Dissertationen zum Thema „Security control framework“

The importance of information in business today has made the need to properly secure this asset evident. Information security has become a responsibility for all managers of an organization. To better support more efficient management of information security, timely information security management information should be made available to all managers. Smaller organizations face special challenges with regard to information security management and reporting due to limited resources (Ross, 2008). This dissertation discusses a Framework for Information Security Management Information (FISMI) that aims to improve the visibility and contribute to better management of information security throughout an organization by enabling the provision of summarized, comprehensive information security management information to all managers in an affordable manner.

Industrial Control Systems (ICSs) are used to monitor and control critical infrastructure such as electricity and water. ICS were originally stand-alone systems, but are now widely being connected to corporate national IT networks, making remote monitoring and more timely control possible. While this connectivity has brought multiple benefits to ICS, such as cost reductions and an increase in redundancy and flexibility, ICS were not designed for open connectivity and therefore are more prone to security threats, creating a greater requirement for adequate security engineering approaches. The culture gap between developers and security experts is one of the main challenges of ICS security engineering. Control system developers play an important role in building secure systems; however, they lack security training and support throughout the development process. Security training, which is an essential activity in the defence-indepth strategy for ICS security, has been addressed, but has not been given sufficient attention in academia. Security support is a key means by which to tackle this challenge via assisting developers in ICS security by design. This thesis proposes a novel framework, the Industrial Control System Security Engineering Support (ICS-SES), which aims to help developers in designing secure control systems by enabling them to reuse secure design patterns and improve their security knowledge. ICS-SES adapts pattern-based approach to guide developers in security engineering, and an automated planning technique to provide adaptive on-the-job security training tailored to personal needs. The usability of ICS-SES has been evaluated using an empirical study in terms of its effectiveness in assisting the design of secure control systems and improving developers’ security knowledge. The results show that ICS-SES can efficiently help control system designers to mitigate security vulnerabilities and improve their security knowledge, reducing the difficulties associated with the security engineering process, and the results have been found to be statically significant. In summary, ICS-SES provides a unified method of supporting an ICS security by design approach. It fosters a development environment where engineers can improve their security knowledge while working in a control system production line.

Several nice hardware functionalities located at the low level of operating system onmobile phones could be utilized in a better way if they are available to applicationdevelopers. With their help, developers are able to bring overall user experienceto a new level in terms of developing novel applications. For instance, one of thosehardware functionalities, SIM-card authentication is able to offer stronger andmore convenient way of authentication when compared to the traditional approach.Replacing the username-password combination with the SIM-card authentication,users are freed from memorizing passwords. However, since normally those kindsof functionalities are locked up at the low level, they are only accessible by a fewusers who have been given privileged access rights. To let the normal applicationsbe benefiting as well, they need to be made accessible at the application level. Onthe one hand, as we see the benefit it will bring to us, there is a clear intentionto open it up, however, on the other hand, there is also a limitation resultingfrom their security-critical nature that needs to be placed when accessing whichis restricting the access to trusted third parties. Our investigation is based on the Android platform. The problem that we havediscovered is the existing security mechanism in Android is not able to satisfy everyregards of requirements we mentioned above when exposing SIM-card authenticationfunctionality. Hence, our requirement on enhancing the access control modelof Android comes naturally. In order to better suit the needs, we proposed a solutionWhite lists & Domains (WITDOM) to improve its current situation in thethesis. The proposed solution is an extension to the existing access control modelin Android that allows alternative ways to specify access controls therefore complementingthe existing Android security mechanisms. We have both designedand implemented the solution and the result shows that with the service that weprovided, critical functionalities, such as APIs for the low-level hardware functionalitycan retain the same level of protection however in the meanwhile, with moreflexible protection mechanism.

The modern organisation relies heavily on information to function effectively. With such reliance on information, it is vital that information be protected from both internal (employees) and external threats. The protection of information or information security to a large extent depends on the behaviour of humans (employees) in the organisation. The behaviour of employees is one of the top information security issues facing organisations as the human factor is regarded as the weakest link in the security chain. To address this human factor many researchers have suggested the fostering of a culture of information security so that information security becomes second nature to employees. Information security culture as defined for this research study exists in four levels namely artefacts, espoused values, shared tacit assumptions and information security knowledge. An important step in the fostering of an information security culture is the assessment of the current state of such a culture. Gaps in current approaches for assessing information security culture were identified and this research study proposes the use of a control framework to address the identified gaps. This research study focuses on the assessment of information security culture and addresses 5 research objectives namely 1) to describe information security culture in the field of information security, 2) to determine ways to foster information security culture in an organisation, 3) to demonstrate the gap in current approaches used to assess information security culture, 4) to determine the components that could be used for the assessment of information security culture for each of the culture’s underlying levels and 5) to describe a process for the assessment of information security culture for all four levels. This research study follows a qualitative approach utilising a design science strategy and multi-method qualitative data collection techniques including literature review, qualitative content analysis, argumentation, and modelling techniques. The research methods provide a means for the interpretation of the data and the development of the proposed control framework.

Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.

Cloud Computing has changed how computing is done as applications and services are being consumed from the cloud. It has attracted a lot of attention in recent times due to the opportunities it offers. While Cloud Computing is economical, the security challenges it poses are quite significant and this has affected the adoption rate of the technology. With the potential vulnerabilities being introduced by moving data to the cloud, it has become imperative for cloud service providers to guarantee the security of information, leaving cloud service consumers (e.g., enterprises) with the task of negotiating the terms and conditions of services provided by the cloud service providers as well as trusting them with their data. Although various security solutions used for addressing the security of data within the enterprises are now being applied to the cloud, these security solutions are challenged due to the dynamic, distributed and complex nature of the cloud technology. This thesis proposes a novel Policy-Based Management (PBM) framework capable of achieving cross-tenant authorization, handling dynamic and anonymous users while reducing the security management task to address cloud security. The framework includes an access control model adapted to the cloud environment that adopts features from role-based, task-based and attribute-based access control frameworks for a fine-grained access control. We demonstrate how this framework can be applied to develop an access control system for an enterprise using cloud services. The framework verifies the correctness of access control policies for cloud security through reasoning technique.

The primary objective of the proposed research is to develop a framework for smart and robust fingerprinting of networked systems. Many fingerprinting techniques have been proposed in the past, however most of these techniques are designed for a specific purpose, such as Operating System (OS) fingerprinting, Access Point (AP) fingerprinting, etc. Such standalone techniques often have limitations which render them dysfunctional in certain scenarios or against certain counter measures. In order to overcome such limitations, we propose a fingerprinting framework that can combine multiple fingerprinting techniques in a smart manner, using a centralized decision making engine. We believe that any given scenario or a counter measure is less likely to circumvent a group of diverse fingerprinting techniques, which serves as the primary motivation behind the aforementioned method of attack. Another major portion of the thesis concentrates on the design and development of a device and device type fingerprinting sub-module (GTID) that has been integrated into the proposed framework. This sub-module used statistical analysis of packet inter arrival times (IATs) to identify the type of device that is generating the traffic. This work also analyzes the performance of the identification technique on a real campus network and propose modifications that use pattern recognition neural networks to improve the overall performance. Additionally, we impart capabilities to the fingerprinting technique to enable the identification of 'Unknown' devices (i.e., devices for which no signature is stored), and also show that it can be extended to perform both device and device type identification.

Thesis (M.S. in Defense Analysis)--Naval Postgraduate School, December 2009.
Thesis Advisor(s): Simmons, Anna. Second Reader: Lee, Doowan. "December 2009." Description based on title screen as viewed on January 27, 2010. Author(s) subject terms: Population and resource control measures, Population control, Counterinsurgency, COIN, Populationcentric COIN, Social control, Social movement theory. Includes bibliographical references (p. 51-53). Also available in print.

