Global ETD Search

1	Attack Surface Management : Principles for simplifying the complexity of OT security Veshne, Jyotirmay January 2023 (has links) Purpose: Operational technology (OT) environments face significant risks and threats stemming from Industry 4.0. The security landscape for OT is confronted with unprecedented challenges due to the expanding attack surface resulting from factors like cloud adoption, Industrial Internet of Things, and increased mobility. Securing OT networks has become increasingly complex, and relying solely on perimeter firewalls or air gaps is a flawed approach. Malicious actors now target OT systems for high-stakes ransoms and lockouts, exploiting the manufacturing industry's reluctance to disrupt operations. Conventional security measures are insufficient against insider threats and agile hackers who can maneuver within the network. These adversaries display patience and persistence, often waiting for months to gain unauthorized access. Acknowledging the complexity of OT within industrial organizations, the objective of this master's thesis is to offer a set of simplified principles and practices that can serve as valuable guidance for practitioners seeking to establish effective Attack Surface Management (ASM) strategies in OT environments. These OT security practices embody a comprehensive approach to cybersecurity, empowering OT security practitioners to adapt to ever-evolving industry dynamics and establish baseline protection against various threats and vulnerabilities. Design/Methodology/Approach: This thesis utilizes Action Design Research (ADR), which combines Action Research (AR) and Design Science (DS) approaches. ADR is applied to address a specific problem in an organizational context, involving intervention, evaluation, and the creation of new IT principles and practices. ADR is chosen as the appropriate methodology to guide the development and evaluation of a prototype OT Remote Connectivity and the secure integration of MES components into the organizational OT environment. Findings: This study made a valuable contribution to the field by introducing five innovative Design Principles (DPs) specifically designed to simplify ASM in OT environments. These newly proposed DPs complement the existing ones and address emerging challenges and considerations in the rapidly evolving landscape of OT security. They provide practitioners with fresh perspectives, guidelines, and approaches to enhance the effectiveness and efficiency of ASM strategies in OT. Practical Implications: The research project gives a comprehensive checklist of secure practices for OT, these were formulated and implemented, considering the entire lifecycle of OT devices. These practices encompassed various stages, from design, procurement to disposal, and aimed to enhance the security posture of OT systems. Building upon these secure practices, a functional prototype was developed to facilitate secure remote connectivity for suppliers/vendors and the seamless integration of Manufacturing Execution System (MES) components. OT ICS SCADA CPS IIoT IoT Attack Surface MES Attack Surface Management Security Remote connectivity Elektroteknik och elektronik
2	M.I.D.A.S. : metrics identification of attack surfaces / Metrics identification of attack surfaces Meek, Joshua A. 05 May 2012 (has links) This thesis endeavors to determine the feasibility of design metrics as a predictor of attack surface size by finding a positive correlation between one or more design metrics and an application’s attack surface measurement. An attack surface is the set of ways in which an adversary can enter a system and potentially cause damage. For an experimental setting, six open-source java-based projects were analyzed. For each project, the attack surface is assessed using Microsoft’s Attack Surface Analyzer, which takes a snapshot of a system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. A collection of design metrics was collected from each open-source project as well. The goal is to find a metric or set of metrics that predicted the attack surface changes identified by the Attack Surface Analyzer. / Department of Computer Science Cyberterrorism -- Prevention Software measurement Computer security -- Design Microsoft Attack Surface Analyzer
3	Security in Rootless Containers : Measuring the Attack Surface of Containers Engström Ericsson, Matilda January 2022 (has links) Rootless containers are commonly perceived as more secure, as they run without added privileges. To the best of my knowledge, this hypothesis has never been proven. This thesis aims to contribute to addressing knowledge gaps in research by measuring the attack surface of Rootless Podman, Rootless Docker, as well as Rootful Docker for comparison. Furthermore, different Rootless Container Engines are analysed in a prestudy to summarise what current options exist on the market today. The attack surface is systematically measured using the Attack Surface Measurement Method. The method identifies resources and groups them into different attack classes, based on the resource attackability. The authors of the method defines attackability as the likelihood of a successful attack. Finally, the total attackability of the container engines is computed. The study concludes that attack surface is significantly reduced when a local container image is used, instead of downloading one. In addition, the design choice of the container engine influences the attack surface more than whether the container is rootless or rootful. rootless container container security attack surface Docker Podman Computer and Information Sciences Data- och informationsvetenskap
