Dissertations / Theses on the topic 'Security Framework'

La Informàtica ha sofert grans transformacions al llarg de la seva curta història. Va començar amb grans màquines en entorns especialitzats i molt restringits i s'ha convertit en petits dispositius que formen part de la societat i la vida quotidiana de totes les persones. La seguretat ha estat una de les àrees més afectades per aquests canvis i ha sofert grans canvis també a nivell tecnològic. Per aquesta raó, creiem que la definició "tradicional" de la seguretat informàtica és insuficient, sobretot si tenim en compte les noves seguretats que han aparegut en altres àrees de coneixement. La definició actual prové dels anys 70 i la seguretat, al segle XXI, és conceptualment, teòrica i pràctica diferent. Per tant, l'objectiu principal d'aquesta tesi és revisar el concepte mateix de seguretat informàtica per tal de proposar una definició juntament amb un model genèric que permeti una implementació. Per tal d'aconseguir-ho es proposa un anàlisi del concepte. El mètode d'anàlisi es basa en mètodes conceptuals d'obtenció de coneixement utilitzats en l'enginyeria del coneixement. El model conceptual es realitza utilitzant el diagrama de classes (UML) com un llenguatge gràfic de representació. El mètode proposat s’aplica a un conjunt de fonts seleccionades prèviament, per tal d'obtenir el model. El model conceptual del concepte de seguretat s'expressa com un conjunt de conceptes i relacions entre conceptes. En base al model genèric proposat, es realitza una descripció formal del concepte de seguretat i, finalment, el model s'implementa per mitjà d'un sistema basat en el coneixement utilitzant una ontologia. En conseqüència, les contribucions principals de l'estudi són el desenvolupament d'una metodologia d'anàlisi conceptual i una definició de seguretat juntament amb el seu model genèric. El marc de seguretat està descrit en forma algebraica i també és possible implementar-lo utilitzant tecnologies com Java, proporcionant mètriques de seguretat. L'estructura de la tesi és la següent: A la part 1, es fa una aproximació teòrica del concepte de seguretat, posant especial atenció a altres disciplines no relacionades amb l'enginyeria. Es fa una aproximació històrica de l'estudi del concepte de seguretat, tenint cura d’aquells conceptes o models proposats pels experts en el camp de la seguretat (no exclusivament en el camp de la seguretat informàtica). La part 2 explica les eines que s'utilitzen per a construir el model. S’utilitzen eines de modelat conceptuals i de coneixement. Es defineix un mètode d'anàlisi i s'utilitza en el disseny del model. A la part 3 es proposa un model genèric de seguretat. L'objectiu és proposar un model integrador que inclogui moltes de les seguretat existents. A més es fa una formulació algebraica del model de seguretat. Finalment, la part 4 està dedicada a aplicar el model proposat en un escenari real. Això demostra que el model és operatiu i capaç de mesurar el nivell de seguretat.
Computer Science has undergone major transformations throughout its short history. It started with great machines and very restricted and specialized environments and It has become in small devices that are part of society and daily life of every person. Security has been one of the areas most affected by those changes and has undergone major changes in technology also. For this reason, we think that the “traditional” definition of computer security is narrow, especially if we consider the new securities that have appeared in other areas of knowledge. Current definition comes from the 70s and security, in the twenty-first century, is conceptually, theoretically and practically something different. Therefore, the main objective of this thesis is review the concept of computer security itself in order to propose a definition together with a framework model capable to be implemented. In order to achieve it, an analysis method is proposed. The analysis method is based on conceptual methods of obtaining knowledge (knowledge acquisition) used in knowledge engineering. The conceptual model is performed using the Class Diagram (UML) as a graphical representation language. After that, apply the proposed method to a set of selected sources, in order to obtain the model. The conceptual model of the concept of security is expressed as a set of concepts and relationships among concepts. Based on the proposed model, an algebraic expression of the concept of security is drawn, and finally the model is implemented by means of a knowledge-based system using an ontology. Consequently, the study’s principal contributions are the development of a methodology of conceptual analysis and a definition of security along with its framework. The framework is expressed in algebraic manner also and is capable to be implemented using technologies such as Java, providing security metrics. The structure of the thesis is as following: In part 1, a theoretic approach to the study of security, paying attention to other disciplines not related to engineering. An historical approach of the study of the concept of security is made, having special attention to those concepts or models proposed by scholars in the field of security (not exclusively in the field of computer security). Part 2 explains the tools used to build the model. Modeling tools are used both conceptual and knowledge based ones. A method of analysis is constructed and used in the model design. In part 3 a generic model of security is proposed. The aim is to propose an integrative model that includes many of the existing securities. Additionally an algebraic formulation of the security model is made. Finally, part 4 is dedicated to apply the proposed model to a real scenario. This demonstrates that the model is operative and capable to measure the level of security.

There are several good reasons to use a framework when you are developing a new web application. We often here that: *** frameworks use known patterns that result in an easily extendable architecture *** frameworks result in loose couplings between different modules in the application *** frameworks allow developer to concentrate on business logic instead of reinventing wheels that is already reinvented several times *** frameworks are often thoroughly tested and contains less bugs than custom solutions But security is rarely mentioned in this setting. Our main motivation in this thesis is therefore to discuss what three popular web application frameworks do to improve the overall security level. In this thesis we have chosen to research Spring, Struts and JSF. We use them to develop small applications and test whether they are vulnerable to different types of attacks or not. We focus on attacks involving metacharacters such that SQL-injection and cross-site scripting, but also security pitfalls connected to access control and error handling. We have found out that all three frameworks do implement some metacharacter handling. Since Spring tries to fill the role of a full-stack application framework, it provides some SQL metacharacter handling to avoid SQL-injections, but we have identified some implementation weaknesses that may lead to vulnerabilities. Cross-site scripting problems are handled in both Spring, Struts, and JSF by HTML-encoding as long as custom RenderKits are not introduced in JSF. When it comes to access control, the framework support is somewhat limited. They do support a role-based access control model, but this is not sufficient in applications where domain object access is connected to users rather than roles. To improve the access control in Struts applications, we provide an overall access control design that is based on aspect-oriented programming and integrates with standard Struts config files. Hopefully, this design is generic enough to suit several application's needs, but also useable to developers such that it results in a more secure access control containing less bugs than custom solutions.

Context: Security considerations are typically incorporated in the later stages of development as an afterthought. Security in software system is put under the category of non-functional requirements by the researchers. Understanding the security needs of a system requires considerable knowledge of assets, data security, integrity, confidentiality and availability of services. Counter measures against software attacks are also a security need of a software system. To incorporate security in the earliest stages, i.e. requirement gathering, helps building secure software systems from the start. For that purpose researchers have proposed different requirements elicitation techniques. These techniques are categorized into formal and informal techniques on the basis of finiteness and clarity in activities of the techniques. Objectives: Limitations of formal methods and lack of systematic approaches in informal elicitation techniques make it difficult to rely on a single technique for security requirements elicitation. Therefore we decided to utilize the strengths of formal and informal technique to mitigate their weaknesses by combining widely used formal and informal security requirements elicitation techniques. The basic idea of our research was to integrate an informal technique with a formal technique and propose a flexible framework with some level of formality in the steps. Methods: We conducted a systematic literature review to see “which are the widely used security requirement elicitation techniques?” as a pre-study for our thesis? We searched online databases i.e. ISI, IEEE Xplore, ACM, Springer, Inspec and compendeX. We also conducted a literature review for different frameworks that are used in industry, for security requirement elicitation. We conducted an experiment after proposing a security requirements elicitation Framework and compared the result from the Framework with that of CLASP and Misuse cases. Results:Two types of analysis were conducted on results from the experiment: Vulnerability analysis and Requirements analysis with respect to a security baseline. Vulnerability analysis shows that the proposed framework mitigates more vulnerabilities than CLASP and Misuse Cases. Requirements analysis with respect to the security baseline shows that the proposed framework, unlike CLASP and Misuse cases, covers all the security baseline features. Conclusions:The framework we have proposed by combining CLASP, Misuse cases and Secure TROPOS contains the strengths of three security requirements elicitation techniques. To make the proposed framework even more effective, we also included the security requirements categorization by Bogale and Ahmed [11]. The framework is flexible and contains fifteen steps to elicit security requirements. In addition it also allows iterations to improve security in a system