While Role Based Access Control (RBAC) has been a popular topic of research over the last several years, there are some gaps in the literature that have been waiting to be addressed. One of these gaps involves the application of RBAC to free and open source software (FOSS). With the prevalence of FOSS in most information systems growing rapidly, there is a need to be able to provide a level of confidence that the software will not compromise the data integrity of an environment, nor will it enable the violation of established access controls. Additionally, when utilizing FOSS software it is desirable to do so without having to modify its source code whenever an update is released in order to maintain a secure environment; this makes adding proprietary modules both time consuming and expensive. The challenges involved in maintaining proprietary changes to FOSS generates a particular interest in an RBAC environment that could be deployed without requiring modification to the source code. Developing this type of a framework presented a significant challenge due to the software having been established prior to the definition of any security requirements that would have to be applied by the proposed framework. What this research paper shows are the results of the development of a software framework that allowed security requirements engineering to seamlessly meld with an application after it had already been developed. This framework provided a mechanism to measurably reduce the attack surface of the application against which the framework was implemented, while performing these tasks without requiring alterations to the source code of the application. Additionally, this research introduced a mechanism that was utilized to measure the effectiveness of the framework. This mechanism provided a means of comparing the relative effectiveness of different frameworks against the same software, as well as the effectiveness of a framework against different pieces of software.

Thesis (MComm)--Stellenbosch University, 2015.
ENGLISH ABSTRACT: Social media offers great opportunities for businesses and the use thereof will increase competitiveness. However, social media also introduce significant risks to those who adopt it. A business can use existing IT governance control framework to address the risks introduced by social media. However a business should combine existing control frameworks for adequate and complete IT governance. This study was undertaken to help businesses to identify incremental risks resulting from the adoption of social media and to develop an integrated IT governance control framework to address these risks both at strategic and operational level. With the help of the processes in COBIT 5, this study provides safeguards or controls which can be implemented to address the IT risks that social media introduce to a business. By implementing the safeguards and controls identified from COBIT 5, a business ensures that they successfully govern the IT related risks at strategic level. This study also briefly discuss the steps that a business can follow to ensure IT related risks at operational level is addressed through the implementation of configuration controls.
AFRIKAANSE OPSOMMING: Sosiale media bied groot geleenthede vir besighede en die gebruik daarvan sal mededingendheid verhoog. Sosiale media hou ook egter beduidende risiko's in vir diegene wat dit aanneem. 'n Besigheid kan bestaande Informasie Tegnologie (IT) kontrole raamwerke gebruik om die risiko's wat ontstaan as gevolg van die gebruik van sosiale media aan te spreek. Vir voldoende en volledige IT korporatiewe beheer moet 'n besigheid egter bestaande kontrole raamwerke kombineer. Hierdie studie is onderneem om besighede te help om die toenemende risiko's wat ontstaan as gevolg van die gebruik van die sosiale media, te identifiseer en om 'n geïntegreerde IT kontrole raamwerk te ontwikkel om hierdie risiko's op strategiese sowel as operasionele vlak aan te spreek. Met die hulp van die prosesse in COBIT 5 voorsien hierdie studie voorsorgmaatreëls of kontroles wat geïmplementeer kan word om die IT-risiko's waaraan die besigheid, deur middel van sosiale media blootgestel is, aan te spreek. Deur die implementering van die voorsorgmaatreëls en kontroles soos geïdentifiseer uit COBIT 5, verseker ʼn besigheid dat hulle die IT-verwante risiko's op strategiese vlak suksesvol beheer. Hierdie studie bespreek ook kortliks die stappe wat 'n besigheid kan volg om te verseker dat IT-verwante risiko's op operasionele vlak aangespreek word deur die implementering van konfigurasie kontroles.

Existing Building Automation Systems (BASs) and Building Automation Networks (BANs) have been shown to have serious cybersecurity problems. Due to the safety-critical and interconnected nature of building subsystems, local and network access control needs to be finer grained, taking into consideration the varying criticality of applications running on heterogeneous devices. In this paper, we present a secure communication framework for BASs that 1) enforces rich access control policy for operating system services and objects, leveraging a microkernel-based architecture; 2) supports fine-grained network access control on a per-process basis; 3) unifies the security control of inter-device and intra-device communication using proxy processes; 4) tunnels legacy insecure communication protocols (e.g., BACnet) through a secure channel, such as SSL, in a manner transparent to legacy applications. We implemented the framework on seL4, a formally verified microkernel. We conducted extensive experiments and analysis to compare the performance and effectiveness of our communication systems against a traditional Linux-based implementation of the same control scenario. Our experiments show that the communication performance of our system is faster or comparable to the Linux-based architecture in embedded systems.

Thesis (M.S. in Computer Science)--Naval Postgraduate School, Sept. 2004.
Thesis Advisor(s): Cynthia E. Irvine, Deborah S. Shifflett. Includes bibliographical references (p. 73-75). Also available online.

Conducting risk assessments is a vital part of securing information systems. The task of conducting risk assessments is a time-consuming and costly task for organizations. Thus different security control frameworks have been created to assist in the process. These security control frameworks consists of information about what the organization is supposed to implement to achieve a level of security in their information system. To understand what network hardening solution to use and in what part of the system, an analyst needs to manually use the implementation details gathered from the framework. A security control can be split into different security tiers depending on the amount of security the implementation achieves. The security tiers are defined by the authors of the security control framework. An organization can reduce their cost and time spent on implementing the security by having a tool that parses the information system and creates guidelines based on security controls and parsed data. In this research, we will compare different security controls and based on the findings, investigate hardware, software and configurations that are being used when conducting network hardening. We will evaluate to which extent it is possible to generate guidelines that meet the given security tier, whether it is feasible to apply them and present a prototype that is able to generate guidelines. The different security controls will be compared by analyzing the contents of each control in the frameworks. A comprehensive mapping will be created and based on the information gathered in the mapping, network-hardening implementations will be investigated based on the devices in our experiment environment. With implementations at hand, a tool will be proposed that parses information systems and outputs guidelines that integrate the implementations in a readable format. Experts within the field of system hardening then evaluate the created guidelines in terms of achieving defined security levels. For the comparison, a total of 148 different controls were identified to be related in some way. With 148 controls at hand, the prototype can output 111 different guidelines with different security tier associations. According to the comments from the experts, the proposed guidelines were able to satisfy each security tier. Our prototype displayed that we were able to create guidelines that can meet a given security tier. Although the implementation of each guideline is not automated, identifying what network-hardening implementation should be used is done in an automated fashion and thus allowing organizations to put their spending and time into other organizational interests. \newline
Att utföra riskbedömningar är en nödvändig process när ett informations-system ska säkras. Uppgiften med att utföra riskbedömningar är för organisationer en tidskrävande och dyr process. Därför har olika ramverk för säkerhetskontroller tagits fram för att underlätta denna uppgift. Dessa ramverk innehåller information över vad en organisation behöver implementera för att erhålla en specifik nivå av säkerhet i deras informations-system. Den här säkerhetsnivån varierar beroende på hur mycket säkerhet en implementation tillför. De olika nivåerna definieras av ramverksförfattarna. För att förstå vilka nätverkshärdningar organisationen ska använda samt för vilken del i systemet dessa härdningar ska appliceras, behöver en analytiker manuellt gå igenom implementerings-lösningar i ramverken tillsammans med systemet och på så vis ta fram korrekt härdningsåtgärd för en specifik del i systemet. Syftet med arbetet är att jämföra olika säkerhetskontroller och baserat på resultatet undersöka hur hårdvara, mjukvara och konfigurationer kan användas för att härda nätverket. Vi kommer att utvärdera i vilken utsträckning det är möjligt att generera riktlinjer, huruvida det är möjligt att applicera riktlinjerna och ta fram en prototyp som kan generera riktlinjer. De olika ramverken kommer att jämföras genom att innehållet i deras säkerhetskontroller analyseras. En omfattande mappning kommer att tas fram baserat på analysen och utifrån mappningen kommer ytterliggare implementationer rörande nätverkshädrning analyseras. Med hjälp av implementationerna kommer ett verktyg att föreslås vilket analyserar ett informations-system och som producerar riktlinjer som integrerar implementationerna till ett läsbart format. Dessa riktlinjer undersöks sedan av experter gällande hur väl riktlinjerna uppnår definerade säkerhetsnivåer. Under arbetet identifierades totalt 148 olika säkerhets-kontroller som påvisade likhet med varandra. Med dessa 148 kontroller tillgodo klarade vår prototyp av att producera 111 olika riktlinjer tillhörande olika säkerhetsnivåer beroende på systemet som matades in. Enligt kommentarerna ur granskningen som experterna utförde gick följande att konstatera: riktlinjerna som tas fram genom prototypen kunde upprätthålla varje säkerhetsnivå. Vår prototyp påvisade att det var möjligt att skapa riktlinjer som uppnår en efterfrågad säkerhetsnivå. Även om implementering för varje producerad riktlinje inte är automatiserad så kunde vår prototyp automatisera processen av att avgöra vilken nätverks-härdnings implementation som skulle användas för var riktlinje. Detta tillåter organisationer att lägga mer tid och investeringar i andra organisatoriska intressen.

