The Challenges of Network Security Remediation at a Regional University.

Simons, William R

07 May 2005

This thesis describes challenges encountered during a year-long effort to improve the security of the 3,300 node administrative computer network at East Tennessee State University. The key remediation strategies used included employing the vulnerability scanner Nessus to profile the network, analyzing the scan results, and attempting to remove the most critical vulnerabilities found. The project succeeded in decreasing known “high” criticality vulnerabilities on campus by 26.1%, and confirmed four standard observations about the challenges of network administration: Vulnerability scanning is a lengthy task best performed in parallel and supported by automated data analysis.Securing a network is like trying to hit a moving target, due to an ever-increasing proliferation of networked hosts, services enabled by default install and lists of vulnerabilities to address.Failures of common sense are still among the primary threats to network security.Failing to retain management support for the security hardening process can jeopardize the project.

Nmap

Nessus

security hardening

security audit

network security

system security

computer

vulnerability remediation

Computer Sciences

Physical Sciences and Mathematics

Enhancing Trust in Reconfigurable Hardware Systems

Venugopalan, Vivek

01 March 2017

A Cyber-Physical System (CPS) is a large-scale, distributed, embedded system, consisting of various components that are glued together to realize control, computation and communication functions. Although these systems are complex, they are ubiquitous in the Internet of Things (IoT) era of autonomous vehicles/drones, smart homes, smart grids, etc. where everything is connected. These systems are vulnerable to unauthorized penetration due to the absence of proper security features and safeguards to protect important information. Examples such as the typewriter hack involving subversive chips resulting in leakage of keystroke data and hardware backdoors crippling anti-aircraft guns during an attack demonstrate the need to protect all system functions. With more focus on securing a system, trust in untrusted components at the integration stage is of a higher priority. This work builds on a red-black security system, where an architecture testbed is developed with critical and non-critical IP cores and subjected to a variety of Hardware Trojan Threats (HTTs). These attacks defeat the classic trusted hardware model assumptions and demonstrate the ability of Trojans to evade detection methods based on physical characteristics. A novel metric is defined for hardware Trojan detection, termed as HTT Detectability Metric (HDM) that leverages a weighted combination of normalized physical parameters. Security analysis results show that using HDM, 86% of the implemented Trojans were detected as compared to using power consumption, timing variation and resource utilization alone. This led to the formulation of the security requirements for the development of a novel, distributed and secure methodology for enhancing trust in systems developed under untrusted environments called FIDelity Enhancing Security (FIDES). FIDES employs a decentralized information flow control (DIFC) model that enables safe and distributed information flows between various elements of the system such as IP cores, physical memory and registers. The DIFC approach annotates/tags each data item with its sensitivity level and the identity of the participating entities during the communication. Trust enhanced FIDES (TE-FIDES) is proposed to address the vulnerabilities arising from the declassification process during communication between third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the confidentiality of the sensitive information in the system. TE-FIDES is evaluated by targeting an IoT-based smart grid CPS application, where malicious third-party soft IP cores are prevented from causing a system blackout. The resulting hardware implementation using TE-FIDES is found to be resilient to multiple hardware Trojan attacks. / Ph. D. / The Internet-of-Things (IoT) has emerged as one of the most innovative multidisciplinary paradigms combining heterogeneous sensors, software architectures, embedded hardware systems, and data analytics. With the growth in deployment of IoT systems, security of the sensors and trustworthiness of the data exchanged is of paramount significance. IoT security approaches are derived from the vulnerabilities existing in cyber-physical systems (CPS) and the countermeasures designed against them. An unauthorized penetration due to the absence of safeguards can cripple the system and leak sensitive data. This dissertation studies the vulnerabilities posed due to the presence of hardware Trojans in such IoT-based CPS. FIDelity Enhancing Security (FIDES), named after the Greek Goddess of Trust, is a novel, distributed and secure methodology proposed to address the security requirements and enhance trust of systems developed in untrusted environments. FIDES utilizes a distributed scheme that monitors the communication between the Intellectual Property (IP) cores using tags. Trust Enhanced FIDES (TE-FIDES) is proposed to reduce the vulnerabilities arising from the declassification process of the third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the integrity of the sensitive information in the system. In addition, TE-FIDES also uses a trust metric to record snapshots of each IP core’s state during the declassification process. TE-FIDES is evaluated by mapping an IoT-based CPS application and subjecting it to a variety of hardware Trojan attacks. The performance costs for resilient and trustworthy operation of the TE-FIDES implementation are evaluated and TE-FIDES proves to be resilient to the attacks with acceptable cyber costs.

