Global ETD Search

131	Data tampering in Vehicle CAN Bus networks Arapantonis, Elpidoforos January 2019 (has links) The paradigm of the automotive industry has changed, over the course of the last10-15 years. Electronics and software, have introduced in many dierents parts ofa vehicle and the drive-by-wire it is taking over the vehicle functions. Connectivityfunctionalities are increasing in the context of the automotive industry as well. Allthe aforementioned parts have more than one common link. This thesis project willfocus on one of these links, which is the security. The focus will be the CAN busprotocol and specically, on investigating the implications of an adversary havingphysical access in a vehicle. An experiment will be contucted as part of this thesiswork, by using open source hardware (Arduino and Raspberry Pi) and a Man-inthe-middle (MITM) attack scenario, will be implemented. The application, whichwill perform the MITM attack (small scale CAN bus fuzzer) will be developedduring this project and it will be distributed as an open source software afterwards. Automotive Cyber Security CAN bus vulnerabilities Raspberry Pi Arduino Instrument Cluster Annan elektroteknik och elektronik
132	Útok na WiFi síť s využitím ESP32/8266 / WiFi Attacks Using ESP32/8266 Stehlík, Richard January 2021 (has links) The goal of this thesis is an exploration of the possibilities of Espressif's ESP32 chips in combination with Espressif IoT Development Framework with intention of implementing well-known Wi-Fi attacks on this platform. In this work, multiple implementation proposals were done for deauthentication attack in two variants followed by WPA/WPA2 handshake capture, attack on PMKID, creation of rogue MitM access point, or brute-force attack on WPS PIN, and more. A universal penetration tool ESP32 Wi-Fi Penetration Tool was proposed and implemented, including deauthentication attacks with WPA/WPA2 handshake capture. This tool provides an easy way to configure and run malicious Wi-Fi attacks without any domain knowledge required from the user. The outcome of this work opens new attack vectors for the attacker, thanks to cheap, ultra-low powered, and lightweight ESP32 chips.
133	The role of enduring vulnerabilities, stressful life events and adaptive processes in newlyweds marital quality and adjustment Godana, Andenet Hailie 09 1900 (has links) In line with the Vulnerability-Stress-Adaptation (VSA) model of marriage, this study examined the role of neuroticism, stressful life events, mutual problem solving and negative relationship attributions on marital quality and adjustment among a sample of newlywed couples in Addis Ababa. A quantitative cross-sectional study design involving a sample of 192 newlywed couples was employed. Data were analysed using correlation and multiple regression analysis methods. The PROCESS module in SPSS and Structural Equation Modeling was also used to test indirect effects and actor and partner effects, respectively. The results showed that for both wives’ and husbands’, neuroticism significantly predicted their own marital satisfaction but only husbands’ neuroticism significantly predicted their partners’ marital satisfaction. Stressful life events did not have a significant actor and partner effect for both wives’ and husbands’. Negative relationship attribution was found to be a significant predictor of actors as well as partners' marital satisfaction for both wives’ and husbands’ while only husbands’ mutual problem solving, not that of wives’, had a significant effect on their own marital satisfaction. Tests of indirect effects also showed that, for both wives’ and husbands’, neuroticism had a significant negative intrapersonal and interpersonal indirect effect on marital satisfaction through the mediation of both mutual problem solving and negative relationship attribution. Wives’ and husbands’ stressful life events had a significant negative intrapersonal and interpersonal indirect effect on marital satisfaction through the mediation of negative relationship attribution. Mutual problem solving only mediated a significant indirect effect of husbands’ stress on marital satisfaction at the intrapersonal level and wives’ stress on marital satisfaction at the interpersonal level. This research contributed to enhancing scientific knowledge that guides the design and implementation of policies, programs, and services to promote newlyweds’ marital quality and adjustment in the Ethiopian context. The research also made a theoretical contribution to the VSA model by indicating that adaptive processes play a varying mediational role for wives’ and husbands’ in the indirect effect of stress on marital satisfaction and by confirming that adaptive processes such as mutual problem solving and negative relationship attribution play a more prominent role in affecting marital quality and satisfaction than the other two components of the model, that is neuroticism and stressful life events. / Psychology Marital quality Marital satisfaction Marital adjustment Enduring vulnerabilities Neuroticism Stressful life events Adaptive processes Mutual problem-solving Negative relationship attributions Newlyweds
