To see the other types of publications on this topic, follow the link: Security analysis.
Dissertations / Theses on the topic 'Security analysis'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Security analysis.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Hassan, Aamir, and Fida Mohammad. "Network Security Analysis." Thesis, Halmstad University, School of Information Science, Computer and Electrical Engineering (IDE), 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-4002.
Full textAbstract:
Security is the second step after that a successful network has been deployed. There are many types of attacks that could potentially harm the network and an administrator should carefully document and plan the weak areas, where the network could be compromised. Attackers use special tools and techniques to find out all the possible ways of defeating the network security. This thesis addresses all the possible tools and techniques that attackers use to compromise the network. The purpose for exploring these tools will help an administrator to find the security holes before an attacker can. All of these tools in this thesis are only for the forensic purpose. Securing routers and switches in the best possible way is another goal. We in this part try to identify important ways of securing these devices, along with their limitations, and then determine the best possible way. The solution will be checked with network vulnerable tools to get the results. It is important to note that most of the attention in network security is given to the router, but far less attention is given to securing a switch. This thesis will also address some more ways of securing a switch, if there is no router in the network.
The opponent for the thesis was Yan Wang and the presentation time was 60 minutes.
2
Chivers, Howard Robert. "Security design analysis." Thesis, University of York, 2006. http://etheses.whiterose.ac.uk/9885/.
Full text
3
Fadil, Yousra Ahmed. "Security analysis of steganalyzers." Thesis, Bourgogne Franche-Comté, 2017. http://www.theses.fr/2017UBFCD015/document.
Full textAbstract:
De nos jours, le développement de la stéganalyse et de la stéganographie est incontournable, et peut être utilisé à des fins légales comme illégales, comme dans toute autre application. Le travail présenté dans cette thèse, se concentrant sur ces questions, est divisée en trois parties. La première partie concerne les paramètres permettant d’accroître le niveau de sécurité de la stéganographie afin de faire face aux techniques de stéganalyse. La contribution apportée dans cette première partie concerne l’étude de l’effet de la charge utile, l’extraction des caractéristiques, ainsi que le groupe d’images utilisées dans la phase d’apprentissage et la phase de test. Les résultats des simulations montrent que les techniques de stéganalyse de l’ état de l’art échouent dans la détection des messages secrets intégrés dans les images quand les paramètres changent entre l’apprentissage et le test. Dans la deuxième partie, nous étudions l’impact de la combinaison de plusieurs méthodes stéganographiques sur la détection des messages secrets. Ce travail prend en considération qu’il n’existe pas une procédure idéale, mais que le stéganographieur pourra utiliser n’importe quel schéma ainsi que n’importe quel taux d’embarquement. Dans la troisième et dernière partie, on propose une méthode qui calcule une carte de distorsion précise, en fonction de la dérivée seconde de l’image. La dérivée seconde est utilisée afin de calculer les courbes de niveau, ensuite le message va être caché dans l’image en écartant les courbes de niveaux inférieurs à un certain seuil. Les résultats expérimentaux démontrent que le niveau de sécurité est acceptable comparé aux méthodes stéganographiques de l’état de l’artIn the recent time, the field of image steganalysis and steganography became more important due to the development in the Internet domain. It is important to keep in mind that the whole process of steganography and steganalysis can be used for legal or illegal operations like any other applications. The work in this thesis can be divided inthree parts. The first one concentrates on parameters that increase the security of steganography methods against steganalysis techniques. In this contribution the effect of the payload, feature extractions, and group of images that are used in the learning stage and testing stage for the steganalysis system are studied. From simulation, we note that the state of the art steganalyzer fails to detect the presence of a secret message when some parameters are changed. In the second part, we study how the presence of many steganography methods may influence the detection of a secret message. The work takes into consideration that there is no ideal situation to embed a secret message when the steganographier can use any scheme with any payloads. In the third part, we propose a method to compute an accurate distortion map depending on a second order derivative of the image. The second order derivative is used to compute the level curve and to embed the message on pixels outside clean level curves. The results of embedding a secret message with our method demonstrate that the result is acceptable according to state of the art steganography
4
Duan, Shuwen. "Security Analysis of TETRA." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2013. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-23055.
Full textAbstract:
TETRA is designed to be used in private mobile radio environment, and PMR users have a requirement for high level of security. Security takes a number of different forms, both in terms of availability, reliability of the system and confidentiality of transmitted information. This thesis identified the key security features of TETRA system which includes authentication, encryption and key management. A formal security analysis of authentication protocol was made exploring possible attacks during authentication. The automatic security verification tool used in this thesis is Scyther. Inspired by the result given by Scyther, possible attacks were discussed with different scenarios. It was concluded that some of the attacks found by Scyther might not be the most efficient ones due to their complexity.
5
Marceau, Richard J. "Mechanizing dynamic security analysis." Thesis, McGill University, 1993. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=41244.
Full textAbstract:
The object of software frameworks is to mechanize human processes in order to accomplish high-level tasks that call upon diverse software tools. This thesis describes the ELISA framework prototype which performs power-system dynamic security analysis in the operations planning environment. ELISA mechanizes routines traditionally carried out by experts that are essential to power-system dynamic security analysis, greatly accelerating the realization of complex processes. Typically, ELISA executes appropriate load-flow and transient-stability simulations (i.e. using commercially available simulation software), performs result analysis, identifies and executes changes to the input and repeats this process until a user-defined goal, such as finding transient stability transfer limits, has been achieved.A taxonomy of dynamic security analysis in operations planning is proposed employing the semantic net, class-object-property and rule paradigms. All of these are required to cover the full spectrum of knowledge found in the high-level goals, the process details, the complex conditional structures and the acceptance criteria which characterize dynamic security analysis. This taxonomy also describes the language of operations planners, defining not only the features presently supported by ELISA, but also providing a roadmap to future enhancements. Typical sensitivity studies are presented using a 700-bus production model of the Hydro-Quebec network to illustrate the considerable leverage afforded from using ELISA-like software.
In addition, the thesis addresses the issue of how such tools can assist in performing research to improve our understanding of fundamental power systems behaviour. Using the ELISA prototype as a laboratory test bed, it is shown that the signal energy E of a network's transient response acts as a barometer to define the relative severity of any normal contingency with respect to power generation or transfer P. For a given contingency, as P is varied and the network approaches instability, signal energy increases smoothly and predictably towards an asymptote which defines the network's stability limit: This limit, in turn, permits us to compare the severity of different contingencies. This behaviour can be explained in terms of the effect of increasing power on the damping component of dominant poles, and a simple function is derived which estimates network stability limits with surprising accuracy from two or three stable simulations.
