Zpracování statistik přístupů k webovým systémům / System for Processing of Statistic Information of Web Systems Acessing

Zajda, Vladan

Unknown Date

This study deals with processing of web traffic statistics and traffic statistics of systems in general. Statistics allow finding out where the users came from, how much time they spent on the site, in which information were they interested in, and which technical devices were they using to browse the web site. Measured data are stored fore later evaluation by the owner or administrator of the monitored web site. Results are displayed in form of statistics. Gathered information could be used for quality or content improvement in order to the best satisfaction and benefit to the users. By secured areas of the application the attempts for not granted access could be tracked. Those gathered information statistic can be used to increase security of the application or eventually for identification of the attackers.

Context-aware security testing of Android applications : Detecting exploitable vulnerabilities through Android model-based security testing / Kontextmedveten säkerhetstestning av androidapplikationer : Upptäckande av utnyttjingsbara sårbarheter genom Android modellbaserad säkerhetstestning

Baheux, Ivan

January 2023

This master’s thesis explores ways to uncover and exploit vulnerabilities in Android applications by introducing a novel approach to security testing. The research question focuses on discovering an effective method for detecting vulnerabilities related to the context of an application. The study begins by reviewing recent papers on Android security flaws affecting application in order to guide our tool creation. Thus, we are able to introduce three Domain Specific Languages (DSLs) for Model-Based Security Testing (MBST): Context Definition Language (CDL), Context-Driven Modelling Language (CDML), and Vulnerability Pattern (VPat). These languages provide a fresh perspective on evaluating the security of Android apps by accounting for the dynamic context that is present on smartphones and can greatly impact user security. The result of this work is the development of VPatChecker[1], a tool that detects vulnerabilities and creates abstract exploits by integrating an application model, a context model, and a set of vulnerability patterns. This set of vulnerability patterns can be defined to represent a wide array of vulnerabilities, allowing the tool to be indefinitely updated with each new CVE. The tool was evaluated on the GHERA benchmark, showing that at least 38% (out of a total of 60) of the vulnerabilities in the benchmark can be modelled and detected. The research underscores the importance of considering context in Android security testing and presents a viable and extendable solution for identifying vulnerabilities through MBST and DSLs. / Detta examensarbete utforskar vägar för att hitta och utnyttja sårbarheter i Android-appar genom att introducera ett nytt sätt att utföra säkerhetstestning. Forskningsfrågan fokuserar på att upptäcka en effektiv metod för att detektera sårbarheter som kan härledas till kontexten för en app. Arbetet inleds med en översikt av nyliga forskningspublikationer om säkerhetsbrister som påverkar Android-appar, vilka vägleder utvecklingen av ett verktyg. Vi introducerar tre domänspecifika språk (DSL) för modellbaserad testning (MBST): CDL, CDML och VPat. Dessa språk ger ett nytt perspektiv på säkerheten för Android-appar genom att ta hänsyn till den dynamiska kontext som finns på smarta mobiltelefoner och som kan starkt påverka användarsäkerheten. Resultatet av arbetet är utveckling av VPatChecker[1], ett verktyg som upptäcker sårbarheter och skapar abstrakta sätt att utnyttja dem i en programmodell, en kontextmodell, och en mängd av sårbarhetsmönster. Denna sårbarhetsmönstermängd kan defineras så att den representerar ett brett spektrum av sårbarheter, vilket möjliggör för verktyger att uppdateras med varje ny CVE.Verktyget utvärderades på datamängden GHERA, vilket visade att 38% (av totalt 60) av alla sårbarheter kunde modelleras och upptäckas. Arbetet understryker vikten av att ta hänsyn till kontext i säkerhetstestning av Android-appar och presenterar en praktisk och utdragbar lösning för att hitta sårbarheter genom MBST and DSLs. / Ce mémoire de maîtrise explore les moyens de découvrir et d’exploiter les vulnérabilités des applications Android en introduisant une nouvelle approche des tests de sécurité. La question de recherche se concentre sur la découverte d’une méthode efficace pour détecter les vulnérabilités liées au contexte d’une application. L’étude commence par l’examen de documents récents sur les failles de sécurité des applications Android afin de guider la création de notre outil. Nous sommes ainsi en mesure d’introduire trois Langages dédié (DSL) pour des Tests de Sécurité Basés sur les Modèles (MBST) : Langage de Définition de Contexte (CDL), Langage de Modélisation Déterminée par le Contexte (CDML) et Motif de Vulnérabilité (VPat). Ces langages offrent une nouvelle perspective sur l’évaluation de la sécurité des applications Android en tenant compte du contexte dynamique présent sur les smartphones et qui peut avoir un impact important sur la sécurité de l’utilisateur. Le résultat de ce travail est le développement de VPatChecker[1], un outil qui détecte les vulnérabilités et crée des exploits abstraits en intégrant un modèle d’application, un modèle de contexte et un ensemble de modèles de vulnérabilité. Cet ensemble de modèles de vulnérabilité peut être défini pour représenter un large éventail de vulnérabilités, ce qui permet à l’outil d’être indéfiniment mis à jour avec chaque nouveau CVE. L’outil a été testé sur le benchmark GHERA[2] et montre qu’un total d’au moins 38% (sur un total de 60) des vulnérabilités peut être modélisé et détecté. La recherche souligne l’importance de prendre en compte le contexte dans les tests de sécurité Android et présente une solution viable et extensible pour identifier les vulnérabilités par le biais de MBST et DSLs.