Thesis (S.M. in Engineering and Management)--Massachusetts Institute of Technology, Engineering Systems Division, System Design and Management Program, 2011.
Cataloged from PDF version of thesis.
Includes bibliographical references (p. 124-130).
There are several technological solutions available in the market to help organizations with information security breach detection and prevention such as intrusion detection and prevention systems, antivirus software, firewalls, and spam filters. There is no doubt in the fact that significant progress has been made in the technological side of information security. However, when we study causes of information security breaches, we find that a significant number are caused by non-technical reasons such as social engineering, theft of computing device or portable hard drive, human behavior, and human error. This leads us to conclude that information security should not be viewed through technology perspective only. Instead, a more holistic approach is required. This thesis provides a systems approach towards information security management and include technological, management and social aspects. This thesis starts with introduction especially background and motivation of the author, followed by literature research. Next, Enterprise Information Security Management Framework is presented leading to estimation of an organization's information security management maturity-level. Finally, conclusion and potential future work are presented.
by Dhirendra Sharma.
S.M.in Engineering and Management

Context: Security Requirements engineering is necessary to achieve secure software systems. Many techniques and approaches have been proposed to elicit security requirements in the initial phases of development. With the growing importance of security and immense increase in security breaches over the past few years, researchers and practitioners have been striving to achieve a mature process of coping with security requirements. Much of the activities in this regard are seen in academia but industry still seems to be lacking in giving the required importance to security requirements engineering. That is why, security requirements engineering is still not always considered as a central part of requirements engineering. This study is targeted to bridge this gap between academia and industry in terms of security requirements engineering and to provide a concrete approach to efficiently elicit and specify security requirements. The Misuse case technique is proposed for this purpose. However it lacks in providing guidelines for enabling scalable use. This limitation has been addressed to achieve a mature process of security requirements elicitation. Objectives: In this study, we propose a framework to elicit security requirements early in the software development using misuse case technique. Objective is to make misuse case technique scalable and applicable to the real-world projects. The proposed framework was presented to two representatives from the Swedish Armed Forces (SWAF). The feedback received from the representatives was utilized to refine, update and finalize the framework. Methods: The study involved a systematic review to gain an insight of the academic perspective in the area of study. Document extraction was adopted to observe the industrial trends in the said subject. These were the software requirements specification documents of the real-world systems. Document extraction was supported with informed brainstorming because the study revolved around misuse case technique and informed brainstorming is considered to be the most suitable technique for this purpose. A workshop was conducted with two representatives of Swedish Armed Forces followed by two subsequent asynchronous communication rounds and a facilitated session to get feedback about the proposed solution. This feedback was utilized to refine, update and finalize the proposed solution. Results: The results of the systematic review were organized in tabular forms for a clear understanding and easy analysis. A security requirements categorization was obtained as a result which was finalized after an initial validation with the help of real-world projects. Furthermore, a framework was proposed utilizing this categorization to address the limitations of misuse case technique. The framework was created and refined through workshop and different communication rounds with representatives of SWAF. Their feedback was used as input to further improve the usefulness and usability aspects of the framework. Conclusions: The significance of security requirements engineering is undisputedly accepted both in academia and industry. However, the area is not a subject of practice in industrial projects. The reasons include lack of mature processes as well as expensive and time consuming solutions. Lack of empirical evidences adds to the problems. The conducted study and proposed process of dealing with this issue is considered as a one step forward towards addressing the challenges.
Säkerhet Kravhantering är nödvändigt för att uppnå säkra programvarusystem. Många tekniker och metoder har föreslagits för att framkalla säkerhetskraven i de inledande faserna i utvecklingen. Med den växande betydelsen av säkerhet och enorma ökning av brott mot säkerheten under de senaste åren har forskare och praktiker strävat efter att uppnå en mogen process för att klara säkerhetskraven. Mycket av verksamheten i detta avseende ses i den akademiska världen, men industrin fortfarande tycks saknas i att ge den nödvändiga betydelse för säkerheten kravhantering. Därför är säkerheten kravhantering fortfarande inte alltid som en central del av kravhantering. Denna studie är inriktad att överbrygga denna klyfta mellan akademi och näringsliv när det gäller säkerhet kravhantering och att ge en konkret strategi för att effektivt få fram och specificera säkerhetskrav. Missbruk fallet tekniken föreslås för detta ändamål. Men det saknar i att ge riktlinjer för att möjliggöra skalbar användning. Denna begränsning har åtgärdats för att uppnå en mogen process av säkerhetskrav elicitation.
+46 (0) 735 84 12 97, +46 (0) 760 60 96 55

Continuous security monitoring is the process of following up the IT systems by collecting measurements, reporting and analysis of the results for comparing the security level of the organization on continuous time axis to see how organizational security is progressing in the course of time. In the related literature there is very limited work done to continuously monitor the security of the organizations. In this thesis, a continuous security monitoring framework based on security metrics is proposed. Moreover, to decrease the burden of implementation a software tool called SecMon is introduced. The implementation of the framework in a public organization shows that the proposed system is successful for building an organizational memory and giving insight to the security stakeholders about the IT security level in the organization.

Research shows how M-Commerce has managed to find its way to previously inaccessible parts of the world as a major Information and Communication Technologies (ICT) tool for development due to widespread introduction of mobile phones in remote areas. M-Commerce has offered valuable advantages: anytime, anywhere, more personal, more location-aware, more context-aware, more age aware, always online and instant connectivity. But this is not without its problems, of which security is high on the list. The security issues span the whole M-Commerce spectrum, from the top to the bottom layer of the OSI network protocol stack, from machines to humans. This research proposes a threat-mitigation modular framework to help address the security issues lurking in M-Commerce systems being used by marginalised rural community members. The research commences with a literature survey carried out to establish security aspects related to M-Commerce and to determine requirements for a security framework. The framework classifies M-Commerce security threat-vulnerability-risks into four levels: human behaviour and mobile device interaction security, mobile device security, M-Commerce access channel security, wireless network access security. This is followed by a review of the supporting structures or related frameworks that the proposed framework could leverage to address security issues on M-Commerce systems as ICT4D initiatives. The proposed security framework based on the requirements discovered is then presented. As a proof-of-concept, a case study was undertaken at the Siyakhula Living Lab at Dwesa in the Eastern Cape province of South Africa in order to validate the components of the proposed framework. Following the application of the framework in a case study, it can be argued that the proposed security framework allows for secure transacting by marginalised users using M-Commerce initiatives. The security framework is therefore useful in addressing the identified security requirements of M-Commerce in ICT4D contexts.

Doctor of Philosophy (PhD)
Sensor networks have great potential to be employed in mission critical situations like battlefields but also in more everyday security and commercial applications such as building and traffic surveillance, habitat monitoring and smart homes etc. However, wireless sensor networks pose unique security challenges. While the deployment of sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks, the inherent power and memory limitations of sensor nodes makes conventional security solutions unfeasible. Though there has been some development in the field of sensor network security, the solutions presented thus far address only some of security problems faced. This research presents a security framework WSNSF (Wireless Sensor Networks Security Framework) to provide a comprehensive security solution against the known attacks in sensor networks. The proposed framework consists of four interacting components: a secure triple-key (STKS) scheme, secure routing algorithms (SRAs), a secure localization technique (SLT) and a malicious node detection mechanism. Singly, each of these components can achieve certain level of security. However, when deployed as a framework, a high degree of security is achievable. WSNSF takes into consideration the communication and computation limitations of sensor networks. While there is always a trade off between security and performance, experimental results prove that the proposed framework can achieve high degree of security with negligible overheads.

