A Model for Calculating Damage Potential in Computer Systems

January 2019

abstract: For systems having computers as a significant component, it becomes a critical task to identify the potential threats that the users of the system can present, while being both inside and outside the system. One of the most important factors that differentiate an insider from an outsider is the fact that the insider being a part of the system, owns privileges that enable him/her access to the resources and processes of the system through valid capabilities. An insider with malicious intent can potentially be more damaging compared to outsiders. The above differences help to understand the notion and scope of an insider. The significant loss to organizations due to the failure to detect and mitigate the insider threat has resulted in an increased interest in insider threat detection. The well-studied effective techniques proposed for defending against attacks by outsiders have not been proven successful against insider attacks. Although a number of security policies and models to deal with the insider threat have been developed, the approach taken by most organizations is the use of audit logs after the attack has taken place. Such approaches are inspired by academic research proposals to address the problem by tracking activities of the insider in the system. Although tracking and logging are important, it is argued that they are not sufficient. Thus, the necessity to predict the potential damage of an insider is considered to help build a stronger evaluation and mitigation strategy for the insider attack. In this thesis, the question that seeks to be answered is the following: `Considering the relationships that exist between the insiders and their role, their access to the resources and the resource set, what is the potential damage that an insider can cause?' A general system model is introduced that can capture general insider attacks including those documented by Computer Emergency Response Team (CERT) for the Software Engineering Institute (SEI). Further, initial formulations of the damage potential for leakage and availability in the model is introduced. The model usefulness is shown by expressing 14 of actual attacks in the model and show how for each case the attack could have been mitigated. / Dissertation/Thesis / Masters Thesis Computer Science 2019

Computer science

Availability Attack

Insider attack

Threat Value

Cyber-Attack Modeling Analysis Techniques: An Overview

Al-Mohannadi, Hamad, Mirza, Qublai K.A., Namanya, Anitta P., Awan, Irfan U., Cullen, Andrea J., Pagna Disso, Jules F.

January 2016

Yes / Cyber attack is a sensitive issue in the world of Internet security. Governments and business organisations around the world are providing enormous effort to secure their data. They are using various types of tools and techniques to keep the business running, while adversaries are trying to breach security and send malicious software such as botnets, viruses, trojans etc., to access valuable data. Everyday the situation is getting worse because of new types of malware emerging to attack networks. It is important to understand those attacks both before and after they happen in order to provide better security to our systems. Understanding attack models provide more insight into network vulnerability; which in turn can be used to protect the network from future attacks. In the cyber security world, it is difficult to predict a potential attack without understanding the vulnerability of the network. So, it is important to analyse the network to identify top possible vulnerability list, which will give an intuitive idea to protect the network. Also, handling an ongoing attack poses significant risk on the network and valuable data, where prompt action is necessary. Proper utilisation of attack modelling techniques provide advance planning, which can be implemented rapidly during an ongoing attack event. This paper aims to analyse various types of existing attack modelling techniques to understand the vulnerability of the network; and the behaviour and goals of the adversary. The ultimate goal is to handle cyber attack in efficient manner using attack modelling techniques.

Attack modelling

Diamond model

Kill chain

Attack graph

A Military Planning Methodology for Conducting Cyber Attacks on Power Grid

Saglam, Mehmet

09 July 2014

Power grids are regarded as significant military targets and have been targeted with kinetic attacks in previous military operations. These attacks resulted in significant levels of physical destruction, which, in the long-term, both undermined the success of the operations and caused severe adverse effects on the human terrain. Since power grids have grown as a result of introducing advanced technologies, they have also become more dependent upon cyberspace and are thus exposed to cyber attacks. Since cyber attacks have demonstrated the ability to creating physical/nonphysical effects with surgical precision, they have emerged as a credible option for disrupting power operations for a reasonable duration. However, these types of attacks sometimes require complex coordination with entities from distinct fields for efficient planning; a lack of awareness of the global picture about how to conduct these attacks could result in miscalculations and cause a repeat of the same past failures. Motivated by this fact, this thesis holistically analyzes the steps involved in conducting cyber attacks on power grids for the purpose of gaining military superiority and provides a comparison for the capabilities, challenges, and opportunities of kinetic and cyber attacks. For the purpose of creating a comprehensive framework for this thesis, the following considerations have been incorporated: the analyses of goals, targets, solutions, and effects of previous military operations; the physical and cyber infrastructures of power grids; and the features, challenges, and opportunities of cyber attacks. To present the findings, this document has adopted a novel military methodology for both the cyber attack analysis and the comparison of the means. / Master of Science

Cyber Warfare

Power Grid

Cyber Attack

Kinetic Attack

Policing the 'Phoenix Society' : An examination of the police role in the immediate period surrounding a nuclear attack on the United Kingdom

Butcher, B. D.

January 1986

No description available.

