1 |
Inlined Reference Monitors : Certification,Concurrency and Tree Based MonitoringLundblad, Andreas January 2013 (has links)
Reference monitor inlining is a technique for enforcing security policies by injecting security checks into the untrusted software in a style similar to aspect-oriented programming. The intention is that the injected code enforces compliance with the policy (security), without adding behavior (conservativity) or affecting existing policy compliant behavior (transparency). This thesis consists of four papers which covers a range of topics including formalization of monitor inlining correctness properties, certification of inlined monitors, limitations in multithreaded settings and extensions using data-flow monitoring. The first paper addresses the problem of having a potentially complex program rewriter as part of the trusted computing base. By means of proof-carrying code we show how the inliner can be replaced by a relatively simple proof-checker. This technique also enables the use of monitor inlining for quality assurance at development time, while minimizing the need for post-shipping code rewrites. The second paper focuses on the issues associated with monitor inlining in a concurrent setting. Specifically, it discusses the problem of maintaining transparency when introducing locks for synchronizing monitor state reads and updates. Due to Java's relaxed memory model, it turns out to be impossible for a monitor to be entirely transparent without sacrificing the security property. To accommodate for this, the paper proposes a set of new correctness properties shown to be realistic and realizable. The third paper also focuses on problems due to concurrency and identifies a class of race-free policies that precisely characterizes the set of inlineable policies. This is done by showing that inlining of a policy outside this class is either not secure or not transparent, and by exhibiting a concrete algorithm for inlining of policies inside the class which is secure, conservative, and transparent. The paper also discusses how certification in the style of proof-carrying code could be supported in multithreaded Java programs. The fourth paper formalizes a new type of data centric runtime monitoring which combines monitor inlining with taint tracking. As opposed to ordinary techniques which focus on monitoring linear flows of events, the approach presented here relies on tree shaped traces. The paper describes how the approach can be efficiently implemented and presents a denotational semantics for a simple ``while'' language illustrating how the theoretical foundations is to be used in a practical setting. Each paper is concluded by a practical evaluation of the theoretical results, based on a prototype implementation and case studies on real-world applications and policies. / Referensmonitorinvävning, eller monitorinvävning, är en teknik som används för att se till att en given säkerhetspolicy efterföljs under exekvering av potentiellt skadlig kod. Tekniken går ut på att bädda in en uppsättning säkerhetskontroller (en säkerhetsmonitor) i koden på ett sätt som kan jämföras med aspektorienterad programmering. Syftet med den invävda monitorn är att garantera att policyn efterföljs (säkerhet) utan att påverka ursprungsprogrammets beteende, såvida det följer policyn (transparans och konservativitet). Denna avhandling innefattar fyra artiklar som tillsammans täcker in en rad ämnen rörande monitorinvävning. Bland annat diskuteras formalisering av korrekthetsegenskaper hos invävda monitorer, certifiering av invävda monitorer, begränsningar i multitrådade program och utökningar för hantering av dataflödesmonitorering. Den första artikeln behandlar problemen associerade med att ha en potentiellt komplex programmodifierare som del i den säkerhetskritiska komponenten av ett datorsystem. Genom så kallad bevisbärande kod visar vi hur en monitorinvävare kan ersättas av en relativt enkel beviskontrollerare. Denna teknik möjliggör även användandet av monitorinvävning som hjälpmedel för programutvecklare och eliminerar behovet av programmodifikationer efter att programmet distribuerats. Den andra artikeln fokuserar på problemen kring invävning av monitorer i multitrådade program. Artikeln diskuterar problemen kring att upprätthålla transparans trots införandet av lås för synkronisering av läsningar av och skrivningar till säkerhetstillståndet. På grund av Javas minnesmodell visar det sig dock omöjligt att bädda in en säkerhetsmonitor på ett säkert och transparent sätt. För att ackommodera för detta föreslås en ny uppsättning korrekthetsegenskaper som visas vara realistiska och realiserbara. Den tredje artikeln fokuserar även den på problemen kring flertrådad exekvering och karaktäriserar en egenskap för en policy som är tillräcklig och nödvändig för att både säkerhet och transparens ska uppnås. Detta görs genom att visa att en policy utan egenskapen inte kan upprätthållas på ett säkert och transparent sätt, och genom att beskriva en implementation av en monitorinvävare som är säker och transparent för en policy som har egenskapen. Artikeln diskuterar också hur certifiering av säkerhetsmonitorer i flertrådade program kan realiseras genom bevisbärande kod. Den fjärde artikeln beskriver en ny typ av datacentrisk säkerhetsmonitorering som kombinerar monitorinvävning med dataflödesanalys. Till skillnad mot existerande tekniker som fokuserar på linjära sekvenser av säkerhetskritiska händelser förlitar sig tekniken som presenteras här på trädformade händelsesekvenser. Artikeln beskriver hur tekniken kan implementeras på ett effektivt sätt med hjälp av abstraktion. Varje artikel avslutas med en praktisk evaluering av de teoretiska resultaten baserat på en prototypimplementation och fallstudier av verkliga program och säkerhetsegenskaper. / <p>QC 20130220</p>
|
2 |
A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education InstitutionsWaddell, Stanie Adolphus 01 January 2013 (has links)
Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and Fulford undertook two studies in 2003 and in 2005 respectively that sought to catalogue the impact of the information security policy on breaches at businesses in the United Kingdom. The pair went on to call for additional studies in differing industry segments.