4	Hacka Inte Min Soffa! : En omdefiniering av Gartners ramverk för External Attack Surface Management mot Smart Home teknologier för att förhindra säkerhetshack / Don’t Hack My Couch! : Redefining Gartner's External Attack Surface Management framework towards Smart-home technologies to prevent security hacks Griberg, Rami January 2022 (has links) Gartners presenterar External Attack Surface Management (EASM) som är en framväxande cybersäkerhetsdisciplin som identifierar och hanterar de risker som internetbaserade tillgångar och system utgör. Dock är ramverket vagt definierat och har gett författaren intrycket av att fungera som ett komplement till ett mer tekniskt ramverk för säkerhetsövervakning. Syftet med denna studie är att definiera Gartners EASM-ramverket och undersöka om elementen i ramverket har olika vikt av betydelse, samt ifall ramverket behövs omdefinieras för att göra den mer användbar mot IoT-teknologi, specifikt Smart Home. En litteraturstudie har genomförts för att definiera EASM-ramverket och en kvantitativ enkät har skickats elektroniskt och besvarats av åtta olika respondenter för att värdera betydelsen av de olika elementen inom ramverket och om de skulle kunna använda ramverket för Smart Home teknologier inom sina nuvarande organisationer. Respondenterna jobbar inom Smart Homes när denna studie genomfördes och är handplockade på grund av sin erfarenhet och kompetens inom branschen.Respondenterna angav att de olika elementen av EASM-ramverket är av olika vikt och att respondenterna har en osäkerhet om att de skulle använda den nuvarande tillämpningen av EASM-ramverket i sin organisation. Olika faktorer påverkade respondenternas beslut, inklusive deras erfarenhetsnivå, positioner och de företagsstorlekar de arbetar för. Även om de olika elementen i ramverket har olika vikt/betydelse, har elementen ett sekventiellt beroende vilket gör det svårt att ta bort eller byta ut ett element. Analysen tyder på att EASM-ramverket inte är tillräckligt för att vara en komplett försvarslösning inom Smart Homes, utan bör i stället användas tillsammans med Confidentiality, Integrity & Availablity (CIA-triaden) och Autentisering, Auktorisering och Redovisning (AAA-ramverket). Den fysiska aspekten av säkerhet inom Smart Homes behöver också inkluderas för att anpassa EASM-ramverket ytterligare mot Smart Homes. External Attack Surface Management EASM Internet of Things Smart Homes cybersäkerhet Information Systems
5	DynaCut: A Framework for Dynamic Code Customization Mahurkar, Abhijit 03 September 2021 (has links) Software systems are becoming increasingly bloated to accommodate a wide array of features, platforms and users. This results not only in wastage of memory but also in an increase in their attack surface. Existing works broadly use binary-rewriting techniques to remove unused code, but this results in a binary that is highly customized for a given usage context. If the usage scenario of the binary changes, the binary has to be regenerated. We present DYNACUT– a framework for Dynamic and Adaptive Code Customization. DYNACUT provides the user with the capability to customize the application to changing usage scenarios at runtime without the need for the source code. DYNACUT achieves this customization by leveraging two techniques: 1) identifying the code to be removed by using execution traces of the application and 2) by rewriting the process dynamically. The first technique uses traces of the wanted features and the unwanted features of the application and generates their diffs to identify the features to be removed. The second technique modifies the process image to add traps and fault-handling code to remove vulnerable but unused code. DYNACUT can also disable temporally unused code – code that is used only during the initialization phase of the application. To demonstrate its effectiveness, we built a prototype of DYNACUT and evaluated it on 9 real-world applications including NGINX, Lighttpd and 7 applications of the SPEC Intspeed benchmark suite. DYNACUT removes upto 56% of executed basic blocks and upto 10% of the application code when used to remove initialization code. The total overhead is in the range of 1.63 seconds for Lighttpd, 4.83 seconds for NGINX and about 39 seconds for perlbench in the SPEC suite. / Master of Science / Software systems are becoming increasingly bloated to accommodate a wide array of users, features and platforms. This results in the software not only occupying extra space on com- puting platforms but also in an increase in the ways that the applications can be exploited by hackers. Current works broadly use a variety of techniques to identify and remove this type of vulnerable and unused code. But, these approaches result in a software that has to be modified with the changing usage scenarios of the application. We present DYNACUT, a dynamic code customization tool that can customize the application at its runtime with a minimal overhead. We use the execution traces of the application to customize the ap- plication