Global ETD Search

1	iOS vs Android: Security of Inter-App Communication Holmberg, Albin January 2022 (has links) Android and iOS are the world leading mobile operating systems in today’s growing market of handheld devices. Third-party applications are an important aspect of these systems but can also provide an attack-vector for exploiting other installed applications. Previous studies have shown that the Android inter- app communication (IAC) mechanism Intent can be used for causing harm to other apps. In contrast, research involving iOS app communication have been sparse because of the closed nature of the iOS ecosystem. One of the previous studies showed the possibility of using Android Intents for hijacking and forging payments between a company application providing payments via the Swedish payment application Swish and their App2App API. This study extends this previous work by creating an artifact that performs the same exploit on the iOS platform. iOS uses a URL-scheme for opening and sending data between applications. This mechanism is used for creating the communication between apps and finding out if payment information sent via the URL- scheme can be hijacked instead of arriving at the intended Swish application. The experiences drawn from the exploit were used in combination with the previous work to find differences between the IAC mechanisms. Finally, a literature study is presented with the latest mitigation techniques for IAC vulnerabilities. iOS Security Android Security URL-scheme Hijack Intent Hijack Swish Software Engineering Programvaruteknik
2	Collaborative Network Security: Targeting Wide-area Routing and Edge-network Attacks Hiran, Rahul Gokulchand January 2016 (has links) To ensure that services can be delivered reliably and continuously over theInternet, it is important that both Internet routes and edge networks aresecured. However, the sophistication and distributed nature of many at-tacks that target wide-area routing and edge networks make it difficult foran individual network, user, or router to detect these attacks. Thereforecollaboration is important. Although the benefits of collaboration betweendifferent network entities have been demonstrated, many open questionsstill remain, including how to best design distributed scalable mechanismsto mitigate attacks on the network infrastructure. This thesis makes severalcontributions that aim to secure the network infrastructure against attackstargeting wide-area routing and edge networks. First, we present a characterization of a controversial large-scale routinganomaly, in which a large Telecom operator hijacked a very large numberof Internet routes belonging to other networks. We use publicly availabledata from the time of the incident to understand what can be learned aboutlarge-scale routing anomalies and what type of data should be collected inthe future to diagnose and detect such anomalies. Second, we present multiple distributed mechanisms that enable col-laboration and information sharing between different network entities thatare affected by such attacks. The proposed mechanisms are applied in thecontexts of collaborating Autonomous Systems (ASes), users, and servers,and are shown to help raise alerts for various attacks. Using a combina-tion of data-driven analysis and simulations, based on publicly availablereal network data (including traceroutes, BGP announcements, and net-work relationship data), we show that our solutions are scalable, incur lowcommunication and processing overhead, and provide attractive tradeoffsbetween attack detection and false alert rates. Finally, for a set of previously proposed routing security mechanisms,we consider the impact of regional deployment restrictions, the scale of thecollaboration, and the size of the participants deploying the solutions. Al-though regional deployment can be seen as a restriction and the participationof large networks is often desirable, we find interesting cases where regionaldeployment can yield better results compared to random global deployment,and where smaller networks can play an important role in achieving bettersecurity gains. This study offers new insights towards incremental deploy-ment of different classes of routing security mechanisms. Collaboration network security BGP attacks routing security hijack
3	The Lurking Shadow : a qualitative study of the experience of residual symptoms following a violent crime Van Rensburg, Celestè-Mari January 2014 (has links) This research explores the beliefs and behaviour of individuals who have suffered a traumatic experience, specifically the violent crimes of assault, motor vehicle hijackings and armed robbery. The researcher focuses on the occurrence of residual, subclinical symptoms of PTSD that individuals experience subsequent to the specified violent crimes. By identifying and describing trends in commonalities that exist between research participants’ accounts of such residual, subclinical symptoms the research aims to explore and describe these trends, enabling a common understanding and awareness of the longstanding effects that these experiences have on individuals. The qualitative research design allowed for an exploration aimed at understanding the meaning that individuals ascribe to specific events. Three case studies were examined. The researcher ensured the exclusion of individuals who met the criteria for PTSD by making use of the PCL-S. From this approach a thematic analysis was done using the transcriptions of audiotaped interviews with the participants. The three participants chosen for the study were aged twenty-nine (29), thirty (30) and thirty-one (31) independently. Two of the participants experienced an armed robbery, which were, independently, followed by non-violent crime of housebreaking and theft. A third participant experienced an armed robbery during her early childhood, and an additional crime of aggravated robbery in adulthood. The studied violent crimes had taken place between one year eleven months and six years prior to this study. None of the participants have received therapy following their traumatic experience. Five important findings were identified and discussed. Firstly, some individuals still meet the requirements for