This dissertation built upon Doherty and Fulford (2005). It sought to add to the body of knowledge by determining the statistical significance of the information security policy on breaches within Higher education. This research was able to corroborate the findings from Doherty and Fulford's original research. There were no observed statistically significant relationships between information security policies and the frequency and severity of information security breaches. This study also made novel contributions to the body of knowledge that included the analysis of the statistical relationships between information security awareness programs and information security breaches.
This effort also analyzed the statistical relationships between information security policy enforcement and breaches. The results of the analysis indicated no statistically significant relationships. Additionally, this research observed that while information security policies are heavily utilized by colleges and universities, security awareness training is not heavily employed by institutions of higher education. This research noted that many institutions reported not having consistent enforcement of information security policies.
The data observed during this research implies there is room for additional coverage of formal information security awareness programs and potentially a call to attempt alternative training methods to achieve a reduction of the occurrences and impact of security breaches. There is room for greater adoption of consistent enforcement of policy at higher education organizations. The results of this dissertation suggest that the existence of policy, training, and enforcement activities in and of themselves are not enough to sufficiently curtail breaches. Additional studies should be performed to better understand how breaches can be reduced.
|
3 |
AUTOMATED NETWORK SECURITY WITH EXCEPTIONS USING SDNRivera Polanco, Sergio A. 01 January 2019 (has links)
Campus networks have recently experienced a proliferation of devices ranging from personal use devices (e.g. smartphones, laptops, tablets), to special-purpose network equipment (e.g. firewalls, network address translation boxes, network caches, load balancers, virtual private network servers, and authentication servers), as well as special-purpose systems (badge readers, IP phones, cameras, location trackers, etc.). To establish directives and regulations regarding the ways in which these heterogeneous systems are allowed to interact with each other and the network infrastructure, organizations typically appoint policy writing committees (PWCs) to create acceptable use policy (AUP) documents describing the rules and behavioral guidelines that all campus network interactions must abide by.
While users are the audience for AUP documents produced by an organization's PWC, network administrators are the responsible party enforcing the contents of such policies using low-level CLI instructions and configuration files that are typically difficult to understand and are almost impossible to show that they do, in fact, enforce the AUPs. In other words, mapping the contents of imprecise unstructured sentences into technical configurations is a challenging task that relies on the interpretation and expertise of the network operator carrying out the policy enforcement. Moreover, there are multiple places where policy enforcement can take place. For example, policies governing servers (e.g., web, mail, and file servers) are often encoded into the server's configuration files. However, from a security perspective, conflating policy enforcement with server configuration is a dangerous practice because minor server misconfigurations could open up avenues for security exploits. On the other hand, policies that are enforced in the network tend to rarely change over time and are often based on one-size-fits-all policies that can severely limit the fast-paced dynamics of emerging research workflows found in campus networks.
This dissertation addresses the above problems by leveraging recent advances in Software-Defined Networking (SDN) to support systems that enable novel in-network approaches developed to support an organization's network security policies. Namely, we introduce PoLanCO, a human-readable yet technically-precise policy language that serves as a middle-ground between the imprecise statements found in AUPs and the technical low-level mechanisms used to implement them. Real-world examples show that PoLanCO is capable of implementing a wide range of policies found in campus networks. In addition, we also present the concept of Network Security Caps, an enforcement layer that separates server/device functionality from policy enforcement. A Network Security Cap intercepts packets coming from, and going to, servers and ensures policy compliance before allowing network devices to process packets using the traditional forwarding mechanisms. Lastly, we propose the on-demand security exceptions model to cope with the dynamics of emerging research workflows that are not suited for a one-size-fits-all security approach. In the proposed model, network users and providers establish trust relationships that can be used to temporarily bypass the policy compliance checks applied to general-purpose traffic -- typically by network appliances that perform Deep Packet Inspection, thereby creating network bottlenecks. We describe the components of a prototype exception system as well as experiments showing that through short-lived exceptions researchers can realize significant improvements for their special-purpose traffic.