As a corollary to this, it is also shown that a network's transient response can be screened for instability using a simple frequency-domain criterion. Essentially, this criterion requires performing the Fourier transform of a network's transient voltage response at various monitoring locations: When P is varied and the network goes beyond its stability limit, the angle of the Fourier transform's polar plot fundamentally changes its behaviour, passing from a clockwise to a counterclockwise rotational behaviour about the origin. This is confirmed by results obtained from performing stability-limit searches on the Hydro-Quebec system. Used in conjunction with signal energy analysis for determining stability limit proximity, this criterion can be quite useful for mechanized security-limit-determination tools such as ELISA.
Signal energy limit estimation and the proposed stability criterion are shown to be applicable to all normal contingencies and these results hold not-withstanding the presence of many active, nonlinear elements in the network.
6
Huang, Emily Yujie. "Security Analysis: Meritage Homes." Thesis, The University of Arizona, 2014. http://hdl.handle.net/10150/320159.
Full text
7
Wang, Mandy Huaman. "Security Analysis: Meritage Homes." Thesis, The University of Arizona, 2014. http://hdl.handle.net/10150/322089.
Full text
8
Rimando, Ryan A. "Development and analysis of security policies in security enhanced Android." Thesis, Monterey, California. Naval Postgraduate School, 2012. http://hdl.handle.net/10945/27896.
Full textAbstract:
This thesis examines Security Enhanced Android. Both its policy and its additional security features are explored. The policy is examined in depth, providing a better understanding of the security provided by SE Android. We analyze the default SE Android policy. We identify a potential weakness and change the policy to facilitate control over communication channels. A proof-of-concept set of applications is developed to demonstrate how SE Android can be used to improve application security. The proof-of-concept policy is then analyzed to determine if security goals are met.
9
Tian, Ke. "Learning-based Cyber Security Analysis and Binary Customization for Security." Diss., Virginia Tech, 2018. http://hdl.handle.net/10919/85013.
Full textAbstract:
This thesis presents machine-learning based malware detection and post-detection rewriting techniques for mobile and web security problems. In mobile malware detection, we focus on detecting repackaged mobile malware. We design and demonstrate an Android repackaged malware detection technique based on code heterogeneity analysis. In post-detection rewriting, we aim at enhancing app security with bytecode rewriting. We describe how flow- and sink-based risk prioritization improves the rewriting scalability. We build an interface prototype with natural language processing, in order to customize apps according to natural language inputs. In web malware detection for Iframe injection, we present a tag-level detection system that aims to detect the injection of malicious Iframes for both online and offline cases. Our system detects malicious iframe by combining selective multi-execution and machine learning algorithms. We design multiple contextual features, considering Iframe style, destination and context properties.Ph. D.
10
Donta, Praveen Kumar. "Performance Analysis of Security Protocols." UNF Digital Commons, 2007. http://digitalcommons.unf.edu/etd/172.
Full textAbstract:
Security is critical to a wide range of applications and services. Numerous security mechanisms and protocols have been developed and are widely used with today’s Internet. These protocols, which provide secrecy, authentication, and integrity control, are essential to protecting electronic information.
There are many types of security protocols and mechanisms, such as symmetric key algorithms, asymmetric key algorithms, message digests, digital certificates, and secure socket layer (SSL) communication. Symmetric and asymmetric key algorithms provide secrecy. Message digests are used for authentication. SSL communication provides a secure connection between two sockets.
The purpose of this graduate project was to do performance analysis on various security protocols. These are performance comparisons of symmetric key algorithms DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), and RC4; of public-private key algorithms RSA and ElGamal; of digital certificates using message digests SHA1 (Secure Hash Algorithm) and MD5; and of SSL (Secure Sockets Layer) communication using security algorithms 3DES with SHA1 and RC4 with MD5.
11
Corin, Ricardo Javier. "Analysis models for security protocols." Enschede : University of Twente [Host], 2006. http://doc.utwente.nl/50892.
Full text
12
何振林 and Albert Ho. "Chaos theory and security analysis." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 1991. http://hub.hku.hk/bib/B31264931.
Full text
13
Lin, Amerson H. "Automated analysis of security APIs." Thesis, Massachusetts Institute of Technology, 2005. http://hdl.handle.net/1721.1/33295.
Full textAbstract:
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.Includes bibliographical references (p. 123-124).
Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered API- chaining and type-confusion attacks on hardware security modules used in large banking systems. While these first attacks were found through human inspection of the API specifications, we take the approach of modeling these APIs formally and using an automated-reasoning tool to discover attacks. In particular, we discuss the techniques we used to model the Trusted Platform Module (TPM) v1.2 API and how we used OTTER, a theorem-prover, and ALLOY, a model-finder, to find both API- chaining attacks and to manage API complexity. Using ALLOY, we also developed techniques to capture attacks that weaken, but not fully compromise, a system's security. Finally, we demonstrate a number of real and "near-miss" vulnerabilities that were discovered against the TPM.
by Amerson H. Lin.
M.Eng.and S.B.
14
Persman, Pontus, and Sebaztian Öjebrant. "Security analysis of a smartlock." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-302411.
Full textAbstract:
The Internet of Things (IoT) market has expanded and the variety as well as quantity of IoT devices has been rapidly increasing. Which also bring new security threats as new vulnerabilities are found within IoT devices. One area where these devices are being used is in smart homes and where smart locks especially needs to be designed in a secure way. This study aims to assess the security of a smart lock unit. We first present a background including threat modelling and previously found vulnerabilities. Then a methodology section for different attacks performed as well as the results from doing them. Finally, a discussion where we assess the security implications of the results. The conclusion from the results are that the smart lock exhibits vulnerabilities in its design. Specifically in its file system encryption, resistance to disruption attacks and the consistency of access granted to guests.Marknaden för Internet of Things (IoT) har expanderats och varieteten såväl som kvantiteten av IoT enheter har snabbt ökat. Som också för mer sig nya säkerhetshot då nya sårbarheter hittas i IoT enheter. Ett område där dessa enheter används är i smart hem och där smarta lås speciellt behöver designas på ett säkert sätt. Den här studien har som syfte att bedöma säkerheten av ett smart lås. Först presenterar vi en bakgrund vilket inkulderar hotmodellering och tidigare hittade sårbarheter. Sedan en metod del för de olika attacker utförda såväl som resultat av att utföra dem. Slutligen, en diskussion där vi bedömer säkerhetsimplikationerna av resultaten hittade. Slutsatsen från resultaten är att det smarta låset visar på sårbarheter i dess design. Speciellt i sitt kryptering av filsystemet, motstånd till störnings attacker och varaktigheten av tillgång som beviljat till gäster.
