Global ETD Search

831	Penetration testing of Android applications Nilsson, Robin January 2020 (has links) The market of Android applications is huge, and in 2019, Google Play users worldwide downloaded 84.3 billion mobile applications. With such a big user base, any security issues could have big negative impacts. That is why penetration testing of Android applications is important and it is also why Google has a bug bounty program where people can submit vulnerability reports on their most downloaded applications. The aim of the project was to assess the security of Android applications from the Google Play Security Reward Program by performing penetration tests on the applications. A threat model of Android applications was made where potential threats were identified. A choice was made to focus on the Spotify Application for Android where threats were given ratings based on risks associated with them in the context of the Spotify Application. Penetration tests were made where testing depth was determined by the ratings associated with the attacks.The results of the tests showed that the Spotify Application is secure, and no test showed any real possibility of exploiting the application. The perhaps biggest potential exploit found is a Denial of Service attack that can be made through a malicious application interacting with the Spotify application. The result doesn’t guarantee that the application isn’t penetrable and further testing is needed to give the result more reliability. The methods used in the project can however act as a template for further research into both Spotify and other Android applications. / Marknaden för Android applikationer är enorm och 2019 laddade Google Play användare ner 84.3 miljarder mobil-applikationer. Med en så stor användarbas kan potentiella säkerhetsproblem få stora negativa konsekvenser. Det är därför penetrationstest är viktiga och varför Google har ett bug bounty program där folk kan skicka in sårbarhetsrapporter för deras mest nedladdade applikationer. Målet med projektet är att bedöma säkerheten hos Android applikationer från Google Play Security Reward Program genom utförande av penetrationstester på applikationerna. En hotmodell över Android applikationer skapades, där potentiella hot identifierades. Ett val att fokusera på Spotify för Android gjordes, där hot gavs rankingar baserat på riskerna associerade med dem i kontexten av Spotify applikationen. Penetrationstest gjordes med testdjup avgjort av rankingarna associerade med attackerna.Resultatet av testen visade att Spotify applikationen var säker, och inga test visade på några riktiga utnyttjningsmöjligheter av applikationen. Den kanske största utnyttjningsmöjligheten som hittades var en Denial of Service-attack som kunde göras genom en illvillig applikation som interagerar med Spotify applikationen. Resultaten garanterar inte att applikationen inte är penetrerbar och fortsatt testande behövs för att ge resultatet mer trovärdighet. Metoderna som användes i projektet kan i alla fall agera som en mall för fortsatt undersökning av både Spotify såväl som andra Android applikationer. Computer and Information Sciences Data- och informationsvetenskap
832	Ethical Hacking of an IoT-device: Threat Assessment and Penetration Testing : A Survey on Security of a Smart Refrigerator Radholm, Fredrik, Abefelt, Niklas January 2020 (has links) Internet of things (IoT) devices are becoming more prevalent. Due to a rapidly growing market of these appliances, improper security measures lead to an expanding range of attacks. There is a devoir of testing and securing these devices to contribute to a more sustainable society. This thesis has evaluated the security of an IoT-refrigerator by using ethical hacking, where a threat model was produced to identify vulnerabilities. Penetration tests were performed based on the threat model. The results from the penetration tests did not find any exploitable vulnerabilities. The conclusion from evaluating the security of this Samsung refrigerator can say the product is secure and contributes to a connected, secure, and sustainable society. / Internet of Things (IoT) enheter blir mer allmänt förekommande. På grund av en snabbt expanderande marknad av dessa apparater, har bristfälliga säkerhetsåtgärder resulterat till en mängd olika attacker. Det finns ett behov att testa dessa enheter for att bidra till ett mer säkert och hållbart samhälle. Denna avhandling har utvärderat säkerheten av ett IoT-kylskåp genom att producera en hot modell för att identifiera sårbarheter. Penetrationstester har utförts på enheten, baserade på hot modellen. Resultatet av penetrationstesterna hittade inga utnyttjningsbara sårbarheter. Slutsatsen från utvärderingen av säkerheten på Samsung-kylskåpet är att produkten är säker och bidrar till ett uppkopplat, säkert, och hållbart samhälle. Internet of things (IoT) device security penetration testing threat assessment vulnerabilities Internet of things (IoT) enhet säkerhet penetrationstester hotbedömning sårbarheter Computer and Information Sciences Data- och informationsvetenskap