Thesis (MSc)--Stellenbosch University, 2013.
ENGLISH ABSTRACT: Stepwise development of a program using refinement ensures that the program correctly implements its requirements. The specification of a system is “refined” incrementally to derive an implementable program. The programming space includes both specifications and implementable code, and is ordered with the refinement relation which obeys some mathematical laws. Morgan proposed a modification of this “classical” refinement for systems where the confidentiality of some information is critical. Programs distinguish between “hidden” and “visible” variables and refinement has to bear some security requirement. First, we review refinement for classical programs and present Morgan’s approach for ignorance pre- serving refinement. We introduce the Shadow Semantics, a programming model that captures essential properties of classical refinement while preserving the ignorance of hidden variables. The model invalidates some classical laws which do not preserve security while it satisfies new laws. Our approach will be algebraic, we propose algebraic laws to describe the properties of ignorance preserving refinement. Thus completing the laws proposed in. Moreover, we show that the laws are sound in the Shadow Semantics. Finally, following the approach of Hoare and He for classical programs, we give a completeness result for the program algebra of ignorance preserving refinement.
AFRIKAANSE OPSOMMING: Stapsgewyse ontwikkeling van ’n program met behulp van verfyning verseker dat die program voldoen aan die vereistes. Die spesifikasie van ’n stelsel word geleidelik ”verfyn” wat lei tot ’n implementeerbare kode, en word georden met ‘n verfyningsverhouding wat wiskundige wette gehoorsaam. Morgan stel ’n wysiging van hierdie klassieke verfyning voor vir stelsels waar die vertroulikheid van sekere inligting van kritieke belang is. Programme onderskei tussen ”verborgeën ”sigbare” veranderlikes en verfyning voldoen aan ’n paar sekuriteitsvereistes. Eers hersien ons verfyning vir klassieke programme en verduidelik Morgan se benadering tot onwetendheid behoud. Ons verduidelik die ”Shadow Semantics”, ’n programmeringsmodel wat die noodsaaklike eienskappe van klassieke verfyning omskryf terwyl dit die onwetendheid van verborge veranderlikes laat behoue bly. Die model voldoen nie aan n paar klassieke wette, wat nie sekuriteit laat behoue bly nie, en dit voldoen aan nuwe wette. Ons benadering sal algebraïese wees. Ons stel algebraïese wette voor om die eienskappe van onwetendheid behoudende verfyning te beskryf, wat dus die wette voorgestel in voltooi. Verder wys ons dat die wette konsekwent is in die ”Shadow Semantics”. Ten slotte, na aanleiding van die benadering in vir klassieke programme, gee ons ’n volledigheidsresultaat vir die program algebra van onwetendheid behoudende verfyning.

Security policies are widely used across the IT industry in order to secure environments. Firewalls, routers, enterprise application or even operating systems like Windows and Unix are all using security policies to some extent in order to secure certain components. In order to automate enforcement of security policies, security policy languages have been introduced. Security policy languages that are classified as computer software, like many other programming languages have been revolutionised during the last decade. A number of security policy languages have been introduced in the industry in order to tackle a specific business requirements. Not to mention each of these security policy languages themselves evolved and enhanced during the last few years. Having said that, a quick research on security policy languages shows that the industry suffers from the lack of a framework for security policy languages. Such a framework would facilitate the management of security policies from an abstract point. In order to achieve that specific goal, the framework utilises an abstract security policy language that is independent of existing security policy languages yet capable of expressing policies written in those languages. Usage of interoperability framework for security policy languages as described above comes with major benefits that are categorised into two levels: short and long-term benefits. In short-term, industry and in particular multi-dimensional organisations that make use of multiple domains for different purposes would lower their security related costs by managing their security policies that are stretched across their environment and often managed locally. In the long term, usage of abstract security policy language that is independent of any existing security policy languages, gradually paves the way for standardising security policy languages. A goal that seems unreachable at this moment of time. Taking the above facts into account, the aim of this research is to introduce and develop a novel framework for security policy languages. Using such a framework would allow multi-dimensional organisations to use an abstract policy language to orchestrate all security policies from a single point, which could then be propagated across their environment. In addition, using such a framework would help security administrators to learn and use only one single, common abstract language to describe and model their environment(s).

We live today in the information age with users being able to access and share information freely by using both personal computers and their handheld devices. This, in turn, has been made possible by the Internet. However, this poses security risks as attempts are made to use this same environment in order to compromise the confidentiality, integrity and availability of information. Accordingly, there is an urgent need for users and organisations to protect their information resources from agents posing a security threat. Organisations typically spend large amounts of money as well as dedicating resources to improve their technological defences against general security threats. However, the agents posing these threats are adopting social engineering techniques in order to bypass the technical measures which organisations are putting in place. These social engineering techniques are often effective because they target human behaviour, something which the majority of researchers believe is a far easier alternative than hacking information systems. As such, phishing effectively makes use of a combination of social engineering techniques which involve crafty technical emails and website designs which gain the trust of their victims. Within an organisational context, there are a number of areas which phishers exploit. These areas include human factors, organisational aspects and technological controls. Ironically, these same areas serve simultaneously as security measures against phishing attacks. However, each of these three areas mentioned above are characterised by gaps which arise as a result of human involvement. As a result, the current approach to mitigating phishing threats comprises a single-layer defence model only. However, this study proposes a holistic model which integrates each of these three areas by strengthening the human element in each of these areas by means of a security awareness, training and education programme.

Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2003.
Thesis advisor(s): Cynthia E. Irvine, Roger R. Schell. Includes bibliographical references (p. 105-107). Also available online.

Increasing the security of e-Business is best achieved by considering the environment in which e-Business applications need to be implemented and used; this implies that e-Business should be viewed as a complex socio-technical system with three interconnected and interacting elements: stakeholders, enabling technology, and business processes. This multiple perspective has rarely been captured by previous studies of e-Business security which perceive security from a narrow, single-sided technical view. This thesis argues that the predominant technical security approaches consider neither the multifaceted nature of e-Business security nor the requirements and influences of the various stakeholders involved in its context. In Jordan e-Business adoption is still in its early stages and is gaining the attention of several parties. Therefore, the primary approach in this research is an interpretive stakeholder analysis in which notions of a socio-technical perspective are employed as required in order to develop a conceptual framework for better understanding of e-Business security in the context of Jordan. In other words, an interpretive approach has been adopted as a mean of inquiry aiming at developing a holistic understanding of e-Business security in relation to its context as well as considering all the stakeholders in the problem area. This methodological choice was influenced by three factors: the nature of the research problem, the researcher's theoretical lens, and the degree of uncertainty in the study environment. Consequently, four major stakeholders were identified and their security implications were explored. The study's findings provide rich insights into the security of e-Business by identifying and interpreting the roles, the perceptions, and the interactions of several groups of security stakeholders. The theoretical contributions include: an explanatory framework of organisational, legal, human and technical factors affecting security in e-Business environments which was developed by employing an inductive stakeholder analysis as well as the identification of several organisational aspects, such as governance, communication, power conflict, awareness, and resistance to change, and their relationships to security as well as their practical implications at individual, organisational, and national levels. Additionally, the findings provide insights into the customers' side of the security problem and explain its relationships with other stakeholders, including government, business and technology providers. This is a sound practical contribution which can help these stakeholders to design better security approaches based on a deeper understanding of customers' security requirements.

Thesis (M.S. in Computer Science)--Naval Postgraduate School, December 2002.
Thesis advisor(s): Ted G. Lewis, Timothy E. Levin. Includes bibliographical references (p. 269-272). Also available online.