15
Friman, Nelly. "Security Analysis of Smart Buildings." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-279423.
Full textAbstract:
In recent years, buildings have been starting to become more automated to match the demand forenergy efficient and sustainable housing. Subsystems, or so-called Building Management Systems(BMS), such as heating, electricity or access control, are gradually becoming more automated. Thenext step is to integrate all BMS in a building within one system, which is then called a smartbuilding. However, while buildings are becoming more and more automated, the concerns ofcybersecurity grow larger. While integrating a wide range of Internet of Things (IoT) devices withthe system, the attack surfaces is larger, and this, together with the automation of criticalsubsystems in the building leads to that attacks in worse case can harm the occupants of thebuilding.In this paper, the threats and risks are analyzed by using a security threat model. The goal isto identify and analyze potential threats and risks to smart buildings, with the purpose to giveinsight in how to develop secure systems for them. The process of the model includes five phases ofwhich this study focuses on phase one and three, identifying losses after a successful attack, anddetermine goals and intentions of the attackers for specific attacks, respectively.As a result of the security analysis potential threats were defined, in which the ones withhighest threat event frequency included data leaks and disabling the heating system. Somevulnerabilities and recommendations to improv the system is also discussed, which is of importanceso that occupants can continue to live and work in sustainable, reliable and secure facilities.På senare år har fastigheter utvecklats till att bli mer automatiserade för att matcha efterfrågan påenergieffektiva och hållbara bostäder. Fastighetslösningarna (Building Management Systems,BMS), såsom värme- eller passersystem, blir gradvis mer automatiserade. Nästa steg är att integreraalla BMS i en byggnad till ett gemensamt system, som då kallas för en smart fastighet. Medanbyggnader blir alltmer automatiserade, växer oron kring cybersäkerhet eftersom man delsintegrerar ett stort antal Internet of Things (IoT)-enheter med systemet och samtidigt automatiserarmånga kritiska fastighetslösningar. I värsta fall skulle därför en utomstående attack kunna leda tillfysisk skada på fastigheter eller personer som befinner sig där.I denna studie utförs en säkerhetsanalys där dessa hot och risker analyseras med hjälp av enhotmodellering. Målet är att identifiera och analysera potentiella hot och risker för smartafastigheter, med syftet att ge insikt i hur man bör säkra dessa system. Modelleringen innehåller femfaser, av vilka denna studie fokuserar på fas ett och tre. I första fasen identifieras vilka förluster somfinns för företag och boende efter en framgångsrik attack och i fas tre identifieras angriparnas måloch avsikter för specifika attacker.Ett resultat av säkerhetsanalysen är att av de potentiella hot som definierats, är de medhögsta antalet försök till attack per år (Threat Event Frecquency, TEF) dataläckage och attinaktivera värmesystemet. Några sårbarheter med smarta fastigheter och rekommendationer för attförbättra systemet diskuteras också. Att utveckla säkra system till smarta fastigheter är av störstavikt för att personer kan fortsätta bo och arbeta i hållbara, pålitliga och säkra byggnader.
16
Ho, Albert. "Chaos theory and security analysis /." [Hong Kong] : University of Hong Kong, 1991. http://sunzi.lib.hku.hk/hkuto/record.jsp?B13055227.
Full text
17
Keffeler, Bryce Thomas. "Security Investment Analysis: Meritage Homes." Thesis, The University of Arizona, 2014. http://hdl.handle.net/10150/320203.
Full text
18
Young, Jared Jeffrey. "Security Investment Analysis: Meritage Homes." Thesis, The University of Arizona, 2014. http://hdl.handle.net/10150/322109.
Full text
19
Martinez, Salvador. "Automatic reconstruction and analysis of security policies from deployed security components." Phd thesis, Ecole des Mines de Nantes, 2014. http://tel.archives-ouvertes.fr/tel-01065944.
Full textAbstract:
Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed by a number of heterogeneous subsystems, each subsystem plays a key role in the global system security. For the specific case of access-control, access-control policies may be found in several components (databases, networksand applications) all, supposedly, working together. Nevertheless since most times these policies have been manually implemented and/or evolved separately they easily become inconsistent. In this context, discovering and understanding which security policies are actually being enforced by the information system comes out as a critical necessity. The main challenge to solve is bridging the gap between the vendor-dependent security features and a higher-level representation that express these policies in a way that abstracts from the specificities of concrete system components, and thus, it's easier to understand and reason with. This high-level representation would also allow us to implement all evolution/refactoring/manipulation operations on the security policies in a reusable way. In this work we propose such a reverse engineering and integration mechanism for access-control policies. We rely on model-driven technologies to achieve this goal.
20
Alexander, James. "Promoting security imaginaries : an analysis of the market for everyday security solutions." Thesis, University of Manchester, 2014. https://www.research.manchester.ac.uk/portal/en/theses/promoting-security-imaginaries-an-analysis-of-the-market-for-everyday-security-solutions(1dc57433-40f6-40c1-bd13-56ab2347c35a).html.
Full textAbstract:
This thesis is centred on the question of the effect security technologies, and the imaginaries associated with them, have on the formation of the present security doxa. With a more nuanced understanding of technology as process, and the role of imagination reintroduced into the nexus, this thesis aims to enable an understanding of how technological security solutions are deployed in everyday life and how this contributes to a reformulating of politics in a world gripped by anxiety about an uncertain future. Of primary interest is the way in which seemingly mundane technologies can enter the dominant security narrative and achieve deployment in everyday life, not only as the prime solution to concerns of risk, but as something to actively be desired in themselves. A vital and understudied arena for the dissemination of specific imaginaries of mundane security tools as the ultimate solution to a risky future – as an end in and of themselves – are the spaces of promotion for such technologies. The centrepiece of promotion is found at the trade fairs and exhibitions where one can witness the marketing and sale of the ‘latest and greatest’ tech fixes from an ever increasing range of private sector security entrepreneurs whose living is made from promoting security. By offering both a mapping of the wider expansion and logic of the security fair world, and an ethnographic study of interactions within the exhibition walls of the International Fire and Security Exhibition and Conference (IFSEC) over the course of three years, this thesis makes it possible to develop a better understanding of both the makeup and relations between these elements, and expose these gatherings as more than just sites of commerce and consumption, and much more than simply a metaphor for the wider security world. Instead, they can be thought of as hotspots of intensive exchange of knowledge, new ideas and network building. Thus, this thesis aims to demonstrate how international trade fairs and exhibitions are more than just an ever more important means of distributing security technologies. It is not a question of the relationship between visitors and exhibitors, or the particular effectiveness of marketing strategies deployed by individual firms. It is about the underpinning logic of a particular mind-set regarding what it means to consume security as a commodity, and a specific imagining of a secured future with such solutions as the ultimate end-in-themselves and how these spaces are pivotal in the dissemination, propagation and reformulation of changing attitudes towards security.