Secure Computing

Trusted Computing

Resilient Computing

Root of Trust

Hardware Trojans

Cyber Physical System Security

Embedded Systems

Reconfigurable Hardware

Development of an equivalent circuit of a large power system for real- time security assessment

Wijeweera, Don Gayan Prabath

14 November 2016

More and more system operators are interested in calculating transfer capability in real-time using real-time power flow models generated from the Energy Management System (EMS). However, compared to off-line study models, EMS models usually cover only a limited portion of the interconnected system. In most situations, it is not practical to extend the EMS model to capture the impact of the external systems and therefore using an equivalent network becomes necessary. The development of equivalent circuits to represent external areas was a topic discussed over the last 50 years. Almost all of these methods require impedance information about the external area to develop the equivalent circuit. Unfortunately utilities do not have the external impedance information in the real-time. Therefore, normal industry practice is to use off-line studies to develop an equivalent circuit and use that circuit in the real-time operation without any validation. This can result in errors in the security assessment. Therefore, power industry need a method to develop or validate an equivalent circuit based on the available real-time information. This thesis work is focussed on meeting that industry need. The work on this thesis presents two new methods that can be used to generate an equivalent circuit based on the boundary conditions. This method involves calculating equivalent impedance between two areas based on the boundary stations voltages, voltage angles and power leaving the boundary stations into external areas. This thesis uses power system simulation between two areas to change the system condition to obtain different boundary bus voltages, voltage angles and power injections to generate necessary data. Regression analysis and least square method is then used to generate the equivalent circuit using these data. It is expected that system changes will provide necessary information in the real-time to generate the equivalent circuit. The proposed methodology is validated with modified three area 300 bus system as well as using Manitoba Hydro’s system. Contingency analysis, transfer level calcula-tion and PV curves analysis is used to validate the proposed method. Simulation results show that the proposed method produces adequate accuracy in comparison with detailed off-line system models. The main advantage of the proposed method as compared to other existing meth-ods such as Ward and REI is that the proposed method does not require external imped-ance information to generate the equivalent circuit. The ability to generate reasonably good equivalent circuit only using available boundary information will help utilities to generate or validate the equivalent circuit based on the current system conditions, which will intern help improve the accuracy of the security assessment / February 2017

Equivalent circuits

Power system interconnection

Power system security

Power system simulation

Power system analysis computing

Power system modelling

Phasor measurement units

Systematic Evaluations Of Security Mechanism Deployments

Sze Yiu Chau (7038539)

13 August 2019

<div>In a potentially hostile networked environment, a large diversity of security mechanisms with varying degree of sophistication are being deployed to protect valuable computer systems and digital assets. </div><div><br></div><div>While many competing implementations of similar security mechanisms are available in the current software development landscape, the robustness and reliability of such implementations are often overlooked, resulting in exploitable flaws in system deployments. In this dissertation, we systematically evaluate implementations of security mechanisms that are deployed in the wild. First, we examine how content distribution applications on the Android platform control access to their multimedia contents. With respect to a well-defined hierarchy of adversarial capabilities and attack surfaces, we find that many content distribution applications, including that of some world-renowned publications and streaming services, are vulnerable to content extraction due to the use of unjustified assumptions in their security mechanism designs and implementations. Second, we investigate the validation logic of X.509 certificate chains as implemented in various open-source TLS libraries. X.509 certificates are widely used in TLS as a means to achieve authentication. A validation logic that is overly restrictive could lead to the loss of legitimate services, while an overly permissive implementation could open door to impersonation attacks. Instead of manual analysis and unguided fuzzing, we propose a principled approach that leverages symbolic execution to achieve better coverage and uncover logical flaws that are buried deep in the code. We find that many TLS libraries deviate from the specification. Finally, we study the verification of RSA signatures, as specified in the PKCS#1 v1.5 standard, which is widely used in many security-critical network protocols. We propose an approach to automatically generate meaningful concolic test cases for this particular problem, and design and implement a provenance tracking mechanism to assist root-cause analysis in general. Our investigation revealed that several crypto and IPSec implementations are susceptible to new variants of the Bleichenbacher low-exponent signature forgery.</div>

Software Engineering

Computer Software

Computer System Security

Network security

symbolic execution

Digital signature

Public Key Infrastructure

Cryptographic protocols

Digital rights management

Content distribution

WhatsApp Forensics: Locating Artifacts in Web and Desktop Clients

Nicolas Villacis Vukadinovic (6623858)

14 May 2019

WhatsApp is the most popular instant messaging application worldwide. Since 2016, users can send and receive messages through desktop clients, either through the WhatsApp desktop application or the web client accessible from supported web browsers. The author identified a gap in the literature in terms of WhatsApp forensics for desktop and web clients. The aim of the study was to locate forensic artifacts on WhatsApp clients. These clients included the desktop application on both Windows and Mac operating systems. Chrome and Firefox web clients were also analyzed for the Windows operating system, as well as Chrome and Safari web clients on the Mac operating system. A WhatsApp log file was identified as the main artifact providing information throughout all clients analyzed. Cached profile pictures were also found, as well as history information about visited websites and ran applications.