|
4 |
An Xacml Based Framework For Structured Patient Privacy Policy (s3p)Mizani, Mehrdad Alizadeh 01 September 2006 (has links) (PDF)
The emergence of electronic healthcare have caused numerous changes in both substantive and procedural aspects of healthcare processes. Such changes have introduced new risks to patient privacy and information confidentiality. Traditional privacy policies fall too short to respond to privacy needs of patients in electronic healthcare. Structured and enforceable policies are needed in order to protect patient privacy in modern healthcare with its cross organizational information sharing and decision making. Structured Patient Privacy Policy (S3P) is a framework for a formalized and enforceable privacy policy in healthcare. S3P contains a prototype implementation of a structured and enforceable privacy policy based on eXtensible Access Control Markup Language (XACML). By simulating healthcare scenarios, S3P provides a means for experts from different professional backgrounds to assess
the effect of policies on healthcare processes and to reach ethically sound privacy policies suitable for electronic healthcare.
|
5 |
Program monitoring in a mandatory-results modelReddy, Srikar Reddy 01 June 2009 (has links)
In many real enforcement systems, a security-relevant action must return a result before the application program that invoked that action can continue to execute. However, current models of runtime mechanisms do not capture this requirement on results being returned to application programs; current models are limited to reasoning about policies and enforcement in terms of actions alone, without considering the results of those actions. This thesis presents a more general model of runtime policy enforcement in which all actions return (possibly void- or unit-type) results. This mandatory-results model more accurately reflects the capabilities and limitations of real enforcement mechanisms, particularly those mechanisms that operate by monitoring function/method invocations. We analyze the new model to show that result-returning runtime monitors enforce a strict superset of the safety policies, including some nontrivial liveness policies.
|
6 |
Aplicação de políticas de middleboes com o uso de softaware-definidned networkingPINHEIRO, Antônio Janael 24 February 2016 (has links)
Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-03-02T14:42:14Z
No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Dissertação_Antônio_Janael_Pinheiro.pdf: 3669454 bytes, checksum: b097ebe7fc031e2189613f6f98fadd4d (MD5) / Made available in DSpace on 2017-03-02T14:42:14Z (GMT). No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Dissertação_Antônio_Janael_Pinheiro.pdf: 3669454 bytes, checksum: b097ebe7fc031e2189613f6f98fadd4d (MD5)
Previous issue date: 2016-02-24 / FACEPE / Middleboxes são dispositivos de rede essenciais a inúmeras organizações, utilizados
primordialmente na adição de serviços à rede. Middleboxes realizam operações complexas e
variadas sobre o tráfego, introduzindo vários desafios ao funcionamento das redes atuais. Estes
dispositivos são configurados manualmente pelo operador de rede, o que dificulta a aplicação
correta das políticas destesmiddleboxes diante de aplicações de rede dinâmicas. Diversas soluções
foram propostas para mitigar problemas gerados pela presença demiddleboxes, porém tais
soluções não tratam das dificuldades que surgem na operação de aplicações dinâmicas. Muitas
destas soluções tornam a rede mais complexa, aumentam o seu custo e exigem a substituição
completa dosmiddleboxes existentes. Neste trabalho, é apresentada uma arquitetura baseada
em Software-Defined Networking (SDN) que tem como objetivo garantir a aplicação correta
de políticas de middleboxes na presença de aplicações dinâmicas. A arquitetura emprega o
controle centralizado e a programabilidade dos dispositivos de rede presentes em SDN para
tornar osmiddleboxes existentes capazes de aplicar corretamente suas políticas sem introdução
de complexidade à rede, sem aumento de seu custo e sem interferência no funcionamento das
aplicações. Para avaliar a arquitetura proposta, foi desenvolvido um protótipo no ambiente de
emulação Mininet com três middleboxes: um firewall, um Intrusion Detection System (IDS)
e um balanceador de carga. As aplicações utilizadas foram Voice over IP (VoIP) e web, e as
métricas de desempenho foram o atraso de pacotes, a perda de pacotes e o jitter. Testes de
hipóteses baseados noWilcoxonSigned-RankTest aplicados aos resultados atestam que, apesar
de adicionar um acréscimo tolerável no atraso de pacotes, a arquitetura proposta não gera perda
de pacotes, tampouco impacta o jitter, sendo capaz de configurar corretamente políticas de