134	Jämförelse av statiska kodanalysverktyg : En fallstudie om statiska kodanalysverktygs förmåga att hitta sårbarheter i kod / Comparison of static code analysis tools: A case study of static code analysis tools ability to find code vulnerabilities Holmberg, Anna January 2020 (has links) Security deficiencies that occur in web applications can have major consequences. PHP is a language that is often used for web applications and it places high demands on how the language is used to ensure it is safe. There are several features in PHP that should be handled with care to avoid security flaws. Static code analysis can help find vulnerabilities in code, but there are some drawbacks that can occur with static code analysis tools. One disadvantage is false positives which means that the tool reports vulnerabilities that do not exist. There are also false negatives which means the tool cannot find the vulnerability at all which can lead to a false sense of security for the user of the tool. With the help of completed test cases, three tools have been investigated in a case study to find out if the tools differ in their ability to avoid false positives and false negatives. The study also examines whether the tools' rules consider the PHP language's vulnerable functions. To answer the research question, a document collection was conducted to obtain information about the tools and various vulnerabilities. The purpose of this study is to compare the ability of static code analysis tools to find PHP code vulnerabilities. The tools that were investigated were SonarQube, Visual Code Grepper (VCG) and Exakat. The study's analysis shows that VCG found the most vulnerabilities but failed to avoid false positive vulnerabilities. Exakat had zero false positives but could not avoid false negatives to the same extent as VCG. SonarQube avoided all false positives but did not find any of the vulnerabilities tested in the test cases. According to the rules of the tools, VCG had more consideration for the risky functions found in PHP. The study's results show that the tools' ability to avoid false positives and false negatives differed and their adaptation to the PHP language's vulnerable functions. / Säkerhetsbrister som förekommer i webbapplikationer kan leda till stora konsekvenser. PHP är ett språk som ofta används för webbapplikationer och det ställer höga krav på hur språket används för att det ska vara säkert. Det finns flera funktioner i PHP som bör hanteras varsamt för att inte säkerhetsbrister ska uppstå. Statisk kodanalys kan hjälpa till med att hitta sårbarheter i kod men det finns vissa nackdelar som kan uppkomma med statiska kodanalysverktyg. En nackdel är falska positiva vilket betyder att verktyget rapporterar in sårbarheter som inte finns. Det finns också falska negativa som betyder att verktyget inte hittar sårbarheten alls vilket kan leda till en falsk trygghetskänsla för användaren av verktyget. Med hjälp av färdiga testfall så har tre verktyg utretts i en fallstudie för att ta reda på om verktygen skiljer sig i sin förmåga till att undvika falska positiva och falska negativa. Studien undersöker också om verktygens regler tar PHP-språkets sårbara funktioner i beaktning. För att kunna besvara forskningsfrågan har en dokumentsinsamling genomförts för att få information om verktygen och olika sårbarheter. Studiens syfte är att jämföra statiska kodanalysverktygs förmåga att hitta sårbarheter i PHP-kod. De verktyg som utreddes var SonarQube, Visual Code Grepper (VCG) och Exakat. Studiens analys visar att VCG hittade mest sårbarheter men lyckades inte undvika falska positiva sårbarheter. Exakat hade noll falska positiva men kunde inte undvika falska negativa i lika stor utsträckning som VCG. SonarQube undvek alla falska positiva men hittade inte någon av de sårbarheter som testades i testfallen. Enligt verktygens regler visade sig VCG ta mest hänsyn till de riskfyllda funktioner som finns i PHP. Studiens resultat visar att verktygens förmåga att undvika falska positiva och falska negativa och deras anpassning för PHP språkets sårbara funktioner skiljde sig åt. static code analysis software tools software vulnerabilities PHP false positives false negatives Statisk kodanalys mjukvaruverktyg programvarusårbarheter PHP falska positiva falska negativa Social Sciences Interdisciplinary
