DI-SEC: Distributed Security Framework for Heterogeneous Wireless Sensor Networks

Valero, Marco

16 April 2012

Wireless Sensor Networks (WSNs) are deployed for monitoring in a range of critical domains (e.g., health care, military, critical infrastructure). Accordingly, these WSNs should be resilient to attacks. The current approach to defending against malicious threats is to develop and deploy a specific defense mechanism for a specific attack. However, the problem with this traditional approach to defending sensor networks is that the solution for one attack (i.e., Jamming attack) does not defend against other attacks (e.g., Sybil and Selective Forwarding). This work addresses the challenges with the traditional approach to securing sensor networks and presents a comprehensive framework, Di-Sec, that can defend against all known and forthcoming attacks. At the heart of Di-Sec lies the monitoring core (M-Core), which is an extensible and lightweight layer that gathers information and statistics relevant for creating defense modules. Along with Di-Sec, a new user-friendly domain-specific language was developed, the M-Core Control Language (MCL). Using the MCL, a user can implement new defense mechanisms without the overhead of learning the details of the underlying software architecture (i.e., TinyOS, Di-Sec). Hence, the MCL expedites the development of sensor defense mechanisms by significantly simplifying the coding process for developers. The Di-Sec framework has been implemented and tested on real sensors to evaluate its feasibility and performance. Our evaluation shows that Di-Sec is feasible on today’s resource-limited sensors and has a nominal overhead. Furthermore, we illustrate the functionality of Di-Sec by implementing four detection and defense mechanisms for attacks at various layers of the communication stack.

Di-Sec

Security Framework

Monitoring Core

Wireless Sensor Networks

Towards a security framework for the semantic web

Mbaya, Ibrahim Rajab

30 November 2007

With the increasing use of the Web and the need to automate, interoperate, and reason about resources and services on the Web, the Semantic Web aims to provide solutions for the future needs of World Wide Web computing. However, the autonomous, dynamic, open, distributed and heterogeneous nature of the Semantic Web introduces new security challenges. Various security standards and mechanisms exist that address different security aspects of the current Web and Internet, but these have not been integrated to address security aspects of the Semantic Web specifically. Hence, there is a need to have a security framework that integrates these disparate security tools to provide a holistic, secure environment for the Semantic Web. This study proposes a security framework that provides various security functionalities to Semantic Web entities, namely, agents, Web services and Web resources. The study commences with a literature survey carried out in order to establish security aspects related to the Semantic Web. In addition, requirements for a security framework for the Semantic Web are extracted from the literature. This is followed by a model-building study that is used to compile a security framework for the Semantic Web. In order to prove the feasibility thereof, the framework is then applied to different application scenarios as a proof-of-concept. Following the results of the evaluation, it is possible to argue that the proposed security framework allows for the description of security concepts and service workflows, reasoning about security concepts and policies, as well as the specification of security policies, security services and security mechanisms. The security framework is therefore useful in addressing the identified security requirements of the Semantic Web. / School of Computing / M.Sc. (Computer Science)

Semantic Web

Security

Agents

Web services

Security framework

005.8

Computer security

Data protection

Agentless endpoint security monitoring framework

Ghaleb, Asem

28 May 2019

Existing endpoint security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored hosts increases, agents installation, con figuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for security monitoring of computing systems. The computing hosts are accessed by the monitoring framework running on a central server. Since the monitoring framework is separate from the computing hosts for which the monitoring is being performed, the various security models of the framework can perform data retrieval and analysis without utilizing agents executing within the computing hosts. The monitoring framework retrieves transparently raw data from the monitored computing hosts that are then fed to the security modules integrated with the framework. These modules analyze the received data to perform security monitoring of the target computing hosts. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on computing hosts based on the data collected using the introduced framework. / Graduate

