Global ETD Search

1	Obfuskační techniky ransomware / Ransomware Obfuscation Techniques Jacko, Jerguš January 2019 (has links) This master's thesis seeks to design, implement, and point out new techniques for obfuscation of ransomware activity using the entropy principles of data that do not fall within the detection capabilities of known anti-ransomware and anti-virus tools. The proposed techniques are aimed at changing the ransomware activity in the downgrading phase (encryption or obfuscation) of files on the infected system.
2	Security techniques for drones Jongho Won (5930405) 10 June 2019 (has links) <div>Unmanned Aerial Vehicles (UAVs), commonly known as drones, are aircrafts without a human pilot aboard. The flight of drones can be controlled with a remote control by an operator located at the ground station, or fully autonomously by onboard computers. Drones are mostly found in the military. However, over the recent years, they have attracted the interest of industry and civilian sectors. <br></div><div>With the recent advance of sensor and embedded device technologies, various sensors will be embedded in city infrastructure to monitor various city-related information. In this context, drones can be effectively utilized in many safety-critical applications for collecting data from sensors on the ground and transmitting configuration instructions or task requests to these sensors.</div><div> <br></div><div>However, drones, like many networked devices, are vulnerable to cyber and physical attacks.<br></div><div>Challenges for secure drone applications can be divided in four aspects: 1) securing communication between drones and sensors, 2) securing sensor localization when drones locate sensors, 3) providing secure drone platforms to protect sensitive data against physical capture attacks and detect modifications to drone software, and 4) protecting secret keys in drones under white-box attack environments.<br></div><div> <br></div><div>To address the first challenge, a suite of cryptographic protocols is proposed. The protocols are based on certificateless cryptography and support authenticated key agreement, non-repudiation and user revocation. To minimize the energy required by a drone, a dual channel strategy is introduced.<br></div><div>To address the second challenge, a drone positioning strategy and a technique that can filter out malicious location references are proposed.<br></div><div>The third challenge is addressed by a solution integrating techniques for software-based attestation and data encryption.<br></div><div>For attestation, free memory spaces are filled with pseudo-random numbers, which are also utilized to encrypt data collected by the drone like a stream cipher.<br></div>A dynamic white-box encryption scheme is proposed to address the fourth challenge. Short secret key are converted into large look-up tables and the tables are periodically shuffled by a shuffling mechanism which is secure against white-box attackers. Computer System Security Drones white-box encryption sensor localization software attestation
3	On the achievability of white-box cryptography / Sur la faisabilité de la cryptographie en boîte-blanche Roşie, Răzvan 28 May 2019 (has links) Cette thèse s’intéresse à la faisabilité des implémentations en boîte blanche de permutations pseudo-aléatoires sûres. Concrètement nous montrons comment un schéma de chiffrement fonctionnel à plusieurs entrées, qui satisfait une notion naturelle d’être à sens unique, est fondamental à la construction d’implémentations protégées contre les attaques d’extraction de clés. Comme contribution indépendante possédant son intérêt propre, nous étendons la notion de robustesse cryptographique. Sommairement, le chiffrement robuste garantit qu’un chiffré ne peut être lu au moyen de plusieurs clés. Décrite tout d’abord dans le contexte de la cryptographie à clé publique, nous étendons les définitions aux contextes du chiffrement fonctionnel et à l’authentification. / This thesis investigates the realizability of white-box implementations for secure pseudorandom permutations. Concretely, we show that multi-input functional encryption achieving a natural definition of one-wayness is instrumental in building implementations that are secure against key-extraction attacks. As a contribution of independent interest, we extend the notion of robustness to a larger set of primitives. Roughly speaking, robust encryption guarantees that a ciphertext cannot be decrypted under different keys. Initially formalized in a public-key context, we introduce compelling definitions for authentication and functional encryption schemes. Cryptographie en boîte-Blanche Robustesse Chiffrement fonctionnel White-Box cryptography Robustness Functional encryption 005.8
4	Accuracy of Software Reliability Prediction from Different Approaches Vasudev, R.Sashin, Vanga, Ashok Reddy January 2008 (has links) Many models have been proposed for software reliability prediction, but none of these models could capture a necessary amount of software characteristic. We have proposed a mixed approach using both analytical and data driven models for finding the accuracy in reliability prediction involving case study. This report includes qualitative research strategy. Data is collected from the case study conducted on three different companies. Based on the case study an analysis will be made on the approaches used by the companies and also by using some other data related to the organizations Software Quality Assurance (SQA) team. Out of the three organizations, the first two organizations used for the case study are working on reliability prediction and the third company is a growing company developing a product with less focus on quality. Data collection was by the means of interviewing an employee of the organization who leads a team and is in the managing position for at least last 2 years. / svra06@student.bth.se black box testing white box testing analytical model data-driven model Computer Sciences Datavetenskap (datalogi) Software Engineering Programvaruteknik