135	Automated secure code review for web- applications / Automatiserad kodgranskning för webbapplikationer Gholami, Sadeq, Amri, Zeineb January 2021 (has links) Carefully scanning and analysing web- applications is important, in order to avoid potential security vulnerabilities, or at least reduce them. Traditional code reviewing methods, such as manual code reviews, have various drawbacks when performed on large codebases. Therefore it is appropriate to explore automated code reviewing tools and study their performance and reliability. The literature study helped identify various prerequisites, which facilitated the application of automated code reviewing tools. In a case study, two static analysis tools, CodeQL and Semgrep, were used to find security risks in three open source web- applications with already known vulnerabilities. The result of the case study indicates that the automated code reviewing tools are much faster and more efficient than the manual reviewing, and they can detect security vulnerabilities to a certain acceptable degree. However there are vulnerabilities that do not follow a pattern and are difficult to be identified with these tools, and need human intelligence to be detected. / Det är viktigt att skanna och analysera webbapplikationer noggrant för att undvika potentiella säkerhetsproblem eller åtminstone minska dem. Traditionella kodgranskningsmetoder, såsom manuella kodgranskningar, har olika nackdelar när de utförs på stora kodbaser. Därför är det lämpligt att utforska automatiserade verktyg för kodgranskning och studera deras prestanda och tillförlitlighet. Litteraturstudien hjälpte till att identifiera olika förutsättningar, som underlättade tillämpningen av automatiserade kodgranskningsverktyg. I en fallstudie användes två statiska analysverktyg, CodeQL och Semgrep, för att hitta säkerhetsrisker i tre open sourcewebbapplikationer med redan kända sårbarheter. Resultatet av fallstudien indikerar att de automatiska kodgranskningsverktygen är mycket snabbare och effektivare än de manualla kodgranskningar och att de kan upptäcka säkerhetsproblem i viss acceptabel grad. Det finns emellertid sårbarheter som inte följer ett mönster och som är svåra att identifiera med dessa verktyg, och behöver mänsklig intelligens för att upptäckas. automated code reviewing tools CodeQL Semgrep code review security vulnerabilities webapplications automatiserade kodgranskningsverktyg CodeQL Semgrep kodgranskning säkerhet sårbarheter webbapplikationer Computer and Information Sciences Data- och informationsvetenskap
136	Exploring Vulnerabilities and Difficulties in Platform Emergence Forsström, Jacob January 2021 (has links) The focus of this paper is platform theory, sharing economy, and user-centered design (UCD). Platform theory helps us understand the extensive research in its discourse and provides a stable ground to explore the fragile stage of platform emergence. The sharing economy is a central phenomenon to the studied project which is very important for our global use of future scarce resources. UCD is a central phenomenon where the importance of early involvement of users in the development process of a UCD project. By studying a platform project under development, I present an analytical framework where I identify vulnerabilities and difficulties in platform emergence. The emergence of platforms is an important yet difficult, and vulnerable process, and only a few studies have been conducted exploring this phase. The research question addressed in this thesis is: What are the sources to vulnerabilities and difficulties in the process of platform emergence? Methods of conducting this study are the use of semi-structured interviews of the people involved in the platform project for further flexibility of the questions. The case study project is focused on building a platform that enables users to build their own platforms. The purpose of that project is to enable users to create sharing platforms easier and cheaper. In addition, vulnerabilities and difficulties in platform emergence are explored. The goals of this study are to: 1) understand how a project is performing in this fragile stage of platform emergence, and 2) how to reach the goal where a platform with the underlying themes of platform theory, sharing economy, and user-centered design can be achieved. Platform Platform Emergence Platform Establishment Platform Theory Sharing Economy User-Centered Design (UCD) Vulnerabilities Difficulties Information Systems, Social aspects
137	Framework For Enabling Structured Communication of Security Vulnerabilities in the Production Domain in Industry 4.0 Michel, Hannes, Christensson, Emil January 2021 (has links) As industries are increasingly adapting to new technological trends for data collection and production efficiency, they are fulfilling the description of being part of the industry 4.0 (I4.0) paradigm. This swift development has led to unforeseen consequences concerning managerial and strategic aspects of security. In addition, threats and sophisticated attacks have increased, emphasizing a greater demand for information security management in the industrial setting. For smaller industrial manufacturers, information security management is not always available due the cost of resources, placing them in a challenging position. In addition, I4.0 introduces the area of OT/IT (Operational Technology and Information Technology) convergence, which is often heavily complex, creating the need for cross-competence. Furthermore, consequences from cyber attacks in the production domain can be catastrophic as they may endanger the safety and health of personnel. Thus, smaller manufacturing