The widespread adoption of E-Learning has largely been driven by the recommendations of educational technologists seeking to convey the benefits of E-Learning as a valuable accessory to teaching and possible solution for distance-based education. Research in the E-Learning domain has mainly focused on providing and delivering content andinfrastructure. Security issues are usually not taken as central concern in most implementations either because systems are usually deployed in controlled environments, or because they take the one-to-one tutoring approach, not requiring strict security measures. The scope of this research work is to investigate the impact of Access Control and Copyright in E-Learning system. An extensive literature review, theories from the field of information systems, psychology and cognitive sciences, distance and online learning, as well as existing E-Learning models show that research in E-learning is still hardly concerned with the issues of security. It is obvious that E-learning receives a new meaning as technology advances and business strategies change. The trends of learning methods have also led to the adjustment of National Curriculum and standards. However, research has also shown that any strategy or development supported by the Internet requires security and is therefore faced with challenges. This thesis is divided into six Chapters. Chapter 1 sets the scene for the research rationale and hypotheses, and identifies the aims and objectives. Chapter 2 presents the theoretical background and literature review. Chapter 3 is an in-depth review of the methods and methodology with clear justification of their adaptation and explains the underlying principles. Chapter 4 is based on the results and limitations obtained from the six case studies observations supported with literature review and ten existing models, while Chapter 5 is focused on the questionnaire survey. Chapter 6 describes the proposed Dynamic E-Learning Access Control and Copyright Framework (DEACCF) and the mapping of the threats from the Central Computing and Telecommunications Agency (CCTA) Risk Analysis and Management Method (CRAMM) to Annualised Loss Expectancy (ALE). Chapter 7 presents the conclusions and recommendations, and the contribution to knowledge with further development plans for future work.

There is little literature available that is specific to the use of wireless local area network [WLAN) security among small, medium and micro enterprises (SMMEs) in South Africa. This research study developed a framework which may be used by SMMEs for the purposes of securing their WLANs. In view of the fact that the aim of the study was to develop a system for improving information technology security, the study followed a design science approach. A literature review was conducted on security control framework standards and WLAN technologies. The needs of SMMEs regarding WLANs were also established. The result of this process was an artefact in the form of a WLAN Security Control Framework for securing WLANs for SMMEs in South Africa. The suitability of the framework was validated by means of a focus group.

Pervasive computing envisions an environment in which we are surrounded by many embedded computer devices. The existence of those networked devices provides us with a mobile, spontaneous and dynamic way to access various resources provided by different (security policy) domains. In recent years, we have witnessed the evolutionary development of numerous multiple domain applications. One of the richest examples is pervasive environments. Typi- cally, the conventional approach to secure access over multiple domains is to implement a unique trusted infrastructure, extending local identity or capa- bility based security systems and combining them with cross-domain authen- tication mechanisms. However, this does not adequately meet the security requirements of communicating with unknown players in pervasive environ- ments. Moreover, it is infeasible to define a global trust infrastructure and a set of assumptions that every player will trust in the multiple domain context. A powerful design technique to address those new security challenges posed by pervasive environments is to understand them from a domain perspective. This thesis presents Localisation of Trust (LoT), an architectural frame- work designed to address the security need of how to talk to correct strangers in pervasive environments. Based on the localising trust security principle, LoT provides a generic platform for building access control over multiple do- mains from two ends: authentication and authorisation. Firstly, LoT proposes a two-channel authentication protocol to replace traditional (strong) identity- based authentication protocols by exploring desirable contextual information for different pervasive applications. Then, delegation and localised authenti- cation are deployed to achieve authorisation in pervasive environments. The heart of this different semantic is to let the right domain get involved with its local players’ interactions by helping them to convert a “token” to a usable 2 access capability, whilst keeping revocation in mind. This is done by introduc- ing a domain-oriented Encryption-Based Access Control method, using ideas borrowed for Identity-based Encryption. The second part of this thesis describes several specific mechanisms and protocols including a Dual Capabilities Model to achieve the required anti- properties for LoT. Although novel, they are intended primarily as an existence proof rather than being claimed to be ideal. Depending upon the precise application and context, other mechanisms may be better. Most importantly, the architecture-focused LoT provides such a flexibility by introducing multiple domains as a primary concern but leaving untouched the security protocols underlying each single domain and system implementation. Finally, a single domain scenario, guest access, is examined with the light of LoT. The purpose of doing so is to enhance the understanding of domain and other concepts described in LoT and demonstrate the effectiveness and efficiency of LoT for the scenarios chosen.

The use of Network Telescope systems has become increasingly popular amongst security researchers in recent years. This study provides a framework for the utilisation of this data. The research is based on a primary dataset of 40 million events spanning 50 months collected using a small (/24) passive network telescope located in African IP space. This research presents a number of differing ways in which the data can be analysed ranging from low level protocol based analysis to higher level analysis at the geopolitical and network topology level. Anomalous traffic and illustrative anecdotes are explored in detail and highlighted. A discussion relating to bogon traffic observed is also presented. Two novel visualisation tools are presented, which were developed to aid in the analysis of large network telescope datasets. The first is a three-dimensional visualisation tool which allows for live, near-realtime analysis, and the second is a two-dimensional fractal based plotting scheme which allows for plots of the entire IPv4 address space to be produced, and manipulated. Using the techniques and tools developed for the analysis of this dataset, a detailed analysis of traffic recorded as destined for port 445/tcp is presented. This includes the evaluation of traffic surrounding the outbreak of the Conficker worm in November 2008. A number of metrics relating to the description and quantification of network telescope configuration and the resultant traffic captures are described, the use of which it is hoped will facilitate greater and easier collaboration among researchers utilising this network security technology. The research concludes with suggestions relating to other applications of the data and intelligence that can be extracted from network telescopes, and their use as part of an organisation’s integrated network security systems

Nuclear deterrence is born from the two superpowers’ relations during the Cold War as they were the first countries to get nuclear weapons and they were the main and most powerful rivals in the world. Then new actors joined the game by testing their own nuclear bombs: the UK in 1952, followed by France in 1960, China in 1964, India in 1974, and Pakistan in 1998. Israel pretends it does not have any nuclear weapons but it is an open secret that they do 1. France helped Israel to get its weapons and the nuclear explosion in 1979 off the southern coast of Africa probably involved Israel and South Africa (sourced by the Federation of American Scientists, the Wisconsin Project on Arms Control, the Center for Defense Information, etc.). This was confirmed by Mordechai Vanunu, former Israeli scientist who worked on developing the bomb. The intrusion of new nuclear countries frightened the United States and the USSR because the balance was already fragile and newcomers could break it. Would the game remain "safe" with more players? Therefore in 1968 both countries drafted a treaty to prevent nuclear proliferation. The Non-Proliferation Treaty (NPT) came into force in 1970, at a time when five countries had successfully achieved a nuclear explosion. The NPT officially recognises only these five countries as nuclear-weapons states. They happen to be also the five permanent member states of the UN Security Council. India and Pakistan carried out a nuclear test after 1968 and are therefore referred to as non-official nuclearweapons states. The new nuclear states adopted and adapted the nuclear doctrine to their needs, their geopolitical interests and their place in international relations.