833	Howthe difficulty of obtaining intrusion artifacts can influence threat modeling : An experiment that shows how IT forensics can be used preventingly / Hur svårigheten att erhålla intrångs artefakter påverkar risken i hot modellering : Ett expriment där IT forensik och hot modellering möts Meyer, Oscar January 2022 (has links) IT system intrusions are a problem today and the belief that all you need is a strong outer defense has faded. Today continuous monitoring of the IT infrastructure is widespread and alerts are continuously investigated. The clarity of what caused the alert will vary from a clear brute-force attempt to something more sophisticated that could be perceived as normal activity. The investigation of these alerts can bring clarity or in the worst case dismiss a legit intrusion as some system event or user action. The risk should vary depending on how easy or hard an intrusion is to detect, investigate, and for how long the artifacts will remain on a system. By investigating if different attacks carry different risks it should be possible to use this in a tool like threat modeling. The detection risk that different attacks carry can affect where a defender should spend their resources and provides awareness of the types of attack that they are especially vulnerable to. An environment is set up where an attacker targets a victim with chosen attacks and each attack step is forensically investigation with open-source tools. In this forensic investigation logs, files, active tasks, and network connections are investigated. In the end, the results indicate that it is possible to conclude that different attacks carry different risks. Three grading parameters are suggested based on this work, and these parameters could be used in a threat modeling implementation. / Idag är intrång in i IT system ett problem och idén om att det räcker med ett stark yttre försvars är passé. Kontinuerlig övervakning av IT system är nu vanligt och varningar som uppstår är undersökta. Vad som orsakade varningen kan varierar från rätt uppenbara saker så som brute force attacker till mer sofistikerade attacker som kan antas vara normal aktivitet. Att undersöka varningarna kan ge klarhet i vad som hänt eller i värsta fall avvisa ett intrång som någon systemhändelse eller användarhandling. Risken borde variera beroende på hur enkelt det är att upptäcka, undersöka och hur länge som artefakterna finns kvar på systemet. Genom att undersöka om olika attacker kommer med olika risker så borde det vara möjligt att använda denna kunskap inom ett verktyg så som hot modellering. Med denna kunskapen kan försvarare lättare spendera sina resurser där de behövs mest och vara medvetna om vilka attacker de är extra sårbara för. Genom att sätta upp en miljö där en anfallare attackerar ett offer med förbestämda attacker och efter varje attacksteg genomföra en forensisk undersökning med open-source verktyg. Där loggar, filer, aktiva processer och nätverks uppkopplingar undersöks. Resultaten pekar efter detta på att det är går att anta att olika attacker kommer med olika risknivåer. Baserat på detta arbetet så föreslås tre stycken klassificeringspunkter som kan användas inom till exempel hotmodellering. Threat modeling IT Forensics Linux IT Defense Risk assessment Opensource Volatility Hotmodellering IT Forensik Linux IT Försvar Risk-bedömning Opensource Volatility Computer Sciences Datavetenskap (datalogi)
834	Regulatory Uncertainty and the Natural Gas Industry in the US Clarkberg, Jasper W. 26 July 2017 (has links) No description available. Economics Energy natural gas fracking hydraulic fracturing oil fossil fuels climate change energy markets regulation regulatory uncertainty regulatory threat legislation state government
835	Is Microsoft a Threat to National Security? Policy, Products, Penetrations, and Honeypots Watkins, Trevor U. 11 June 2009 (has links) No description available. Computer Science Information Systems Systems Design Honeypots penetration testing national security network security Microsoft threat to national security hackers Microsoft Windows
836	Experience with Surveillance, Perceived Threat of Surveillance, SNS Posting Behavior, and Identity Construction on SNSs: An examination of Chinese college students in the U.S. Kim, Kisun, Kim 26 July 2016 (has links) No description available. Mass Media Communication SNS use of Chinese students in the US the Chinese government surveillance experience with surveillance perceived threat of surveillance posting behavior identity construction
