- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 171 to 180 of 450 (0.052 seconds)| 171 |
Who Watches The Privileged UsersPersson, Sebastian January 2020 (has links)
Today, companies are spending millions of dollars on cybersecurity, but compromised systems and stealing sensitive information are still huge problems. Protecting sensitive information has always been of vital importance. However, the struggle today is that digital information can be distributed to an endless amount of users, everywhere in the world. Security solutions today focus on role-based access control and "the principle of the least privilege". They can affect the productivity of employees, which is also a key aspect to be considered when it comes to security. Privilege users are the ones that possess the most permissions within a system and are, therefore, a significant risk. This thesis project is focusing on developing a solution that protects against security risks connected to the users with the most privilege. The developed solution resulted in a modular role-based access methodology, also adding the "four-eye principle" (4EP). By introducing an extra shield outside the standard API, sensitive commands sent unwittingly or wittingly by a privileged user can be discovered before compromising a system or leaking sensitive information. Introducing the "four-eye principle" in a secure proxy solution, a "third-party" user approves sensitive commands before reaching the intended system. The solution is developed in JAVA and is adaptable to different organisations by letting the system administrators choose an intended system, which policies of sensitive commands to apply and whom that needs to approve them. The concepts implemented in this prototype can be used in future industrial developments.
|
| 172 |
Integrating security into agile software development : A case study on the role of inertiaAndersson, Rasmus, Edström, Carl January 2022 (has links)
The security directives at Ericsson Group IT have recently been re-worked to apply to modern security requirements. For Ericsson's software development teams developing internal applications, security tools have been implemented into the daily workflow to follow these new directives. Before, security mainly was considered during the reviews and scheduled assessments of the software projects. The goal of these new tools is to add security to every part of the software development process. Security thus adds to the scope of work of the developers at Ericsson Group IT, which has, in the past, evolved from being solely a developer to being responsible for development and operations to development, security and operations. However, adding methods and tools to the developer's workflow can create inertia and friction in daily work. We intend to apply the concept of inertia to agile work practices to examine how small-scale projects are affected when new security tools and methods are introduced and implemented in the agile workflow. Research suggests that linked processes and methods should be put in place to achieve desirable results from the implemented tools and be integrated into the team's agile methodologies. The thesis aims to identify the factors that affect inertia by investigating and analysing the developers' use of methods and tools. As for data collection, a pilot study and a case study were applied to a team at Ericsson Group IT. The data was collected through qualitative surveys conducted on twelve proven factors regarding successfulness in work implementations. The data was then analysed through the Gioia methodology by compiling the collected data into first-order concepts and linking them to familiar second-order themes. These themes were then translated into aggregate dimensions synthesised from the study's theoretical framework. The results showed that several factors affected the change process: personnel training and education, appropriate communication, and adaptability to the change process. These are all factors attributing inertia to the change process, and awareness of these can help mitigate and facilitate a successful change process. Streamlining successful change processes is vital when integrating security as a requirement into an agile software development team.
|
| 173 |
Formal security verification of the Drone Remote Identification Protocol using Tamarin / Formell säkerhetsverifiering av Drone Remote Identification Protocol med hjälp av TamarinAhokas, Jakob, Persson, Jonathan January 2022 (has links)
The current standard for remote identification of unmanned aircraft does not contain anyform of security considerations, opening up possibilities for impersonation attacks. Thenewly proposed Drone Remote Identification Protocol aims to change this. To fully ensurethat the protocol is secure before real world implementation, we conduct a formal verification using the Tamarin Prover tool, with the goal of detecting possible vulnerabilities. Theunderlying technologies of the protocol are studied and important aspects are identified.The main contribution of this thesis is the formal verification of session key secrecy andmessage authenticity within the proposed protocol. Certain aspects of protocol securityare still missing from the scripts, but the protocol is deemed secure to the extent of themodel. Many features of both the protocol and Tamarin Prover are presented in detail,serving as a potential base for the continued work toward a complete formal verificationof the protocol in the future.