Thesis (M.S.)--Georgia State University, 2007.
Title from file title page. Ying Zhu, committee chair; G.Scott Owen, Robert W. Harrison, committee members. Electronic text (87 p. : ill. (some col.)) : digital, PDF file. Description based on contents viewed Feb. 7, 2008. Includes bibliographical references (p. 84-87).

This thesis proposes a privacy protection framework for the controlled distribution and use of personal private data. The framework is based on the idea that privacy policies can be set directly by the data owner and can be automatically enforced against the data user. Data privacy continues to be a very important topic, as our dependency on electronic communication maintains its current growth, and private data is shared between multiple devices, users and locations. The growing amount and the ubiquitous availability of personal private data increases the likelihood of data misuse. Early privacy protection techniques, such as anonymous email and payment systems have focused on data avoidance and anonymous use of services. They did not take into account that data sharing cannot be avoided when people participate in electronic communication scenarios that involve social interactions. This leads to a situation where data is shared widely and uncontrollably and in most cases the data owner has no control over further distribution and use of personal private data. Previous efforts to integrate privacy awareness into data processing workflows have focused on the extension of existing access control frameworks with privacy aware functions or have analysed specific individual problems such as the expressiveness of policy languages. So far, very few implementations of integrated privacy protection mechanisms exist and can be studied to prove their effectiveness for privacy protection. Second level issues that stem from practical application of the implemented mechanisms, such as usability, life-time data management and changes in trustworthiness have received very little attention so far, mainly because they require actual implementations to be studied. Most existing privacy protection schemes silently assume that it is the privilege of the data user to define the contract under which personal private data is released. Such an approach simplifies policy management and policy enforcement for the data user, but leaves the data owner with a binary decision to submit or withhold his or her personal data based on the provided policy. We wanted to empower the data owner to express his or her privacy preferences through privacy policies that follow the so-called Owner-Retained Access Control (ORAC) model. ORAC has been proposed by McCollum, et al. as an alternate access control mechanism that leaves the authority over access decisions by the originator of the data. The data owner is given control over the release policy for his or her personal data, and he or she can set permissions or restrictions according to individually perceived trust values. Such a policy needs to be expressed in a coherent way and must allow the deterministic policy evaluation by different entities. The privacy policy also needs to be communicated from the data owner to the data user, so that it can be enforced. Data and policy are stored together as a Protected Data Object that follows the Sticky Policy paradigm as defined by Mont, et al. and others. We developed a unique policy combination approach that takes usability aspects for the creation and maintenance of policies into consideration. Our privacy policy consists of three parts: A Default Policy provides basic privacy protection if no specific rules have been entered by the data owner. An Owner Policy part allows the customisation of the default policy by the data owner. And a so-called Safety Policy guarantees that the data owner cannot specify disadvantageous policies, which, for example, exclude him or her from further access to the private data. The combined evaluation of these three policy-parts yields the necessary access decision. The automatic enforcement of privacy policies in our protection framework is supported by a reference monitor implementation. We started our work with the development of a client-side protection mechanism that allows the enforcement of data-use restrictions after private data has been released to the data user. The client-side enforcement component for data-use policies is based on a modified Java Security Framework. Privacy policies are translated into corresponding Java permissions that can be automatically enforced by the Java Security Manager. When we later extended our work to implement server-side protection mechanisms, we found several drawbacks for the privacy enforcement through the Java Security Framework. We solved this problem by extending our reference monitor design to use Aspect-Oriented Programming (AOP) and the Java Reflection API to intercept data accesses in existing applications and provide a way to enforce data owner-defined privacy policies for business applications.
Im Rahmen der Dissertation wurde ein Framework für die Durchsetzung von Richtlinien zum Schutz privater Daten geschaffen, welches darauf setzt, dass diese Richtlinien oder Policies direkt von den Eigentümern der Daten erstellt werden und automatisiert durchsetzbar sind. Der Schutz privater Daten ist ein sehr wichtiges Thema im Bereich der elektronischen Kommunikation, welches durch die fortschreitende Gerätevernetzung und die Verfügbarkeit und Nutzung privater Daten in Onlinediensten noch an Bedeutung gewinnt. In der Vergangenheit wurden verschiedene Techniken für den Schutz privater Daten entwickelt: so genannte Privacy Enhancing Technologies. Viele dieser Technologien arbeiten nach dem Prinzip der Datensparsamkeit und der Anonymisierung und stehen damit der modernen Netznutzung in Sozialen Medien entgegen. Das führt zu der Situation, dass private Daten umfassend verteilt und genutzt werden, ohne dass der Datenbesitzer gezielte Kontrolle über die Verteilung und Nutzung seiner privaten Daten ausüben kann. Existierende richtlinienbasiert Datenschutztechniken gehen in der Regel davon aus, dass der Nutzer und nicht der Eigentümer der Daten die Richtlinien für den Umgang mit privaten Daten vorgibt. Dieser Ansatz vereinfacht das Management und die Durchsetzung der Zugriffsbeschränkungen für den Datennutzer, lässt dem Datenbesitzer aber nur die Alternative den Richtlinien des Datennutzers zuzustimmen, oder keine Daten weiterzugeben. Es war daher unser Ansatz die Interessen des Datenbesitzers durch die Möglichkeit der Formulierung eigener Richtlinien zu stärken. Das dabei verwendete Modell zur Zugriffskontrolle wird auch als Owner-Retained Access Control (ORAC) bezeichnet und wurde 1990 von McCollum u.a. formuliert. Das Grundprinzip dieses Modells besteht darin, dass die Autorität über Zugriffsentscheidungen stets beim Urheber der Daten verbleibt. Aus diesem Ansatz ergeben sich zwei Herausforderungen. Zum einen muss der Besitzer der Daten, der Data Owner, in die Lage versetzt werden, aussagekräftige und korrekte Richtlinien für den Umgang mit seinen Daten formulieren zu können. Da es sich dabei um normale Computernutzer handelt, muss davon ausgegangen werden, dass diese Personen auch Fehler bei der Richtlinienerstellung machen. Wir haben dieses Problem dadurch gelöst, dass wir die Datenschutzrichtlinien in drei separate Bereiche mit unterschiedlicher Priorität aufteilen. Der Bereich mit der niedrigsten Priorität definiert grundlegende Schutzeigenschaften. Der Dateneigentümer kann diese Eigenschaften durch eigene Regeln mittlerer Priorität überschrieben. Darüber hinaus sorgt ein Bereich mit Sicherheitsrichtlinien hoher Priorität dafür, dass bestimmte Zugriffsrechte immer gewahrt bleiben. Die zweite Herausforderung besteht in der gezielten Kommunikation der Richtlinien und deren Durchsetzung gegenüber dem Datennutzer (auch als Data User bezeichnet). Um die Richtlinien dem Datennutzer bekannt zu machen, verwenden wir so genannte Sticky Policies. Das bedeutet, dass wir die Richtlinien über eine geeignete Kodierung an die zu schützenden Daten anhängen, so dass jederzeit darauf Bezug genommen werden kann und auch bei der Verteilung der Daten die Datenschutzanforderungen der Besitzer erhalten bleiben. Für die Durchsetzung der Richtlinien auf dem System des Datennutzers haben wir zwei verschiedene Ansätze entwickelt. Wir haben einen so genannten Reference Monitor entwickelt, welcher jeglichen Zugriff auf die privaten Daten kontrolliert und anhand der in der Sticky Policy gespeicherten Regeln entscheidet, ob der Datennutzer den Zugriff auf diese Daten erhält oder nicht. Dieser Reference Monitor wurde zum einen als Client-seitigen Lösung implementiert, die auf dem Sicherheitskonzept der Programmiersprache Java aufsetzt. Zum anderen wurde auch eine Lösung für Server entwickelt, welche mit Hilfe der Aspekt-orientierten Programmierung den Zugriff auf bestimmte Methoden eines Programms kontrollieren kann. In dem Client-seitigen Referenzmonitor werden Privacy Policies in Java Permissions übersetzt und automatisiert durch den Java Security Manager gegenüber beliebigen Applikationen durchgesetzt. Da dieser Ansatz beim Zugriff auf Daten mit anderer Privacy Policy den Neustart der Applikation erfordert, wurde für den Server-seitigen Referenzmonitor ein anderer Ansatz gewählt. Mit Hilfe der Java Reflection API und Methoden der Aspektorientierten Programmierung gelang es Datenzugriffe in existierenden Applikationen abzufangen und erst nach Prüfung der Datenschutzrichtlinie den Zugriff zuzulassen oder zu verbieten. Beide Lösungen wurden auf ihre Leistungsfähigkeit getestet und stellen eine Erweiterung der bisher bekannten Techniken zum Schutz privater Daten dar.