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is a new model for creating and implementing information technology procedures. This model was validated by two different methods: the first being interviews with experts in the field of information technology and the second being four distinct case studies demonstrating the creation and implementation of information technology procedures. (169 pages)

The area of this research is security in distributed environment such as cloud computing and network applications. Specific focus was design and implementation of high assurance network environment, comprising various secure and security-enhanced applications. “High Assurance” means that -               our system is guaranteed to be secure, -               it is verifiable to provide the complete set of security services, -               we prove that it always functions correctly, and -               we justify our claim that it can not be compromised without user neglect and/or consent.   We do not know of any equivalent research results or even commercial security systems with such properties. Based on that, we claim several significant research and also development contributions to the state–of–art of computer networks security. In the last two decades there were many activities and contributions to protect data, messages and other resources in computer networks, to provide privacy of users, reliability, availability and integrity of resources, and to provide other security properties for network environments and applications. Governments, international organizations, private companies and individuals are investing a great deal of time, efforts and budgets to install and use various security products and solutions. However, in spite of all these needs, activities, on-going efforts, and all current solutions, it is general belief that the security in today networks and applications is not adequate. At the moment there are two general approaches to network application’s security. One approach is to enforce isolation of users, network resources, and applications. In this category we have solutions like firewalls, intrusion–detection systems, port scanners, spam filters, virus detection and elimination tools, etc. The goal is to protect resources and applications by isolation after their installation in the operational environment. The second approach is to apply methodology, tools and security solutions already in the process of creating network applications. This approach includes methodologies for secure software design, ready–made security modules and libraries, rules for software development process, and formal and strict testing procedures. The goal is to create secure applications even before their operational deployment. Current experience clearly shows that both approaches failed to provide an adequate level of security, where users would be guaranteed to deploy and use secure, reliable and trusted network applications. Therefore, in the current situation, it is obvious that a new approach and a new thinking towards creating strongly protected and guaranteed secure network environments and applications are needed. Therefore, in our research we have taken an approach completely different from the two mentioned above. Our first principle is to use cryptographic protection of all application resources. Based on this principle, in our system data in local files and database tables are encrypted, messages and control parameters are encrypted, and even software modules are encrypted. The principle is that if all resources of an application are always encrypted, i.e. “enveloped in a cryptographic shield”, then -               its software modules are not vulnerable to malware and viruses, -               its data are not vulnerable to illegal reading and theft, -               all messages exchanged in a networking environment are strongly protected, and -               all other resources of an application are also strongly protected.   Thus, we strongly protect applications and their resources before they are installed, after they are deployed, and also all the time during their use. Furthermore, our methodology to create such systems and to apply total cryptographic protection was based on the design of security components in the form of generic security objects. First, each of those objects – data object or functional object, is itself encrypted. If an object is a data object, representing a file, database table, communication message, etc., its encryption means that its data are protected all the time. If an object is a functional object, like cryptographic mechanisms, encapsulation module, etc., this principle means that its code cannot be damaged by malware. Protected functional objects are decrypted only on the fly, before being loaded into main memory for execution. Each of our objects is complete in terms of its content (data objects) and its functionality (functional objects), each supports multiple functional alternatives, they all provide transparent handling of security credentials and management of security attributes, and they are easy to integrate with individual applications. In addition, each object is designed and implemented using well-established security standards and technologies, so the complete system, created as a combination of those objects, is itself compliant with security standards and, therefore, interoperable with exiting security systems. By applying our methodology, we first designed enabling components for our security system. They are collections of simple and composite objects that also mutually interact in order to provide various security services. The enabling components of our system are:  Security Provider, Security Protocols, Generic Security Server, Security SDKs, and Secure Execution Environment. They are all mainly engine components of our security system and they provide the same set of cryptographic and network security services to all other security–enhanced applications. Furthermore, for our individual security objects and also for larger security systems, in order to prove their structural and functional correctness, we applied deductive scheme for verification and validation of security systems. We used the following principle: “if individual objects are verified and proven to be secure, if their instantiation, combination and operations are secure, and if protocols between them are secure, then the complete system, created from such objects, is also verifiably secure”. Data and attributes of each object are protected and secure, and they can only be accessed by authenticated and authorized users in a secure way. This means that structural security properties of objects, upon their installation, can be verified. In addition, each object is maintained and manipulated within our secure environment so each object is protected and secure in all its states, even after its closing state, because the original objects are encrypted and their data and states stored in a database or in files are also protected. Formal validation of our approach and our methodology is performed using Threat Model. We analyzed our generic security objects individually and identified various potential threats for their data, attributes, actions, and various states. We also evaluated behavior of each object against potential threats and established that our approach provides better protection than some alternative solutions against various threats mentioned. In addition, we applied threat model to our composite generic security objects and secure network applications and we proved that deductive approach provides better methodology for designing and developing secure network applications. We also quantitatively evaluated the performance of our generic security objects and found that the system developed using our methodology performs cryptographic functions efficiently. We have also solved some additional important aspects required for the full scope of security services for network applications and cloud environment: manipulation and management of cryptographic keys, execution of encrypted software, and even secure and controlled collaboration of our encrypted applications in cloud computing environments. During our research we have created the set of development tools and also a development methodology which can be used to create cryptographically protected applications. The same resources and tools are also used as a run–time supporting environment for execution of our secure applications. Such total cryptographic protection system for design, development and run–time of secure network applications we call CryptoNET system. CrytpoNET security system is structured in the form of components categorized in three groups: Integrated Secure Workstation, Secure Application Servers, and Security Management Infrastructure Servers. Furthermore, our enabling components provide the same set of security services to all components of the CryptoNET system. Integrated Secure Workstation is designed and implemented in the form of a collaborative secure environment for users. It protects local IT resources, messages and operations for multiple applications. It comprises four most commonly used PC applications as client components: Secure Station Manager (equivalent to Windows Explorer), Secure E-Mail Client, Secure Web Browser, and Secure Documents Manager. These four client components for their security extensions use functions and credentials of the enabling components in order to provide standard security services (authentication, confidentiality, integrity and access control) and also additional, extended security services, such as transparent handling of certificates, use of smart cards, Strong Authentication protocol, Security Assertion Markup Language (SAML) based Single-Sign-On protocol, secure sessions, and other security functions. Secure Application Servers are components of our secure network applications: Secure E-Mail Server, Secure Web Server, Secure Library Server, and Secure Software Distribution Server. These servers provide application-specific services to client components. Some of the common security services provided by Secure Application Servers to client components are Single-Sign-On protocol, secure communication, and user authorization. In our system application servers are installed in a domain but it can be installed in a cloud environment as services. Secure Application Servers are designed and implemented using the concept and implementation of the Generic Security Server. It provides extended security functions using our engine components. So by adopting this approach, the same sets of security services are available to each application server. Security Management Infrastructure Servers provide domain level and infrastructure level services to the components of the CryptoNET architecture. They are standard security servers, known as cloud security infrastructure, deployed as services in our domain level could environment. CryptoNET system is complete in terms of functions and security services that it provides. It is internally integrated, so that the same cryptographic engines are used by all applications. And finally, it is completely transparent to users – it applies its security services without expecting any special interventions by users. In this thesis, we developed and evaluated secure network applications of our CryptoNET system and applied Threat Model to their validation and analysis. We found that deductive scheme of using our generic security objects is effective for verification and testing of secure, protected and verifiable secure network applications. Based on all these theoretical research and practical development results, we believe that our CryptoNET system is completely and verifiably secure and, therefore, represents a significant contribution to the current state-of-the-art of computer network security.
QC 20110427

It has been found that many small, medium and micro-sized enterprises (SMMEs) do not comply with sound information security governance principles, specifically the principles involved in drafting information security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. The problem is further compounded by the fact that, in our modern-day information technology environment, many larger organisations are providing SMMEs with access to their networks. This results not only in SMMEs being exposed to security risks, but the larger organisations as well. In previous research an information security management framework and toolbox was developed to assist SMMEs in drafting information security policies. Although this research was of some help to SMMEs, further research has shown that an even greater problem exists with the governance of information security as a result of the advancements that have been identified in information security literature. The aim of this dissertation is therefore to establish an information security governance framework that requires minimal effort and little expertise to alleviate governance problems. It is believed that such a framework would be useful for SMMEs and would result in the improved implementation of information security governance.

Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.

