101 |
An Extensible Technology Framework for Cyber Security EducationSheen, Frank Jordan 01 April 2015 (has links) (PDF)
Cyber security education has evolved over the last decade to include new methods of teaching and technology to prepare students. Instructors in this field of study often deal with a subject matter that has rigid principles, but changing ways of applying those principles. This makes maintaining courses difficult. This case study explored the kind of teaching methods, technology, and means used to explain these concepts. This study shows that generally, cyber security courses require more time to keep up to date. It also evaluates one effort, the NxSecLab, on how it attempted to relieve the administrative issues in teaching these concepts. The proposed framework in this model looks at ways on how to ease the administrative burden in cyber security education by using a central engine to coordinate learning management with infrastructure-as-a-service resources.
|
102 |
Cyber Security Demonstrations using Penetration Testing on Wi-Fi Cameras / Cybersäkerhetsdemonstrationer genom penetrationstestning av Wi-Fi-kamerorGustafsson, Hanna, Kvist, Hanna January 2022 (has links)
Cyber security is a rapidly changing area that contributes to people increasingly being exposed to Internet of Things (IoT). The risks of using IoT do not get enough attention from the users, nor does the supplier of the devices take full responsibility for security. There is a lack of comprehensive standards for secure products and without proper security measures, organizations using IoT are at risk of greater damage. There is a need of educating a diverse range of individuals within the area of cyber security, to reduce the risks of being a future victim. This thesis aims to increase the awareness and knowledge regarding current cyber security threats, by developing educational demonstrations. Two Wi-Fi cameras were penetration tested from an isolated network, where successful experiments showed that it was possible to remotely access the video stream of one camera, and extract the entire content of the SD card, without any requirements of user credentials. It was also shown that motion detection and privacy mode were possible to remotely enable and disable. Successful experiments also showed that a DoS attack could be carried out, by remotely rebooting one of the cameras. Additionally, a qualitative study was conducted, resulting in valuable criteria that a cyber security demonstration should fulfill. The vulnerabilities in both cameras were utilized developing five Proof of Concept demonstrations, presenting attack scenarios of i.a. an attacker breaking in without detection, espionage and blackmail. These demonstrations could be used in education to increase awareness of cyber security.
|
103 |
Strategy in decision-making for cyber security standards / Strategi för valprocesser inom cyber säkerhets standarderGyllenberg, Marcus January 2022 (has links)
No description available.
|
104 |
Dependability of the Internet of Things: current status and challengesAbdulhamid, Alhassan, Kabir, Sohag, Ghafir, Ibrahim, Lei, Ci 03 February 2023 (has links)
Yes / The advances in the Internet of Things (IoT) has substantially contributed to the automation of modern societies by making physical things around us more interconnected and remotely controllable over the internet. This technological progress has inevitably created an intelligent society where various mechatronic systems are becoming increasingly efficient, innovative, and convenient. Undoubtedly, the IoT paradigm will continue to impact human life by providing efficient control of the environment with minimum human intervention. However, despite the ubiquity of IoT devices in modern society, the dependability of IoT applications remains a crucial challenge. Accordingly, this paper systematically reviews the current status and challenges of IoT dependability frameworks. Based on the review, existing IoT dependability frameworks are mainly based on informal reliability models. These informal reliability models are unable to effectively evaluate the unified treatment safety faults and cyber-security threats of IoT systems. Additionally, the existing frameworks are also unable to deal with the conflicting interaction between co-located IoT devices and the dynamic features of self-adaptive, reconfigurable, and other autonomous IoT systems. To this end, this paper suggested the design of a novel model-based dependability framework for quantifying safety faults and cyber-security threats as well as interdependencies between safety and cyber-security in IoT ecosystems. Additionally, robust approaches dealing with conflicting interactions between co-located IoT systems and the dynamic behaviours of IoT systems in reconfigurable and other autonomous systems are required.