301

Policing after nuclear attack

Vulnerabililty Analysis of Multi-Factor Authentication Protocols

Garrett, Keith

01 January 2016

In this thesis, the author hypothesizes that the use of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerabilities in those protocols. In order to test this hypothesis: 1. A generalized algorithm for cryptanalysis was formulated to perform a clogging attack (a formof denial of service) on protocols that use computationally intensive modular exponentiation to guarantee security. 2. This technique was then applied to cryptanalyze four recent password authentication protocols, to determine their susceptibility to the clogging attack. The protocols analyzed in this thesis differ in their usage of factors (smart cards, memory drives, etc.) or their method of communication (encryption, nonces, timestamps, etc.). Their similarity lies in their use of computationally intensivemodular exponentiation as amediumof authentication. It is concluded that the strengths of all the protocols studied in this thesis can be combined tomake each of the protocols secure from the clogging attack. The conclusion is supported by designing countermeasures for each protocol against the clogging attack.

clogging attack security

Information Security

Eigen-Image-Based Watermarking Attack

Lu, Yi-chun

01 July 2006

The rapid development of Internet introduces a new set of challenging problem regarding security. To prevent unauthorized copying of digital production from distributing is one of the significant problems. Digital watermarking is a potential method for protecting the ownership rights on digital audio, image and video data. An attack succeeds in defeating a watermarked article if it impairs the watermarking information beyond acceptable limits while maintaining the perceptual quality of the attacked article. Namely, attacks on digital watermarked article must consider both watermarking information survival and the distortion of the attacked stego-media. Current attack benchmarks do not exploit as much knowledge of the watermarked image as possible, also they do not consider the distortion of the attacked stego-media. In this paper, various attacks on digital watermarking have been investigated, and a categorization of different attacks was roughly given; Besides, an Eigen-image-based (ED-based) attack is proposed to deliberately impair the watermarking information without excessively distorting the attacked stego-media, that is not currently included in those benchmark tools.

watermark

watermarking attack

Eigen-Image

MAC Constructions: Security Bounds and Distinguishing Attacks

Mandal, Avradip

17 May 2007

We provide a simple and improved security analysis of PMAC, a Parallelizable MAC (Message Authentication Code) defined over arbitrary messages. A similar kind of result was shown by Bellare, Pietrzak and Rogaway at Crypto 2005, where they have provided an improved bound for CBC (Cipher Block Chaining) MAC, which was introduced by Bellare, Killan and Rogaway at Crypto 1994. Our analysis idea is much more simpler to understand and is borrowed from the work by Nandi for proving Indistinguishability at Indocrypt 2005 and work by Bernstein. It shows that the advantage for any distinguishing attack for n-bit PMAC based on a random function is bounded by O(??q / 2^n), where ?? is the total number of blocks in all q queries made by the attacker. In the original paper by Black and Rogaway at Eurocrypt 2002 where PMAC was introduced, the bound is O(??^2 / 2^n). We also compute the collision probability of CBC MAC for suitably chosen messages. We show that the probability is ??( lq^2 / N) where l is the number of message blocks, N is the size of the domain and q is the total number of queries. For random oracles the probability is O(q^2 / N). This improved collision probability will help us to have an efficient distinguishing attack and MAC-forgery attack. We also show that the collision probability for PMAC is ??(q^2 / N) (strictly greater than the birthday bound). We have used a purely combinatorial approach to obtain this bound. Similar analysis can be made for other CBC MAC extensions like XCBC, TMAC and OMAC.

Cryptography

MAC

Security

Distinguishing Attack

Pearl Harbor a case study in administration /

Habbe, Donald Edwin,

January 1900

Thesis (Ph. D.)--University of Wisconsin--Madison, 1957. / Typescript. eContent provider-neutral record in process. Description based on print version record. Includes bibliographical references (leaves 255-260).

Pearl Harbor (Hawaii), Attack on, 1941.

The mechanism and treatment of shock accompanying acute myocardial infarction

Weingarten, Charles H.

January 1959

Thesis (M.D.)—Boston University

Acute myocardial infarction

Heart attack

Zabezpečení bezdrátových sítí a možné útoky na tyto sítě / Wireless networks security and possible attacks on these networks

Vlček, Peter

January 2010

The first of the main objectives of this work was to examine and study the different types of attacks on wireless networks. This work is focused on the most commonly occurring types of attacks such as WEP/WPA/WPA2 cracking, a Man in the Middle attack (MIM), Dictionary attacks, MAC spoofing and finally Denial of Service attacks. Description of individual attacks is also accompanied by detailed instructions on how to carry out these attacks on the Windows platform. It is described how to detect various attacks and identified. It is then implemented software that is able to identify possible risk of selected types of attacks. This software belongs to a group of wireless intrusion prevention system (WIDS). It focuses on attacks WEP/WPA/WPA2 type of cracking, Dictionary attacks and MAC spoofing. For the implementation of defense against attack by a Man in the Middle (MIM) and Denial of Service attack would need special monitoring equipment.

attack; WEP; wireless security; WPA