industries need to utilize existing resources to enable the prerequisites of managing security issues that may come with I4.0. Structuring and effectivizing the communication of security issues is needed to ensure that suitable competence can address security issues in a timely manner. The aspects of communication and competence are not addressed by current security standards and frameworks in the industrial context, nor are they equally applicable for smaller industrial organizations. This study aims to contribute to the research field of information security in I4.0 by investigating how security vulnerabilities should be communicated at a smaller manufacturing industry that does not have an information security management system. The framework is based on a traditional incident response information flow and was designed at a Swedish manufacturing industry through the narrative of OT or production personnel. OT and IT Convergence Risk Communication Vulnerabilities Manufacturing Industry Industry 4.0 Information Security Riskkommunikation Sårbarheter Tillverkningsindustri Industri 4.0 Informationssäkerhet Other Computer and Information Science Annan data- och informationsvetenskap Computer Systems Datorsystem
138	Prise en charge des vulnérabilités psychiques maternelles pendant la période périnatale et stratégies préventives autour d'un travail en réseau : L'invention d'une clinique précoce. Socio-histoire (1970-2010) / The care of maternal psychic vulnerabilities during the perinatal period and networked preventive strategies. : The invention of early prevention practices. Socio-history (1970-2010) Lotte, Lynda 29 September 2017 (has links) Cette recherche de thèse propose un travail pluridisciplinaire d’épistémologie de la clinique et d’analyse socio historique de l’émergence et de l’organisation des formes de prise en charge des femmes qui présentent des troubles psychopathologiques et de leur bébé pendant la période périnatale, des conduites thérapeutiques préconisées et des dispositifs de soins mis en place à cette période. Une attention particulière a été portée aux idées, concepts et processus qui ont façonné cette offre de soins récente. L’objet de la recherche se situe donc à l’intersection d’une réflexion clinique (scientifique), institutionnelle (prévention précoce) et organisationnelle (travail en réseau). Prenant la psychologie clinique en actes comme sujet d’étude, il se fonde sur un cadre méthodologique approprié pour produire et analyser une généalogie de savoirs et d’interventions ainsi que des données inédites sur ce que nous appellerons : l’invention, la fabrique d’un nouveau champ intellectuel et de pratiques cliniques qui s’est constitué comme une innovation organisationnelle autour de la prise en charge des vulnérabilités psychiques maternelles pendant la période périnatale. / This thesis proposes a multidisciplinary epistemology of the clinic and a socio-historical analysis of the emergence and organization of forms of care for women who present psychopathological disorders and their baby during the perinatal period, professional therapeutic response, and the care arrangements put in place during this period. Particular attention is paid to the ideas, concepts and processes that shape this novel provision of care. The object of this research rests, therefore, at the intersection of clinical (scientific), institutional (early prevention) and organizational (networking) axes. Taking clinical psychology into action as a subject of study, it is based on grounded theory and discourse analysis to produce and analyze a genealogy of knowledge and intervention as well as new data on what we call: the invention, the creation of a new intellectual field and clinical practice that has been constituted as an innovative organizational structure around the management of maternal psychic vulnerabilities during the perinatal period. Vulnérabilités psychiques maternelles Interactions précoces mère-enfant Réseau périnatal Maternal psychic vulnerabilities Early interaction mother-child Perinatal health networks Perinatal professional practices
139	One key to rule them all : Sårbarheter och spårbara artefakter i säkerhetsnycklar / One key to rule them all : Vulnerabilities and traceable artefacts in security keys Gunnarsson, Philip, Isenstierna, Emmi January 2023 (has links) Att skydda sin data idag kommer med flera utmaningar då lösenord som enda autentiseringsmetod är otillräcklig. Lösenord är ofta användarvänliga, enkla att hålla koll på och är utan kostnad för användaren. Det går alltid att göra lösenord säkrare men det upplevs ofta som svårhanterligt. I stället för detta kan man även använda ytterligare autentiseringsmetod. Många sidor och tjänster använder idag så kallad två- eller flerfaktorsautentisering genom t.ex. BankID eller säkerhetsnycklar. Med all ny teknik följer nya säkerhetsaspekter att ta hänsyn till, speciellt om denna teknik lämnar efter sig spår som kan utnyttjas av t.ex. hackare. Arbetets syfte är att undersöka spårbara artefakter som är kopplade till de fysiska