Agentless

Agentless monitoring

Agentless security monitoring

security framework

security monitoring framework

endpoint security monitoring

security monitoring

Bulk electric system reliability simulation and application

Wangdee, Wijarn

19 December 2005

Bulk electric system reliability analysis is an important activity in both vertically integrated and unbundled electric power utilities. Competition and uncertainty in the new deregulated electric utility industry are serious concerns. New planning criteria with broader engineering consideration of transmission access and consistent risk assessment must be explicitly addressed. Modern developments in high speed computation facilities now permit the realistic utilization of sequential Monte Carlo simulation technique in practical bulk electric system reliability assessment resulting in a more complete understanding of bulk electric system risks and associated uncertainties. Two significant advantages when utilizing sequential simulation are the ability to obtain accurate frequency and duration indices, and the opportunity to synthesize reliability index probability distributions which describe the annual index variability. <p>This research work introduces the concept of applying reliability index probability distributions to assess bulk electric system risk. Bulk electric system reliability performance index probability distributions are used as integral elements in a performance based regulation (PBR) mechanism. An appreciation of the annual variability of the reliability performance indices can assist power engineers and risk managers to manage and control future potential risks under a PBR reward/penalty structure. There is growing interest in combining deterministic considerations with probabilistic assessment in order to evaluate the system well-being of bulk electric systems and to evaluate the likelihood, not only of entering a complete failure state, but also the likelihood of being very close to trouble. The system well-being concept presented in this thesis is a probabilistic framework that incorporates the accepted deterministic N-1 security criterion, and provides valuable information on what the degree of the system vulnerability might be under a particular system condition using a quantitative interpretation of the degree of system security and insecurity. An overall reliability analysis framework considering both adequacy and security perspectives is proposed using system well-being analysis and traditional adequacy assessment. The system planning process using combined adequacy and security considerations offers an additional reliability-based dimension. Sequential Monte Carlo simulation is also ideally suited to the analysis of intermittent generating resources such as wind energy conversion systems (WECS) as its framework can incorporate the chronological characteristics of wind. The reliability impacts of wind power in a bulk electric system are examined in this thesis. Transmission reinforcement planning associated with large-scale WECS and the utilization of reliability cost/worth analysis in the examination of reinforcement alternatives are also illustrated.

Wind Power

Reliability Evaluation

Combined Adequacy and Security Framework

Sequential Monte Carlo Simulation

Power Systems

Bulk electric system reliability simulation and application

Wangdee, Wijarn

19 December 2005

Bulk electric system reliability analysis is an important activity in both vertically integrated and unbundled electric power utilities. Competition and uncertainty in the new deregulated electric utility industry are serious concerns. New planning criteria with broader engineering consideration of transmission access and consistent risk assessment must be explicitly addressed. Modern developments in high speed computation facilities now permit the realistic utilization of sequential Monte Carlo simulation technique in practical bulk electric system reliability assessment resulting in a more complete understanding of bulk electric system risks and associated uncertainties. Two significant advantages when utilizing sequential simulation are the ability to obtain accurate frequency and duration indices, and the opportunity to synthesize reliability index probability distributions which describe the annual index variability. <p>This research work introduces the concept of applying reliability index probability distributions to assess bulk electric system risk. Bulk electric system reliability performance index probability distributions are used as integral elements in a performance based regulation (PBR) mechanism. An appreciation of the annual variability of the reliability performance indices can assist power engineers and risk managers to manage and control future potential risks under a PBR reward/penalty structure. There is growing interest in combining deterministic considerations with probabilistic assessment in order to evaluate the system well-being of bulk electric systems and to evaluate the likelihood, not only of entering a complete failure state, but also the likelihood of being very close to trouble. The system well-being concept presented in this thesis is a probabilistic framework that incorporates the accepted deterministic N-1 security criterion, and provides valuable information on what the degree of the system vulnerability might be under a particular system condition using a quantitative interpretation of the degree of system security and insecurity. An overall reliability analysis framework considering both adequacy and security perspectives is proposed using system well-being analysis and traditional adequacy assessment. The system planning process using combined adequacy and security considerations offers an additional reliability-based dimension. Sequential Monte Carlo simulation is also ideally suited to the analysis of intermittent generating resources such as wind energy conversion systems (WECS) as its framework can incorporate the chronological characteristics of wind. The reliability impacts of wind power in a bulk electric system are examined in this thesis. Transmission reinforcement planning associated with large-scale WECS and the utilization of reliability cost/worth analysis in the examination of reinforcement alternatives are also illustrated.

