Information security management : processes and metrics

Von Solms, Rossouw

11 September 2014

PhD. (Informatics) / Organizations become daily more dependent on information. Information is captured, processed, stored and distributed by the information resources and services within the organization. These information resources and services should be secured to ensure a high level of availability, integrity and privacy of this information at all times. This process is referred to as Information Security Management. The main objective of this, thesis is to identify all the processes that constitute Information Security Management and to define a metric through which the information security status of the organization can be measured and presented. It is necessary to identify an individual or a department which will be responsible for introducing and managing the information security controls to maintain a high level of security within the organization. The position .and influence of this individual, called the Information Security officer, and/or department within the organization, is described in chapter 2. The various processes and subprocesses constituting Information Security Management are identified and grouped in chapter 3. One of these processes, Measuring and Reporting, is currently very ill-defined and few guidelines and/or tools exist currently to help the Information Security officer to perform this task. For this reason the rest of the thesis is devoted to providing an effective means to enable the Information Security officer to measure and report the information security status in an effective way...

Data protection

Computer security

Effective monitoring of slow suspicious activites on computer networks

Kalutarage, H. K.

January 2013

Slow and suspicious activities on modern computer networks are increasingly hard to detect. An attacker may take days, weeks or months to complete an attack life cycle. A particular challenge is to monitor for stealthy attempts deliberately designed to stay beneath detection thresholds. This doctoral research presents a theoretical framework for effective monitoring of such activities. The main contribution of this work is a scalable monitoring scheme proposed in a Bayesian framework, which allows for detection of multiple attackers by setting a threshold using the Grubbs’ test. Second contribution is a tracing algorithm for such attacks. Network paths from a victim to its immediate visible hops are mapped and profiled in a Bayesian framework and the highest scored path is prioritised for monitoring. Third contribution explores an approach to minimise data collection by employing traffic sampling. The traffic is sampled using the stratification sampling technique with optimum allocation method. Using a 10% sampling rate was sufficient to detect simulated attackers, and some network parameters affected on sampling error. Final contribution is a target-centric monitoring scheme to detect nodes under attack. Target-centric approach is quicker to detect stealthy attacks and has potential to detect collusion as it completely independent from source information. Experiments are carried out in a simulated environment using the network simulator NS3. Anomalous traffic is generated along with normal traffic within and between networks using a Poisson arrival model. Our work addresses a key problem of network security monitoring: a scalable monitoring scheme for slow and suspicious activities. State size, in terms of a node score, is a small number of nodes in the network and hence storage is feasible for very large networks.

005.8

Toward Usable Access Control for End-users: A Case Study of Facebook Privacy Settings

Johnson, Maritza Lupe

January 2012

Many protection mechanisms in computer security are designed to enforce a configurable policy. The security policy captures high-level goals and intentions, and is managed by a policy author tasked with translating these goals into an implementable policy. In our work, we focus on access control policies where errors in the specified policy can result in the mechanism incorrectly denying a request to access a resource, or incorrectly allowing access to a resource that they should not have access to. Due to the need for correct policies, it is critical that organizations and individuals have usable tools to manage security policies. Policy management encompasses several subtasks including specifying the initial security policy, modifying an existing policy, and comprehending the effective policy. The policy author must understand the configurable options well enough to accurately translate the desired policy into the implemented policy. Specifying correct security policies is known to be a difficult task, and prior work has contributed policy authoring tools that are more usable than the prior art and other work has also shown the importance of the policy author being able to quickly understand the effective policy. Specifying a correct policy is difficult enough for technical users, and now, increasingly, end-users are being asked to make access control decisions in regard to who can access their personal data. We focus on the need for an access control mechanism that is usable for end-users. We investigated end-users who are already managing an access control policy, namely social network site (SNS) users. We first looked at how they manage the access control policy that defines who can access their shared content. We accomplish this by empirically evaluating how Facebook users utilize the available privacy controls to implement an access control policy for their shared content and found that many users have policies are inconsistent with their sharing intentions. Upon discovering that many participants claim they will not take corrective action in response to inconsistencies in their existing settings, we collected quantitative and qualitative data to measure whether SNS users are concerned with the accessibility of their shared content. After confirming that users do in fact care about who accesses their content, we hypothesize that we can increase the correctness of users' SNS privacy settings by introducing contextual information and specific guidance based on their preferences. We found that the combination of viewership feedback, a sequence of direct questions to audit the user's sharing preferences, and specific guidance motivates some users to modify their privacy settings to more closely approximate their desired settings. Our results demonstrate the weaknesses of ACL-based access control mechanisms, and also provide support that it is possible to improve the usability of such mechanisms. We conclude by outlining the implications of our results for the design of a usable access control mechanism for end-users.