middleboxes em um cenário de aplicações dinâmicas. / Middleboxes are essential network devices to numerous organizations, primarily to add services to the network. Middleboxes perform complex and varied operations on the traffic, introducing several challenges to the functioning of today’s networks. These devices are manually configured by the network operator, what hinders the correct application of the policies of these middleboxes dynamic network applications. Several solutions have been proposed to mitigate problems caused by the presence of middleboxes, but these solutions do not address the difficulties that arise in the operation of dynamic applications. Many of these solutions make the network more complex, increase its cost and require complete replacement of existing middleboxes. In this work, an architecture based on Software-Defined Networking (SDN) is presented that aim at ensuring the correct application of middlebox policies in the presence of dynamic applications. The architecture employs the centralized control and programmability of network devices present in SDN to make existing middleboxes able to correctly apply their policies without introducing complexity to the network, without increasing their cost and without interfering in the operation of applications. To evaluate the proposed architecture, a prototype in the Mininet emulation environment was developed with three middleboxes: a firewall, an Intrusion Detection System (IDS) and a load balancer. The applications used were Voice over IP (VoIP) calls and HTTP requests, and the performance metrics were packet delay, packet loss and jitter. Hypothesis testing based on Wilcoxon Signed-Rank Test applied to the results show that, while adding a tolerable increase in packet delay, the proposed architecture neither generates packet loss, nor impacts the jitter, being able to correctly configure middleboxes policies in a scenario of dynamic applications.
|
7 |
A National Study on 100% Tobacco-Free Campuses in the United StatesAugustine , Lisa January 2015 (has links)
No description available.
|
8 |
A framework for an adaptive early warning and response system for insider privacy breachesAlmajed, Yasser M. January 2015 (has links)
Organisations such as governments and healthcare bodies are increasingly responsible for managing large amounts of personal information, and the increasing complexity of modern information systems is causing growing concerns about the protection of these assets from insider threats. Insider threats are very difficult to handle, because the insiders have direct access to information and are trusted by their organisations. The nature of insider privacy breaches varies with the organisation’s acceptable usage policy and the attributes of an insider. However, the level of risk that insiders pose depends on insider breach scenarios including their access patterns and contextual information, such as timing of access. Protection from insider threats is a newly emerging research area, and thus, only few approaches are available that systemise the continuous monitoring of dynamic insider usage characteristics and adaptation depending on the level of risk. The aim of this research is to develop a formal framework for an adaptive early warning and response system for insider privacy breaches within dynamic software systems. This framework will allow the specification of multiple policies at different risk levels, depending on event patterns, timing constraints, and the enforcement of adaptive response actions, to interrupt insider activity. Our framework is based on Usage Control (UCON), a comprehensive model that controls previous, ongoing, and subsequent resource usage. We extend UCON to include interrupt policy decisions, in which multiple policy decisions can be expressed at different risk levels. In particular, interrupt policy decisions can be dynamically adapted upon the occurrence of an event or over time. We propose a computational model that represents the concurrent behaviour of an adaptive early warning and response system in the form of statechart. In addition, we propose a Privacy Breach Specification Language (PBSL) based on this computational model, in which event patterns, timing constraints, and the triggered early warning level are expressed in the form of policy rules. The main features of PBSL are its expressiveness, simplicity, practicality, and formal semantics. The formal semantics of the PBSL, together with a model of the mechanisms enforcing the policies, is given in an operational style. Enforcement mechanisms, which are defined by the outcomes of the policy rules, influence the system state by mutually interacting between the policy rules and the system behaviour. We demonstrate the use of this PBSL with a case study from the e-government domain that includes some real-world insider breach scenarios. The formal framework utilises a tool that supports the animation of the enforcement and policy models. This tool also supports the model checking used to formally verify the safety and progress properties of the system over the policy and the enforcement specifications.
|
9 |
Formalization of a converged internet and telecommunications service environmentBlum, Niklas January 2010 (has links)
The programmable network envisioned in the 1990s within standardization and
research for the Intelligent Network is currently coming into reality using IPbased Next Generation Networks (NGN) and applying Service-Oriented Architecture (SOA) principles for service creation, execution, and hosting. SOA is the foundation for both next-generation telecommunications and middleware architectures, which are rapidly converging on top of commodity transport services.