Computer System Security

WhatsApp

web client

desktop client

artifacts

windows

mac

chrome

safari

firefox

edge

digital forensics

cyber forensics

computer forensics

forensics

Protecting Bare-metal Systems from Remote Exploitation

Abraham Anthony Clements (6618926)

15 May 2019

The Internet of Things is deploying large numbers of bare-metal systems that have no protection against memory corruption and control-flow hijacking attacks. These attacks have enabled unauthorized entry to hotel rooms, malicious control of unmanned aerial vehicles, and invasions of privacy. Using static and dynamic analysis these systems can utilize state-of-the-art testing techniques to identify and<br>prevent memory-corruption errors and employ defenses against memory corruption and control-flow hijacking attacks in bare-metal systems that match or exceed those currently employed on desktop systems. This is shown using three case studies.<br><br>(1) EPOXY which, automatically applies data execution prevention, diversity, stack defenses, and separating privileged code from unprivileged code using a novel<br>technique called privileged overlaying. These protections prevent code injection attacks, and reduce the number of privileged instruction to 0.06% verses an unprotected<br>application.<br><br>(2) Automatic Compartments for Embedded Systems (ACES), which automatically creates compartments that enforce data integrity and code isolation within bare-metal applications. ACES enables exploring policies to best meet security and performance requirements for individual applications. Results show ACES' can form 10s of compartments within a single thread and has a 15% runtime overhead on average.<br><br><div>(3) HALucinator breaks the requirement for specialized hardware to perform bare-metal system testing. This enables state-of-the-art testing techniques –e.g., coverage based fuzzing – to scale with the availability of commodity computers, leading to the discovery of exploitable vulnerabilities in bare-metal systems. <br></div><div><br></div><div>Combined, these case studies advance the security of embedded system several decades and provide essential protections for today’s connected devices.</div>

Computer Engineering

Applied Computer Science

Computer System Security

Computer Communications Networks

Embedded Systems

Computer Security

Embedded Systems Security

Bare-Metal

Internet of Things

Memory Corruption

cyber security

Transparent and Mutual Restraining Electronic Voting

Huian Li (6012225)

17 January 2019

Many e-voting techniques have been proposed but not widely used in reality. One of the problems associated with most of existing e-voting techniques is the lack of transparency, leading to a failure to deliver voter assurance. In this work, we propose a transparent, auditable, end-to-end verifiable, and mutual restraining e-voting protocol that exploits the existing multi-party political dynamics such as in the US. The new e-voting protocol consists of three original technical contributions -- universal verifiable voting vector, forward and backward mutual lock voting, and in-process check and enforcement -- that, along with a public real time bulletin board, resolves the apparent conflicts in voting such as anonymity vs. accountability and privacy vs. verifiability. Especially, the trust is split equally among tallying authorities who have conflicting interests and will technically restrain each other. The voting and tallying processes are transparent to voters and any third party, which allow any voter to verify that his vote is indeed counted and also allow any third party to audit the tally. For the environment requiring receipt-freeness and coercion-resistance, we introduce additional approaches to counter vote-selling and voter-coercion issues. Our interactive voting protocol is suitable for small number of voters like boardroom voting where interaction between voters is encouraged and self-tallying is necessary; while our non-interactive protocol is for the scenario of large number of voters where interaction is prohibitively expensive. Equipped with a hierarchical voting structure, our protocols can enable open and fair elections at any scale.

Computer System Security

Data Encryption

Electronic Voting

mutual Restraining Voting

Transparency

Secret Sharing

Receipt-freeness

Coercion-resistance

Verifiability

Návrh bezpečnostního systému chemického podniku / Design of emergency system for chemical plant

Horňáková, Markéta

January 2011

The aim of this graduation thesis is to bring analysis of safety information systems and their configuration in the relation to the chemical plants. Initially, there are theoreti-cally and generally explained terms, as system, information system and safety system. The second (practical) part depicts the use of information systems in real life. The knowledge of theoretical principles and results of the analysis were used for design of the safety information systems for the chemical plants. Conclusion of practical part evaluates the present status and connection with Integrated Rescue System (IRS). The third part brings the transcription of authentic interviews with staff whose are responsi-ble for safety information system maintenance and its use in chemical plant. Finally, this graduation thesis evaluates the safety information system development for the future as well as of influence EU standards on Czech chemical plants.