En raison de l'avancement technologique dans les domaines des communications sans fil ainsi que ceux de l’informatique mobile et embarquée, les frontières entre les mondes physique et digital se rétrécissent pour introduire une nouvelle technologie également appelée l’internet des objets. Cette technologie est en train de devenir une partie intégrante de nos vies. Allant des capteurs de puissance et capabilités réduites, aux Appareils électroménagers intelligents et objets de télé santé jusqu’aux usines interconnectées et intelligentes dans lesquelles les employés, les machines, les processus, les services et même les produits interagissent de manière à fournir une meilleure adaptabilité dans la production ainsi qu’une allocation plus efficace des ressources, et ce, pour répondre plus rapidement au marché, d’une façon plus personnalisée et à moindre coût. L'intégration de ces technologies dans l'environnement et les processus de fabrication en combinaison avec d'autres technologies telles que le cloud computing, les systèmes physiques cybernétiques, les technologies de l'information et de la communication ainsi que l’analyse des données et l’intelligence artificielle a introduit la quatrième révolution industrielle appelée également Industrie 4.0. Dans ce futur monde, les machines parleront aux machines (M2M) pour organiser la production et coordonner leurs actions en fonction des informations collectées et échangées entre les différents capteurs et entités. Cependant, l'ouverture de la connectivité au monde externe soulève plusieurs questions sur la sécurité des données qui n'étaient pas un problème lorsque les appareils étaient contrôlés localement et que seuls quelques-uns d'entre eux étaient connectés à d'autres systèmes distants. Les risques de sécurité de tels objets représentent des ressources potentielles pour des acteurs malveillants. Une fois compromises, ces ressources peuvent être utilisées dans des attaques à large échelle contre d’autres systèmes. C’est pourquoi il est essentiel d’assurer une communication sécurisée entre les différents appareils hétérogènes déployés dans des environnements dynamiques et décentralisés pour protéger les informations échangées contre le vol ou la falsification par des cyber attaquants malveillants et par conséquent obtenir l'acceptation des utilisateurs de telles solutions. Dans cette direction, cette thèse est concentrée sur quatre questions complémentaires, principalement (1) la Gestion dynamique, basée sur la confiance de l'accès aux ressources partagées au sein d'un système distribué et collaboratif de l’industrie 4.0, (2) le protection des données personnelles et sensibles des utilisateurs tout au long des procédures de gestion d’accès et tout en éliminant le besoin de s'appuyer sur des tiers supplémentaires, (3) la vérification de la sécurité ainsi que l'exactitude fonctionnelle du cadre conçu et enfin (4) l'évaluation de degré de confiance fiabilité des parties en interaction en plus du stockage sécurisé des informations relatives afin de garantir leur confidentialité, intégrité et traçabilité. En se concentrant sur ces questions et en tenant compte des caractéristiques conventionnelles des environnements IoT et IIoT, nous avons proposé dans cette thèse un environnement générique sécurisé et décentralisé de gestion des ressources dans les environnements Industrie 4.0. Le cadre spécifié basé sur la technologie blockchain et piloté par un réseau peer to peer permet non seulement la gestion dynamique d’accès aux ressources partagées mais aussi la gouvernance distribuée du système, la protection de vie privée, la gestion de confiance et la vérification formelle des spécifications établies afin de valider leur respect des spécifications établies. Enfin, une conception et mise en œuvre de la plateforme est assurée afin de prouver sa faisabilité et d'analyser ses performances
The evolution of the Internet of Things (IoT) started decades ago as part of the first face of the digital transformation, its vision has further evolved due to a convergence of multiple technologies, ranging from wireless communication to the Internet and from embedded systems to micro-electromechanical systems. As a consequence thereof, IoT platforms are being heavily developed, smart factories are being planned to revolutionize the industry organization and both security and trust requirements are becoming more and more critical. The integration of such technologies within the manufacturing environment and processes in combination with other technologies has introduced the fourth industrial revolution referred to also as Industry 4.0. In this future world machines will talk to machines (M2M) to organize the production and coordinate their actions. However opening connectivity to the external world raises several questions about data and IT infrastructure security that were not an issue when devices and machines were controlled locally and just few of them were connected to some other remote systems. That’s why ensuring a secure communication between heterogeneous and reliable devices is essential to protect exchanged information from being stolen or tampered by malicious cyber attackers that may harm the production processes and put the different devices out of order. Without appropriate security solutions, these systems will never be deployed globally due to all kinds of security concerns. That’s why ensuring a secure and trusted communication between heterogeneous devices and within dynamic and decentralized environments is essential to achieve users acceptance and to protect exchanged information from being stolen or tampered by malicious cyber attackers that may harm the production processes and put the different devices out of order. However, building a secure system does not only mean protecting the data exchange but it requires also building a system where the source of data and the data itself is being trusted by all participating devices and stakeholders. In this thesis our research focused on four complementary issues, mainly (I) the dynamic and trust based management of access over shared resources within an Industry 4.0 based distributed and collaborative system, (ii) the establishment of a privacy preserving solution for related data in a decentralized architecture while eliminating the need to rely on additional third parties, (iii) the verification of the safety, the correctness and the functional accuracy of the designed framework and (iv) the evaluation of the trustworthiness degree of interacting parties in addition to the secure storage and sharing of computed trust scores among them in order to guarantee their confidentiality, integrity and privacy. By focusing on such issues and taking into account the conventional characteristics of both IoT and IoT enabled industries environments, we proposed in this thesis a secure and distributed framework for resource management in Industry 4.0 environments. The proposed framework, enabled by the blockchain technology and driven by peer to peer networks, allows not only the dynamic access management over shared resources but also the distribute governance of the system without the need for third parties that could be their-selves vulnerable to attacks. Besides and in order to ensure strong privacy guarantees over the access control related procedures, a privacy preserving scheme is proposed and integrated within the distributed management framework. Furthermore and in order to guarantee the safety and the functional accuracy of our framework software components, we focused on their formal modeling in order to validate their safety and compliance with their specification. Finally, we designed and implemented the proposal in order to prove its feasibility and analyze its performances