Wind Power

Reliability Evaluation

Combined Adequacy and Security Framework

Sequential Monte Carlo Simulation

Power Systems

A simulation-based methodology for the assessment of server-based security architectures for mobile ad hoc networks (MANETs)

Darwish, Salaheddin

January 2015

A Mobile Ad hoc Network (MANET) is typically a set of wireless mobile nodes enabled to communicate dynamically in a multi-hop manner without any pre-existing network infrastructure. MANETs have several unique characteristics in contrast to other typical networks, such as dynamic topology, intermittent connectivity, limited resources, and lack of physical security. Securing MANETs is a critical issue as these are vulnerable to many different attacks and failures and have no clear line of defence. To develop effective security services in MANETs, it is important to consider an appropriate trust infrastructure which is tailored to a given MANET and associated application. However, most of the proposed trust infrastructures do not to take the MANET application context into account. This may result in overly secure MANETs that incur an increase in performance and communication overheads due to possible unnecessary security measures. Designing and evaluating trust infrastructures for MANETs is very challenging. This stems from several pivotal overlapping aspects such as MANET constraints, application settings and performance. Also, there is a lack of practical approaches for assessing security in MANETs that take into account most of these aspects. Based on this, this thesis provides a methodological approach which consists of well-structured stages that allows the exploration of possible security alternatives and evaluates these alternatives against dimensions to selecting the best option. These dimensions include the operational level, security strength, performance, MANET contexts along with main security components in a form of a multidimensional security conceptual framework. The methodology describes interdependencies among these dimensions, focusing specifically on the service operational level in the network. To explore these different possibilities, the Server-based Security Architectures for MANETs (SSAM) simulation model has been created in the OMNeT++ simulation language. The thesis describes the conceptualisation, implementation, verification and validation of SSAM, as well as experimentation approaches that use SSAM to support the methodology of this thesis. In addition, three different real cases scenarios (academic, emergency and military domains) are incorporated in this study to substantiate the feasibility of the proposed methodology. The outcome of this approach provides MANET developers with a strategy along with guidelines of how to consider the appropriate security infrastructure that satisfies the settings and requirements of given MANET context.

004.6

Towards a security framework for the semantic web

Mbaya, Ibrahim Rajab

30 November 2007

With the increasing use of the Web and the need to automate, interoperate, and reason about resources and services on the Web, the Semantic Web aims to provide solutions for the future needs of World Wide Web computing. However, the autonomous, dynamic, open, distributed and heterogeneous nature of the Semantic Web introduces new security challenges. Various security standards and mechanisms exist that address different security aspects of the current Web and Internet, but these have not been integrated to address security aspects of the Semantic Web specifically. Hence, there is a need to have a security framework that integrates these disparate security tools to provide a holistic, secure environment for the Semantic Web. This study proposes a security framework that provides various security functionalities to Semantic Web entities, namely, agents, Web services and Web resources. The study commences with a literature survey carried out in order to establish security aspects related to the Semantic Web. In addition, requirements for a security framework for the Semantic Web are extracted from the literature. This is followed by a model-building study that is used to compile a security framework for the Semantic Web. In order to prove the feasibility thereof, the framework is then applied to different application scenarios as a proof-of-concept. Following the results of the evaluation, it is possible to argue that the proposed security framework allows for the description of security concepts and service workflows, reasoning about security concepts and policies, as well as the specification of security policies, security services and security mechanisms. The security framework is therefore useful in addressing the identified security requirements of the Semantic Web. / School of Computing / M.Sc. (Computer Science)

Semantic Web

Security

Agents

Web services

Security framework

005.8

Computer security

Data protection

An Anomaly Behavior Analysis Methodology for the Internet of Things: Design, Analysis, and Evaluation