5	Explaining the output of a black box model and a white box model: an illustrative comparison Joel, Viklund January 2020 (has links) The thesis investigates how one should determine the appropriate transparency of an information processing system from a receiver perspective. Research in the past has suggested that the model should be maximally transparent for what is labeled as ”high stake decisions”. Instead of motivating the choice of a model’s transparency on the non-rigorous criterion that the model contributes to a high stake decision, this thesis explores an alternative method. The suggested method involves that one should let the transparency depend on how well an explanation of the model’s output satisfies the purpose of an explanation. As a result, we do not have to bother if it is a high stake decision, we should instead make sure the model is sufficiently transparent to provide an explanation that satisfies the expressed purpose of an explanation. explainable ai black box transparency white box machine learning information processing system inherently interpretable interpretable model Philosophy Filosofi
6	Application of local semantic analysis in fault prediction and detection Shao, Danhua 06 October 2010 (has links) To improve quality of software systems, change-based fault prediction and scope-bounded checking have been used to predict or detect faults during software development. In fault prediction, changes to program source code, such as added lines or deleted lines, are used to predict potential faults. In fault detection, scope-bounded checking of programs is an effective technique for finding subtle faults. The central idea is to check all program executions up to a given bound. The technique takes two basic forms: scope-bounded static checking, where all bounded executions of a program are transformed into a formula that represents the violation of a correctness property and any solution to the formula represents a counterexample; or scope-bounded testing where a program is tested against all (small) inputs up to a given bound on the input size. Although the accuracies of change-based fault prediction and scope-bounded checking have been evaluated with experiments, both of them have effectiveness and efficiency limitations. Previous change-based fault predictions only consider the code modified by a change while ignoring the code impacted by a change. Scope-bounded testing only concerns the correctness specifications, and the internal structure of a program is ignored. Although scope-bounded static checking considers the internal structure of programs, formulae translated from structurally complex programs might choke the backend analyzer and fail to give a result within a reasonable time. To improve effectiveness and efficiency of these approaches, we introduce local semantic analysis into change-based fault prediction and scope-bounded checking. We use data-flow analysis to disclose internal dependencies within a program. Based on these dependencies, we identify code segments impacted by a change and apply fault prediction metrics on impacted code. Empirical studies with real data showed that semantic analysis is effective and efficient in predicting faults in large-size changes or short-interval changes. While generating inputs for scope-bounded testing, we use control-flow to guide test generation so that code coverage can be achieved with minimal tests. To increase the scalability of scope-bounded checking, we split a bounded program into smaller sub-programs according to data-flow and control-flow analysis. Thus the problem of scope-bounded checking for the given program reduces to several sub-problems, where each sub-problem requires the constraint solver to check a less complex formula, thereby likely reducing the solver’s overall workload. Experimental results show that our approach provides significant speed-ups over the traditional approach. / text Version management Semantic analysis Data-flow analysis Control-flow analysis Scope-bounded checking Alloy First-order logic SAT Computation graph White-box testing
7	A web-based programming environment for novice programmers Truong, Nghi Khue Dinh January 2007 (has links) Learning to program is acknowledged to be difficult; programming is a complex intellectual activity and cannot be learnt without practice. Research has shown that first year IT students presently struggle with setting up compilers, learning how to use a programming editor and understanding abstract programming concepts. Large introductory class sizes pose a great challenge for instructors in providing timely, individualised feedback and guidance for students when they do their practice. This research investigates the problems and identifies solutions. An interactive and constructive web-based programming environment is designed to help beginning students learn to program in high-level, object-oriented programming languages such as Java and C#. The environment eliminates common starting hurdles for novice programmers and gives them the opportunity to successfully produce working programs at the earliest stage of their study. The environment allows students to undertake programming exercises anytime, anywhere, by "filling in the gaps" of a partial computer program presented in a web page, and enables them to receive guidance in getting their programs to compile and run. Feedback on quality and correctness is provided through a program analysis framework. Students learn by doing, receiving feedback and reflecting - all through the web. A key novel aspect of the environment is its capability in supporting small &quotfill in the gap" programming exercises. This type of exercise places a stronger emphasis on developing students' reading and code comprehension skills than the traditional approach of writing a complete program from scratch. It allows students to concentrate on critical dimensions of the problem to be solved and reduces the complexity of writing programs. computer programming flexible delivery web tutoring system on-line learning feedback fill in the gap static analysis cyclomatic complexity automated testing dynamic analysis black box white box feedback XML assessment