a diagnosis of PTSD, even years following their experiences with traumatic events. Secondly, following the experience of a violent crime some individual’s core cognitive schemas regarding themselves, their world and their relationships undergo various changes. Thirdly, some individuals experience numerous posttraumatic symptoms, which are not extensive enough to validate the diagnosis of PTSD, but that affect the individual’s life on a regular basis. Nine symptoms were identified in this study. Fourthly, some individuals may experience additional effects following exposure to violent crimes, e.g. physical illness, that is not classified as posttraumatic symptoms. Fifthly, a few individuals who have been the victim of more than one crime may experience cumulative or diminished effects when one explores the overall effects of revictimisation. Results also indicated that individuals may experiences similar posttraumatic symptoms, but that the presentation of these symptoms are unique and are influenced by an individual’s history, cognitive schemas and the characteristics of the crimes that they have experienced. Finally, these findings explored and described the phenomenon of partial posttraumatic stress disorder in order to expand the understanding of this occurrence. / Dissertation (MA)--University of Pretoria, 2014. / tm2015 / Psychology / MA / Unrestricted UCTD PTSD (Posttraumatic Stress Disorder) Residual symptoms Cognitive behavioural therapy Violent crime Motor vehicle hijack
4	Nuking Duke Nukem : Reaching the Stack via a Glboal Buffer Overflow in DOS Protected Mode Lindblom, Henrik January 2023 (has links) Control-flow hijack attacks on software exploit vulnerabilities in the software’s memory handling. Over the years, various security mitigations have been developed to counter these attacks. However, compatibility issues have hindered the adoption of such measures in some legacy systems. This thesis focuses on the case of the legacy DOS system and examines whether a DOS system running the DOS/4GW protected mode extender can provide control-flow protection against an attack exploiting a buffer overflow vulnerability in the well-known retro game Duke Nukem3D. To investigate this, three model programs were created, and designed with memory models that share memory layout characteristics with the target retro game’s executable. Experimental attacks were then conducted on these models, aiming to identify an effective attack vector for the target vulnerability. The underlying theory suggests that memory models that segregate application data into distinct memory segments could potentially safeguard against the demonstrated attack. However, attempts to implement such a memory model within an application proved unsuccessful. The challenge that remains is to prove the existence of memory models under DOSprotected mode that can effectively shield Duke Nukem 3D, or other legacy games, from the control-flow hijack attack demonstrated in this thesis. Computer Security Operating Systems Control-flow hijack attacks Buffer Overflow Stack DOS Computer Sciences Datavetenskap (datalogi)
5	Investigating the Effectiveness of Stealthy Hijacks against Public Route Collectors : Is AS-Path Prepending Enough to Hide from Public Route Collectors? / Undersökning av effektiviteten hos smygande kapningar mot offentliga ruttinsamlare : Är AS-Path Prepending tillräckligt för att dölja från offentliga ruttinsamlare? Wang, Kunyu January 2023 (has links) BGP hijacking is a threat to network organizations because traditional BGP protocols were not designed with security in mind. Currently, research to combat hijacking is being done by detecting hijacking in real time from Public Route Collectors. However, by using AS-Path Prepending, a well-known traffic engineering technique, hijackers could adjust the influence scope of hijacks to potentially avoid Public Route Collectors. This thesis investigates fist, whether AS-Path Prepending is sufficient to hide from Public Route Collector, and second whether the hijacker can predict its hijack’s stealthiness by simply comparing the AS path length with the victim. Last, we investigate the non-hijacker-controlled parameters, which are the geographical locations and victim prepending times if the victim also enable AS-Path Prepending for traffic engineering in our study. Our results show that on one hand, AS-Path Prepending benefits stealthy hijacks to route collectors. While on the other hand, it is not sufficient to completely hide from route collectors only using it. By simply comparing the AS paths length, the hijacker’s prediction is constructive but not practical. And non-hijacker-controlled parameters indeed can significantly affect the stealthiness of hijacking. / BGP-kapning är ett hot mot nätverksorganisationer eftersom traditionella BGP-protokoll inte har utformats med säkerheten i åtanke. För närvarande bedrivs forskning för att bekämpa kapning genom att upptäcka kapning i realtid från offentliga ruttinsamlare. Genom att använda AS-Path Prepending, en välkänd trafikteknik, kan kapare dock justera kapningarnas inflytande för att eventuellt undvika offentliga ruttinsamlare. I den här avhandlingen undersöks för det första om AS-Path Prepending är tillräckligt för att dölja sig för Public Route Collector och för det andra om kaparen kan förutsäga hur smygande kapningen är genom att helt enkelt jämföra AS Path-längden med offrets. Slutligen undersöker vi de parametrar som inte kontrolleras av kaparen, dvs. geografiska platser och offrets prependingtider om offret också aktiverar AS-Path Prepending för trafikteknik i vår studie. Våra resultat visar att AS-Path Prepending å ena sidan gynnar smygande kapningar av ruttinsamlare. Å andra sidan räcker det inte för att helt och hållet dölja sig för ruttinsamlare om man bara använder det. Genom att helt enkelt jämföra AS-vägarnas längd är kaparens förutsägelser konstruktiva men inte praktiska. Parametrar som inte kontrolleras av kaparen kan faktiskt påverka kapningens smygande på ett betydande sätt. BGP BGP Hijack Stealthy IP prefix hijacking AS-Path Prepending BGP monitoring BGP BGP Hijack Stealthy IP prefix hijacking AS-Path Prepending BGP-övervakning Computer and Information Sciences Data- och informationsvetenskap