|
| 174 |
The Internal Auditor's Role in Cybersecurity Governance : A qualitative study about the internal auditor's influence on the people factor of cybersecuritySimić, Nikola January 2022 (has links)
Internal auditors have a substantial impact on organisations’ governance. Hence this research aims to uncover the practice of internal auditors in Sweden, especially their part in cybersecurity and the people factor. While previous research point to internal auditing being an oversight governance mechanism for organisations, the threat of a changing risk landscape due to increased digitalisation and business transactions occurring in cyberspace leaves more questions undiscovered. The research implements a qualitative approach. The data was collected by semi-structured interviews conducted with members from IIA working as internal auditors. The IPPF authoritative guidance was also used as complementary data. The data was later analysed through theories such as the Three Lines of Defense. The results demonstrated how internal auditors provide assurance heavily influence organisations’ cybersecurity. However, it is equally essential for auditors to consider the indirect impact they have on the organisation, especially regarding the people factor of cybersecurity and the amount of influence internal auditors have. These findings indicate the need to focus on researching the indirect influence internal auditors have through their soft skills. Professionals should also reflect on their influence in their organisation not to overshadow other important risks.
|
| 175 |
Threats to smart buildings : Securing devices in a SCADA networkLindqvist, Anna January 2021 (has links)
This paper examines the possibilities of performing tests with the aim to ensure that devices in a SCADA network can be deemed secure before deployment. SCADA systems are found in most industries and have recently seen an increased use in building automation, most importantly the healthcare sector, which means that a successful attack toward such a system could endanger lives of patients and healthcare professionals.The method of testing was created to examine whether devices conflicted with the security flaws identified by OWASP IoT Top 10 list, meaning that OWASP IoT Top 10 was the foundation for the methodology used in this paper.Results of the tests show that the devices used in testing are not in conflict with the OWASP IoT Top 10 list when using the default settings. However, some settings that can be enabled on the devices would constitute a security risk if enabled.
|
| 176 |
Nepoučitelní uživatelé: příčiny (ne)bezpečných hesel / Careless society: Drivers of (un)secure passwordsNedvěd, Vojtěch January 2021 (has links)
Careless Society: Drivers of (Un)Secure Passwords Thesis abstract Vojtěch Nedvěd May 2, 2021 Vulnerabilities related to poor cybersecurity are a dangerous global economic issue. This thesis aims to explain two examples of poor password management. First, why users use similar password and username and second, why they reuse their passwords, as the main drivers of this behaviour are unknown. We examined the effects of selected macroeconomic variables, gender, password length and password complexity. Additionally, this thesis suggest how to estimate sentiment in passwords using models build on Twitter posts. The results are verified on large password data, including password leaks from recent years. There are four main findings. First, a higher cybersecurity index and diversity of a password seem to be related to the lower similarity between a username and a password. Second, it seems that there are structural differences between countries and languages. Third, the sentiment seems to be a significant determinant too. Fourth, password reuse seems to be positively affected by the cybersecurity level. The thesis contributes to the study of password management. It proposes how to model the relationship, derive the data, split the passwords into words, model the sentiment of passwords, what variables might be...
|
| 177 |
Adaptive Safety and Cyber Security for Connected and Automated Vehicle SystemHanlin Chen (11173323) 23 July 2021 (has links)
<div>
<div>
<p>This dissertation discussed the potential benefits that CAV systems can bring to the
general well-being, and how the threat lies within the CAV system can affect its performance and
functionality.<br></p>
<p>Particularly, this dissertation discovered how CAV technology can benefit homeland
security and crime investigations involving child abduction crimes. By proposing the initial
design network, this dissertation proposed a solution that enhances the current AMBER Alert
system using CAV technology. This dissertation also discussed how CAV technology can help
perception in corner-case driving scenarios and reduce the risk of traffic accidents, by proposing a
dataset that covers various corner cases including different weather and lighting conditions
targeting the work zone. Evaluation is made on the collected data and several impact factors have
been figured out.