Services such as triple/quadruple play, multimedia messaging, and presence are enabled by the emerging service-oriented IPMultimedia Subsystem (IMS), and allow
telecommunications service providers to maintain, if not improve, their position in the marketplace. SOA becomes the de facto standard in next-generation middleware systems as the system model of choice to interconnect service consumers and providers within and between enterprises.
We leverage previous research activities in overlay networking technologies along with recent advances in network abstraction, service exposure, and service creation to develop a paradigm for a service environment providing converged Internet and Telecommunications services that we call Service Broker. Such a Service Broker provides mechanisms to combine and mediate between different service paradigms from the two domains Internet/WWW and telecommunications. Furthermore, it enables the composition of services across these domains and is capable of defining and applying temporal constraints during creation and execution time. By adding network-awareness into the service fabric, such a Service Broker may also act as a next generation network-to-service element allowing the composition of crossdomain and cross-layer network and service resources.
The contribution of this research is threefold: first, we analyze and classify principles and technologies from Information Technologies (IT) and telecommunications to identify and discuss issues allowing cross-domain composition in a converging service layer. Second, we discuss service composition methods allowing the creation of converged services on an abstract level; in particular, we present a formalized method for model-checking of such compositions. Finally, we propose a Service Broker architecture converging Internet and Telecom services. This environment enables cross-domain feature interaction in services through formalized obligation policies acting as constraints during service discovery, creation, and execution time. / Das programmierbare Netz, das Ende des 20. Jahrhunderts in der Standardisierung und Forschung für das Intelligente Netz entworfen wurde, wird nun Realität in einem auf das Internet Protokoll basierendem Netz der nächsten Generation (Next Generation Network). Hierfür kommen Prinzipien aus der Informationstechnologie, insbesondere aus dem Bereich dienstorientierte Architekturen (Service-Oriented Architecture / SOA) für die Diensterstellung, -ausführung und -betrieb zum Tragen. SOA bietet hierbei die theoretische Grundlage für Telekommunikationsnetze, vor allem jedoch für die dazugehörigen Dienstplattformen. Diese erlauben dem Telekommunikationsbetreiber seine Position in einem offenen Marktplatz der Dienste auszubauen. Dazu bedarf es allerdings möglichst flexibler Dienstumgebungen, die die Kooperation zwischen Dienstanbietern und Nutzern aus unterschiedlichsten Domänen durch Unterstützung geeigneter Werkzeuge und Mechanismen fördert.
Im Rahmen dieser Dissertation definieren wir aufbauend auf Forschungsergebnisse im Bereich Overlay-Netze, Netzabstraktion und Zugriff auf exponierte Dienste eine Service Broker genannte Dienstumgebung für konvergente Internet- und Telekommunikationsdienste. Dieser Service Broker stellt Mechanismen für die Komposition von Diensten und Mediation zwischen unterschiedlichen Dienstparadigmen und Domänenspezifika beim Dienstaufruf zur Verfügung.
Der Forschungsbeitrag dieser Arbeit findet auf unterschiedlichen Ebenen statt:
Aufbauend auf einer Analyse und Klassifikation von Technologien und Paradigmen aus den Bereichen Informationstechnologie (IT) und Telekommunikation diskutieren wir die Problemstellung der Kooperation von Diensten und deren Komposition über Domänengrenzen hinweg. In einem zweiten Schritt diskutieren wir Methoden der Dienstkomposition und präsentieren eine formalisierte Methode der modellbasierten Diensterstellung. Der Schwerpunkt der Arbeit liegt auf der Spezifikation der Service Broker Dienstumgebung und einem zugrundeliegenden Informations- und Datenmodell. Diese Architektur erlaubt die Komposition und Kooperation von Diensten über Domänengrenzen hinweg, um konvergente Internet- und Telekommunikationsdienste zu realisieren. Hierfür wird ein auf Obligationspolitiken basierendes Regelsystemformalisiert, das Interaktionen zwischen Dienstmerkmalen während der Diensterstellung und -ausführung definiert.
|
10 |
Dynamická úprava bezpečnostní politiky na platformě Android / Dynamic Security Policy Enforcement on AndroidVančo, Matúš January 2016 (has links)
This work proposes the system for dynamic enforcement of access rights on Android. Each suspicious application can be repackaged by this system, so that the access to selected private data is restricted for the outer world. The system intercepts the system calls using Aurasium framework and adds an innovative approach of tracking the information flows from the privacy-sensitive sources using tainting mechanism without need of administrator rights. There has been designed file-level and data-level taint propagation and policy enforcement based on Android binder.
|
Page generated in 0.059 seconds