8	Whiteboxrouter för små kontorsnätverk - En prestandajämförelse Lundberg, Carl January 2018 (has links) Inom nätverksbranchen finns en strävan att gå från proprietära lösningar till en öppen standard för hård- och mjukvara. En term för detta är Whiteboxing och det innebär att användaren ges möjlighet att plocka ihop komponenter efter behov, och själv välja vilken mjukvara som används. I sin enklaste form byggs en Whiteboxrouter av en konventionell PC med två nätverkskort och en mjukvarubaserad routingapplikation. Företaget ÅF är intresserade av att veta hur Whitebox-lösningar för routrar står sig prestandamässigt i relation till konventionella routerlösningar med Application Specific Integrated Circuit. Detta arbete har undersökt prestandan genom att mäta throughput och goodput hos en Cisco 2911-router, en Whiteboxrouter med mjukvaran pfSense, samt en Whiteboxrouter som körde pfSense virtualiserat på ESXi. Dessutom undersöktes respektive konfigurations prestanda när trafiken skickades över IPsec VPN. För mätningarna användes filöverföringar med FTP och mätprogrammet Iperf3. Målet med arbetet var att skapa ett beslutsunderlag som klargjorde eventuella prestandaskillnader och utarbetade rekommendationer för framtida val av routerlösning. Resultatet visade att vid generell paketförmedling var prestandan mellan routrarna relativt jämn, dock rekommenderas den virtualiserade Whiteboxroutern då den fick det bästa resultatet. När trafiken sedan krypterades med IPsec VPN var det stora prestandaskillnader mellan enheterna. Bäst prestanda fick Whiteboxroutern. Författaren ser en vinning med Whitebox-tekniken i stort då den medger att serverutrustning som ska utrangeras på grund av prestandakrav, istället kan fungera som nätverksutrustning (routrar och brandväggar) och fortsätta användas under en större del av den tekniska livslängden. Detta kan på sikt leda till minskad miljöpåverkan och besparingar för företaget. Whitebox White box Router Throughput Goodput Iperf3 FTP pfSense ASIC Cisco VMware ESXi IPsec AES AES-GCM AES-CBC Prestandajämförelse Prestandamätning Engineering and Technology Teknik och teknologier
9	Multidimensionality of the models and the data in the side-channel domain / Multidimensionnalité des modèles et des données dans le domaine des canaux auxiliaires Marion, Damien 05 December 2018 (has links) Depuis la publication en 1999 du papier fondateur de Paul C. Kocher, Joshua Jaffe et Benjamin Jun, intitulé "Differential Power Analysis", les attaques par canaux auxiliaires se sont révélées être un moyen d’attaque performant contre les algorithmes cryptographiques. En effet, il s’est avéré que l’utilisation d’information extraite de canaux auxiliaires comme le temps d’exécution, la consommation de courant ou les émanations électromagnétiques, pouvait être utilisée pour retrouver des clés secrètes. C’est dans ce contexte que cette thèse propose, dans un premier temps, de traiter le problème de la réduction de dimension. En effet, en vingt ans, la complexité ainsi que la taille des données extraites des canaux auxiliaires n’a cessé de croître. C’est pourquoi la réduction de dimension de ces données permet de réduire le temps et d’augmenter l’efficacité des attaques. Les méthodes de réduction de dimension proposées le sont pour des modèles de fuites complexe et de dimension quelconques. Dans un second temps, une méthode d’évaluation d’algorithmes logiciels est proposée. Celle-ci repose sur l’analyse de l’ensemble des données manipulées lors de l’exécution du logiciel évalué. La méthode proposée est composée de plusieurs fonctionnalités permettant d’accélérer et d’augmenter l’efficacité de l’analyse, notamment dans le contexte d’évaluation d’implémentation de cryptographie en boîte blanche. / Since the publication in 1999 of the seminal paper of Paul C. Kocher, Joshua Jaffe and Benjamin Jun, entitled "Differential Power Analysis", the side-channel attacks have been proved to be efficient ways to attack cryptographic algorithms. Indeed, it has been revealed that the usage of information extracted from the side-channels such as the execution time, the power consumption or the electromagnetic emanations could be used to recover secret keys. In this context, we propose first, to treat the problem of dimensionality reduction. Indeed, since twenty years, the complexity and the size of the data extracted from the side-channels do not stop to grow. That is why the reduction of these data decreases the time and increases the efficiency of these attacks. The dimension reduction is proposed for complex leakage models and any dimension. Second, a software leakage assessment methodology is proposed ; it is based on the analysis of all the manipulated data during the execution of the software. The proposed methodology provides features that speed-up and increase the efficiency of the analysis, especially in the case of white box cryptography. Attaques par canaux auxiliaires Réduction de dimension Modèles de fuites Cryptographie en boîte blanche AES Side-channel attacks Dimensionality reduction Leakage models White box cryptography AES, Advanced Encryption Standard
10	A Study on Behaviors of Machine Learning-Powered Intrusion Detection Systems under Normal and Adversarial Settings Pujari, Medha Rani 15 June 2023 (has links) No description available. Computer Science Intrusion detection systems machine learning contemporary research datasets UNSW-NB15 Bot-IoT CSE-CIC-IDS2018 adversarial machine learning white-box attacks black-box attacks defense mechanism

Search results