Information technology (IT) is critical and valuable to our society. An important type of IT system is Supervisor Control And Data Acquisition (SCADA) systems. These systems are used to control and monitor physical industrial processes like electrical power supply, water supply and railroad transport. Since our society is heavily dependent on these industrial processes we are also dependent on the behavior of our SCADA systems. SCADA systems have become (and continue to be) integrated with other IT systems they are thereby becoming increasingly vulnerable to cyber threats. Decision makers need to assess the security that a SCADA system’s architecture offers in order to make informed decisions concerning its appropriateness. However, data collection costs often restrict how much information that can be collected about the SCADA system’s architecture and it is difficult for a decision maker to know how important different variables are or what their value mean for the SCADA system’s security. The contribution of this thesis is a modeling framework and a theory to support cyber security vulnerability assessments. It has a particular focus on SCADA systems. The thesis is a composite of six papers. Paper A describes a template stating how probabilistic relational models can be used to connect architecture models with cyber security theory. Papers B through E contribute with theory on operational security. More precisely, they contribute with theory on: discovery of software vulnerabilities (paper B), remote arbitrary code exploits (paper C), intrusion detection (paper D) and denial-of-service attacks (paper E). Paper F describes how the contribution of paper A is combined with the contributions of papers B through E and other operationalized cyber security theory. The result is a decision support tool called the Cyber Security Modeling Language (CySeMoL). This tool produces a vulnerability assessment for a system based on an architecture model of it.
Informationsteknik (IT) är kritiskt och värdefullt för vårt samhälle. En viktig typ av IT-system är de styrsystem som ofta kallas SCADA-system (från engelskans "Supervisor Control And Data Acquisition"). Dessa system styr och övervakar fysiska industriella processer så som kraftförsörjning, vattenförsörjning och järnvägstransport. Eftersom vårt samhälle är beroende av dessa industriella processer så är vi också beroende av våra SCADA-systems beteende. SCADA-system har blivit (och fortsätter bli) integrerade med andra IT system och blir därmed mer sårbara för cyberhot. Beslutsfattare behöver utvärdera säkerheten som en systemarkitektur erbjuder för att kunna fatta informerade beslut rörande dess lämplighet. Men datainsamlingskostnader begränsar ofta hur mycket information som kan samlas in om ett SCADA-systems arkitektur och det är svårt för en beslutsfattare att veta hur viktiga olika variabler är eller vad deras värden betyder för SCADA-systemets säkerhet. Bidraget i denna avhandling är ett modelleringsramverk och en teori för att stödja cybersäkerhetsutvärderingar. Det har ett särskilt focus på SCADA-system. Avhandlingen är av sammanläggningstyp och består av sex artiklar. Artikel A beskriver en mall för hur probabilistiska relationsmodeller kan användas för att koppla samman cybersäkerhetsteori med arkitekturmodeller. Artikel B till E bidrar med teori inom operationell säkerhet. Mer exakt, de bidrar med teori angående: upptäckt av mjukvarusårbarheter (artikel B), fjärrexekvering av godtycklig kod (artikel C), intrångsdetektering (artikel D) och attacker mot tillgänglighet (artikel E). Artikel F beskriver hur bidraget i artikel A kombineras med bidragen i artikel B till E och annan operationell cybersäkerhetsteori. Resultatet är ett beslutsstödsverktyg kallat Cyber Security Modeling Language (CySeMoL). Beslutsstödsverktyget producerar sårbarhetsutvärdering för ett system baserat på en arkitekturmodell av det.

QC 20121018

Security protocol verification has been the area where the bulk of the research in cryptographic protocols has taken place and a number of successful supporting tools have been developed. However, not much research has been done in the area of applying formal methods to the design of cryptographic protocols in the first place, despite wide recognition that the design of cryptographic protocols is very difficult. Most existing protocols have been designed using informal methods and heavily rely on the verification process to pick up vulnerabilities. The research reported in this thesis shows how to automatically synthesise abstract protocols using heuristic search, explains how to add high-level efficiency concerns to the synthesis, and demonstrates how to refine the abstract protocols to executable Java Code.

Security in automotive industry is a thought of concern these days. As more smart electronic devices are getting connected to each other, the dependency on these devices are urging us to connect them with moving objects such as cars, buses, trucks etc. As such, safety and security issues related to automotive objects are becoming more relevant in the realm of internet connected devices and objects. In this thesis, we emphasize on certain factors that introduces security vulnerabilities in the implementation phase of Software Development Life Cycle (SDLC). Input invalidation is one of them that we address in our work. We implement a security evaluation framework that allows us to improve security in automotive software by identifying and removing software security vulnerabilities that arise due to input invalidation reasons during SDLC. We propose to use this framework in the implementation and testing phase so that the critical deficiencies of software in security by design issues could be easily addressed and mitigated.

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 2008.
Includes bibliographical references (leaves 124-129).
It is estimated that over 3 billion Radio Frequency Identification (RFID) tags have been deployed through 2007. Most tags are used in supply chains where the Electronic Product Code (EPC) and associated business event data are transmitted through RFID networks. Security and privacy issues are critically important in RFID networks because EPC data and their associated business events are valuable assets. Companies need to share these data with restricted business partners and, under some conditions, such as product recall, more widely with regulators and non business partners. At present, no security or privacy framework has been chosen as an EPCglobal standard(industry-driven standards for EPC) due to the difficulty of sharing information between parties who have no direct business relationships and hence no business rules for sharing these data. To date, no security schemes have been deployed that can support data exchange with multiple identity techniques and interchangeable complex business rules, as required by RFID networks. In this thesis, an Interoperable Internet-Scale Security (IISS) framework for RFID networks is proposed. The IISS framework performs authentication and authorization based on an aggregation of business rules, enterprise information, and RFID tag information. IISS provides a protocol for several authentication schemes and identity techniques. It also provides an engine for reasoning over business rules from different domains. Moreover, the IISS framework is able to resolve provenance information of RFID tags, which can identify the history of a particular piece of EPC data through the supply chain.
(cont.) The IISS framework and the IISS ontologies to model the information in RFID networks are also described, and how the IISS framework can be developed for access control in RFID enabled supply chains is discussed. Finally, the IISS framework's efficiency is tested using a supply chain EPC simulator as the testing platform, which allows optimization of the IISS protocol's performance.
by Tingting Mao.
Ph.D.

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant interest in the recent past on how human compliance to information security policy can be achieved in an organization. Various models have been proposed by these researchers. However, there are very few models that have tried to link human commitment attributes with information security governance of an organization. The research problem of this study was to identify the security controls and mechanisms to govern information security effectively. The proposed model was based on agency theory and comprises a relationship between human commitment variables (ethics, integrity and trust) with security governance variables (structural, relational and process) referred as systemic variables in the research. The resulting correlation is further related with governance objectives (goal congruence and reducing information asymmetry) to hypothesize an effective information security in an organization. The research model proposed was tested employing confirmatory factor analysis (CFA) and structural equation modeling (SEM). There were four models tested in this research. The first model (initial measurement model) comprised human variables linked with relational and the systemic variables linked with goal congruence and information asymmetry. This model could not get through the CFA tests. A modified model comprising human and systemic attributes related with goal congruence and information asymmetry, separately, was taken forward to SEM. This model returned low model fitment scores and hence two alternate models were tested. In the first alternative, the human attributes were related with goal congruence and systemic attributes were linked with information asymmetry. In the second alternative, the relationships of the first alternatives were retained and two alternate relationships were introduced - integrity was linked with information asymmetry and structural was linked with goal congruence. Both models are very close to good model fitment scores. However, the second alternative returned better results and hence, was chosen as the final outcome of the research. The model reflects that human attributes and systemic attributes are fairly independent in an effective information security framework, and drive goal congruence and information asymmetry, respectively. However, integrity is an important human commitment for ensuring information asymmetry and the right organizational structure and roles are important for ensuring goal congruence.