Mestrado em Engenharia de Computadores e Telemática
A IoT (Internet of Things) é uma área que apresenta grande potencial mas embora muitos dos seus problemas já terem soluções satisfatórias, a segurança permanece um pouco esquecida, mantendo-se um como questão ainda por resolver. Um dos aspectos da segurança que ainda não foi endereçado é o controlo de acessos. O controlo de acesso é uma forma de reforçar a segurança que envolve avaliar os pedidos de acesso a recursos e negar o acesso caso este não seja autorizado, garantindo assim a segurança no acesso a recursos críticos ou vulneráveis. O controlo de Acesso é um termo lato, existindo diversos modelos ou paradigmas possíveis, dos quais os mais significativos são: IBAC (Identity Based Access Control), RBAC (Role Based Access Control) and ABAC (Attribute Based Access Control). Neste trabalho será usado o ABAC, já que oferece uma maior flexibilidade comparativamente a IBAC e RBAC. Além disso, devido à sua natureza adaptativa o ABAC tem maior longevidade e menor necessidade de manutenção. A OASIS (Organization for the Advancement of Structured Information Standards) desenvolveu a norma XACML (eXtensible Access Control Markup Language) para escrita/definição de políticas de acesso e pedidos de acesso, e de avaliação de pedidos sobre conjuntos de políticas com o propósito de reforçar o controlo de acesso sobre recursos. O XACML foi definido com a intenção de que os pedidos e as políticas fossem de fácil leitura para os humanos, garantindo, porém, uma estrutura bem definida que permita uma avaliação precisa. A norma XACML usa ABAC. Este trabalho tem o objetivo de criar uma plataforma de segurança que utilize os padrões ABAC e XACML que possa ser usado por outros sistemas, reforçando o controlo de acesso sobre recursos que careçam de proteção, e garantindo acesso apenas a sujeitos autorizadas. Vai também possibilitar a definição fina ou granular de regras e pedidos permitindo uma avaliação com maior precisão e um maior grau de segurança. Os casos de uso principais são grandes aplicações IoT, como aplicações Smart City, que inclui monitorização inteligente de tráfego, consumo de energia e outros recursos públicos, monitorização pessoal de saúde, etc. Estas aplicações lidam com grandes quantidades de informação (Big Data) que é confidencial e/ou pessoal. Existe um número significativo de soluções NoSQL (Not Only SQL) para resolver o problema do volume de dados, mas a segurança é ainda uma questão por resolver. Este trabalho vai usar duas bases de dados NoSQL: uma base de dados key-value (Redis) para armazenamento de políticas e uma base de dados wide-column (Cassandra) para armazenamento de informação de sensores e informação de atributos adicionais durante os testes.
IoT (Internet of Things) is an area which offers great opportunities and although a lot of issues already have satisfactory solutions, security has remained somewhat unaddressed and remains to be a big issue. Among the security aspects, we emphasize access control. Access Control is a way of enforcing security that involves evaluating requests for accessing resources and denies access if it is unauthorised, therefore providing security for vulnerable resources. Access Control is a broad term that consists of several methodologies of which the most significant are: IBAC (Identity Based Access Control), RBAC (Role Based Access Control) and ABAC (Attribute Based Access Control). In this work ABAC will be used as it offers the most flexibility compared to IBAC and RBAC. Also, because of ABAC's adaptive nature, it offers longevity and lower maintenance requirements. OASIS (Organization for the Advancement of Structured Information Standards) developed the XACML (eXtensible Access Control Markup Language) standard for writing/defining requests and policies and the evaluation of the requests over sets of policies for the purpose of enforcing access control over resources. It is defined so the requests and policies are readable by humans but also have a well defined structure allowing for precise evaluation. The standard uses ABAC. This work aims to create a security framework that utilizes ABAC and the XACML standard so that it can be used by other systems and enforce access control over resources that need to be protected by allowing access only to authorised subjects. It will also allow for fine grained defining of rules and requests for more precise evaluation and therefore a greater level of security. The primary use-case scenarios are large IoT applications such as Smart City applications including: smart traffic monitoring, energy and utility consumption, personal healthcare monitoring, etc. These applications deal with large quantities (Big Data) of confidential and/or personal data. A number of NoSQL (Not Only SQL) solutions exist for solving the problem of volume but security is still an issue. This work will use two NoSQL databases. A key-value database (Redis) for the storing of policies and a wide-column database (Cassandra) for storing sensor data and additional attribute data during testing.

Access control is a significant issue in any secure computer system. Authorization models provide a formalism and framework for specifying and evaluating access control policies that determine how access is granted and delegated among particular users. The aim of this dissertation is to investigate flexible decentralized authorization model supporting authorization delegation, both positive and negative authorization, and conflict resolution. A graph based authorization framework is proposed which can support authorization delegations and both positive and negative authorizations. In particular, it is shown that the existing conflict resolution methods are limited when applied to decentralized authorization models and cyclic authorizations can even lead to undesirable situations. A new conflict resolution policy is then proposed, which can support well controlled delegation by giving predecessors higher priorities along the delegation path. The thesis provides a formal description of the proposed model and detailed descriptions of algorithms to implement it. The model is represented using labelled digraphs, which provide a formal basis for proving the semantic correctness of the model. A weighted graph based model is presented which allows grantors to further express degrees of certainties about their granting of authorizations. The work is further extended to consider more complex domains where subjects, objects and access rights are hierarchically structured and authorization inheritance along the hierarchies taken into account. A precise semantics is given which is based on stable model semantics, and, several important properties of delegatable authorization programs investigated. The framework provides users a reasonable method to express complex security policy. To address the many situations in which users may need to be granted or delegated authorizations for a limited period of time, a temporal decentralized authorization model is proposed in which temporal authorization delegations and negations are allowable. Proper semantic properties are further investigated. Finally, as an application, the thesis shows how the proposed authorization model can be used in a e-consent system on health data. A system architecture for e-consent is presented and different types of e-consent models discussed. The proposed model is shown to provide users a good framework for representing and evaluating these models.
Doctor of Philosphy (PhD)

The widespread of inexpensive communication technologies, distributed data storage and web services mechanisms currently urge the collaboration among organizations. Partners are participating in this environment motivated by several advantages such as: (1) the ability to use external and professional resources, services and knowledge, (2) the reduction of time-consuming requirements and (3) the benefaction of experts experience. However, this collaboration is not perfect since several problems can arise such as the misuse of resources, disclosure of data or inadequate services. Therefore, security is an important concern of the participants. In particular trust management and access control are one of the major security issues for an organization. This thesis addresses these two areas in particular. It proposes a novel and comprehensive trust framework for Multi-Organization Environments. Our approach is organized in four parts. First, we propose a vector based model approach for defining trust vectors. These vectors evaluate a set of requirements, under conditions, and provide a degree of confidence. In our approach, we consider two different types of vectors. On the one hand, a vector that links a user to an organization and, on the other hand, a vector that links two organizations. We also show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. Second, the TRUST-OrBAC model was designed to add the previous trust approach to the ORBAC model. Moreover, this solution was applied with a real collaboration network between companies. Third, we present a trust ontology methodology based on access control concepts. This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value is addressed in this thesis. Fourth, we improve our work by designing a passive testing approach in order to evaluate the behavior of a user. This contribution is based on the monitoring tool MMT. Finally the entire architecture of our system is proposed

Enforcing security policies to distributed systems is difficult, in particular, when a system contains untrusted components. We designed AspectKE*, a distributed AOP language based on a tuple space, to tackle this issue. In AspectKE*, aspects can enforce access control policies that depend on future behavior of running processes. One of the key language features is the predicates and functions that extract results of static program analysis, which are useful for defining security aspects that have to know about future behavior of a program. AspectKE* also provides a novel variable binding mechanism for pointcuts, so that pointcuts can uniformly specify join points based on both static and dynamic information about the program. Our implementation strategy performs fundamental static analysis at load-time, so as to retain runtime overheads minimal. We implemented a compiler for AspectKE*, and demonstrate usefulness of AspectKE* through a security aspect for a distributed chat system.