6	'n Kriminologiese ondersoek na motorvoertuigkaping met spesifieke verwysing na slagoffervatbaarheid, slagofferaandadigheid en die modus operandi van die oortreder (Afrikaans) Davis, Linda 24 March 2004 (has links) The nature and extent of vehicle hijacking is increasing world-wide. Vehicle hijacking is also one of the most serious crimes the South African Police Service has to deal with. The climate of violence that currently exists in South Africa and the need for more knowledge concerning priority crimes necessitate research on this topic. Although research that has been undertaken in South Africa to date focuses on the nature and extent of vehicle hijacking as well as the victim’s experience of the event, little empirical information exists regarding the modus operandi of offenders and the victim’s role in the commission of the crime. On account of this it was decided to investigate the planning, operational and escaping phases which reflect the modus operandi of the hijacker. An attempt was also made to determine the extent to which victims are vulnerable to vehicle hijacking and how individuals could contribute to their victimisation. To test the research expectations and hypotheses, 110 victims and 12 vehicle hijackers were involved in the study. A mailed questionnaire was sent to the victims, while interviews were conducted with 12 hijackers in the Pretoria Central Prison. Based upon the analysis and interpretation of the data it was found that most hijackers spend at least some time on the planning of a vehicle hijacking. They also considered both the positive (namely the financial advantage gained from hijacking) and the negative aspects (namely injuries, death, arrest and imprisonment) associated with committing the crime. Analysis of the data shows that vehicle hijacking does not occur involuntarily and that hijackers select specific targets. Although the misconception exists that the vehicle and the motorist are equally important during the selection of the target, the findings show that the vehicle which is on order, serves as the main reason for target selection. The race of the motorist as well as the number of passengers in the vehicle are the only two variables that influence hijackers not to select an identified target. Furthermore, it seems evident that the presence of policy officials is the only environmental factor that will deter a hijacker from committing the crime. The findings also show that hijackers prefer a specific day, time, place and circumstances to hijack a vehicle and that hijacking is a group activity that is executed by two to four males. Verbal threats as well as violence form part of the hijacking. It appears that race and occupation are the only two demographic variables that influence vulnerability. The make and value of the vehicle as well as the number of passengers in the vehicle could increase a victim’s potential risk for victimisation. The findings show that victims cannot be held accountable for a vehicle hijacking. Victims rarely neglect to take the necessary precautions against victimisation, enter potentially dangerous situations and/or drive recklessly. Based upon that findings, certain conclusions with regard to the aims of the study are reached. Based on this, recommendations are made concerning further research as well as suggestions regarding the prevention of vehicle hijacking. / Thesis (DPhil(Criminology))--University of Pretoria, 2005. / Social Work and Criminology / Unrestricted Victim vulnerability Victim susceptibility Victim complicity Kaping Motorvoertuigkaping Roof Slagoffervatbaarheid Slagofferaandadigheid Modus operandi Robbery Hijack Carjacking Hijacking UCTD
7	Group based psychological intervention of post-traumatic stress disorder in car hijacking Hetz, Batia 13 August 2012 (has links) D.Litt. et Phil. / A plethora of research has been conducted on victims of township violence, detention and political unrest, but there is no research on car hijack victims or the prevalence of Post-Traumatic Stress Disorder (PTSD), which could result from this crime. The implications of this lack of research are important because people are confronted by trauma on a daily basis but there are few guidelines for providing treatment. Hijackings are a somewhat recent phenomenon unlike other traumas such as wars and natural disasters, but the effects of hijacking are no less severe. Post-Traumatic Stress Disorder (PTSD) always requires an initiating event which is assumed to be traumatic. The context in which car hijackings occur in South Africa can be considered to meet the criteria for what constitutes a traumatic event, which could possibly lead to the development of PTSD (Myerson, 1995). Not all crime victims who need professional assistance will enter therapy. This is often due to the victim's self-perception of weakness, feelings of embarrassment, or the perception that others will not understand their experience. A group-based intervention offers the advantages of reducing isolation, providing comfort and support, and eliminating feelings of stigma. For this reason it was important to analyse the nature of PTSD and how to intervene to aid the recovery from PTSD, in the South African context. The literature points to the recovery from PTSD as being contingent upon the psychotherapeutic input that the traumatised individual receives. This research focused on the development of a group-based cognitive behaviour intervention programme for victims who developed Post-Traumatic Stress Disorder as a result of car hijackings. Cognitive behavioural therapy is the only treatment modality that is supported by objective measures of success (Peterson, Prout & Schwartz, 1991) and has been found to be one of the most effective treatments (Kaplan & Sadock, 1993). In order to test the hypotheses, the Beck's Depression Inventory was used to measure the level of depression, the Spielburger's Stai Anxiety scale was used to measure the level of anxiety, and the CAPS and PCL were used to determine whether Post-Traumatic Stress Disorder existed in the individuals who participated in the study and the intensity and frequency of the symptoms. Car hijack victims - Psychology

1

Page generated in 0.0271 seconds