Mobile health (mHealth) can be defined as the practice of medicine and public health supported by mobile computing technologies, such as mobile phones, PDAs, tablets, sensors and other wireless devices. Particularly in the case of mobile phones, there has been a significant increase in the number of lines, equipment, and network infrastructure in Low- and Middle-Income Countries (LMIC), allowing the adoption of mHealth systems efficiently. There are now several cases of systems for data collection focused on primary care, health surveillance and epidemiological research, which were adopted in these countries. Such systems provide health care managers information with higher quality and in a shorter time, which in turn improves their ability to plan actions and respond to emergencies. However, security is not included among the main requirements of such systems. Aiming to address this issue, we developed a survey about mHealth applications and research initiatives in Brazil, which shows that a reasonable number of papers only briefly (13%) or simply do not mention (40%) their security requirements. This survey also provides a discussion about the current state-of-art of Brazilian mHealth researches, including the main types of applications, target users, devices employed and the research barriers identified. After that, we present the SecourHealth, a security framework for mHealth data collection applications. SecourHealth was designed to cope with six main security requirements: support user registration and authentication mechanisms; treat network disconnections and delays; provide a secure data storage - even in case of possible theft or loss of equipment; allow secure data exchange between the device and server; enabling device sharing between users (i.e., health workers); and allow trade-offs between security, performance and usability. This thesis also describes in detail the framework modeling and development steps showing how it was integrated into an application for the Android platform. Finally, we benchmarked the cryptographic algorithms implemented, when compared to the overhead of using HTTPS protocol.
Saúde Móvel (mHealth) pode ser definida como a prática médica e a saúde pública suportadas por tecnologias de computação móvel, como: telefones celulares, PDAs, tablets, sensores e outros dispositivos sem fio. Particularmente no caso dos celulares, há um aumento expressivo no número de linhas, aparelhos, e na infraestrutura de rede em países de média e baixa renda (Low- Middle- Income Countries, LMIC), permitindo a adoção de sistemas mHealth de maneira eficiente. Existem, hoje, vários casos de sistemas de coleta de dados voltadas à atenção primária, vigilância (em saúde) e pesquisas epidemiológicas adotados nesses países. Tais sistemas fornecem aos gestores de saúde uma informação de melhor qualidade em menor tempo, que por sua vez melhoram a capacidade de planejamento e resposta a emergências. Contudo, nota-se um relaxamento no cumprimento de requisitos de segurança nestes sistemas. Com base nisso, foi feito um levantamento de aplicações e iniciativas de pesquisa em mHealth no Brasil, no qual se constatou que um número razoável de trabalhos mencionam fracamente (13%) ou não menciona (40%) os requisitos de segurança. Este levantamento também discute sobre o estado atual das pesquisas de mHealth no Brasil, os principais tipos de aplicações, os grupos de usuários, os dispositivos utilizados e as barreiras de pesquisa identificadas. Em seguida, este trabalho apresenta o SecourHealth, um framework de segurança voltado ao desenvolvimento de aplicações de mhealth para coleta de dados. O SecourHealth foi projetado com base em seis requisitos principais de segurança: suportar o registro e a autenticação do usuário; tratar a desconexão e os atrasos na rede; prover o armazenamento seguro de dados prevendo possibilidades de furto ou perda dos aparelhos; fazer transmissão segura de dados entre o aparelho e o servidor; permitir o compartilhamento de dispositivos entre os usuários (e.g., agentes de saúde); e considerar opções de compromisso entre segurança, desempenho e usabilidade. O trabalho também descreve com detalhes as etapas de modelagem e desenvolvimento do framework - que foi integrado a uma aplicação para a plataforma Android. Finalmente, é feita uma análise do desempenho dos algoritmos criptográficos implementados, considerando o overhead pelo simples uso do protocolo HTTPS.

National security is used as a justification for policy decisions, a pretext to erode civil liberties and rights, a rallying call for exceptionalism of the ‘self’ at the exclusion of the ‘other’, and as a validation for war. In the name of national security just about any action is justifiable, any decision rational and any consequence moral. There is a danger in this ambiguity. This research has developed a contemporary, comprehensive and holistic framework of analysis using critical constructivism to re-conceptualise national security and to address the latent ambiguity of the concept. The critical literature review shows a comparison of the assumptions and limitations of traditional and critical security studies conceptualisations of national security. It was through this critical analysis that the researcher was able to determine that traditional security studies offers a limited and constrained conceptualisation of national security, that is necessary but insufficient. In contrast, critical security studies has failed to properly engage with the concept of national security. A reconceptualization of national security needs to draw on the strengths and address the limitations of both approaches, and critical constructivism provides the necessary theoretical infrastructure to do so. The national security quintet has been developed and constructed as a framework of analysis for reconceptualising national security using the five inter-related, mutually constituted and socially constructed concepts of national identity, national values, national interests, national power and national will. Each concept has been highlighted for its severable and collective utility in conceptualising national security, and that together form a powerful tool of analysis. Critical constructivism was chosen as the most appropriate theoretical framework for the quintet, although this does not preclude it from being used by other theoretical approaches. The national security quintet has the potential to re-conceptualise national security in theory and practice.
Mini Dissertation (MSS)--University of Pretoria, 2019.
Political Sciences
MSS
Unrestricted

In this thesis a framework for Security Operation Centers (SOCs) is proposed. It was developed by utilising Systems Engineering best practices, combined with industry-accepted standards and frameworks, such as the TM Forum’s eTOM framework, CoBIT, ITIL, and ISO/IEC 27002:2005. This framework encompasses the design considerations, the operational considerations and the means to measure the effectiveness and efficiency of SOCs. The intent is to provide guidance to consumers on how to compare and measure the capabilities of SOCs provided by disparate service providers, and to provide service providers (internal and external) a framework to use when building and improving their offerings. The importance of providing a consistent, measureable and guaranteed service to customers is becoming more important, as there is an increased focus on holistic management of security. This has in turn resulted in an increased number of both internal and managed service provider solutions. While some frameworks exist for designing, building and operating specific security technologies used within SOCs, we did not find any comprehensive framework for designing, building and managing SOCs. Consequently, consumers of SOCs do not enjoy a constant experience from vendors, and may experience inconsistent services from geographically dispersed offerings provided by the same vendor.

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant interest in the recent past on how human compliance to information security policy can be achieved in an organization. Various models have been proposed by these researchers. However, there are very few models that have tried to link human commitment attributes with information security governance of an organization. The research problem of this study was to identify the security controls and mechanisms to govern information security effectively. The proposed model was based on agency theory and comprises a relationship between human commitment variables (ethics, integrity and trust) with security governance variables (structural, relational and process) referred as systemic variables in the research. The resulting correlation is further related with governance objectives (goal congruence and reducing information asymmetry) to hypothesize an effective information security in an organization. The research model proposed was tested employing confirmatory factor analysis (CFA) and structural equation modeling (SEM). There were four models tested in this research. The first model (initial measurement model) comprised human variables linked with relational and the systemic variables linked with goal congruence and information asymmetry. This model could not get through the CFA tests. A modified model comprising human and systemic attributes related with goal congruence and information asymmetry, separately, was taken forward to SEM. This model returned low model fitment scores and hence two alternate models were tested. In the first alternative, the human attributes were related with goal congruence and systemic attributes were linked with information asymmetry. In the second alternative, the relationships of the first alternatives were retained and two alternate relationships were introduced - integrity was linked with information asymmetry and structural was linked with goal congruence. Both models are very close to good model fitment scores. However, the second alternative returned better results and hence, was chosen as the final outcome of the research. The model reflects that human attributes and systemic attributes are fairly independent in an effective information security framework, and drive goal congruence and information asymmetry, respectively. However, integrity is an important human commitment for ensuring information asymmetry and the right organizational structure and roles are important for ensuring goal congruence.

Active networks are a possible Internet architecture for the future. They provide network users with more flexibility by allowing them to customise and control the behaviour of networks dynamically. Internet Friendly Active Network (IFAN) is an active network architecture based on the existing IP architecture. In this thesis a practical implementation of an active network node is presented, named IFAN Virtual Router (IFAN VR). IFAN VR is a software framework built on an IFAN node in IFAN networks, providing researchers, developers and users with an IFAN test-bed. The main modules of the IFAN VR and IFAN packet formats are described, and some IFAN protocols are proposed. Some IFAN applications have been implemented to demonstrate the concepts of the IFAN architecture and test the IFAN VR.

Cyber security education has evolved over the last decade to include new methods of teaching and technology to prepare students. Instructors in this field of study often deal with a subject matter that has rigid principles, but changing ways of applying those principles. This makes maintaining courses difficult. This case study explored the kind of teaching methods, technology, and means used to explain these concepts. This study shows that generally, cyber security courses require more time to keep up to date. It also evaluates one effort, the NxSecLab, on how it attempted to relieve the administrative issues in teaching these concepts. The proposed framework in this model looks at ways on how to ease the administrative burden in cyber security education by using a central engine to coordinate learning management with infrastructure-as-a-service resources.