|
105 |
Data Integrity and Availability in Power System Communication InfrastructuresVuković, Ognjen January 2013 (has links)
Society is increasingly dependent on the proper functioning of electric power systems. Today's electric power systems rely heavily on information and networking technology in order to achieve efficient and secure operation. Recent initiatives to upgrade power systems into smart grids target an even tighter integration with information and communication technologies in order to enable the integration of renewable energy sources, local and bulk generation and demand response. Therefore for a proper functioning of smart grids, it is essential that the communication network is secure and reliable both in the face of network failures and in the face of attacks. This thesis contributes to improving the security of power system applications against attacks on the communication infrastructure. The contributions lie in two areas. The first area is the interaction of network and transport layer protocols with power system application layer security. We consider single and multi-area power system state estimation based on redundant telemetry measurements. The state estimation is a basis for a set of applications used for information support in the control center, and therefore its security is an important concern. For the case of single-area state estimation, we look at the security of measurement aggregation over a wide area communication network. Due to the size and complexity of power systems, it can be prohibitively expensive to introduce cryptographic security in every component of the communication infrastructure. Therefore, we investigate how the application layer logic can be leveraged to optimize the deployment of network, transport and application layer security solutions. We define security metrics that quantify the importance of particular components of the network infrastructure. We provide efficient algorithms to calculate the metrics, and that allow identification of the weakest points in the infrastructure that have to be secured. For the case of multi-area state estimation, we look at the security of data exchange between the control centers of neighboring areas. Although the data exchange is typically cryptographically secure, the communication infrastructure of a control center may get compromised by a targeted trojan that could attack the data before the cryptographic protection is applied or after it is removed. We define multiple attack strategies for which we show that they can significantly disturb the state estimation. We also show a possible way to detect and to mitigate the attack. The second area is a study of the communication availability at the application layer. Communication availability in power systems has to be achieved in the case of network failures as well as in the case of attacks. Availability is not necessarily achieved by cryptography, since traffic analysis attacks combined with targeted denial-of-service attacks could significantly disturb the communication. Therefore, we study how anonymity networks can be used to improve availability, which comes at the price of increased communication overhead and delay. Because of the way anonymity networks operate, one would expect that availability would be improved with more overhead and delay. We show that surprisingly this is not always the case. Moreover, we show that it is better to overestimate than to underestimate the attacker's capabilities when configuring anonymity networks. / <p>QC 20130522</p>
|
106 |
Cyber Security and Security Frameworks for Cloud and IoT ArchitecturesHaar, Christoph 20 October 2023 (has links)
Das Cloud Computing hat die Art und Weise unserer Kommunikation in den letzten Jahren rapide verändert. Es ermöglicht die Bereitstellung unterschiedlicher Dienste über das Internet. Inzwischen wurden sowohl für Unternehmen, als auch für den privaten Sektor verschiedene Anwendungen des Cloud Computing entwickelt. Dabei bringt jede Anwendung zahlreiche Vorteile mit sich, allerdings werden auch neue Herausforderungen an die IT-Sicherheit gestellt. In dieser Dissertation werden besonders wichtige Anwendungen des Cloud Computing auf die aktuellen Herausforderungen für die IT-Sicherheit untersucht.
1. Die Container Virtualisierung ermöglicht die Trennung der eigentlichen Anwendung von der IT-Infrastruktur. Dadurch kann ein vorkonfiguriertes Betriebssystem-Image zusammen mit einer Anwendung in einem Container kombiniert und in einer Testumgebung evaluiert werden. Dieses Prinzip hat vor allem die Software-Entwicklung in Unternehmen grundlegend verändert. Container können verwendet werden, um software in einer isolierten Umgebung zu testen, ohne den operativen Betrieb zu stören. Weiterhin ist es möglich, verschiedene Container-Instanzen über mehrere Hosts hinweg zu verwalten. In dem Fall spricht man von einer Orchestrierung. Da Container sensible unternehmensinterne Daten beinhalten, müssen Unternehmen ihr IT-Sicherheitskonzept für den Einsatz von Container Virtualisierungen überarbeiten. Dies stellt eine große Herausforderung dar, da es derzeit wenig Erfahrung mit der Absicherung von (orchestrierten) Container Virtualisierungen gibt.
2. Da Container Dienste über das Internet bereitstellen, sind Mitarbeiterinnen und Mitarbeiter, die diese Dienste für ihre Arbeit benötigen, an keinen festen Arbeitsplatz gebunden. Dadurch werden wiederum Konzepte wie das home o
|
107 |
Integrated optimization based modeling and assessment for better building energy efficiencyTahmasebi, Mostafa 02 June 2023 (has links)
No description available.
|
108 |
A Systematic Review of Cryptocurrencies Use in CybercrimesHuman, Kieran B D 01 January 2023 (has links) (PDF)
Cryptocurrencies are one of the most prominent applications of blockchain systems. While cryptocurrencies promise many features and advantages, such as decentralization, anonymity, and ease of access, those very features can be abused. For instance, as documented in various recent works, cryptocurrencies have been frequently abused in many different forms of cybercrime. Despite the plethora of works on measuring and understanding the abuse of cryptocurrencies in the digital space, there has been no work on systemizing this knowledge by comprehensively understanding those contributions, contrasting them based on their merit, and understanding the gap in this research space.