säkerhetsnycklarna Solo 1 och YubiKey 5 NFC i Windows Registret i Windows 10 Pro N, samt utvärdera om tidigare kända sårbarheter kan bidra till insikter om säkerhetsnycklars säkerhet. Detta genomförs med hjälp av två kvalitativa metoder, dels genom en kartläggning av sårbarheter, dels genom ett experiment. Baserat på de funna sårbarheterna som har hittats så går det inte att säga huruvida de säkerhetsnycklarna skiljer sig i säkerhetsnivå, men det är tydligt att det främst är i firmware och mjukvara där sårbarheterna finns. Huruvida den ena säkerhetsnyckeln är säkrare än den andra går inte att fastställa, samt om en öppen källkod har någon betydelse vad gäller säkerhet. Dessutom går det att konstatera att spårbara artefakter från en säkerhetsnyckel kan hittas i ett Windows operativsystem. Baserat på de funna sårbarheterna som har hittats så går det inte att säga huruvida de säkerhetnycklarna skiljer sig i säkerhetsnivå, men det är tydligt att det främst är i firmware och mjukvara där sårbarheterna finns. Huruvida den ena säkerhets-nyckeln är säkrare än den andra går inte att fastställa, samt om öppen källkod har någon betydelse vad gäller säkerhet. Dessutom går det att konstatera att spår-bara artefakter från en säkerhetsnyckel kan hittas i ett Windows operativsystem. / Protecting your data today comes with several challenges since a password as the only authentication method is insufficient. Passwords are often user-friendly, easy to keep track of, and at no cost for the user. Passwords can always be made more secure, but this task is often perceived as tedious. Instead, additional authentication methods may be used. Many sites and services today use so-called two- or multifactor authentication, e.g. BankID (a type of eID) or security keys. all new technology comes with unique security aspects to consider, especially if this technology leaves behind traces that can be exploited by, e.g., hackers. This study aims to investigate traceable artifacts associated with the physical security key Solo 1 and YubiKey 5 NFC in the Windows Registry in Windows 10 Pro N and to evaluate whether previously known vulnerabilities can contribute to insights into security key security. The study uses two qualitative methods, one mapping out the vulnerabilities and another through an experiment. Based on the vulnerabilities that was found, it is not possible to conclude whether the security keys differ in security level. Still, it is mainly in the firmware and software where the vulnerabilities exist. Whether one security key is more secure than the other is inconclusive, and whether open-source code has any implications regarding security. In addition, it is ascertained that traceable artifacts from a security key can be found in a Windows operating system. Vulnerabilities physical security key SoloKeys YubiKey Windows Registry Registry Editor Sårbarheter fysisk säkerhetsnyckel SoloKeys YubiKey Windows Registret Registereditorn Övrig annan teknik
140	Minimator: A Serious Game on Zero-Day Markets Cseresnyes, Ehud, Sharma, Hans January 2022 (has links) Zero-days are vulnerabilities that the software vendor does not know about and thus cannot provide a patch for. Their value has caused markets to develop, divided by the purchase intention. This thesis focuses on the white and grey markets, that is those buying to patch and those buying to exploit. While states generally have an interest in both, they currently spend money to exploit zerodays, keeping software insecure. The lack of knowledge and awareness surrounding this practice is the problem targeted in this thesis. Serious games, aiming to be both entertaining and educational, represent one opportunity to create awareness. They fit our circumstances particularly well because understanding the problem space requires adversarial thinking and lots of different concepts. Our research goal has thus been to create a serious game that accurately illuminates the dilemma experienced by states. Design science was the research strategy employed to reach the stated goal. Our main contribution is Minimator, a multiplayer, web-based game in which players, acting as states, have to protect their infrastructure and deal with zero-day markets. Additionally, we present a formal model of states’ treatment of zero-day markets developed using game theory and shown to resemble the n-players prisoners’ dilemma. An expert evaluation was conducted, delivering promising results in terms of gameplay appeal, and accuracy. A naturalistic evaluation remains, but is suggested in detail for future endeavours. Minimator is original as, to our knowledge, no similar artefact exists. It provides value by potentially creating a starting point for and encouraging an informed, public debate about the trade-off between national and infrastructure security, which is inherently political. serious games zero-days zero-day markets exploits vulnerabilities game theory design science cyber warfare cyber conflict national security software security Computer Sciences Datavetenskap (datalogi)

Search results