Enhancing Software Security through Modeling Attacker Profiles

Hussein, Nesrin

21 September 2018

No description available.

Computer Science

security requirements

Non-functional requirements

security related test cases

Identification of Security Relevant Characteristics in Distributed Information Systems / Identifiering av egenskaper relevanta för säkerheten i distribuerade informationssystem

Stjerneby, Anna

January 2002

<p>This thesis suggests a set of system characteristics to be used when evaluating or analyzing the IT security of a distributed information system. Each characteristic is meant to be considered in the evaluation of relevant distributed system components. This is considered to be the first step towards finding a technique for modeling and evaluating the security of a system. The work also includes a definition of distributed information system components and a categorization of the found characteristics. The means used to identify the set of characteristics include a thorough investigation of the literature on the relevant subject, as well as a brainstorming session. Thereafter the material has been structured to form the results presented in this thesis.</p>

Informationsteknik

IT security

distributed information systems

security architecture

security-related system characteristics

Informationsteknik

Information technology

Informationsteknik

Identification of Security Relevant Characteristics in Distributed Information Systems / Identifiering av egenskaper relevanta för säkerheten i distribuerade informationssystem

Stjerneby, Anna

January 2002

This thesis suggests a set of system characteristics to be used when evaluating or analyzing the IT security of a distributed information system. Each characteristic is meant to be considered in the evaluation of relevant distributed system components. This is considered to be the first step towards finding a technique for modeling and evaluating the security of a system. The work also includes a definition of distributed information system components and a categorization of the found characteristics. The means used to identify the set of characteristics include a thorough investigation of the literature on the relevant subject, as well as a brainstorming session. Thereafter the material has been structured to form the results presented in this thesis.

Informationsteknik

IT security

distributed information systems

security architecture

security-related system characteristics

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Community-Based Armed Groups: Towards a Conceptualization of Militias, Gangs, and Vigilantes

Schuberth, Moritz

03 July 2015

yes / The proliferation of irregular armed actors which defy simplistic definition has caught public and academic attention alike, not least in the pages of this journal. To move the debate on non-state armed groups (NSAGs) forward, this article seeks to enhance our conceptual understanding of parochial armed groups which are not primarily driven by ideological or religious objectives. Thus, this article clarifies similarities as well as differences between subtypes of community-based armed groups (CBAGs) on the one hand, and between CBAGs and other NSAGs, on the other hand. By doing so, a typology is developed that classifies militias, gangs and vigilantes on the basis of their political, economic and security-related dimensions. The resulting ideal types are discussed through the lenses of different explanatory frameworks and policy debates in the field of contemporary security studies. A major typological issue is the tendency for CBAGs to ‘turn bad’ and become threats to the stability they were expected to transform, becoming a serious problem in countries where they operate. It is concluded that the challenge of CBAGs ultimately needs to be addressed by putting in place a functioning state that can tackle the underlying woes that led to their proliferation in the first place.

Transaction synchronization and privacy aspect in blockchain decentralized applications

