Dissertations / Theses on the topic 'Security orchestration and automation'
To see the other types of publications on this topic, follow the link: Security orchestration and automation.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Security orchestration and automation.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Fernandes, Pereira Sonia, and Nejat Hamid. "Closed-Loop Orchestration Solution." Thesis, KTH, Hälsoinformatik och logistik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-253005.
Full textAbstract:
Computer networks are continuously evolving and growing in size and complexity. New technologies are being introduced which further increases the complexity. Net- work Service Orchestration is all about pushing configuration out into the network devices automatically without human intervention. There can be issues that causes the orchestration to fail. In many cases manual operations must be done to recover from the error which is very contradicting since the goal of orchestration is that it should be fully automated. There is some indication that the errors that are being solved manually could be de- tected and handled by a feedback mechanism. This thesis work aimed to build on current insight and if possible, verify that the feedback mechanism is a viable method. After consideration on different ways to solve the research question, the choice fell on creating a test environment where the approach was tested. The test environment was used to investigate if a network orchestration system could be integrated with a feedback mechanism. The result of this project presents a way to automatically de- tect a network failure and send feedback to a Network Service Orchestrator. The or- chestrator is then able to identify and correct the error.Datornätverk utvecklas kontinuerligt och växer i storlek och komplexitet. Nyteknik införs som ytterligare ökar komplexiteten. Nätverksservice orkestrering handlar om att skicka ut konfiguration automatiskt till enheter i nätverket utan mänsklig in- blandning. Det kan finnas problem som gör att orkestreringen misslyckas. I många fall måste manuella åtgärder utföras för att lösa problemet, vilket är mycket motsä- gelsefullt, eftersom målet med orkestrering är att det ska vara fullt automatiserat. Det finns indikationer på att fel kan detekteras och hanteras av en återkopplings- mekanismen. Detta examensarbete syftar till att bygga på aktuell insikt, och om möj- ligt, verifiera att återkopplingsmekanismen är en möjlig metod. Efter överväganden på vilka olika sätt som projektmålet kunde uppnås föll valet på att skapa en testmiljö där ansatsen kunde testas. Testmiljön användes för att utreda om ett nätverksorkestreringssystem kan integreras med en återkopplings mekanism. Resultat av projektet presenterar ett sätt att automatiskt upptäcka ett nätverksfel och skicka återkoppling till ett nätverksorkestreringssystem. Nätverksorkestreraren kan sedan detektera och åtgärda felet.
2
Abdelmassih, Christian. "Container Orchestration in Security Demanding Environments at the Swedish Police Authority." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-228531.
Full textAbstract:
The adoption of containers and container orchestration in cloud computing is motivated by many aspects, from technical and organizational to economic gains. In this climate, even security demanding organizations are interested in such technologies but need reassurance that their requirements can be satisfied. The purpose of this thesis was to investigate how separation of applications could be achieved with Docker and Kubernetes such that it may satisfy the demands of the Swedish Police Authority. The investigation consisted of a literature study of research papers and official documentation as well as a technical study of iterative creation of Kubernetes clusters with various changes. A model was defined to represent the requirements for the ideal separation. In addition, a system was introduced to classify the separation requirements of the applications. The result of this thesis consists of three architectural proposals for achieving segmentation of Kubernetes cluster networking, two proposed systems to realize the segmentation, and one strategy for providing host-based separation between containers. Each proposal was evaluated and discussed with regard to suitability and risks for the Authority and parties with similar demands. The thesis concludes that a versatile application isolation can be achieved in Docker and Kubernetes. Therefore, the technologies can provide a sufficient degree of separation to be used in security demanding environments.Populariteten av containers och container-orkestrering inom molntjänster motiveras av många aspekter, från tekniska och organisatoriska till ekonomiska vinster. I detta klimat är även säkerhetskrävande organisationer intresserade av sådana teknologier men söker försäkran att deras kravbild går att möta. Syftet med denna avhandling var att utreda hur separation mellan applikationer kan nås vid användning av Docker och Kubernetes så att Polismyndighetens krav kan uppfyllas. Undersökningen omfattade en litterär studie av vetenskapliga publikationer och officiell dokumentation samt en teknisk studie med iterativt skapande av Kubernetes kluster med diverse variationer. En modell definierades för att representera kravbilden för ideal separation. Vidare så introducerades även ett system för klassificering av separationskrav hos applikationer. Resultatet omfattar tre förslag på arkitekturer för att uppnå segmentering av klusternätverk i Kubernetes, två föreslagna systemkomponenter för att uppfylla segmenteringen, och en strategi för att erbjuda värd-baserad separation mellan containers. Varje förslag evaluerades med hänsyn till lämplighet och risker för myndigheten och parter med liknande kravbild. Avhandlingens slutsats är att en mångsidig applikationsisolering kan uppnås i Docker och Kubernetes. Därmed kan teknologierna uppnå en lämplig grad av separation för att kunna användas för säkerhetskrävande miljöer.