21
Dobson, Lucas E. "Security analysis of session initiation protocol." Thesis, Monterey, California : Naval Postgraduate School, 2010. http://edocs.nps.edu/npspubs/scholarly/theses/2010/Jun/10Jun%5FDobson.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2010.Thesis Advisor(s): Dinolt, George ; Eagle, Chris. "June 2010." Description based on title screen as viewed on July 13, 2010. Author(s) subject terms: Session initiation protocol, voice over IP, information security, siproxd, linphone, Qutecom, osip, eXosip Includes bibliographical references (p. 77-78). Also available in print.
22
Ballester, Lafuente Carlos. "Security Analysis of Future Internet Architectures." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10910.
Full textAbstract:
During the last decades, Internet has evolved from host-centric toinformation-centric in the sense that it is information and data what matters,regardless of where it is located. Meanwhile, Internet's architecturestill remains the same as it was in its origins and still focuses on host-tohostcommunication, putting too much emphasis on the "where" ratherthan putting it on the "what".Original Internet's architecture also introduces several security aws suchas DoS and DDoS, spoong and spam, and other non-security relatedproblems such as availability or location dependence related issues. Inorder to address these issues, several new architectures and protocols havebeen proposed. Some of them aim at redesigning totally the architecture ofInternet from scratch, while others aim at improving it without redesigningit totally.The aim of this Master Thesis is to analyze these new protocols and architecturesfrom a security point of view in order to determine whether thesecurity claims made are true or not. The security analysis is made basedon RFCs, technical papers and project deliverables. The results obtainedhave uncovered some security issues in several of the new protocols andarchitectures and have provided some insight into further improving them.
23
Bleikertz, Sören. "Automated Security Analysis of Infrastructure Clouds." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10914.
Full textAbstract:
Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption. In particular, these highly flexible but complex cloud computing environments are prone to misconfigurations leading to security incidents, eg, erroneous exposure of services due to faulty network security configurations. In this thesis we present a novel approach in the security assessment of multi-tier architectures deployed on infrastructure clouds such as Amazon EC2. In order to perform this assessment for the currently deployed configuration, we automated the process of extracting the configuration using the Amazon API and translating it into a generic data model for later analysis. In the assessment we focused on the reachability and vulnerability of services in the virtual infrastructure, and presented a way for the visualization andautomated analysis based on reachability and attack graphs. We proposed a query and policy language for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. We have implemented the security assessment in a prototype and evaluated it for practical andtheoretical scenarios. Furthermore, a framework is presented which allows the evaluation of configuration changes in the agile and dynamic cloud environments with regard to properties like vulnerabilities or expected availability. In case of a vulnerability perspective, this evaluation can be used to monitor the securitylevels of the configuration over its lifetime and to indicate degradations.
24
Talic, Ammar. "Security Analysis of Ethernet in Cars." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-215329.
Full textAbstract:
With the development of advanced driving assistance systems, the amount of data that needs to be transmitted within a car has increased tremendously. Traditional communication bus based systems are unable to meet today’s requirements; hence automotive Ethernet is being developed and standardized. Ethernet has for many years been the de facto standard in interconnecting computers. In that time several vulnerabilities of the networking protocol stack implementations and even the protocols themselves have been discovered. The knowledge from exploiting computer networks can be applied to the automotive domain. Additionally, vehicle manufacturers tend to implement their own stacks, due to copyleft reasons; hence the chances of implementation faults increases as opposed to using well-tested open source solutions. Since the line between security and safety in cars is almost nonexistent, security has to be properly addressed. This thesis investigates the security of automotive Ethernet and its accompanying protocols. It starts with an introduction to computer and automotive networking and protocols. After a solid foundation is laid, it investigates what makes up automotive Ethernet, its application in the field, and the automotive specific components relying on it. After looking at related work, a data network security audit and analysis as defined by the open-source security testing methodology is performed. The system is graded with risk assessment values. Weak points are identified and improvements suggested. The impact of the proposed improvements is shown by reevaluating the system and recalculating the risk assessment values. These efforts further the ultimate goal of achieving increased safety of all traffic participants.Med utvecklingen av avancerade körningsassisterande system har mängden data som behöver sändas inom en bil ökat enormt. Traditionella kommunikationsbussbaserade system kan inte uppfylla dagens krav. Därmed utvecklas och standardiseras Ethernet för fordon. Ethernet har i många år varit de facto-standarden i sammankopplandet mellan datorer. Under den tiden har flera sårbarheter hos nätverksprotokolls implementeringar och protokoll själva upptäckts. Det finns anledning att tro att kunskapen från att utnyttja datanätverk kan tillämpas på fordonsdomänen. Att tillägga är att fordonstillverkare tenderar att genomföra sina egna staplar. På grund av copyleft skäl, ökar chanserna för implementeringsfel i motsats till att använda testade open source-lösningar. Eftersom människors säkerhet hos bilar är extremt viktigt, måste även dess system hanteras ordentligt. Denna avhandling undersöker säkerheten för Ethernet och kompletterande protokoll hos bilar. Den börjar med en introduktion till datorers och bilars nätverk och protokoll. Efter en stabil grund fastställts, undersöker den vad som utgör Ethernet hos bilar, dess tillämpning inom fältet, och de bilspecifika komponenterna den beror av. Efter att ha tittat på relaterat arbete utförs en säkerhetsgranskning och analys av datanätverk som definieras av säkerhetsmetoden för open-source. Systemet värderas med riskbedömningsvärden. Svaga punkter identifieras och förbättringar föreslås. Effekten av de föreslagna förbättringarna framgår utav omvärdering av systemet och omräkning av riskbedömningsvärdena. Dessa bedömningar leder till det yttersta målet för ökad säkerhet för alla trafikanter.
25
Araya, Cristian, and Manjinder Singh. "Web API protocol and security analysis." Thesis, KTH, Data- och elektroteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-208934.