Forecasting congestion in transmission line and voltage stability with wind integration

Kang, Han

30 September 2011

Due to growth of wind power, system operators are being challenged by the integration of large wind farms into their electrical power systems. Large scale wind farm integration has adverse effects on the power system due to its variable characteristic. These effects include two main aspects: voltage stability and active line flow. In this thesis, a novel techniques to forecast active line flow and select pilot bus are introduced with wind power integration. First, this thesis introduces a methodology to forecast congestion in the transmission line with high wind penetration. Since most wind resources tend to be located far away form the load center, the active line flow is one of the most significant aspects when wind farm is connected to electrical grid. By providing the information about the line flow which can contribute to transmission line congestion, the system operators would be able to respond such as by requesting wind power or load reduction. The second objective of this thesis is to select the weakest bus, called pilot bus, among all load buses. System reliability, especially voltage stability, can be adversely affected by wind variability. In order to ensure reliable operation of power systems with wind power integration, the index to select the pilot bus is developed, and further prediction of voltage profile at the pilot bus is fulfilled. The objective function to select the pilot bus takes account of the N-1 contingency analysis, loading margin, and reactive power sensitivity. Through on the objective function, the pilot bus is representative of all load buses as well as controllable by reactive power regulation. Predicting the voltage profile at the pilot bus is also useful for system operators to determine wind power output. / text

Renewable energy

Wind power

Transmission line

Load flow

Critical operating constraints

Pilot bus

Loading margin

Power system security

Power system reliability

Modelo de segurança independente de plataforma para execução de software não confiável. / Platform-independent security model for running untrusted software.

GURJÃO, Tales Ribeiro Morais.

06 August 2018

Submitted by Johnny Rodrigues (johnnyrodrigues@ufcg.edu.br) on 2018-08-06T17:39:41Z No. of bitstreams: 1 TALES RIBEIRO MORAIS GURJÃO - DISSERTAÇÃO PPGCC 2016..pdf: 12989849 bytes, checksum: b3c43aa02fd4c9c5320e84063d3c8d34 (MD5) / Made available in DSpace on 2018-08-06T17:39:41Z (GMT). No. of bitstreams: 1 TALES RIBEIRO MORAIS GURJÃO - DISSERTAÇÃO PPGCC 2016..pdf: 12989849 bytes, checksum: b3c43aa02fd4c9c5320e84063d3c8d34 (MD5) Previous issue date: 2016-09-01 / Capes / Ataques a sistemas informatizados sempre foram um problema e evoluíram de simples investidas contra instalações físicas nos anos de 1970 a ataques coordenados usando milhares de computadores espalhados ao redor do mundo. Essas ofensivas têm como principal vetor códigos maliciosos, também conhecidos como malwares, que por vezes se passam por benignos mas se instalam no sistema e agem de forma maligna. Técnicas de isolamento de ambiente de execução e detecção de comportamento são empregadas para mitigar o risco ao executar um código desconhecido e potencialmente perigoso. Porém, muitas alternativas são custosas e, por vezes, dependem de ferramentas externas. Neste trabalho, propõe-se um modelo independente de plataforma para prover segurança na execução de códigos não confiáveis, sem efeitos colaterais para o hospedeiro e para terceiros. O modelo de segurança desenvolvido é constituído de dois módulos principais, analisador e executor, os quais (a) extraem metadados referentes ao programa e os utiliza para realizar uma análise prévia do código e (b) realizam checagens em tempo de execução que objetivam a preservação da integridade do sistema e dos recursos associados. A validação da abordagem foi realizada através de estudo de caso de aplicação em computação voluntária. / Attacks on computer systems have always been a problem and have evolved from simple attacks against physical facilities in the 1970s to coordinated attacks using thousands of computers spread around the world. The main vector of these offensives are softwares that sometimes pass by benign programs but when are installed in a system act in a malicious manner. Environment isolation and behavior detection techniques are used to mitigate the risk of running an unknown and potentially dangerous code. However, many alternatives are expensive and sometimes requires external tools. In this paper, we propose a platformindependent model to provide security to execute untrusted code with no side effects to the host and to third parties. The model consists of two main modules, analyzer and executor, which (a) extracts metadata related to the program and uses them to conduct a preliminary analysis of the code and (b) carry out checks at runtime aimed to preserve the integrity of the system and its associated resources. The validation of the approach was performed by a case study on a volunteer computing application

Ciência da Computação.

Modelo de segurança - computação

Software não confiável

Códigos maliciosos - computação

Malwares

Isolamento de ambiente - computação

Security model - computing

Untrusted software

Segurança de sistemas

System security

Computação voluntária