according to user specifications. DYNACUT can identify code that is only used in the initial stages of the application execution (initialization code) and remove them. DYNA- CUT can also disable features of the application. To demonstrate its effectiveness, we built a prototype of DYNACUT and evaluated it on 9 real-world applications including NGINX, Lighttpd and 7 applications of the SPEC Intspeed benchmark suite. DYNACUT removes upto 56% of executed basic blocks and upto 10% of the application code when used to remove initialization code. The total overhead is in the range of 1.63 seconds for Lighttpd, 4.83 seconds for NGINX and about 39 seconds for perlbench in the SPEC suite. Software Debloating Attack-Surface reduction Return-Oriented-Programming Process Snapshot Dynamic Customization Checkpoint Restore in Userspace
6	INFERENCE OF RESIDUAL ATTACK SURFACE UNDER MITIGATIONS Kyriakos K Ispoglou (6632954) 14 May 2019 (has links) <div>Despite the broad diversity of attacks and the many different ways an adversary can exploit a system, each attack can be divided into different phases. These phases include the discovery of a vulnerability in the system, its exploitation and the achieving persistence on the compromised system for (potential) further compromise and future access. Determining the exploitability of a system –and hence the success of an attack– remains a challenging, manual task. Not only because the problem cannot be formally defined but also because advanced protections and mitigations further complicate the analysis and hence, raise the bar for any successful attack. Nevertheless, it is still possible for an attacker to circumvent all of the existing defenses –under certain circumstances.</div><div><br></div><div>In this dissertation, we define and infer the Residual Attack Surface on a system. That is, we expose the limitations of the state-of-the-art mitigations, by showing practical ways to circumvent them. This work is divided into four parts. It assumes an attack with three phases and proposes new techniques to infer the Residual Attack Surface on each stage.</div><div><br></div><div>For the first part, we focus on the vulnerability discovery. We propose FuzzGen, a tool for automatically generating fuzzer stubs for libraries. The synthesized fuzzers are target specific, thus resulting in high code coverage. This enables developers to expose and fix vulnerabilities (that reside deep in the code and require initializing a complex state to trigger them), before they can be exploited. We then move to the vulnerability exploitation part and we present a novel technique called Block Oriented Programming (BOP), that automates data-only attacks. Data-only attacks defeat advanced control-flow hijacking defenses such as Control Flow Integrity. Our framework, called BOPC, maps arbitrary exploit payloads into execution traces and encodes them as a set of memory writes. Therefore an attacker’s intended execution “sticks” to the execution flow of the underlying binary and never departs from it. In the third part of the dissertation, we present an extension of BOPC that presents some measurements that give strong indications of what types of exploit payloads are not possible to execute. Therefore, BOPC enables developers to test what data an attacker would compromise and enables evaluation of the Residual Attack Surface to assess an application’s risk. Finally, for the last part, which is to achieve persistence on the compromised system, we present a new technique to construct arbitrary malware that evades current dynamic and behavioral analysis. The desired malware is split into hundreds (or thousands) of little pieces and each piece is injected into a different process. A special emulator coordinates and synchronizes the execution of all individual pieces, thus achieving a “distributed execution” under multiple address spaces. malWASH highlights weaknesses of current dynamic and behavioral analysis schemes and argues for full-system provenance.</div><div><br></div><div>Our envision is to expose all the weaknesses of the deployed mitigations, protections and defenses through the Residual Attack Surface. That way, we can help the research community to reinforce the existing defenses, or come up with new, more effective ones.</div> Applied Computer Science systems security attack surface binary analysis binary exploitation stealthy malware fuzzing whole system analysis
7	A Comparison of the Resiliency Against Attacks Between Virtualised Environments and Physical Environments Tellez Martinez, Albert, Steinhilber, Dennis Dirk January 2020 (has links) Virtualisation is a technology that is more and more applied due to its advantages regarding cost and operation. It is often believed that it provides a better security for an IT environment since it enables centralisation of hardware. However, virtualisation changes an IT environment fundamentally and contains new vulnerabilities that must be considered. It is of interest to evaluate whether the belief that virtual environments provide a better security for an IT environment is true or not. In this project, the resiliency against attacks for physical environments and virtual environments is analysed to determine which one provides a higher resiliency and why. Therefore, the physical and digital attack surfaces of all entities are analysed to reveal the relevant vulnerabilities that could be exploited. Beside a theoretical research, a physical and a virtual environment have been established to test chosen attacks practically. The results show that virtual environments are less resilient than physical environments, especially to common attacks. This shows that virtualisation is still a technology that is new to many companies and the vulnerabilities it has must be taken seriously. Physical environment virtual environment hypervisor attack surface attack vector resiliency fat client thin client virtualisation virtual machine Computer Sciences Datavetenskap (datalogi)