This thesis initiates the systematic review and understanding of the literature on cryptocurrencies and their utilization in cybercrime. Starting with a rich set of research efforts published exclusively at some of the most highly selective avenues in the cyber security research community, we built a taxonomy of cryptocurrencies, enumerating the most prominent ones based on their use. We then categorize the literature in this space based on the objectives of the tools built and the blockchain systems they target. We then extend our effort by categorizing the reviewed work on cybercrime based on the type of attacks (coordinated vs. individual fraud) and targeted entity (marketplace vs. exchange). Each of those elements in our taxonomy enumerates various aspects of abuse, including their use in underground forums, the trade of drugs, weapons, and stolen credentials, money laundering, malware distribution, ransomware, etc. Accompanying our review, we discuss the gaps in research that call for further investigation.
|
109 |
Evaluation of Open-source Threat Intelligence Platforms Considering Developments in Cyber SecurityAndrén, Love January 2024 (has links)
Background. With the increase in cyberattacks and cyber related threats, it is of great concern that the area still lacks the needed amount of practitioners. Open-source threat intelligence platforms are free platforms hosting related information to cyber threats. These platforms can act as a gateway for new practitioners and be of use during research on all levels. For this to be the case, they need to be up-to-date, active user base and show a correlation to commercial companies and platforms. Objectives. In the research, data will be gathered from a multitude of open-source threat intelligence platforms to determine if they have increased usage and correlation to other sources. Furthermore, the research will look at if there are overrepresentations for certain countries and if the platforms are affected by real world events. Methods. Platforms were gathered using articles and user curated lists, they were filtered based on if the data could be used and if they were free or partially free. The data was then, and processed to only include information from after 2017 and all be unique entries. It was then filtered through a tool to remove potential false positives. For IP addresses and domains, a WHOIS query was done for each entry to get additional information. Results. There was a noticeable increase in the amount of unique submission for the categories CVE and IP addresses, the other categories showed no clear increase or decrease. The United States was the most represented country when analyzing domains and IP addresses. The WannaCry ransomware had a notable effect on the platforms, with an increase in submission during the month of the attack and after, and samples of the malware making out 7.03\% of the yearly submissions. The Russian invasion of Ukraine did not show any effect on the platforms. Comparing the result to the annual Microsoft security reports, there was a clear correlation for some years and sources, while others showed none at all. This was the case for all the statistic applicable to, reported countries, noticeable trend increases and most prominent malware. Conclusions. While some results showed that there was an increase in cyberattacks and correlation to real world event, others did not. Open-Source threat intelligence platforms often provides the necessary data, but problems starts showing up when analyzing it. The data itself is extremely sensitive depending on what processing methods are used, which in turn can lead to varying results. / Bakgrund. Med den stora ökningen av cyberattecker och hot har det uppmärksammats att cybersäkerhets omårdet fortfarande saknar nog med utbildade individer. Open-source threat intelligence plattformar är gratis tjänster som innehåller information om cyberhot. Dessa platformar kan fungera som en inkörsport till cybersäkerhets området och ett stöd till alla nivåer av forskning samt utbildning. För att detta ska fungera, måste de vara uppdaterade, ha en aktiv användarbas och data ha liknande resultat som betaltjänster och stora företagsrapporter. Syfte. I arbetet kommer data samlas in från flertal open-source threat intelligence plattformar i syftet att avgöra om deras använding och bidrag har ökat. Vidare om informationen är liknande till det som rapporteras av företag. Utöver så kommer det undersökas om några länder är överrepresenterade bland datan och om verkliga händelser påverkade plattformarna. Metod. Möjliga plattformar samlades in genom artiklar och användarskapade listor. De filtrerades