Global ETD Search

51	Informační a kybernetické hrozby v roce 2019 / Information and Cyber Threats in 2019 Bača, Jonatán January 2020 (has links) Diploma thesis focuses on information and cyber threats in 2019. It comprises theoretical basis for better understanding of the issue. Afterward the thesis describes the analysis of the current situation which combined several analyses primarily aimed on Czech companies. In the last part draft measures is created which contain predictions and preventive actions and recommendations for companies.
52	Integrating secure programming concepts in introductory programming courses Jama, Fartun January 2020 (has links) The number of vulnerable systems with exploitable security defects has increased. This led to an increase in the demand for secure software systems. Software developers lack security experiences to design and build secure software, some even believe security is not their responsibility. Despite the increased need for teaching security and secure programming, security is not well integrated into the undergraduate computing curriculum and is only offered as part of a program or as an elective course. The aim of this project is to outline the importance of incorporating security and secure programming concepts in programming courses starting from the introductory courses. By evaluating the students' security consideration and knowledge regarding software security. As a result, based on the knowledge students lack regarding software security, security and secure programming concepts are identified which need to be integrated into the programming courses. Secure programming software security software vulnerabilities Software Development Life Cycle (SDLC) Computer Sciences Datavetenskap (datalogi)
53	Assessing the Principal Agent Problem in Mobile Money Services: Lessons from M – PESA in Lesotho Thabane, Matela January 2018 (has links) The expansion and diffusion of mobile phones globally has resulted in the provision of financial transactional services over the existing mobile phone platforms, generally referred to as mobile money. The supply end of mobile money services is an important factor in the success of the financial transactions offering. This research assessed vulnerabilities in the mobile money supply network that are inherently related to the existence of the principal – agent problem and their implications on availability and access to the services. The research study was conducted using a qualitative approach. Qualitative information was collected through interviews guided by open – ended questionnaires. Thematic analysis approach was followed to systematically analyse the data and generate findings of the study. Agent transactional data was analysed to complement the findings from qualitative analysis The findings suggest that the principal agent problem permeates the mobile money delivery network mainly after businesses joining as agents and manifests as moral hazard. Moral hazard is the dominant feature of the principal – agent problem, with adverse selection very low. Drivers of moral hazard are demonstrated by the influences and demands of agents’ core businesses and challenges in agent monitoring and training. The existence of the principal – agent problem has limited or no implications on access and availability of services. However, overtime the combined vulnerabilities identified related to the principal agent problem are likely to manifest into risks that are likely to affect access and availability of mobile money services. Regulators, Mobile Network Operators and agent enterprises must collectively review monitoring approaches for mobile money service providers to address challenges identified and increase the effectiveness of monitoring. Service provision standards should be reviewed to suit the various business environments the services are provided within. Mobile Network Operators and agent enterprises need to institute stronger partnership arrangements that enhance ownership and obligations for all parties, in particular agent enterprises. Agreements must enable application of different mobile money delivery models suitable to meet the demands and requirements of the agents’ core businesses. Innovations such as Near Field Communication (NFC) can be integrated with Point of sale (POS) applications and mobile money platforms to reduce the administration burden on agents and human error. Such applications must consider the cost implications of adoption from the agents’ business perspective.