Full textAbstract:
There is problem that every company has its own customer portal. This problem can be solved by creating a platform that gathers all customers’ portals in one place. For such platform, it is required a web API protocol that is fast, secure and has capacity for many users. Consequently, a survey of various web API protocols has been made by testing their performance and security. The task was to find out which web API protocol offered high security as well as high performance in terms of response time both at low and high load. This included an investigation of previous work to find out if certain protocols could be ruled out. During the work, the platform’s backend was also developed, which needed to implement chosen web API protocols that would later be tested. The performed tests measured the APIs’ connection time and their response time with and without load. The results were analyzed and showed that the protocols had both pros and cons. Finally, a protocol was chosen that was suitable for the platform because it offered high security and fast connection. In addition, the server was not affected negatively by the number of connections. Reactive REST was the web API protocol chosen for this platform.Det finns ett problem i dagens samhälle gällande att varje företag har sin egen kundportal. Detta problem kan lösas genom att skapa en plattform som samlar alla kundportaler på samma plats. För en sådan plattform krävs det ett web API protokoll som är snabb, säker och har kapacitet för många användare. Därför har en undersökning om olika web API protokolls prestanda samt säkerhetstester gjorts. Arbetet gick ut på att ta reda på vilket web API protokoll som erbjuder hög säkerhet och hög prestanda i form av svarstid både vid låg och hög belastning. Det ingick också i arbetet att göra en undersökning av tidigare arbeten för att ta reda på om eventuella protokoll kunde uteslutas. Under arbetet utvecklades också plattformens backend som implementerade de olika web API protokollen för att sedan kunna utföra tester på dessa. Testerna som utfördes var svarstid både med och utan belastning, uppkopplingstid samt belastning. Resultaten analyserades och visade att protokollen hade både för- och nackdelar. Avslutningsvis valdes ett protokoll som var lämpad för plattformen eftersom den hade hög säkerhet samt snabbast uppkopplingstid. Dessutom påverkades inte servern negativt av antalet uppkopplingar. Reactive REST valdes som web API protokoll för denna plattform.
26
Zhang, Zhonghua. "Algorithms for power system security analysis." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2000. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape4/PQDD_0025/MQ51827.pdf.
Full text
27
Ali, Dana, and Goran Kap. "Statistical Analysis of Computer Network Security." Thesis, KTH, Matematisk statistik, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-129948.
Full textAbstract:
In this thesis it isshown how to measure the annual loss expectancy of computer networks due to therisk of cyber attacks. With the development of metrics for measuring theexploitation difficulty of identified software vulnerabilities, it is possibleto make a measurement of the annual loss expectancy for computer networks usingBayesian networks. To enable the computations, computer net-work vulnerabilitydata in the form of vulnerability model descriptions, vulnerable dataconnectivity relations and intrusion detection system measurements aretransformed into vector based numerical form. This data is then used to generatea probabilistic attack graph which is a Bayesian network of an attack graph.The probabilistic attack graph forms the basis for computing the annualizedloss expectancy of a computer network. Further, it is shown how to compute anoptimized order of vulnerability patching to mitigate the annual lossexpectancy. An example of computation of the annual loss expectancy is providedfor a small invented example network
28
Kavuluru, Ramakanth. "ANALYSIS OF SECURITY MEASURES FOR SEQUENCES." UKnowledge, 2009. http://uknowledge.uky.edu/gradschool_diss/735.
Full textAbstract:
Stream ciphers are private key cryptosystems used for security in communication and data transmission systems. Because they are used to encrypt streams of data, it is necessary for stream ciphers to use primitives that are easy to implement and fast to operate. LFSRs and the recently invented FCSRs are two such primitives, which give rise to certain security measures for the cryptographic strength of sequences, which we refer to as complexity measures henceforth following the convention. The linear (resp. N-adic) complexity of a sequence is the length of the shortest LFSR (resp. FCSR) that can generate the sequence. Due to the availability of shift register synthesis algorithms, sequences used for cryptographic purposes should have high values for these complexity measures. It is also essential that the complexity of these sequences does not decrease when a few symbols are changed. The k-error complexity of a sequence is the smallest value of the complexity of a sequence obtained by altering k or fewer symbols in the given sequence. For a sequence to be considered cryptographically ‘strong’ it should have both high complexity and high error complexity values.
An important problem regarding sequence complexity measures is to determine good bounds on a specific complexity measure for a given sequence. In this thesis we derive new nontrivial lower bounds on the k-operation complexity of periodic sequences in both the linear and N-adic cases. Here the operations considered are combinations of insertions, deletions, and substitutions. We show that our bounds are tight and also derive several auxiliary results based on them.
A second problem on sequence complexity measures useful in the design and analysis of stream ciphers is to determine the number of sequences with a given fixed (error) complexity value. In this thesis we address this problem for the k-error linear complexity of 2n-periodic binary sequences. More specifically:
1. We characterize 2n-periodic binary sequences with fixed 2- or 3-error linear complexity and obtain the counting function for the number of such sequences with fixed k-error linear complexity for k = 2 or 3.
2. We obtain partial results on the number of 2n-periodic binary sequences with fixed k-error linear complexity when k is the minimum number of changes required to lower the linear complexity.
29
Huang, Enyang. "Automated security analysis of payment protocols." Thesis, Massachusetts Institute of Technology, 2012. http://hdl.handle.net/1721.1/78140.
Full textAbstract:
Thesis (Ph. D. in the Field of Computer Engineering)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 2012.Cataloged from PDF version of thesis.
Includes bibliographical references (p. 173-182).
Formal analyses have been used for payment protocol design and verification but, despite developments in semantics and expressiveness, previous literature has placed little emphasis on the automation aspects of the proof systems. This research develops an automated analysis framework for payment protocols called PTGPA. PTGPA combines the techniques of formal analysis as well as the decidability afforded by theory generation, a general-purpose framework for automated reasoning. A comprehensive and self-contained proof system called TGPay is first developed. TGPay introduces novel developments and refinements in the formal language and inference rules that conform to the prerequisites of theory generation. These target desired properties in payment systems such as confidentiality, integrity, authentication, freshness, acknowledgement and non-repudiation. Common security primitives such as encryption, decryption, digital signatures, message digests, message authentication codes and X.509 certificates are modeled. Using TGPay, PTGPA performs analyses of payment protocols under two scenarios in full automation. An Alpha-Scenario is one in which a candidate protocol runs in a perfect environment without attacks from any intruders. The candidate protocol is correct if and only if all pre-conditions and post-conditions are met. PTGPA models actions and knowledge sets of intruders in a second, modified protocol that represents an attack scenario. This second protocol, called a Beta-Scenario, is obtained mechanically from the original candidate protocol, by applying a set of elementary capabilities from a Dolev-Yao intruder model. This thesis includes a number of case studies to demonstrate the feasibility and benefits of the proposed framework. Automated analyses of real-world bank card payment protocols as well as newly proposed contactless mobile payment protocols are presented. Security flaws are identified in some of the protocols; their causes and implications are addressed.
by Enyang Huang.
Ph.D.in the Field of Computer Engineering
30
Kang, Eunsuk. "Multi-representational security modeling and analysis." Thesis, Massachusetts Institute of Technology, 2016. http://hdl.handle.net/1721.1/103738.