Enterprise networks present very high value targets in the eyes of malicious actors who seek to exfiltrate sensitive proprietary data, disrupt the operations of a particular organization, or leverage considerable computational and network resources to further their own illicit goals. For this reason, enterprise networks typically attract the most determined of attackers. These attackers are prone to using the most novel and difficult-to-detect approaches so that they may have a high probability of success and continue operating undetected. Many existing network security approaches that fall under the category of intrusion detection systems (IDS) and intrusion prevention systems (IPS) are able to detect classes of attacks that are well-known. While these approaches are effective for filtering out routine attacks in automated fashion, they are ill-suited for detecting the types of novel tactics and zero-day exploits that are increasingly used against the enterprise. In this thesis, a solution is presented that augments existing security measures to provide enhanced coverage of novel attacks in conjunction with what is already provided by traditional IDS and IPS. The approach enables honeypots, a class of tech- nique that observes novel attacks by luring an attacker to perform malicious activity on a system having no production value, to be deployed in a turn-key fashion and at large scale on enterprise networks. In spite of the honeypot’s efficacy against tar- geted attacks, organizations can seldom afford to devote capital and IT manpower to integrating them into their security posture. Furthermore, misconfigured honeypots can actually weaken an organization’s security posture by giving the attacker a stag- ing ground on which to perform further attacks. A turn-key approach is needed for organizations to use honeypots to trap, observe, and mitigate novel targeted attacks.

The primary objective of the proposed research is to develop a framework for smart and robust fingerprinting of networked systems. Many fingerprinting techniques have been proposed in the past, however most of these techniques are designed for a specific purpose, such as Operating System (OS) fingerprinting, Access Point (AP) fingerprinting, etc. Such standalone techniques often have limitations which render them dysfunctional in certain scenarios or against certain counter measures. In order to overcome such limitations, we propose a fingerprinting framework that can combine multiple fingerprinting techniques in a smart manner, using a centralized decision making engine. We believe that any given scenario or a counter measure is less likely to circumvent a group of diverse fingerprinting techniques, which serves as the primary motivation behind the aforementioned method of attack. Another major portion of the thesis concentrates on the design and development of a device and device type fingerprinting sub-module (GTID) that has been integrated into the proposed framework. This sub-module used statistical analysis of packet inter arrival times (IATs) to identify the type of device that is generating the traffic. This work also analyzes the performance of the identification technique on a real campus network and propose modifications that use pattern recognition neural networks to improve the overall performance. Additionally, we impart capabilities to the fingerprinting technique to enable the identification of 'Unknown' devices (i.e., devices for which no signature is stored), and also show that it can be extended to perform both device and device type identification.

The security risks of cloud computing and ambiguity of security mechanisms implemented on an ondemand cloud service such as Platform-as-a-Service (PaaS), continues to raise concerns by cloud consumers. These concerns continue to hinder the adoption of the potentials offered by provisioning of computer resources of this scale. It also indicates a lot needs to be done to improve security controls implemented on cloud computing services as a whole. There is the need to understand and evaluate security mechanisms and controls implemented to preserve the confidentiality, integrity and availability of data stored, processed and accessed in the cloud. Also there is the need to ensure these mechanisms meet security standards and requirements to mitigate any security risks. Although most organisations and cloud service providers (CSPs) have various information security management systems they used to evaluate their computer security and CSPs try to obtain security certifications based on industry standards, cloud customers are however not sure of the security mechanisms implemented on cloud services and how these mechanism are integrated to provide adequate security for their data and applications developed and deployed in the cloud. This research study highlights the use of a systematic and comprehensive approach developed by the researcher to understand in detail, the security architecture of PaaS clouds. This approach presents the development of a security framework which is used as a tool in an attempt to identify and evaluate security mechanism implemented on each PaaS component. The primary findings and preliminary analysis of the evaluation enabled the researcher determine the security provisions, capabilities and limitations of security features implemented on this type of cloud delivery model.

MapReduce, a parallel computing paradigm, has been gaining popularity in recent years as cloud vendors offer MapReduce computation services on their public clouds. However, companies are still reluctant to move their computations to the public cloud due to the following reason: In the current business model, the entire MapReduce cluster is deployed on the public cloud. If the public cloud is not properly protected, the integrity and the confidentiality of MapReduce applications can be compromised by attacks inside or outside of the public cloud. From the result integrity’s perspective, if any computation nodes on the public cloud are compromised,thosenodes can return incorrect task results and therefore render the final job result inaccurate. From the algorithmic confidentiality’s perspective, when more and more companies devise innovative algorithms and deploy them to the public cloud, malicious attackers can reverse engineer those programs to detect the algorithmic details and, therefore, compromise the intellectual property of those companies. In this dissertation, we propose to use the hybrid cloud architecture to defeat the above two threats. Based on the hybrid cloud architecture, we propose separate solutions to address the result integrity and the algorithmic confidentiality problems. To address the result integrity problem, we propose the Integrity Assurance MapReduce (IAMR) framework. IAMR performs the result checking technique to guarantee high result accuracy of MapReduce jobs, even if the computation is executed on an untrusted public cloud. We implemented a prototype system for a real hybrid cloud environment and performed a series of experiments. Our theoretical simulations and experimental results show that IAMR can guarantee a very low job error rate, while maintaining a moderate performance overhead. To address the algorithmic confidentiality problem, we focus on the program control flow and propose the Confidentiality Assurance MapReduce (CAMR) framework. CAMR performs the Runtime Control Flow Obfuscation (RCFO) technique to protect the predicates of MapReduce jobs. We implemented a prototype system for a real hybrid cloud environment. The security analysis and experimental results show that CAMR defeats static analysis-based reverse engineering attacks, raises the bar for the dynamic analysis-based reverse engineering attacks, and incurs a modest performance overhead.

Thesis (M. S.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2009.
Committee Chair: Copeland, John; Committee Member: Durgin, Gregory; Committee Member: Goodman, Seymour; Committee Member: Owen, Henry; Committee Member: Riley, George.

Industrial Control Systems (ICSs) are used to monitor and control critical infrastructure such as electricity and water. ICS were originally stand-alone systems, but are now widely being connected to corporate national IT networks, making remote monitoring and more timely control possible. While this connectivity has brought multiple benefits to ICS, such as cost reductions and an increase in redundancy and flexibility, ICS were not designed for open connectivity and therefore are more prone to security threats, creating a greater requirement for adequate security engineering approaches. The culture gap between developers and security experts is one of the main challenges of ICS security engineering. Control system developers play an important role in building secure systems; however, they lack security training and support throughout the development process. Security training, which is an essential activity in the defence-indepth strategy for ICS security, has been addressed, but has not been given sufficient attention in academia. Security support is a key means by which to tackle this challenge via assisting developers in ICS security by design. This thesis proposes a novel framework, the Industrial Control System Security Engineering Support (ICS-SES), which aims to help developers in designing secure control systems by enabling them to reuse secure design patterns and improve their security knowledge. ICS-SES adapts pattern-based approach to guide developers in security engineering, and an automated planning technique to provide adaptive on-the-job security training tailored to personal needs. The usability of ICS-SES has been evaluated using an empirical study in terms of its effectiveness in assisting the design of secure control systems and improving developers’ security knowledge. The results show that ICS-SES can efficiently help control system designers to mitigate security vulnerabilities and improve their security knowledge, reducing the difficulties associated with the security engineering process, and the results have been found to be statically significant. In summary, ICS-SES provides a unified method of supporting an ICS security by design approach. It fosters a development environment where engineers can improve their security knowledge while working in a control system production line.

Over the years, the focus of information security has evolved from technical issue to business issue. Heightened competition from globalization compounded by emerging technologies such as cloud computing has given rise to new threats and vulnerabilities which are not only complex but unpredictable. However, there are enormous opportunities which can bring value to business and enhance stakeholders’ wealth. Enterprises in Oman are compelled to embark e-Oman strategy which invariably increases the complexity due to integration of heterogeneous systems and outsourcing with external business partners. This implies that there is a need for a comprehensive model that integrates people, processes and technology and provides enterprise information security focusing on organizational transparency and enhancing business value. It was evident through interviews with security practitioners that existing security models and frameworks are inadequate to meet the dynamic nature of threats and challenges inherent in virtualization technology which is a catalyst to cloud computing. Hence the intent of this research is to evaluate enterprise information security in Oman and explore the potential of building a balanced model that aligns governance, risk management and compliance with emphasis to auditing in virtual environment. An integrated enterprise governance, risk and compliance model was developed where enterprise risk management acts as a platform, both mitigating risk on one hand and as a framework for defining cost controls and quantifying revenue opportunities on the other. Further, security standards and frameworks were evaluated and some limitations were identified. A framework for implementing IT governance focusing on critical success factors was developed after analysing and mapping the four domains of COBIT with various best practices. Server virtualization using bare metal architecture was practically tested which provides fault-tolerance and automated load balancing with enhanced security. Taxonomy of risks inherent in virtual environments was identified and an audit process flow was devised that provides insight to auditors to assess the adequacy of controls in a virtual environment. A novel framework for a successful audit in virtual environment is the contribution of this research that has changed some of the security assumptions and audit controls in virtual environment.