54	On prototype pollution and security risks of developing with third-party software components Johansson, Anni January 2022 (has links) Software development has, to a large extent, become synonymous with using readymade blocks of code in the form of third-party components, like libraries and frameworks, to build applications. All code may include weaknesses that may be exploited by criminals and script kiddies, potentially causing harm to both corporations and people. Third-party components, too, may include weaknesses, but in the case of such a vulnerability being exploited, the effects could be even more critical since popular components may be used in thousands of applications. There are several types of vulnerabilities and one of them is called prototype pollution. This is a JavaScript specific vulnerability that has been found in many well-used third-party components in the last years. However, it has not been the subject of much research. This thesis investigates the risks of using third-party components when developing software with a focus on web applications by conducting a literature survey. It also includes a case study of the prototype pollution vulnerabilities found in recent years and what mitigation techniques have been proposed by both academia and the industry. third-party framework software development vulnerabilities security risk prototype pollution JavaScript Computer and Information Sciences Data- och informationsvetenskap
55	DNS Enumeration Techniques and Characterizing DNS vulnerabilities Thorsell, Genet January 2022 (has links) The Domain Name System is a worldwide global service, considered to be the heart and soul of the internet, that is used for mapping IP addresses to a hostname and vice-versa. Despite the fact that DNS is recognized as a critical internet service, the security aspects concerning its adoption are still highly neglected. This thesis presents the foundations of DNS, investigates vulnerabilities, and enumeration techniques, which are used to locate all DNS servers and records of an organization. In particular, we investigated how attackers can enumerate DNS using an actual data set available for .se and .nu zone files. We analyze such data sets and map their corresponding vulnerabilities to common DNS attacks found in the literature. We show that available information can be exploited to perform security attacks on the DNS infrastructure. DNS security DNS Enumeration DNS vulnerabilities Computer Sciences Datavetenskap (datalogi) Computer and Information Sciences Data- och informationsvetenskap
56	Characterization of cipher suite selection, downgrading, and other weaknesses observed in the wild / Karaktärisering av cipher suite val, nedgradering och andra svagheter som observerats i det vilda Kjell, Edvin, Frisenfelt, Sebastian January 2021 (has links) The importance of security on the web is growing every day. How domains handle and prioritize their level of security is varying. Tradeoffs between security and convenience have to be made to uphold a website's public image. This thesis uses a subset of domains from the Alexa Top 1M list. The list was used to create our datasets, collected through active scans with testssl.sh. This thesis has through the mentioned datasets compared domains in regards to several security aspects and analyzed how they handle security and convenience. We performed our scans over the course of two weeks to analyze each domain's level of security. As well as looking at top domains for several popular categories. Our analysis mainly focused on comparing the domains on their choice of Transport Layer Security (TLS) version, cipher suite, support for HSTS, and if they were exposed to any vulnerabilities. The subset of domains that we looked at saw about 50% implementation of TLS 1.3. We discovered that the most popular domains tend to choose availability as one of their highest priorities, leaving them exposed to vulnerabilities in earlier versions of the TLS protocol. Most domains that showed exposure to one vulnerability, in general, also were exposed to BEAST. This was also the most prominent vulnerability among all domains. We also showed that many of the negotiated cipher suites on the list of domains still utilize cipher block chaining, which is known to be weak. Our results show that different browsers, mobile operating systems, and the time of day had a negligible impact on the choice of TLS version. Most of the domains in the popular categories had not yet adopted TLS 1.3 and were overall more exposed to the tested vulnerabilities than those on the top million list. The support for HSTS was low in both the categories and on the Alexa top list. We conclude that upgrading to the latest recommended standard should always be a priority for server operators. TLS HTTPS HSTS cipher suites vulnerabilities Computer and Information Sciences Data- och informationsvetenskap
57	Investigating Security Aspects of Cryptocurrency Wallets - a Systematic Study / Undersökning av säkerhetsaspekter på plånböcker för kryptovalutor - en systematisk studie Schmid, Philipp, Houy, Sabine January 2021 (has links) Cryptocurrencies are gaining prominence among individuals and companies alike, resulting in the growing adoption of so-called cryptocurrency wallet applications, as these simplify carrying out transactions. These wallets are available in a myriad of different forms and specifications. For example, there are hardware and software wallets. The latter can be divided into mobile, web, and desktop wallets. All of them offer attackers various ways to exploit vulnerabilities and steal money from victims. It is hard to keep track of this multitude of options and thus choose the right cryptocurrency wallet. For this reason, in this thesis, we collect the findings from previous literature to provide an overview of the various attack surfaces, possible countermeasures, and further research. Our systematic study has shown that there is still a considerable variety of attack vectors, which we have divided into six subcategories, (i) Memory and Storage, (ii) Operating Systems, (iii) Software Layer, (iv) Network Layer, (v) Blockchain Protocol, and (vi) Others. Some of the identified vulnerabilities have currently no solutions at all or hardly applicable countermeasures. However, some are easy to fix and simple to implement. One of the essential measures is to raise awareness of the identified weaknesses and the associated mitigations, if any, among the involved stakeholders, including users, developers, and exchanges. Cryptocurrency Wallets Vulnerabilities Weaknesses Crypto Wallet Countermeasures Security Blockchain Mobile Wallet Mobile Computer Systems Datorsystem