Full textAbstract:
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 103-109).
Many security attacks arise from unanticipated behaviors that are inadvertently introduced by the system designer at various stages of the development. This thesis proposes a multi-representational approach to security modeling and analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. The thesis also introduces Poirot, a prototype implementation of the approach, and reports on the application of Poirot to detect previously unknown security flaws in publicly deployed systems.
by Eunsuk Kang.
Ph. D.
31
Baldwin, Robert W. (Robet William). "Rule based analysis of computer security." Thesis, Massachusetts Institute of Technology, 1987. http://hdl.handle.net/1721.1/14592.
Full textAbstract:
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1987.Includes bibliographical references.
Supported by the Defense Advanced Research Projects Agency of the Department of Defense, monitored by the Office of Naval Research. N00014-83-K-0125
by Robert W. Baldwin.
Ph.D.
32
Askeli, D. (Daniel). "Data collection for software security analysis." Master's thesis, University of Oulu, 2016. http://urn.fi/URN:NBN:fi:oulu-201606072460.
Full textAbstract:
There is a vast amount of data available on the Internet originating from multiple sources. Combining different sources is interesting as it can offer more information than separate sources. In addition current trends favoring open source projects and open information provide an interesting setting for security analysis. However in order to utilize the data it needs to be harvested. In this work implementation of a document oriented time series data collection framework is presented. It provides features that make data collection easier compared to previously existing solutions. The framework is then used to collect data from two popular open source projects and relevant vulnerability data sources. The data is used to determine where in the source code the vulnerabilities locate and the locations are visualized. Results suggest that there is value to be gained from combining data sourcesInternet tarjoaa valtavan määrän vapaasti saatavilla olevia datalähteitä. Näiden datalähteiden yhdistäminen on mielenkiintoista, sillä siten voidaan saada enemmän tietoa kuin erillisistä tietolähteistä. Lisäksi nykyiset avoimen lähdekoodin projekteja suosivat suuntaukset antavat mielenkiintoisen kehyksen tietoturvaanalyysille. Jotta dataa voidaan käyttää, pitää se kuitenkin ensin kerätä. Tässä työssä esitetään dokumenttisuuntautunut aikasarjadatan keräämiseen tarkoitettu ohjelmistokehys. Kehys sisältää ominaisuuksia, jotka tekevät datan keräämisestä helpompaa verrattuna aikaisempiin ohjelmistoratkaisuihin. Kehystä käytetään datan keräämiseen kahdesta suositusta avoimen lähdekoodin projektista ja niihin liittyvistä haavoittuvuusdatalähteistä. Kerättyä dataa käytetään haavoittuvuuksien paikan selvittämiseen, minkä jälkeen ne visualisoidaan. Tulokset osoittavat, että tietolähteitä yhdistämällä voidaan saada lisäarvoa tietoturva-analyysissa
33
Gerault, David. "Security analysis of contactless communication protocols." Thesis, Université Clermont Auvergne (2017-2020), 2018. http://www.theses.fr/2018CLFAC103.
Full text
34
Hsu, Yating. "Formal Analysis of Network Protocol Security." The Ohio State University, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=osu1317230784.
Full text
35
Khatwani, Chanchal. "Security Analysis of ECC Based Protocols." UNF Digital Commons, 2017. http://digitalcommons.unf.edu/etd/734.
Full textAbstract:
Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities, and to enhance them to be more secure against threats. This work demonstrates how currently used ECC based protocols are vulnerable to attacks. If protocols are vulnerable, damages could include critical data loss and elevated privacy concerns. The protocols considered in thiswork differ in their usage of security factors (e.g. passwords, pins, and biometrics), encryption and timestamps. The threatmodel considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals.
36
Goktepe, Meftun. "Windows XP Operating System security analysis." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02sep%5FGoktepe.pdf.
Full textAbstract:
Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, September 2002.Thesis advisor(s): Richard Harkins, Cynthia Irvine. Includes bibliographical references (p. 105-107). Also available online.
37
Olunuga, Adetunji A. "Profile Analysis of Mobile Application Security." UNF Digital Commons, 2018. https://digitalcommons.unf.edu/etd/835.
Full textAbstract:
ABSTRACT
This thesis conducts profile analysis on the mobile application security using peer-review articles that were published from 2010 to 2018. From the analysis, we will identify prolific authors, intuitions, and geographic regions as well as the topics addressed by the articles. The profile analysis will reveal most frequently used research methods, research approaches (quantitative, qualitative and mixed), and theories used to study the field. This thesis reveals that none of the researchers have made significant contributions to the field, and researches are not collaborating to solve their research problems. The profile analysis shows that surveys and experiments are the most utilized research methods, and most researchers studied the field at a higher level, i.e., security was the focus of the research but did not go deeper into various aspects of security such as privacy, security vulnerabilities, and mobile application security best practices.
38
Hong, Jin Bum. "Scalable and adaptable security modelling and analysis." Thesis, University of Canterbury. Computer Science and Software Engineering, 2015. http://hdl.handle.net/10092/10246.
Full textAbstract:
Modern networked systems are complex in such a way that assessing the security of them is a difficult task. Security models are widely used to analyse the security of these systems, which are capable of evaluating the complex relationship between network components. Security models can be generated by identifying vulnerabilities, threats (e.g., cyber attacks), network configurations, and reachability of network components. These network components are then combined into a single model to evaluate how an attacker may penetrate through the networked system. Further, countermeasures can be enforced to minimise cyber attacks based on security analysis. However, modern networked systems are becoming large sized and dynamic (e.g., Cloud Computing systems). As a result, existing security models suffer from scalability problem, where it becomes infeasible to use them for modern networked systems that contain hundreds and thousands of hosts and vulnerabilities. Moreover, the dynamic nature of modern networked systems requires a responsive update in the security model to monitor how these changes may affect the security, but there is a lack of capabilities to efficiently manage these changes with existing security models. In addition, existing security models do not provide functionalities to capture and analyse the security of unknown attacks, where the combined effects of both known and unknown attacks can create unforeseen attack scenarios that may not be detected or mitigated. Therefore, the three goals of this thesis are to (i) develop security modelling and analysis methods that can scale to a large number of network components and adapts to changes in the networked system; (ii) develop efficient security assessment methods to formulate countermeasures; and (iii) develop models and metrics to incorporate and assess the security of unknown attacks.
A lifecycle of security models is introduced in this thesis to concisely describe performance and functionalities of modern security models. The five phases in the lifecycle of security models are: (1) Preprocessing, (2) Generation, (3) Representation, (4) Evaluation, and (5) Modification.