Ongkasuwan, Patarawan

January 2020

The ideas and techniques of cryptography and decentralized storage have seen tremendous growth in many industries, as they have been adopted to improve activities in the organization. That called Blockchain technology, it provides an effective transparency solution. Generally, Blockchain has been used for digital currency or cryptocurrency since its inception. One of the best-known Blockchain protocols is Ethereum, which has invented the smart contract to enable Blockchain’s ability to execute a condition, rather than simply acting as storage. Applications that adopt this technology are called ‘Dapps’ or ‘decentralized applications’. However, there are ongoing arguments about synchronization associated with the system. System synchronization is currently extremely important for applications, because the waiting time for a transaction to be verified can cause dissatisfaction in the user experience. Several studies have revealed that privacy leakage occurs, even though the Blockchain provides a degree of security, as a result of the traditional transaction, which requires approval through an intermediate institution. For instance, a bank needs to process transactions via many constitution parties before receiving the final confirmation, which requires the user to wait for a considerable amount of time. This thesis describes the challenge of transaction synchronization between the user and smart contract, as well as the matter of a privacy strategy for the system and compliance. To approach these two challenges, the first task separates different events and evaluates the results compared to an alternative solution. This is done by testing the smart contract to find the best gas price result, which varies over time. In the Ethereum protocol, gas price is one of the best ways to decrease the transaction time to meet user expectations. The gas price is affected by the code structure and the network. In the smart contract, testing is run based on two cases, and solves platform issues such as runners and user experience and reduces costs. It has also been found that collecting the fee before participating in an auction can prevent the problem of runners. The second case aims to prove that freezing the amount of a bid is the best way to increase the user’s experience, and to achieve the better experience of an online auction. The second challenge mainly focuses on the privacy strategy and risk management for the platform, which involves identifying possible solutions for all risk situations, as well as detecting, forecasting and preventing them. Providing strategies, such as securing the smart contract structure, increasing the encryption method in the database, designing a term sheet and agreement, and authorization, help to prevent system vulnerabilities. Therefore, this research aims to improve and investigate an online auction platform by using a Blockchain smart contract to provide evocative user experiences. / Idéer och tekniker för kryptografi och decentraliserad lagring har haft en enorm tillväxt i många branscher, eftersom de har antagits för att förbättra verksamheten i organisationen. Den som kallas Blockchain-tekniken ger den en effektiv transparenslösning. Generellt har Blockchain använts för digital valuta eller cryptocurrency sedan starten. Ett av de mest kända Blockchainprotokollen är Ethereum, som har uppfunnit det smarta kontraktet för att möjliggöra Blockchains förmåga att utföra ett villkor, snarare än att bara fungera som lagring. Applikationer som använder denna teknik kallas 'Dapps' eller 'decentraliserade applikationer'. Det finns emellertid pågående argument om synkronisering associerad med systemet. Systemsynkronisering är för närvarande oerhört viktigt för applikationer, eftersom väntetiden för att en transaktion ska verifieras kan orsaka missnöje i användarupplevelsen. Flera studier har visat att sekretessläckage inträffar, även om Blockchain ger en viss säkerhet, till följd av den traditionella transaktionen, som kräver godkännande genom en mellaninstitution. Till exempel måste en bank bearbeta transaktioner via många konstitutionspartier innan den får den slutliga bekräftelsen, vilket kräver att användaren väntar en betydande tid. Den här avhandlingen beskriver utmaningen med transaktionssynkronisering mellan användaren och smart kontrakt, samt frågan om en sekretessstrategi för systemet och efterlevnad. För att närma sig dessa två utmaningar separerar den första uppgiften olika händelser och utvärderar resultaten jämfört med en alternativ lösning. Detta görs genom att testa det smarta kontraktet för att hitta det bästa gasprisresultatet, som varierar över tiden. I Ethereum-protokollet är gaspriset ett av de bästa sätten att minska transaktionstiden för att möta användarens förväntningar. Gaspriset påverkas av kodstrukturen och nätverket. I det smarta kontraktet körs test baserat på två fall och löser plattformsproblem som löpare och användarupplevelse och minskar kostnaderna. Det har också visat sig att insamlingen av avgiften innan du deltar i en auktion kan förhindra löparproblemet. Det andra fallet syftar till att bevisa att frysning av budbeloppet är det bästa sättet att öka användarens upplevelse och att uppnå en bättre upplevelse av en online auktion. Den andra utmaningen fokuserar huvudsakligen på sekretessstrategin och riskhanteringen för plattformen, som innebär att identifiera möjliga lösningar för alla risksituationer, samt att upptäcka, förutse och förhindra dem. Tillhandahållande av strategier, som att säkra den smarta kontraktsstrukturen, öka krypteringsmetoden i databasen, utforma ett termblad och avtal och godkännande, hjälper till att förhindra systemets sårbarheter. Därför syftar denna forskning till att förbättra och undersöka en online-auktionsplattform genom att använda ett smart avtal med Blockchain för att ge upplevande användarupplevelser.

Blockchain

distributed database

distributed ledger

digital ledgers

centralized database

decentralized database

Ethereum

Blockchain synchronization

security-related

cryptocurrency

digital currency

transaction

user experience

privacy strategy

smart contract

risk

Blockchain

distribuerad storbok

digital ledbok

centraliserad databas

decentraliserad databas

Ethereum

Blockchain-synkronisering

säkerhetsrelaterad

cryptocurrency

digital valuta

transaktion

användarupplevelse

sekretessstrategi

smart kontrakt

risk

Computer and Information Sciences

Data- och informationsvetenskap