Information has become so pervasive within enterprises and everyday life, that it is almost indispensable. This is clear as information has become core to the business operations of any enterprise. Information and communication technology (ICT) systems are heavily relied upon to store, process and transmit this valuable commodity. Due to its immense value, information and related ICT resources have to be adequately protected. This protection of information is commonly referred to as information security.

The importance of information in business today has made the need to properly secure this asset evident. Information security has become a responsibility for all managers of an organization. To better support more efficient management of information security, timely information security management information should be made available to all managers. Smaller organizations face special challenges with regard to information security management and reporting due to limited resources (Ross, 2008). This dissertation discusses a Framework for Information Security Management Information (FISMI) that aims to improve the visibility and contribute to better management of information security throughout an organization by enabling the provision of summarized, comprehensive information security management information to all managers in an affordable manner.

Cloud Computing has changed how computing is done as applications and services are being consumed from the cloud. It has attracted a lot of attention in recent times due to the opportunities it offers. While Cloud Computing is economical, the security challenges it poses are quite significant and this has affected the adoption rate of the technology. With the potential vulnerabilities being introduced by moving data to the cloud, it has become imperative for cloud service providers to guarantee the security of information, leaving cloud service consumers (e.g., enterprises) with the task of negotiating the terms and conditions of services provided by the cloud service providers as well as trusting them with their data. Although various security solutions used for addressing the security of data within the enterprises are now being applied to the cloud, these security solutions are challenged due to the dynamic, distributed and complex nature of the cloud technology. This thesis proposes a novel Policy-Based Management (PBM) framework capable of achieving cross-tenant authorization, handling dynamic and anonymous users while reducing the security management task to address cloud security. The framework includes an access control model adapted to the cloud environment that adopts features from role-based, task-based and attribute-based access control frameworks for a fine-grained access control. We demonstrate how this framework can be applied to develop an access control system for an enterprise using cloud services. The framework verifies the correctness of access control policies for cloud security through reasoning technique.

Security is today considered as a basic foundation in software development and therefore, the modelling and implementation of security requirements is an essential part of the production of secure software systems. Information technology organisations are moving towards agile development methods in order to satisfy customers' changing requirements in light of accelerated evolution and time restrictions with their competitors in software production. Security engineering is considered difficult in these incremental and iterative methods due to the frequency of change, integration and refactoring. The objective of this work is to identify and implement practices to extend and improve agile methods to better address challenges presented by security requirements consideration and management. A major practices is security requirements capture mechanisms such as UMLsec for agile development processes. This thesis proposes an extension to the popular Scrum framework by adopting UMLsec security requirements modelling techniques with the introduction of a Security Owner role in the Scrum framework to facilitate such modelling and security requirements considerations generally. The methodology involved experimentation of the inclusion of UMLsec and the Security Owner role to determine their impact on security considerations in the software development process. The results showed that overall security requirements consideration improved and that there was a need for an additional role that has the skills and knowledge to facilitate and realise the benefits of the addition of UMLsec.

Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2018.
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 84-86).
Cybersecurity is a growing research area with direct commercial impact to organizations and companies in every industry. With all other technological advancements in the Internet of Things (IoT), mobile devices, cloud computing, 5G network, and artificial intelligence, the need for cybersecurity is more critical than ever before. These technologies drive the need for tighter cybersecurity implementations, while at the same time act as enablers to provide more advanced security solutions. This paper will discuss a framework that can predict cybersecurity risk by identifying normal network behavior and detect network traffic anomalies. Our research focuses on the analysis of the historical network traffic data to identify network usage trends and security vulnerabilities. Specifically, this thesis will focus on multiple components of the data analytics platform. It explores the big data platform architecture, and data ingestion, analysis, and engineering processes. The experiments were conducted utilizing various time series algorithms (Seasonal ETS, Seasonal ARIMA, TBATS, Double-Seasonal Holt-Winters, and Ensemble methods) and Long Short-Term Memory Recurrent Neural Network algorithm. Upon creating the baselines and forecasting network traffic trends, the anomaly detection algorithm was implemented using specific thresholds to detect network traffic trends that show significant variation from the baseline. Lastly, the network traffic data was analyzed and forecasted in various dimensions: total volume, source vs. destination volume, protocol, port, machine, geography, and network structure and pattern. The experiments were conducted with multiple approaches to get more insights into the network patterns and traffic trends to detect anomalies.
by Lwin P. Moe.
S.M. in Engineering and Management

According to Cisco Global Cloud Index, cloud storage users will store 1.6 Gigabytes data per month by 2019, compared to 992 megabytes data per month in 2014. With this trend, it has been shown that more and more data will reside in cloud storage and it is expected to grow further. As cloud storage is becoming an option for users for keeping their data online, it comes with security concerns for protecting data from threats. This thesis addresses the need to investigate the security factors that will enable efficient security protection for data in cloud storage and the relationships that exist between the different security factors. Consequently, this research has developed a conceptual framework that supports security in cloud storage. The main contribution of this research is the development of a Cloud Storage Security Framework (CSSF) to support an integrative approach to understanding and evaluating security in cloud storage. The framework enables understanding of the makeup of security in cloud storage and measures the understanding of security in cloud storage. Drawing upon established theories and prior research findings, the framework indicates that security in cloud storage can be determined by nine factors: (1) security policies implementation in cloud storage, security measure that relates to (2) protecting the data accessed in cloud storage; (3) modifications of data stored; (4) accessibility of data stored in cloud storage; (5) non-repudiation to the data stored; (6) authenticity of the original data; (7) reliability of the cloud storage services; (8) accountability of service provision; and (9) auditability of the data accessed and stored in cloud storage. An example of CSSF application has been demonstrated through the development of a measuring instrument called Security Rating Score (SecRaS) and through a series of experiments, SecRaS has been validated and used in a research scenario. The instrument consists of several items generated using goal-question-metric approach. These potential items were evaluated by a series of experiments; the security experts assessed using content validity ratio while the security practitioners took part in the validation study. The validation study completed two experiments that look into the correlation analyses and internal reliability. SecRaS instrument was later applied in a research scenario; the validated instrument was distributed and a number of 218 usable responses were received. Using structural equation modelling, the data has revealed a good fit of the measurement analyses and structural model. The key findings were as follow: the relationships between factors were found to have both direct and indirect effects in the result. While establishing the relationship(s) among the factors, the structural model proposes three types of causal relationships in terms of how the security implementation in cloud storage could be affected by the security factors. This thesis presents a detailed discussion of the CSSF development, confirmation, and application in a research scenario. For security managers, CSSF offers a new paradigm on how stakeholders can make cloud storage security implementation successful in some depth. For security practitioners, the CSSF enables deconstruction of the concept of security in cloud storage into smaller, conceptually distinct and manageable factors to guide the design of security in cloud storage. For researchers, the CSSF provides a common framework in which to conceptualise their research and make it easier to see how the security factors fit into the larger picture.

This research addresses the need for efficient and effective management of water during any part of a crisis lifecycle, which is paramount if the negative impact on human health and quality of life is to be minimised. The unique contribution to knowledge is expressed through the creation of a framework for application of four key elements: Crisis Management, Knowledge Management, Public Health and Human Security within the realms of water resource utilisation during humanitarian crises. Through secondary data collection, the four key elements were identified. Primary data was subsequently gathered from subject experts in the form of semi-structure interviews that utilised a questionnaire to guide participants through the identified problem domain. This resulted in the creation of a draft framework that was critiqued by domain experts through both questionnaire and interview. A final framework was then constructed that took into consideration the needs expressed by all participants. The final framework was then tested against the historic crisis of Hurricane Katrina, for which a plethora of data and information was readily available, to ascertain its validity and applicability. Further work was identified as being the creation of an interactive toolbox of resources, which could be utilised in times of crisis based on need and applicability.