thesis project investigates the basic components, architecture, and security services of SDP and IPSec VPN. Additionally, a performance evaluation is conducted on SDPand VPN on their connection setup time and network throughput. Our result shows that both SDP and VPN provide secure access, however, SDP has additional features that make it a more secure solution. This thesis project is written in the hopes that it can help enterprises with or without a VPN solution already in place to consider SDP as an alternative solution and learn SDP in comparison with VPN. Zero-Trust security model Perimeter-based security model Software- defined perimeter IPSec VPN performance evaluation comparative study Computer Systems Datorsystem Communication Systems Kommunikationssystem

Search results