58	Towards Designing Open Secure IoT System - Insights for practitioners Varshney, Rimpu January 2018 (has links) IoT industry is growing at a rapid pace since everyone wants to connect everything to internet in order to use various services and applications using shared data. Openness is observed as an emerging trend in IoT industry. Security & privacy of the data are very important aspects in the design and deployment of the connected devices or Internet of Things. Fast growth in number of connected devices, heterogeneity, constrained resources, privacy, software upgrades and operational environment create important security related challenges in this domain. It is difficult to address challenges even with the considerable amount of existing work that has been done for decades in the area of security & privacy. In this research, a semi-systematic literature survey of the state of the art is conducted related to security & privacy aspects within the IoT area. The results were validated by conducting qualitative survey with IoT practitioners. The efforts have resulted towards identifying several security trends & challenges and security design aspects that can be considered by IoT practitioners in order to design an open and secure IoT system.It can be concluded from the study that security is not only needed but is a mandatory characteristic for IoT. However, there are no general guidelines that can be proposed to address security issues since security is not only a technical problem but is more of an awareness, mindset, people and process issue. In this thesis, a novel model is proposed with openness and security characteristics. This model is grounded based on the theoretical findings and empirical data obtained from IoT practitioners. Each of the characteristics has its own design aspects that needs to be considered by IoT practitioners to design a more secure IoT system. IoT Security Privacy Openness Trust Threats Vulnerabilities Software Architecture Constraints Design Engineering and Technology Teknik och teknologier
59	Cybersecurity Ontology - The relationship between vulnerabilities, standards, legal and regulatory requirements, Wicklund Lindroth, Olov January 2022 (has links) Since information technology has become a central part of businesses and organizations, the move to the cyber domain has benefitted them and endangered them with new threats through vulnerabilities. To minimize risks and prevent and alleviate cyber-attacks, using standards is common to ensure an organization's cybersecurity. With this increased focus on cybersecurity, new legal and regulatory requirements are created and published, mandatory for organizations to comply with. However, even if one is certified with a cybersecurity standard and complies with necessary legal and regulatory requirements, security breaches do occur, and mitigating vulnerabilities cannot be fully accomplished. With this, ontologies have increased in popularity to visualize and simplify how multiple entities within the domain are interconnected. However, none has interconnected vulnerabilities, standards, legal and regulatory requirements in one and studies propose new, unifying ontologies to be created to aid the domain in building new knowledge. Thus, this study aims to develop a security ontology to understand the relationship between vulnerabilities, standards, legal and regulatory requirements. The research question is written as: What is the relationship between vulnerabilities, standards, legal and regulatory requirements? Design science methodology is applied to the study, in which data is collected through document study and interviews and analyzed using document and content analysis. Based on the data collected, a security ontology presenting and visualizing the relationships between the different subjects implemented has been created. The artefact can be useful for security practitioners and newcomers to more in-depth understanding of how vulnerabilities are connected to controls and which controls can aid in being compliant with legal and regulatory requirements. Vulnerabilities Standards Legal and Regulatory Requirements Compliance Semantic Mapping Ontology Computer Sciences Datavetenskap (datalogi)
60	Identifying Threat Factors of Vulnerabilities in Ethereum Smart Contracts Noor, Mah, Murad, Syeda Hina January 2023 (has links) Ethereum is one of the top blockchain platforms that represents this second generation of blockchain technology. However, the security vulnerabilities associated with smart contracts pose significant risks to confidentiality, integrity, and availability of applications supported by Ethereum. While several studies have enumerated various security issues in smart contracts, only a handful have identified the factors that determine the severity and potential of these issues to pose significant risks in practice. As its first contribution, this thesis presents a framework that identifies such factors and highlights the most critical security threats and vulnerabilities of Ethereum smart contracts. To achieve this, we conduct a comprehensive literature review to identify and categorize the vulnerabilities, assess their potential impact, and evaluate the likelihood of exploitation in real-life contracts. We classify the identified vulnerabilities based on their nature and severity and proposed mitigation recommendations. Our theoretical contribution is to establish a correlation between the security vulnerabilities of smart contracts and their potential impact on the security of smart contracts by identifying factors that pose a (practical) threat. Our practical contribution involves developing a tool based on staticanalysis that can automatically detect at least one critical securityissue with the highest threat factor. For the target vulnerability, wechoose the usage of input from external users without any validation.This vulnerability, as we call it, Missing Input Validation (MIV), actsas a root cause for further (well-known and well-researched) issues,for instance, the flow of tainted values into sensitive operations suchas the transfer of cryptocurrencies and self destruct instruction. Weimplement the tool MIV Checker and evaluate its efficacy on a test setof 36 smart contracts. Our evaluation results show that MIV Checkercorrectly detects 87.6 % of instances of MIV in the dataset. Smart contract Blockchain Ethereum attacks security vulnerabilities security audits Computer Engineering Datorteknik

Search results