博士
國立臺灣大學
資訊工程學研究所
92
With the highly advanced network technology, the Intranet of the organization has become more complicated and widely applicable. At the same time, new attack models of the malicious software, such as virus and Trojan horse, have also been developed. The Intranet environment, which used to be considered as safe and reliable in the past, suffers tremendous threats. Those novel viruses and Trojan attacks make use of the tunneling technique to bypass the firewall via standard service ports, such as port 80. On the other hand, the sharing of documents in Intranet is essential for present organization, and its security problem has been a threat to development of the organization. The ways to secure the document access and protect Intranet from attacks have become an important issue. In this dissertation, we focus on the security problem for document access control in Intranet, and propose the S.P.A.C. multi-layered security framework to secure it. Within the framework, some present security mechanisms such as IPSec, and SSL can also be integrated to provide more security. We also consider the flexibility and cost in the design to reduce the potential difficulties of physical deployment in the organization. A compete security framework comprises the proxy server technique for application level access control, the dynamic packet filter personal firewall technique for stopping the illegal network packets, the distributed firewall technique for controlling and protecting the client machines, and the dynamic id/password authentication for integration of document access control.

abstract: Access control is one of the most fundamental security mechanisms used in the design and management of modern information systems. However, there still exists an open question on how formal access control models can be automatically analyzed and fully realized in secure system development. Furthermore, specifying and managing access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this dissertation, I present an Assurance Management Framework (AMF) that is designed to cope with various assurance management requirements from both access control system development and policy-based computing. On one hand, the AMF framework facilitates comprehensive analysis and thorough realization of formal access control models in secure system development. I demonstrate how this method can be applied to build role-based access control systems by adopting the NIST/ANSI RBAC standard as an underlying security model. On the other hand, the AMF framework ensures the correctness of access control policies in policy-based computing through automated reasoning techniques and anomaly management mechanisms. A systematic method is presented to formulate XACML in Answer Set Programming (ASP) that allows users to leverage off-the-shelf ASP solvers for a variety of analysis services. In addition, I introduce a novel anomaly management mechanism, along with a grid-based visualization approach, which enables systematic and effective detection and resolution of policy anomalies. I further evaluate the AMF framework through modeling and analyzing multiparty access control in Online Social Networks (OSNs). A MultiParty Access Control (MPAC) model is formulated to capture the essence of multiparty authorization requirements in OSNs. In particular, I show how AMF can be applied to OSNs for identifying and resolving privacy conflicts, and representing and reasoning about MPAC model and policy. To demonstrate the feasibility of the proposed methodology, a suite of proof-of-concept prototype systems is implemented as well.
Dissertation/Thesis
Ph.D. Computer Science 2012

碩士
國立高雄應用科技大學
資訊管理研究所碩士班
105
With the rising popularity of NFC (Near Field Communication), what NFC cards can do are also increasing in recent years. For example, an access control system can manage the activation status of the door or elevator by using NFC cards or RFID keys. However, security problems may be getting more and more serious in such NFC applications. Thresholds of making the counterfeit card are getting lower and lower, hacker or intruder may also easily use illegal software or tools to imitate other people's cards. Once a NFC card with multiple functions is lost, there may be serious problems of not only the loss of money, but also the risk for security. In this research, two kinds of encryption techniques are adopted, including the asymmetric encryption algorithm and digital signature. When someone is signing into a system, random number will be added onto the signature and the random number will be consistently regenerated over time. By doing so, illegal counterfeit may be effectively eliminated because information transmission cannot be forged easily. NFC card users can use the card more relieved in their lives.

碩士
國防管理學院
國防財務資源研究所
91
The government continuously revises the every kind of regulation of ordinance, to stipulate for the publicly-issued companies and OTC-listed companies should invite CPAs to audit financial report of internal control and guarantee the property security, and ensuring property will not be obtained, used and disposed without proper authorization. However, along with the development of the electronic commerce, information security has already become an importance issue. When CPAs audit its auditee companies’ internal control, he should adopt an IT security standard to better evaluate the information technology and information security so that the CPA firms can decrease the auditing risk. We found that each factor contained significantly effect for the auditing of information security, such as planning and organization, acquisition and implementation, delivery and support. Only through a series of evaluations can monitor attaining to standard control and reduce the risk of companies'' internal control. Internal control in information security theory had existed; however prove from of actual situation, and as well find the Taiwan’s CPAs thinking the evaluation of information technology is one part of the internal control. The result from regression analysis can detect which factors of internal control in information security are CPAs most concerned. When CPAs proceed the internal control in information security in the future, they should pay much attention to these factors.

Current technologies such as anti-virus software programs and network firewalls provide reasonably secure protection at the host and network levels, but not at the application level. When network and host-level entry points are comparatively secure, public interfaces of web applications become the focus of malicious software attacks. In this thesis, we focus on one of most serious web application vulnerabilities, broken access control. Attackers often try to access unauthorized objects and resources other than URL pages in an indirect way; for instance, using indirect access to back-end resources such as databases. The consequences of these attacks can be very destructive, especially when the web application allows administrators to remotely manage users and contents over the web. In such cases, the attackers are not only able to view unauthorized content,but also to take over site administration. To protect against these types of attacks, we have designed and implemented a security analysis framework for dynamic web applications. A reverse engineering process is performed on an existing dynamic web application to extract a role-based access-control security model. A formal analysis is applied on the recovered model to check access-control security properties. This framework can be used to verify that a dynamic web application conforms to access control polices specified by a security engineer. Our framework provides a set of novel techniques for the analysis and modeling of web applications for the purpose of security verification and validation. It is largely language independent, and based on adaptable model recovery which can support a wide range of security analysis tasks.
Thesis (Ph.D, Computing) -- Queen's University, 2010-04-30 14:30:53.018

Metamorphism is a technique that mutates the binary code using different obfuscations. It is difficult to write a new metamorphic malware and in general malware writers reuse old malware. To hide detection the malware writers change the obfuscations (syntax) more than the behavior (semantic) of such a new malware. On this assumption and motivation, this thesis presents a new framework named MARD for Metamorphic Malware Analysis and Real-Time Detection. We also introduce a new intermediate language named MAIL (Malware Analysis Intermediate Language). Each MAIL statement is assigned a pattern that can be used to annotate a control flow graph for pattern matching to analyse and detect metamorphic malware. MARD uses MAIL to achieve platform independence, automation and optimizations for metamorphic malware analysis and detection. As part of the new framework, to build a behavioral signature and detect metamorphic malware in real-time, we propose two novel techniques, named ACFG (Annotated Control Flow Graph) and SWOD-CFWeight (Sliding Window of Difference and Control Flow Weight). Unlike other techniques, ACFG provides a faster matching of CFGs, without compromising detection accuracy; it can handle malware with smaller CFGs, and contains more information and hence provides more accuracy than a CFG. SWOD-CFWeight mitigates and addresses key issues in current techniques, related to the change of the frequencies of opcodes, such as the use of different compilers, compiler optimizations, operating systems and obfuscations. The size of SWOD can change, which gives anti-malware tool developers the ability to select appropriate parameter values to further optimize malware detection. CFWeight captures the control flow semantics of a program to an extent that helps detect metamorphic malware in real-time. Experimental evaluation of the two proposed techniques, using an existing dataset, achieved detection rates in the range 94% - 99.6% and false positive rates in the range 0.93% - 12.44%. Compared to ACFG, SWOD-CFWeight significantly improves the detection time, and is suitable to be used where the time for malware detection is more important as in real-time (practical) anti-malware applications.
Graduate
0984
alam_shahid@yahoo.com