8	Mapping the Attack Surface of Telecommunication Networks from the Public Internet / Kartläggning av Attackytan på Telekommunikationsnätverk från det Offentliga Internet Rathi, Jayshree January 2023 (has links) The telecommunications sector is increasingly connected to the Internet, resulting in an expanded attack surface accessible from the public Internet. This has increased the availability of information such as IP addresses, open ports, and other network details that anyone from the Internet can access. As a result, potential entry points for attackers have increased, making it essential to map the attack surface of telecommunication networks from the public Internet. While previous research has explored various tools and techniques for mapping the attack surface of the Internet of Things (IoT) and Industrial Control Systems (ICS), such techniques have not yet been extended to the telecommunications domain. This thesis aims to comprehensively map the attack surface of telecommunications operators from the public Internet. To achieve this, we conducted a thorough literature review and proposed a methodology for mapping the attack surface explicitly designed for the telecommunications sector. First, we devised a research workflow that outlines the steps involved in the methodology. Second, we developed a Python-based tool to automate the workflow. We used the tool for a particular mobile network operator. It successfully gathered DNS records, IP addresses, exposed ports, services, Autonomous System Numbers (ASN), server versions, and potential vulnerabilities. The collected data provides valuable insights into the network infrastructure of the operator, aiding in the understanding of potential security risks. / Telekommunikationssektorn blir allt mer kopplad till Internet, detta resulterar i en större attackyta som är tillgänglig från det offentliga Internet. Detta har gett en ökad tillgänglighet av information som till exempel IP adresser, öppna portar, och annan nätverksinformation som vem som helst kan få åtkomst till via Internet. På grund av detta, har potentiella ingångar för attacker ökat, detta gör det avgörande att kartlägga attackytan för telekommunikationsnätverk från det offentliga Internet. Medan tidigare forskning har undersökt olika verktyg och tekniker för att kartlägga attackytor för the Internet of Things (IoT) och Industrial Control Systems (ICS), så har sådana tekniker ännu inte sträckt sig till telekommunikationsdomänen. Denna avhandling har som mål att utförligt kartlägga attackytan för telekommunikationsoperatörer från det offentliga Internet. För att uppnå detta, har vi utfört en grundlig litteraturgranskning och föreslagit en metodologi för kartläggning av attackytor specifikt designat för telekommunikationssektorn. Först konstruerade vi ett forskningsarbetsflöde som beskriver stegen involverade i metodologin. Sedan konstruerade vi ett Python-baserat verktyg för att automatisera arbetsflödet. Vi använde verktyget för en särskild mobilnätverksoperatör. Den samlade framgångsrikt in DNS uppgifter, IP adresser, exponerade portar, tjänster, Autonomous System Numbers (ASN), versioner av servrar, och potentiella sårbarheter. Den insamlade informationen ger värdefulla insikter i nätverksinfrastrukturen hos operatören, vilket hjälper till att förstå potentiella säkerhetsrisker Attack Surface Mapping Telecommunication Passive Reconnaissance Mobile Network Operator Public Internet Kartläggning av Attackytan Telekommunikation Passiv Rekon- naissance Mobilnätsoperatör Offentligt Internet Computer and Information Sciences Data- och informationsvetenskap
9	Quantitative Metrics and Measurement Methodologies for System Security Assurance Ahmed, Md Salman 11 January 2022 (has links) Proactive approaches for preventing attacks through security measurements are crucial for preventing sophisticated attacks. However, proactive measures must employ qualitative security metrics and systemic measurement methodologies to assess security guarantees, as some metrics (e.g., entropy) used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures (e.g., data pointer protection or data flow integrity) suffer performance bottlenecks. This dissertation identifies and represents attack vectors as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling ways to tune performance vs. security of existing defenses by identifying and prioritizing key attack vectors for protection. We measure attack surface by quantifying the impact of fine-grained Address Space Layout Randomization (ASLR) on code reuse attacks under the Just-In-Time Return-Oriented Programming (JITROP) threat model. We conduct a comprehensive measurement study with five fine-grained ASLR tools, 20 applications including six browsers, one browser engine, and 25 dynamic libraries. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse gadgets such as the Turing Complete gadget set. Experiments also suggest that some code pointer leaks allow attackers to find gadgets more quickly than others. Besides, the instruction-level single-round randomization can restrict Turing Complete operations by preventing up to 90% of gadgets. This dissertation also identifies and prioritizes critical data pointers for protection to enable the capability to tune between performance vs. security. We apply seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful detection of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer. Our results also suggest that sensitive data objects are as low as 3%, and on average, 82% of data objects do not need protection for real-world applications. / Doctor of Philosophy / Proactive approaches for preventing attacks through security measurements are crucial to prevent advanced attacks because reactive measures can become challenging, especially when attackers enter sophisticated attack phases. A key challenge for the proactive measures is the identification of representative metrics and measurement methodologies to assess security guarantees, as some metrics used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures suffer performance bottlenecks. This dissertation identifies and represents attack elements as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling the capability to tune performance vs. security of existing defenses by identifying and prioritizing key attack elements. We measure the attack surface of various software applications by quantifying the available attack elements of code reuse attacks in the presence of fine-grained Address Space Layout Randomization (ASLR), a defense in modern operating systems. ASLR makes code reuse attacks difficult by making the attack components unavailable. We perform a comprehensive measurement study with five fine-grained ASLR tools, real-world applications, and libraries under an influential code reuse attack model. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse elements. Results also show the influence of one attack element over another and one defense strategy over another strategy. This dissertation also applies seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers – a type of attack element – to enable the capability to tune between performance vs. security. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful identification of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer, a memory error detector. Our results also suggest that sensitive data objects are as low as 3% of all objects, and on average, 82% of objects do not need protection for real-world applications. Security Measurement Attack Surface Quantification Metrics Methodologies Attack Vectors Data Pointers Taint Analysis LLVM ROP JITROP Data-Oriented Attacks Gadgets ASLR Pointer Authentication Memory Tagging
10	Eavesdropping Attacks on Modern-Day Connected Vehicles and Their Ramifications / Avlyssningsattacker på moderna uppkopplade bilar och deras följder Bakhshiyeva, Afruz, Berefelt, Gabriel January 2022 (has links) Vehicles today are becoming increasingly more connected. Most cars are equipped with Bluetooth, Wi-Fi and Wi-Fi hotspot capabilities and the ability to connect to the internet via a cellular modem. This increase in connectivity opens up new attack surfaces for hackers to exploit. This paper aims to study the security of three different cars, a Tesla Model 3 (2020), an MG Marvel R (2021) and a Volvo V90 (2017), in regards to three different eavesdropping attacks. The performed attacks were a port scan of the vehicles, a relay attack of the key fobs and a MITM attack. The study discovered some security risks and discrepancies between the vehicles, especially regarding the open ports and the relay attack. This hopefully promotes further discussion on the importance of cybersecurity in connected vehicles. / Bilar idag har blivit alltmer uppkopplade. Idag har de inte bara bluetooth och Wi-Fi funktionalitet utan vissa bilar har förmågan att kopplas till internet via ett mobilt bredband. Denna trend har visats ge bilar nya attackytor som hackare kan utnyttja. Målet med denna studie är att testa säkerheten hos tre olika bilar, Tesla Model 3 (2020), MG Marvel R (2021) och Volvo V90 (2017) med åtanke på tre olika avlyssningsattacker. De attackerna som studien valde var port-skanning på bilen, relä-attack på bilnycklarna och mannen-i-mitten attack. Studien hittar vissa säkerhetsrisker och skillnader mellan de olika bilarna särskilt vid reläattacken och port-skanningen som förhoppningsvis främjar en fortsatt diskussion om cybersäkerhetens vikt för säkrare uppkopplade bilar. Connected vehicle hacking pentest eavesdropping security Tesla Model 3 Volvo XC40 MG Marvel R automotive cybersecurity interception attacks passive attacks wireless attacks Wi-Fi attacks attack surface relay attack port scan man-in-the-middle attack Uppkopplade fordon hacking avlyssning säkerhet Tesla Model 3 Volvo XC40 MG Marvel R fordonscybersäkerhet avlyssningsattacker passiva attacker trådlösa attacker Wi-Fi-attacker attackyta relä-attack port-skanning mannen-i-mitten attack Computer Sciences Datavetenskap (datalogi)

Search results