To achieve goal (i), a hierarchical security model is developed to reduce the computational costs of assessing the security while maintaining all security information, where each layer captures different security information. Then, a comparative analysis is presented to show the scalability and adaptability of security models. The complexity analysis showed that the hierarchical security model has better or equivalent complexities in all phases of the lifecycle in comparison to existing security models, while the performance analysis showed that in fact it is much more scalable in practical network scenarios.
To achieve goal (ii), security assessment methods based on importance measures are developed. Network centrality measures are used to identify important hosts in the networked systems, and security metrics are used to identify important vulnerabilities in the host. Also, new network centrality measures are developed to improvise the lack of accuracy of existing network centrality measures when the attack scenarios consist of attackers located inside the networked system. Important hosts and vulnerabilities are identified using efficient algorithms with a polynomial time complexity, and the accuracy of these algorithms are shown as nearly equivalent to the naive method through experiments, which has an exponential complexity.
To achieve goal (iii), unknown attacks are incorporated into the hierarchical security model and the combined effects of both known and unknown attacks are analysed. Algorithms taking into account all possible attack scenarios associated with unknown attacks are used to identify significant hosts and vulnerabilities. Approximation algorithms based on dynamic programming and greedy algorithms are also developed to improve the performance. Mitigation strategies to minimise the effects of unknown attacks are formulated on the basis of significant hosts and vulnerabilities identified in the analysis. Results show that mitigation strategies formulated on the basis of significant hosts and vulnerabilities can significantly reduce the system risk in comparison to randomly applying mitigations.
In summary, the contributions of this thesis are: (1) the development and evaluation of the hierarchical security model to enhance the scalability and adaptability of security modelling and analysis; (2) a comparative analysis of security models taking into account scalability and adaptability; (3) the development of security assessment methods based on importance measures to identify important hosts and vulnerabilities in the networked system and evaluating their efficiencies in terms of accuracies and performances; and (4) the development of security analysis taking into account unknown attacks, which consists of evaluating the combined effects of both known and unknown attacks.
39
Rieke, Roland [Verfasser], and Bernd [Akademischer Betreuer] Freisleben. "Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" - / Roland Rieke. Betreuer: Bernd Freisleben." Marburg : Philipps-Universität Marburg, 2015. http://d-nb.info/1064976417/34.
Full text
40
Conway, Jared Thomas. "Security and the Offshore Nuclear Plant (ONP) : security simulation testing and analysis of the multi-layer security system." Thesis, Massachusetts Institute of Technology, 2018. https://hdl.handle.net/1721.1/122502.
Full textAbstract:
Thesis: S.B., Massachusetts Institute of Technology, Department of Nuclear Science and Engineering, June 2019Cataloged from PDF version of thesis.
Includes bibliographical references (pages 94-96).
The ONP research team from the Nuclear Science and Engineering Department at MIT has been researching and developing the possibility of a nuclear reactor deployed on an offshore platform out to sea. Such a reactor deployed up to twelve nautical miles offshore poses a significant security risk that needs to be addressed. Through the studies of MIT graduate Vince Kindfuller, a security plan was proposed in the ICONE24-61029 paper of 2016. This research aims to investigate the effectiveness of the proposed security plan for the ONP-300 and ONP-1100 through the use of a simulation software developed by ARES Corporation, to expand on the security plan to include a response to nonviolent adversaries, and to alter the security plan and plant design as necessary to increase the effectiveness of the security configuration while limiting expenses.
Initially, different attack scenarios were investigated and four design-basis threats (DBT) were formulated based on knowledge from industry professionals. Through the use of ARES software, results indicated that the initial platform design for the ONP 300 led to major line-of-sight issues for security officers on the top deck of the plant causing performance below the minimum acceptable level. This realization led to changes in the ONP 300's security configuration and structural layout. Upon development of a platform layout that maximized security performance, a sensitivity analysis was conducted on the following aspects of the security plan: size of the adversary force, size of the guard force, and use of a hostile insider attack. The results of sensitivity analysis proved sufficient to lower the anticipated number of guard positions from 10 to 5 with 5.2 security officers per position to maintain watch at all times. This corresponds to a significant reduction in operational costs.
Sensitivity analysis also indicated that functioning radar is the key to success for security. This analysis concluded with blast analysis to determine the location of the physical barrier which should be placed about 250 m from the ONP and an overview of ONP-1100 security performance with five guard positions. The major contribution of this work is therefore two-fold: First, implementation of security-enhancing features have been accomplished at the very early stage of the ONP design when innovative features can be best identified and implemented in a cost-effective manner. Second, application of a Monte Carlo numerical tool has allowed confirmation of the effectiveness of the design to defeat a wide range of intruder scenarios under a variation of different situations proving the robustness of the security design.
by Jared Thomas Conway.
S.B.
S.B. Massachusetts Institute of Technology, Department of Nuclear Science and Engineering
41
Jud, Petra. "A Swiss Tale of Security : Critical Analysis of Switzerland’s Federal Council’s Security Narrative." Thesis, Försvarshögskolan, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:fhs:diva-9666.
Full textAbstract:
This paper seeks to explore why the people of Switzerland have preponderantly voted in favour of a strong military defence despite the reality of Swiss security in the 21st century being dependent on international collaboration outside the military arena. The conundrum is answered by determining the Swiss Federal Council’s strategic narrative regarding security, through examination of its explanatory texts in voting booklets between 1978 and 2020, finding that the matter of armed neutrality is a red thread. Either neutrality is used as justification of an act supported by the Federal Council, or that neutrality would be harmed by popular initiatives the Council does not endorse.
42
Szreder, Mikael. "IoT Security in Practice : A Computer Security Analysis of the IKEA “TRÅDFRI” Platform." Thesis, Linköpings universitet, Informationskodning, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161042.
Full textAbstract:
In order to develop secure Internet of Things (IoT) devices, it is vital that security isconsidered throughout the development process. However, this is not enough as vulnerabledevices still making it to the open market. To try and solve this issue, this thesis presentsa structured methodology for performing security analysis of IoT platforms. The presented methodology is based on a black box perspective, meaning that theanalysis starts without any prior knowledge of the system. The aim of the presentedmethodology is to obtain information in such a way as to recreate the system design fromthe implementation. In turn, the recreated system design can be used to identify potentialvulnerabilities. Firstly the potential attack surfaces are identified, which the methodology calls inter-faces. These interfaces are the point of communication or interaction between two partsof a system. Secondly, since interfaces do not exist in isolation, the surrounding contextsin which these interfaces exist in are identified. Finally the information processed by theseinterfaces and their contexts are analyzed. Once the information processed by the iden-tified interfaces in their respective contexts are analysed, a risk assessment is performedbased on this information. The methodology is evaluated by performing an analysis of the IKEA “TRÅDFRI”smart lighting platform. By analysing the firmware update process of the IKEA “TRÅD-FRI” platform it can be concluded that the developers have used standardized protocolsand standardized cryptographic algorithms and use these to protect devices from ma-licious firmware. The analysis does however find some vulnerabilities, even though thedevelopers have actively taken steps to protect the system.