3
Compastié, Maxime. "Software-defined Security for Distributed Clouds." Thesis, Université de Lorraine, 2018. http://www.theses.fr/2018LORR0307/document.
Full textAbstract:
Dans cette thèse, nous proposons une approche pour la sécurité programmable dans le cloud distribué. Plus spécifiquement, nous montrons de quelle façon cette programmabilité peut contribuer à la protection de services cloud distribués, à travers la génération d'images unikernels fortement contraintes. Celles-ci sont instanciées sous forme de machines virtuelles légères, dont la surface d'attaque est réduite et dont la sécurité est pilotée par un orchestrateur de sécurité. Les contributions de cette thèse sont triples. Premièrement, nous présentons une architecture logique supportant la programmabilité des mécanismes de sécurité dans un contexte multi-cloud et multi-tenant. Elle permet l'alignement et le paramétrage de ces mécanismes pour des services cloud dont les ressources sont réparties auprès de différents fournisseurs et tenants. Deuxièmement, nous introduisons une méthode de génération à la volée d'images unikernels sécurisées. Celle-ci permet d'aboutir à des ressources spécifiques et contraintes, qui intègrent les mécanismes de sécurité dès la phase de construction des images. Elles peuvent être élaborées réactivement ou proactivement pour répondre à des besoins d'élasticité. Troisièmement, nous proposons d'étendre le langage d'orchestration TOSCA, afin qu'il soit possible de générer automatiquement des ressources sécurisées, selon différents niveaux de sécurité en phase avec l'orchestration. Enfin, nous détaillons un prototypage et un ensemble d'expérimentations permettant d'évaluer les bénéfices et limites de l'approche proposéeIn this thesis, we propose an approach for software-defined security in distributed clouds. More specifically, we show to what extent this programmability can contribute to the protection of distributed cloud services, through the generation of secured unikernel images. These ones are instantiated in the form of lightweight virtual machines, whose attack surface is limited and whose security is driven by a security orchestrator. The contributions of this thesis are threefold. First, we present a logical architecture supporting the programmability of security mechanims in a multi-cloud and multi-tenant context. It permits to align and parameterize these mechanisms for cloud services whose resources are spread over several providers and tenants. Second, we introduce a method for generating secured unikernel images in an on-the-fly manner. This one permits to lead to specific and constrained resources, that integrate security mechanisms as soon as the image generation phase. These ones may be built in a reactive or proactive manner, in order to address elasticity requirements. Third, we propose to extend the TOSCA orchestration language, so that is is possible to generate automatically secured resources, according to different security levels in phase with the orchestration. Finally, we detail a prototyping and extensive series of experiments that are used to evaluate the benefits and limits of the proposed approach
4
Nejman, Dawid. "Automation of data processing in the network of geospatial web services." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4029.