sedan baserat på om data kunde användas i arbetet och om det var gratis eller delvis gratis. Datan hämtades från plattformarna och filtrerades så enbart allt rapporterat efter 2017 och unika bidrag kvarstod. All data bearbetades genom ett verktyg för att få bort eventuella falskt positiva bidrag. Slutligen så gjordes WHOIS uppslag för IP adresser och domäner. Resultat. CVEs och IP-adresser visade en märkbar ökning av antalet unika bidrag. Resterande kategorier visade ingen direkt ökning eller minskning. Det mest överrepresenterade landet var USA för båda domäner och IP adresser. WannaCry viruset hade en märkbar påverkan på pattformarna, där månaden under attacken och efter hade ökningar av bidrag. Viruset utgjorde 7.03\% av de total årliga bidragen. Den ryska invasionen av Ukraina visade ingen direkt påverkan på plattformarna. När resultatet jämfördes med Microsots årliga säkerhetsrapporter fanns det en tydlig liknelse i resultat för vissa år och källor. Andra källor och år hade ingen liknande statistik. Den information från rapporten som kunde tillämpas var länder, märkbara ökningar i specifika kategorier och högst förekommande virus. Slutsatser. Vissa resultat visade att det fanns ökning av cyberattacker och att plattformarna hade en tydlig koppling till verkliga händelser, för andra resultat stämde det ej överrens. Open-source threat intelligence plattformar innehåller viktig och relevant data. Problem börjar dock uppstå när man ska analysera datan. Detta är eftersom datan är extremt känslig till hur den bearbetas den, som i tur kan leda till varierande resultat.
|
110 |
Validating enterpriseLang : A Domain- Specific Language Derived from the Meta Attack Language Framework / Validering av enterpriseLang : Validering av enterpriseLang Ett domänspecifikt språk baserat på ramverket; Meta Attack LanguageNordgren, Isak, Sederlin, Anton January 2021 (has links)
Enterprise data systems are continuously growing in complexity and size. The attack area of these systems has increased and introduced new vulnerabilities a potential adversary could exploit. Evaluating cyber security in enterprise IT infrastructure is difficult and expensive. Recently, a new threat modeling language was proposed for enterprise systems based on the MITRE Enterprise ATT&CK Matrix, namely enterpriseLang. This language is a domain- specific language built on the Meta Attack Language (MAL) framework. The purpose of enterpriseLang is to enable a simplified and cost- effective environment for enterprises to evaluate the security of their systems without disturbing the data flow of the actual system. However, how can we be sure that enterpriseLang is correct and effective enough to be used in practice? The language needs to be thoroughly validated to be used by companies for cyber security evaluation of enterprise systems. We have validated enterpriseLang by implementing it to model and simulate three real- world cyber attacks against, Equifax, National Health Service (NHS) and Garmin. The validation method was mainly based on the evaluation of two specific issues. Based on our results we concluded that we consider enterpriseLang to be correct and effective enough to be used in practice. On the contrary, we identified some aspects of the language that should be improved. / Företags datasystem växer kontinuerligt i komplexitet och storlek. Attackarean för dessa system har därmed ökat och infört nya sårbarheter som en potentiell angripare kan utnyttja. Att utvärdera cybersäkerhet i företags IT- infrastruktur är svårt och kostsamt. Nyligen föreslogs ett nytt språk för hotmodellering av företagssystem baserat på MITRE Enterprise ATT&CK matrix, nämligen enterpriseLang. Detta språk är ett domänspecifikt språk byggt på MAL- ramverket. Syftet med enterpriseLang är att möjliggöra ett förenklat och kostnadseffektivt modelleringsverktyg för företag att utvärdera säkerheten av sina system i, utan behovet av att störa dataflödet i det faktiska systemet. Hur kan vi dock vara säkra på att enterpriseLang är korrekt och tillräckligt effektivt för att användas i praktiken? Språket måste valideras grundligt för att kunna användas för evaluering av cybersäkerhet i företagssystem. Vi har validerat enterpriseLang genom att använda språket till att modellera och simulera tre verkliga cyberattacker mot Equifax, National Health Service och Garmin. Valideringsmetoden grundades i evalueringen av två huvudfrågor. Baserat på vårt resultat drog vi slutsatsen att vi anser enterpriseLang som korrekt och tillräckligt effektivt för att användas i praktiken. Däremot, identifierade vi några aspekter inom språket som bör förbättras.
|
Page generated in 0.0641 seconds