In this dissertation, we propose an effective and efficient online unsupervised anomaly detection framework. The framework consists of new anomalousness metrics, named IP Weight, and a new hybrid clustering algorithm, named I-means. IP Weight metrics provide measures of anomalousness of IP packet flows on networks. A simple classification of network intrusions consists of distinguishing between single-connection based attacks and multiple-connection based attacks. The IP weight metrics proposed in this work characterize specifically multiple-connection based attacks. The definition of specific metrics for single-connection based attacks is left for future work. The I-means algorithm combines mixture resolving, a genetic algorithm automatically estimating the optimal number of clusters for a set of data, and the k-means algorithm for clustering. Three sets of experiments are conducted to evaluate our new unsupervised anomaly detection framework. The first experiment empirically validates that IP Weight metrics reduce dimensions of feature space characterizing IP packets at a level comparable with the principal component analysis technique. The second experiment is an offline evaluation based on 1998 DARPA intrusion detection dataset. In the offline evaluation, we compare our framework with three other unsupervised anomaly detection approaches, namely, plain k-means clustering, univariate outlier detection and multivariate outlier detection. Evaluation results show that the detection framework based on I-means yields the highest detection rate with a low false alarm rate. Specifically, it detects 18 types of attacks out of a total of 19 multiple-connection based attack types. The third experiment is an online evaluation in a live networking environment. The evaluation result not only confirms the detection effectiveness observed with the DARPA dataset, but also shows a good runtime efficiency, with response times falling within few seconds ranges.

Benutzerbestimmte Zugriffskontrolle ist an vielen Stellen schwer zu beschränken und zu administrieren. Der Ansatz der systembestimmten Zugriffskontrolle - Mandatory Access Control - gibt die Verantwortung an das System ab und gibt Benutzern deutlich weniger Rechte. Diese Arbeit vergleicht zwei Vertreter, welche Mandatory Access Control umsetzen, einerseits das Linux Security Module Framework und andererseits das FreeBSD MAC Framework, zudem werden die wichtigsten Policy Vertreter angegeben. Auf beiden Seiten finden sich ähnliche Ansätze wie die Umsetzung als Kernelmodul und vor allem generische Fähigkeiten, allerdings sind die implementierten Funktionalitäten unter FreeBSD im Detail oft besser durchdacht oder auch ausgereifter.

The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework.
Theoretical Computing
M. Sc. (Information Systems)

Software migrations are mostly performed by organisations using migration teams. Such migration teams need to be aware of how sensitive information ought to be handled and protected during the implementation of the migration projects. There is a need to ensure that sensitive information is identified, classified and protected during the migration process. This thesis suggests how sensitive information in organisations can be handled and protected during migrations by using the migration from proprietary software to open source software to develop a management framework that can be used to manage such a migration process.A rudimentary management framework on information sensitivity during software migrations and a model on the security challenges during open source migrations are utilised to propose a preliminary management framework using a sequential explanatory mixed methods case study. The preliminary management framework resulting from the quantitative data analysis is enhanced and validated to conceptualise the final management framework on information sensitivity during software migrations at the end of the qualitative data analysis. The final management framework is validated and found to be significant, valid and reliable by using statistical techniques like Exploratory Factor Analysis, reliability analysis and multivariate analysis as well as a qualitative coding process.
Information Science
D. Litt. et Phil. (Information Systems)

碩士
華梵大學
資訊管理學系碩士班
107
The Society for Worldwide Interbank Financial Telecommunica-tion (SWIFT) is the infrastructure provider for the current global in-ternational wire transfer service. Since the Bangladesh Central Bank’s $81 million cyber heist shocked the world in 2016, SWIFT had launched the Customer Security Programme (CSP) to enhance security of all Customer s’ local SWIFT infrastructure. In the CSP, SWIFT had completed the Customer Security Controls Framework (CSCF), and required all its customers to implement. However, since SWIFT CSCF was implemented in 2017, the Malaysia Central Bank still had a case of using SWIFT message system to steal funds in early 2018. In this case, did the Malaysia Central Bank not comply with the requirements of SWIFT CSCF? or SWIFT CSCF still has a few problems to solve, which deserves further exploration. This study is exploratory research, explores whether SWIFT CSCF can still be reinforced by collecting the information currently available publicly, and uses literature analysis. In this study, the Cy-bersecurity Framework of the National Institute of Standards and Technology is used to develop the target profile of SWIFT message system infrastructure on the customer side as a comparative baseline and SWIFT CSCF as the current profile. By comparing the current profile with the target profile to find out what SWIFT CSCF can be reinforced. After comparison, four incomplete aspects of SWIFT CSCF are preliminarily found, and suggestions for improvement are put forward in order to reduce the risk of recurrence of theft cases in SWIFT message system.

Tese de Doutoramento em Tecnologias e Sistemas de Informação.
A investigação realizada responde à questão: - Como garantir a confidencialidade, a integridade e a disponibilidade da informação de uma organização militar, inserida num ambiente de Guerra de Informação, de forma a minimizar o risco de segurança da informação? A resposta a esta questão, que é o foco da investigação e cujo nível de análise é a organização militar, segue predominantemente uma abordagem de investigação de orientação epistemológica interpretativista, qualitativa e indutiva, que utiliza como métodos de investigação, a Análise de Conteúdo, o Focus Group e o Estudo de Caso. Apoia-se simultaneamente num quadro conceptual de referência desenvolvido para o estudo e em disciplinas académicas de foco tecnológico, (Segurança de Redes de Computadores, Segurança no Software). A tese apresentada é de Design Science, em que se obtém um método de planeamento de segurança da informação para apoio aos decisores militares do Exército Português. Este interliga um modelo de métodos de ataque à informação, uma framework de categorias de controlos de segurança da informação e uma matriz de apoio à decisão que permite planear a seleção dos controlos de segurança da informação a implementar na organização. O método proposto permite efetuar a gestão das lições aprendidas com os incidentes de segurança da informação. Considera-se neste estudo que a segurança da informação se consegue através de um processo de gestão onde exista uma integração de dimensões de segurança e onde é fundamental ter em consideração, para as organizações militares, a Cadeia de Comando e o princípio da Unidade de Comando.
The research answer the following question: how to ensure the confidentiality, integrity and availability of information of a military organization that is part of an Information Warfare Environment, in order to minimize the risk of information security? The answer to this question, which is the focus of this research and its level of analysis, is the military organization. The author follows a predominately interpretive, qualitative and inductive research approach of epistemological orientation. The following research methods are used: Content Analysis, the Focus Groups and the Case Study. The author relies on both a conceptual framework developed for the study and in academic disciplines of technological focus (Network Security Computer Safety Software). The presented thesis is of Design Science, where a method of planning of information security support is obtained, to aid military decision-makers of the Portuguese Army. This interconnects a model of attack method to information, a framework of categories of information security controls, and a matrix of support for the decision that allows one to plan the selection of controls of information security to implement in the organization. The proposed method allows one to manage the lessons learned from the incidents of information security. It is considered in this study that information security is achieved through a management process where there exists an integration of security dimensions, and where it is fundamental for military organizations to regard: the Chain of Command and the Unity of Command principle.