Computer science

Computer security

Computer security--Management

Facebook (Electronic resource)

Combining Programs to Enhance Security Software

Kang, Yuan Jochen

January 2018

Automatic threats require automatic solutions, which become automatic threats themselves. When software grows in functionality, it grows in complexity, and in the number of bugs. To keep track of and counter all of the possible ways that a malicious party can exploit these bugs, we need security software. Such software helps human developers identify and remove bugs, or system administrators detect attempted attacks. But like any other software, and likely more so, security software itself can have blind spots or flaws. In the best case, it stops working, and becomes ineffective. In the worst case, the security software has privileged access to the system it is supposed to protect, and the attacker can hijack those privileges for its own purposes. So we will need external programs to compensate for their weaknesses. At the same time, we need to minimize the additional attack surface and development time due to creating new solutions. To address both points, this thesis will explore how to combine multiple programs to overcome a number of weaknesses in individual security software: (1) When login authentication and physical protections of a smart phone fail, fake, decoy applications detect unauthorized usage and draw the attacker away from truly sensitive applications; (2) when a fuzzer, an automatic software testing tool, requires a diverse set of initial test inputs, manipulating the tools that a human uses to generate these inputs multiplies the generated inputs; (3) when the software responsible for detecting attacks, known as an intrusion detection system, itself needs protection against attacks, a simplified state machine tracks the software's interaction with the underlying platform, without the complexity and risks of a fully functional intrusion detection system; (4) when intrusion detection systems run on multiple, independent machines, a graph-theoretic framework drives the design for how the machines cooperatively monitor each other, forcing the attacker to not only perform more work, but also do so faster. Instead of introducing new, stand-alone security software, the above solutions only require a fixed number of new tools that rely on a diverse selection of programs that already exist. Nor do any of the programs, old or new, require additional privileges that the old programs did not have before. In other words, we multiply the power of security software without multiplying their risks.

Computer science

Computer security

Computer security--Computer programs

The study of incident response in Taiwan

Liaw, Bon-Yen

03 October 2002

Due to the enlargement of the use of Internet, computers are no longer separated systems. On the contrary, the frequency of sharing between computers¡¦ computing abilities, devices, and resources is surprisingly high in the last few decades. This situation makes people have a more convenient network situation. However, dangers also come along. Ever since the event occurred in 1988, the first computer worm (Morris Worm) makes people be aware of this issue. The computer network world has becoming an environment contains many potential dangers. Whereas the computer security incidents are increasing dramatically, many countries have established some specific organizations to solve these problems. TWCERT/CC (Taiwan Computer Emergency Response Team/ Coordination Center) is one of these organizations. The utilities of TWCERT/CC are to help people be aware of computer network dangers, to make responses and coordinate the security incidents inside and outside Taiwan, and to supervise the security circumstances in Taiwan and to announce alerts or take proper actions when the situation is serious. Responding and coordinating those incidents in TWCERT/CC is one crucial everyday job which requires a very complicated procedure. However, without a systematic method to handle the security incidents would be a heavy load for a computer security incident response team. This research is to develop a systematic method and procedure to handle incident and a system can implement this procedure. The goal is to shorten the processing time of incidents and enhance the accuracy of handling incidents, and to analyze the data collected from the system to get useful information.

computer security

security incidents

computer security incident response team

Internet

Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri

Ohaeri, Ifeoma Ugochi

January 2012

With the rapid proliferation of new technologies and services in the wireless domain, spectrum scarcity has become a major concern. Cognitive radios (CRs) arise as a promising solution to the scarcity of spectrum. A basic operation of the CRs is spectrum sensing. Whenever a primary signal is detected, CRs have to vacate the specific spectrum band. Malicious users can mimic incumbent transmitters so as to enforce CRs to vacate the specific band. Cognitive radio networks (CRNs) are expected to bring an evolution to the spectrum scarcity problem through intelligent use of the fallow spectrum bands. However, as CRNs are wireless in nature, they face all common security threats found in the traditional wireless networks. Common security combating measures for wireless environments consist of authorization, authentication, and access control. But CRNs face new security threats and challenges that have arisen due to their unique cognitive (self-configuration, self-healing, self-optimization, and self-protection) characteristics. Because of these new security threats, the use of traditional security combating measures would be inadequate to address the challenges. Consequently, this research work proposes an Intrusion Detection and Response Model (IDRM) to enhance security in cognitive radio networks. Intrusion detection monitors all the activities in order to detect the intrusion. It searches for security violation incidents, recognizes unauthorized accesses, and identifies information leakages. Unfortunately, system administrators neither can keep up with the pace that an intrusion detection system is delivering responses or alerts, nor can they react within adequate time limits. Therefore, an automatic response system has to take over this task by reacting without human intervention within the cognitive radio network. / Thesis (M.Sc.(Computer Science) North-West University, Mafikeng Campus, 2012

Intrusion detection systems

Computer security

APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS.