837	azureLang: Cyber Threat Modelling in Microsoft Azure cloud computing environment Geng, Ningyao January 2020 (has links) When assessing network systems, security has always been one of the priorities.Cyber threat modelling is one of the most suitable methods. From a startingpoint to each valuable asset, the simulation can enable the users to explore certainsecurity weaknesses alongside the attack path. In the end, the time to compromiseshows the security level of the whole system.In principle, most cyber threat models can be built and simulated by attack graphswhere each point in the graph can stand for a certain asset in the network system.However, different systems have different infrastructures and implementations.As a result, it will be more suitable if engineers can develop a domain specificlanguage (DSL) which can be associated with a specific attack graph in order toimprove accuracy and efficiency.In this master thesis work, the final outcome is azureLang, a cyber threat modelinglanguage based on Meta Attack Language (MAL) for Microsoft Azure cloudcomputing environment. Compatible with securiCAD®, a CAD tool developedby Foreseeti AB, a threat model can be built and then be simulated. / Vid bedömning av nätverkssystem har säkerhet alltid varit en av prioriteringarna.Bland tusentals metoder är cyberhotsmodellering en av de mest lämpliga. Frånen startpunkt till varje värdefull tillgång kan simuleringen göra det möjligt föranvändare att utforska vissa säkerhetssvagheter längs attackvägen. I slutändanvisar tiden för kompromiss säkerhetsnivån för hela systemet.I princip kan de flesta cyberhotsmodeller byggas och simuleras med attackgraferdär varje punkt i diagrammet kan stå för en viss tillgång i nätverkssystemet. Menolika system har olika infrastrukturer och implementationer. Som ett resultatkommer det att vara mer lämpligt om ingenjörer kan utveckla ett domänspecifiktspråk (DSL) som kan associeras med en specifik attackgrafik för att förbättranoggrannhet och effektivitet.I det här examensarbetet är slutresultatet azureLang, ett språk för modelleringav hothot baserat på Meta Attack Language (MAL) för Microsoft Azure cloudcomputing-miljö. Kompatibel med securiCAD ®, ett CAD-verktyg utvecklat avForeseeti AB, en hotmodell kan byggas och sedan simuleras. Threat modelling Microsoft Azure MAL Cloud computing azureLang Hotmodellering Microsoft Azure MAL Cloud computing azureLang Elektroteknik och elektronik
838	Refugee Flows and Political Currents : Investigating how refugee immigration affects electoral preferences Persson, Elin January 2024 (has links) This thesis studies group threat theory and contact theory, by analysing whether a change in the exposure to refugees, following a demographic composition shift, results in increased or decreased political support for parties with either an anti- or a pro-immigration political program. It employs a continuous difference-in-difference method by analysing data from Swedish national elections in 2014 and 2018 across all municipalities, combined with the electoral performance of the Sweden Democrats and the Swedish Green Party. The findings reveal a positive correlation between increased refugee intake and the electoral support for the Sweden Democrats, while the Swedish Green Party experiences decreased support. This suggests a trend toward bolstered backing for anti-immigrant platforms in areas with greater refugee exposure, and thus also supports arguments presented within group threat theory. While intergroup contact with immigrants is a well-studied area, limited attention has been devoted to refugee immigration. Finally, this thesis underscores the need for further investigation of the political and social ramifications of increased refugee immigration on native populations. This holds strong political relevance, as we are likely to continue experiencing high levels of immigration. A suggested way to build off this thesis is by studying the relevant mechanisms, or by establishing the extent and type of experienced intergroup contact. refugee immigration intergroup contact group threat theory contact theory radical right political parties electoral preferences difference-in-difference Sweden Political Science Statsvetenskap