</p>
<p>This dissertation also discussed an attack scenario that a ROS-based CAV platform was
attacked by DoS attacks. We analized the system response after we attacked the system.
Discussion and analysis was made on the functionality and stability of the system.
</p>
<p>Overall, we determined that CAV technology can greatly benefit in general well-being,
and threats within the CAV system can cast potential negative benefits once the CAV system is
being attacked.
</p>
</div>
</div>
|
| 178 |
A Machine Learning Approach for Reconnaissance Detection to Enhance Network SecurityBakaletz, Rachel 01 May 2022 (has links)
Before cyber-crime can happen, attackers must research the targeted organization to collect vital information about the target and pave the way for the subsequent attack phases. This cyber-attack phase is called reconnaissance or enumeration. This malicious phase allows attackers to discover information about a target to be leveraged and used in an exploit. Information such as the version of the operating system and installed applications, open ports can be detected using various tools during the reconnaissance phase. By knowing such information cyber attackers can exploit vulnerabilities that are often unique to a specific version.
In this work, we develop an end-to-end system that uses machine learning techniques to detect reconnaissance attacks on cyber networks. Successful detection of such attacks provides the target the time to devise plans on how to evade or mitigate the cyber-attack phases that supervene the reconnaissance phase.
|
| 179 |
Security related self-protected networks: Autonomous threat detection and response (ATDR)Havenga, Wessel Johannes Jacobus January 2021 (has links)
>Magister Scientiae - MSc / Cybersecurity defense tools, techniques and methodologies are constantly faced with increasing
challenges including the evolution of highly intelligent and powerful new-generation threats. The
main challenges posed by these modern digital multi-vector attacks is their ability to adapt with
machine learning. Research shows that many existing defense systems fail to provide adequate
protection against these latest threats. Hence, there is an ever-growing need for self-learning technologies
that can autonomously adjust according to the behaviour and patterns of the offensive
actors and systems. The accuracy and effectiveness of existing methods are dependent on decision
making and manual input by human experts. This dependence causes 1) administration
overhead, 2) variable and potentially limited accuracy and 3) delayed response time.
|
| 180 |
Identifying Challenges in Cybersecurity Data Visualization DashboardsShirazi, Patrick January 2020 (has links)
Nowadays, a massive amount of cybersecurity data-objects, such as security events, logs,messages, are flowing through different cybersecurity systems. With the enormous fastdevelopment of different cloud environments, big data, IoT, and so on, these amounts of data areincreasingly revolutionary. One of the challenges for different security actors, such as securityadmins, cybersecurity analysis, and network technicians, is how to utilize this amount of data inorder to reach meaningful insights, so they can be used further in diagnosis, validation, forensicand decision-making purposes. In order to make useful and get meaningful insights from this data, we need to have efficientdashboards that simplify the data and provide a human-understandable presentation of data. Currently, there are plenty of SIEM and visualization dashboard tools that are using a variety ofreport generator engines to generate charts and diagrams. Although there have been manyadvances in recent years due to utilizing AI and big data, security professionals are still facingsome challenges in using the visualization dashboards. During recent years, many research studies have been performed to discover and address thesetypes of challenges. However, due to the rapid change in the way of working in many companies(e.g. digital transformation, agile way of working, etc.) and besides utilizing cloud environments,that are providing almost everything as a service, it is needed to discover what challenges are stillthere and whether they are still experiencing the same challenges or new ones have emerged. Following a qualitative method and utilizing the Delphi technique with two rounds of interviews,the results show that although the technical and tool-specific concerns really matter, the mostsignificant challenges are due to the business architecture and the way of working.
|
Page generated in 0.0594 seconds