Kalibjian, Jeffrey R.

10 1900

International Telemetering Conference Proceedings / October 23-26, 2000 / Town & Country Hotel and Conference Center, San Diego, California / Over the past few years models for Internet based sharing and selling of telemetry data have been presented [1] [2] [3] at ITC conferences. A key element of these sharing/selling architectures was security. This element was needed to insure that information was not compromised while in transit or to insure particular parties had a legitimate right to access the telemetry data. While the software managing the telemetry data needs to be security conscious, the networked computer hosting the telemetry data to be shared or sold also needs to be resistant to compromise. Intrusion Detection Systems (IDS) may be used to help identify and protect computers from malicious attacks in which data can be compromised.

Intrusion Detection Systems

Computer Security

Non-repudiation

Zhou, Jianying

January 1997

No description available.

005

A framework for dynamic subversion

Rogers, David T.

06 1900

Approved for public release, distribution is unlimited / The subversion technique of attacking an operating system is often overlooked in information security. Operating Systems are vulnerable throughout their lifecycle in that small artifices can be inserted into an operating system's code that, on command, can completely disable its security mechanisms. To illustrate that this threat is viable, it is shown that it is not difficult for an attacker to implement the framework for the "two-card loader" type of subversion, a trap door which enables the insertion of arbitrary code into the operating system while the system is deployed and running. This framework provides several services such as memory allocation in the attacked system, and mechanisms for relocating, linking and loading the inserted attack code. Additionally, this thesis shows how Windows XP embedded designers can use Intel's x86 hardware more effectively to build a higher assurance operating system. Principles of hardware support are discussed and recommendations are presented. Subversion is overlooked because critics believe the attack is too difficult to carry out. It is illustrated in this thesis that this is simply not the case. Anyone with access to the operating system code at some point in its lifecycle can design a fairly elaborate subversion artifice with modest effort. / Ensign, United States Navy Reserve

Operating systems (Computers)

Computer security

On forging ElGamal signature and other attacks.

January 2000

by Chan Hing Che. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 59-[61]). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background --- p.8 / Chapter 2.1 --- Abstract Algebra --- p.8 / Chapter 2.1.1 --- Group --- p.9 / Chapter 2.1.2 --- Ring --- p.10 / Chapter 2.1.3 --- Field --- p.11 / Chapter 2.1.4 --- Useful Theorems in Number Theory --- p.12 / Chapter 2.2 --- Discrete Logarithm --- p.13 / Chapter 2.3 --- Solving Discrete Logarithm --- p.14 / Chapter 2.3.1 --- Exhaustive Search --- p.14 / Chapter 2.3.2 --- Baby Step Giant Step --- p.15 / Chapter 2.3.3 --- Pollard's rho --- p.16 / Chapter 2.3.4 --- Pohlig-Hellman --- p.18 / Chapter 2.3.5 --- Index Calculus --- p.23 / Chapter 3 --- Forging ElGamal Signature --- p.26 / Chapter 3.1 --- ElGamal Signature Scheme --- p.26 / Chapter 3.2 --- ElGamal signature without hash function --- p.29 / Chapter 3.3 --- Security of ElGamal signature scheme --- p.32 / Chapter 3.4 --- Bleichenbacher's Attack --- p.34 / Chapter 3.4.1 --- Constructing trapdoor --- p.36 / Chapter 3.5 --- Extension to Bleichenbacher's attack --- p.37 / Chapter 3.5.1 --- Attack on variation 3 --- p.38 / Chapter 3.5.2 --- Attack on variation 5 --- p.39 / Chapter 3.5.3 --- Attack on variation 6 --- p.39 / Chapter 3.6 --- Digital Signature Standard(DSS) --- p.40 / Chapter 4 --- Quadratic Field Sieve --- p.47 / Chapter 4.1 --- Quadratic Field --- p.47 / Chapter 4.1.1 --- Integers of Quadratic Field --- p.48 / Chapter 4.1.2 --- Primes in Quadratic Field --- p.49 / Chapter 4.2 --- Number Field Sieve --- p.50 / Chapter 4.3 --- Solving Sparse Linear Equations Over Finite Fields --- p.53 / Chapter 4.3.1 --- Lanczos and conjugate gradient methods --- p.53 / Chapter 4.3.2 --- Structured Gaussian Elimination --- p.54 / Chapter 4.3.3 --- Wiedemann Algorithm --- p.55 / Chapter 5 --- Conclusion --- p.57 / Bibliography --- p.59

Digital signatures

Computer security

Logarithms