43
Li, Louis. "Security Analysis of Java Web Applications Using String Constraint Analysis." Thesis, Harvard University, 2015. http://nrs.harvard.edu/urn-3:HUL.InstRepos:14398534.
Full textAbstract:
Web applications are exposed to myriad security vulnerabilities related to malicious user
string input. In order to detect such vulnerabilities in Java web applications,
this project employs string constraint analysis, which approximates the values
that a string variable in a program can take on. In string constraint analysis, program analysis
generates string constraints -- assertions about the relationships between string variables. We
design and implement a dataflow analysis for Java programs that generates string constraints and passes
those constraints to the CVC4 SMT solver to find a satisfying assignment of string variables. Using
example programs, we illustrate the feasibility of the system in detecting certain types of web
application vulnerabilities, such as SQL injection and cross-site scripting.
44
Firing, Tia Helene. "Analysis of the Transport Layer Security protocol." Thesis, Norwegian University of Science and Technology, Department of Mathematical Sciences, 2010. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10025.
Full textAbstract:
In this master thesis we have presented a security analysis of the TLS protocol with particular emphasis on the recently discovered renegotiation attack. From our security proof we get that the Handshake protocol with renegotiation, including the fix from IETF, is secure, and hence not vulnerable to the renegotiation attack anymore. We have also analysed the Handshake protocol with session resumption, and the Application data protocol together with the Record protocol. Both of these protocols were deemed secure as well. All the security proofs are based on the UC (Universal Composability) security framework.
45
Persson, Daniel, and Dejan Baca. "Software Security Analysis : Managing source code audit." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3615.
Full textAbstract:
Software users have become more conscious of security. More people have access to Internet and huge databases of security exploits. To make secure products, software developers must acknowledge this threat and take action. A first step is to perform a software security analysis. The software security analysis was performed using automatic auditing tools. An experimental environment was constructed to check if the findings were exploitable or not. Open source projects were used as reference to learn what patterns to search for. The results of the investigation show the differences in the automatic auditing tools used. Common types of security threats found in the product have been presented. Four different types of software security exploits have also been presented. The discussion presents the effectiveness of the automatic tools for auditing software. A comparison between the security in the examined product and the open source project Apache is presented. Furthermore, the incorporation of the software security analysis into the development process, and the results and cost of the security analysis is discussed. Finally some conclusions were drawn.
46
Tang, Han. "Security analysis of a cyber-physical system." Diss., Rolla, Mo. : University of Missouri-Rolla, 2007. http://scholarsmine.umr.edu/thesis/pdf/Tang_09007dcc803cfb5c.pdf.
Full textAbstract:
Thesis (M.S.)--University of Missouri--Rolla, 2007.Vita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed November 30, 2007) Includes bibliographical references (p. 55-57).
47
Herron, Jennifer F., and Gregory Santiago. "Analysis of security contractors in deployed environments." Monterey, California. Naval Postgraduate School, 2006. http://hdl.handle.net/10945/10073.
Full textAbstract:
MBA Professional ReportThe unexpected strength of the Iraq insurgency has created an unstable and unsafe environment that makes it difficult for the U.S. forces to operate and transfer security responsibilities to the new Iraqi government. To deal with this issue, the Department of Defense (DoD) has deemed it necessary to increase the role of private military contractors, rather then increasing the total number of military troops on the ground. Several dilemmas arise contractually when you hire privatized military firms to conduct military functions. This Masters of Business Administration (MBA) project will analyze consequences of the DoD decision to outsource security contractors in Iraq. Specifically, we will look at the contracting and legal ramifications of outsourcing this inherently governmental occupation. Our research will 1) Discuss the strengths and weaknesses of the government's decision to outsource commercial contractors for security force operations in Iraq, 2) Identify and discuss any potential trends that impact contractual and legal issues involving security force contractors, 3) Lay the foundation and provide recommendations for future analysis of relations between security force contractors and the government.
48
Cho, Sungback. "Risk analysis and management for information security." Thesis, Royal Holloway, University of London, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.404796.
Full text
49
Kreibich, Christian Peter. "Structural traffic analysis for network security monitoring." Thesis, University of Cambridge, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.613090.
Full text
50
Umsonst, David. "Security Analysis of Control System Anomaly Detectors." Thesis, KTH, Skolan för elektro- och systemteknik (EES), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-196361.
Full textAbstract:
Anomaly detectors in control systems are used to detect system faults and they are typically based on an analytical system model, which gener-ates residual signals to find a fault. The detectors are designed to detect randomly occurring faults but not coordinated malicious attacks on the system.Therefore three different anomaly detectors, namely a detector solely based on the last residual, a multivariate exponentially weighted moving average filter and a cumulative sum, are investigated to determine which detector yields the smallest worst-case impact of a time-limited data in-jection attack.For this reason optimal control problems are formulated to characterize the worst-case attack under different anomaly detectors, which lead to non-convex optimization problems. Relaxations to convex problems are proposed and solved numerically and in special cases also analytically. The detectors are compared by solving the optimal control problems for a simple simulation example as well as a quadruple-tank process. Simu-lations and experiments show that the cumulative sum seems to be the detector to choose, if one wants to limit the worst-case attack impact.Anomalidetektorer i styrsystem används normalt för att detektera systemfel och de är oftast baserade på en analytisk systemmodell vilken genererar residualsignaler för att upptäcka felen. Detektorerna är oftast konstruerade för att upptäcka slumpmässigt förekommande fel och inte samordnade angrepp på systemet. Därför utvärderas här tre olika anomalidetektorer: en detektor som en-bart grundar sig på den senaste residualen, en som är baserad på multi-variat exponentiellt viktat glidande medelärde och en kumulativ summa. I utvärderingen undersöker vi vilken detektor som mest begränsar en attack i form av en datainjektion. Av denna anledning formuleras optimala styrproblem för att karakterisera den värsta attacken för de olika anomalidetektorerna, vilket leder till ickekonvexa optimeringsproblem. Relaxeringar till konvexa problem föreslås och löses numeriskt och i särskilda fall även analytiskt. Detektorerna jämförs genom att lösa de optimala styrproblem för ett simuleringsexempel såväl som för en riktig fyrtanksprocess. Både simuleringar och experiment visar att den kumulativa summan är den detektor som begränsar de studerade attackerna mest.