Pacheco Ramirez, Jesus Horacio, Pacheco Ramirez, Jesus Horacio

January 2017

Advances in mobile and pervasive computing, social network technologies and the exponential growth in Internet applications and services will lead to the development of the Internet of Things (IoT). The IoT services will be a key enabling technology to the development of smart infrastructures that will revolutionize the way we do business, manage critical services, and how we secure, protect, and entertain ourselves. Large-scale IoT applications, such as critical infrastructures (e.g., smart grid, smart transportation, smart buildings, etc.) are distributed systems, characterized by interdependence, cooperation, competition, and adaptation. The integration of IoT premises with sensors, actuators, and control devices allows smart infrastructures to achieve reliable and efficient operations, and to significantly reduce operational costs. However, with the use of IoT, we are experiencing grand challenges to secure and protect such advanced information services due to the significant increase in the attack surface. The interconnections between a growing number of devices expose the vulnerability of IoT applications to attackers. Even devices which are intended to operate in isolation are sometimes connected to the Internet due to careless configuration or to satisfy special needs (e.g., they need to be remotely managed). The security challenge consists of identifying accurately IoT devices, promptly detect vulnerabilities and exploitations of IoT devices, and stop or mitigate the impact of cyberattacks. An Intrusion Detection System (IDS) is in charge of monitoring the behavior of protected systems and is looking for malicious activities or policy violations in order to produce reports to a management station or even perform proactive countermeasures against the detected threat. Anomaly behavior detection is a technique that aims at creating models for the normal behavior of the network and detects any significant deviation from normal operations. With the ability to detect new and novel attacks, the anomaly detection is a promising IDS technique that is actively pursued by researchers. Since each IoT application has its own specification, it is hard to develop a single IDS which works properly for all IoT layers. A better approach is to design customized intrusion detection engines for different layers and then aggregate the analysis results from these engines. On the other hand, it would be cumbersome and takes a lot of effort and knowledge to manually extract the specification of each system. So it will be appropriate to formulate our methodology based on machine learning techniques which can be applied to produce efficient detection engines for different IoT applications. In this dissertation we aim at formalizing a general methodology to perform anomaly behavior analysis for IoT. We first introduce our IoT architecture for smart infrastructures that consists of four layers: end nodes (devices), communications, services, and application. Then we show our multilayer IoT security framework and IoT architecture that consists of five planes: function specification or model plane, attack surface plane, impact plane, mitigation plane, and priority plane. We then present a methodology to develop a general threat model in order to recognize the vulnerabilities in each layer and the possible countermeasures that can be deployed to mitigate their exploitation. In this scope, we show how to develop and deploy an anomaly behavior analysis based intrusion detection system (ABA-IDS) to detect anomalies that might be triggered by attacks against devices, protocols, information or services in our IoT framework. We have evaluated our approach by launching several cyberattacks (e.g. Sensor Impersonation, Replay, and Flooding attacks) against our testbeds developed at the University of Arizona Center for Cloud and Autonomic Computing. The results show that our approach can be used to deploy effective security mechanisms to protect the normal operations of smart infrastructures integrated to the IoT. Moreover, our approach can detect known and unknown attacks against IoT with high detection rate and low false alarms.

Abnormal Behavior Analysis

Autonomic Computing

Cybersecurity

Internet of Things

Security Framework

Threat Model

DEVELOPMENT OF A FRAMEWORK TO ATTAIN WATER SECURITY IN INDIAN RURAL AREAS / インド農村地域における水安全保障の実現のための枠組みの開発

Mrittika, Basu

23 March 2016

京都大学 / 0048 / 新制・課程博士 / 博士(地球環境学) / 甲第19874号 / 地環博第148号 / 新制||地環||30(附属図書館) / 32910 / 京都大学大学院地球環境学舎地球環境学専攻 / (主査)教授 星野 敏, 准教授 西前 出, 准教授 中村 公人 / 学位規則第4条第1項該当 / Doctor of Global Environmental Studies / Kyoto University / DFAM

Water Security

Rural areas

Water Management

Coping and Adaptation

Rural Water Security Framework

450

A framework for the protection of mobile agents against malicious hosts

Biermann, Elmarie

30 September 2004

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance / Computing / D.Phil.

Computer security

Communication networks

Countermeasure classification

Mobile agent security framework

Security framework requirements

Threats classification

Malicious hosts

Mobile agent security

005.8

Mobile agents (Computer software)

Computer security

Computer networks -- Security measures