Android Application Security

Vulnerability Detection

Context-Awareness

Model-Based Security Testing

Domain Specific Language

Sécurité des Applications Android

Détection de Vulnérabilités

Sensibilité au Contexte

Langage Dédiés

Android-applikationssäkerhet

Upptäckt av sårbarheter

Kontextmedvetenhet

Modellbaserad säkerhetstestning

Domänspecifikt språk

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik

Computer and Information Sciences

Data- och informationsvetenskap

Internet of Things and Cybersecurity in a Smart Home

Kiran Vokkarne (17367391)

10 November 2023

<p dir="ltr">With the ability to connect to networks and send and receive data, Internet of Things (IoT) devices involve associated security risks and threats, for a given environment. These threats are even more of a concern in a Smart Home network, where there is a lack of a dedicated security IT team, unlike a corporate environment. While efficient user interface(UI) and ease of use is at the front and center of IoT devices within Smart Home which enables its wider adoption, often security and privacy have been an afterthought and haven’t kept pace when needed. Therefore, a unsafe possibility exists where malicious actors could exploit vulnerable devices in a domestic home environment.</p><p dir="ltr">This thesis involves a detailed study of the cybersecurity for a Smart Home and also examines the various types of cyberthreats encountered, such as DDoS, Man-In-Middle, Ransomware, etc. that IoT devices face. Given, IoT devices are commonplace in most home automation scenarios, its crucially important to detect intrusions and unauthorized access. Privacy issues are also involved making this an even more pertinent topic. Towards this, various state of the art industry standard tools, such as Nmap, Nessus, Metasploit, etc. were used to gather data on a Smart Home environment to analyze their impacts to detect security vulnerabilities and risks to a Smart Home. Results from the research indicated various vulnerabilities, such as open ports, password vulnerabilities, SSL certificate anomalies and others that exist in many cases, and how precautions when taken in timely manner can help alleviate and bring down those risks.</p><p dir="ltr">Also, an IoT monitoring dashboard was developed based on open-source tools, which helps visualize threats and emphasize the importance of monitoring. The IoT dashboard showed how to raise alerts and alarms based on specific threat conditions or events. In addition, currently available cybersecurity regulations, standards, and guidelines were also examined that can help safeguard against threats to commonly used IoT devices in a Smart Home. It is hoped that the research carried out in this dissertation can help maintain safe and secure Smart Homes and provide direction for future work in the area of Smart Home Cybersecurity.</p>

Data and information privacy

Data security and protection

Hardware security

Software and application security

Information security management

Software architecture

Internet of things (IoT) Data

Internet of Things (IoT) devices

cybersecurity standards

Smart Home User Interfaces

SMART HOME SECURITY SYSTEM

monitoring adaptation