839	Etisk hackning av en smart kattlucka : Sårbarhetstestning av en smart kattlucka / Ethical hacking of a smart cat flap : Vulnerability testing of a smart cat flap Kastrati, Adrian January 2024 (has links) Många hem köper produkter som är internetuppkopplade, sakernas internet (IoT), det gäller allt från lampor till kattluckor. Detta öppnar upp för möjligheten att styra sitt hem på nya sätt men det medför nya hot mot hem och samhället. Detta är ett kritiskt problem för många företag, särskilt på IoT-marknaden där det finns incitament som driver låga kostnader och snabb marknadsintroduktion. Litteratstudien visade en brist på tydliga värderingar av investeringar och att även om produktivitet påverkas negativt och förlänger tiden från idé till marknad undviks framtida svårigheter vid lyckade cybersäkerhethetsåtgärder. Trots de betydande hoten kan många företag välja att acceptera risken för cyberattacker på grund av att kostnader vid säkerhetsbrister inte alltid hamnar hos dem.Sårbarhetstestningsmetoden PatrIoT följdes för att grundligt testa IoT-produkten Microchip Cat Flap Connect. Attacker som utfördes var bland annat ping-flooding och MiTM. Produkten visade sig vara säker och vanliga svagheter som öppna nät- verkstjänster och avsaknad av kryptering var frånvarande. Produkten visade sig vara sårbar mot överflödesattacker (DoS) i form av ping-flooding. Med det går det att säga att produkten följer ett flertal principer för utveckling mot säker IoT men servern som används för webbapplikationen bör implementera krav på att endast lita på certifikat av betrodda certifikatutfärdare. / Many households purchase internet-connected products, Internet of Things (IoT), which includes everything from lamps to cat flaps. This opens new ways and possibilities of controlling one's home, but it brings new threats to home and society. This is a critical issue for many companies, especially in the IoT market where there are incentives that drive low costs and quick time to market. The literature study showed a lack of clear valuations of investments and that even if productivity is negatively affected and the time from idea to market is extended, future difficulties are avoided with successful cyber security measures. Despite the significant threats, many companies may choose to accept the risk of cyber-attacks because the costs of security breaches do not always end up with them.The PatrIoT vulnerability testing methodology was followed to thoroughly test the IoT product Microchip Cat Flap Connect. The product proved to be secure and common weaknesses, such as open network services and lack of proper implementation of encryption, could not be identified. The product was found to be vulnerable to denial-of-service (DoS) attacks in the form of ping-flooding. With that, it can be said that the product follows several principles for development towards secure IoT, but the server used for the web application should implement requirements to only trust certificates from trusted certificate authorities. Ethical hacking vulnerbility testing PatrIoT smart homes internet of things threat modelling cybersecurity Etisk hackning sårbarhetstestning PatrIoT smarta hem sakernas internet hotmodellering cybersäkerhet Computer and Information Sciences Data- och informationsvetenskap
840	Did the Russian Invasion of Ukraine Strengthen European Identity? : Utilizing Unexpected Event During Surveys Design: A Quasi-Experimental Approach Portolani, Lyon January 2024 (has links) In the wake of the Russian invasion of Ukraine, a compelling question arises, could this event have brought Europeans closer? Armed conflicts often strengthen in-group identity as individuals seek safety from external threats. This study speculates that the perceived threat of the invasion might have intensified emotional attachments to Europe across the continent. Additionally, it explores how the response differed between Western Europe and Central and Eastern European countries. This study bases its conceptualization, hypotheses, and interpretations on social identity theory, alongside a comprehensive review of the literature on armed conflict and identity. Utilizing a quasi-experimental method to investigate the probable causal link and using 12 countries from the 10th round of the European Social Survey to generalize the findings across a diverse European population. The findings reveal that Europeans did not develop a stronger sense of European identity in response to the invasion, suggesting that Europeans do not perceive Europe as a meaningful identity to unite under or seek safety in when military conflicts intensify on the continent. This study contributes to the understanding that the European project, along with its socio-political efforts, has been relatively unsuccessful in establishing itself as a significant unifying point when conflicts intensify. European identity identity social identity Russia Ukraine invasion USED CEE western multiple bandwidths motives treatment control threat security armed conflict Europe attachment event excludability ignorability Sociology Sociologi

Search results