Full textAbstract:
Geoinformatics field of science becomes more and more important nowadays. This is not only because it is crucial for industry, but it also plays more important role in consumer electronics than ever before. The ongoing demand for complex solutions gave a rise to SOA1 architecture in enterprise and geographical field. The topic that is currently being studied is interoperability between different geospatial services. This paper makes a proposal for a master thesis that tries to add another way of chaining different geospatial services. It describes the current state of knowledge, possible research gap and then goes into the details on design and execution part. Final stage is the summary of expected outcomes. The result of this proposal is a clearly defined need for a research in the outlined area of knowledge.Contact details: email: dawidnejman@gmail.com phone: +48 511-139-190
5
Pattaranantakul, Montida. "Moving towards software-defined security in the era of NFV and SDN." Thesis, Université Paris-Saclay (ComUE), 2019. http://www.theses.fr/2019SACLL009/document.
Full textAbstract:
Ce travail de thèse, vise à explorer les problèmes de sécurité et les solutions, dans les environnements réseaux logiciels et virtualisés, avec les deux hypothèses suivantes:(1) Les changements de paradigmes introduits par les réseaux SDN et NFV permettent de développer de nouvelles approches en matière de gestion de la sécurité; (2) L’ensemble des menaces et vulnérabilités dans les environnements NFV/SDN doivent être intégralement pris en compte. Donc, dans une première partie, nous proposons une étude détaillée et complète, du point de vue de la sécurité, des architectures et protocoles SDN/NFV, mais aussi de la gestion et de l’orchestration des fonctions réseaux dans ces environnements (architecture MANO). Plusieurs cas d’usage sont spécifiés et proposés, en guise d’illustrations. Cette première étude a conduit à deux contributions majeures: (1) une architecture complète pour la gestion et l’orchestration de la sécurité (appelé SecMANO) basé sur NFV MANO. SecMANO permet de gérer un ensemble de fonctions service, de mécanismes de sécurité (contrôle d’accès, IDS/IPS, isolation, protection) basées sur un ensemble de règles; (2) une analyse complète des menaces et vulnérabilités dans le contexte NFV, à partir de cinq cas d'usage spécifiques, et des contre-mesures associées. Cette analyse a permis de proposer, une classification (taxonomie) complète et détaillée, des différents types de menace spécifique, associés à un ensemble de recommandations, pour une meilleure sécurité des services NFV. Nous estimons que ces deux premières contributions ouvrent des perspectives de recherche intéressantes, dans le domaine de la sécurité des réseaux NFV/SDN.Cette première étude, nous a amenés à proposer en guise de troisième contribution, une nouvelle architecture pour l’orchestration de fonctions de sécurité dans les environnements virtualisés. Cet orchestrateur de sécurité a été spécifié et développé comme un module d’extension pour les orchestrateurs existants. L’objectif est d’assurer un déploiement dynamique, flexible, à la demande, ainsi qu’une orchestration efficace des différents services de sécurité de base. Plus précisément, un mécanisme de contrôle d’accès, défini et appliqué à partir d’un langage de haut niveau, basé sur les piles "Tacker" (un service OpenStack pour orchestrateur NFV utilisant le modèle de donnés TOSCA), a été prototypé, implanté et testé. Ce prototype, permet de personnaliser et d’adapter dynamiquement, le modèle et la stratégie de contrôle d’accès, pour différents domaines utilisateurs concurrents. Ces domaines de sécurité indépendants, restent potentiellement protégés et isolés, dans les environnements à grande échelle, multi-opérateurs et multi-clouds. Le prototype et les expérimentations menées dans des conditions pratiques, montrent la faisabilité et l'efficacité de l’approche proposé.L’étude proposées dans la première partie, à partir d’une approche "cross-layer", mettent en évidence de nouveaux types de menaces et vulnérabilités et démontrent que dans ces environnements logiciels, virtualisés, la sécurité est l’élément critique. La quatrième contribution (SecSFC) vise à sécuriser et à fiabiliser, la composition et le chaînage de fonctions service (Service Function Chaining, SFC) dans les environnements NFV/SDN. SecSFC s’appuie sur un mécanisme de type "identity-based ordered multisignature" pour garantir les propriétés suivantes: (1) L’authentification de chaque fonction service, associée à une chaîne de fonctions service particulière; (2) La cohérence et le séquencement de l’ensemble des fonctions service associées à une composition ou à un chaînage particulier de fonctions service ("VNF forwarding graph"). L’analyse théorique du modèle proposé "SecSFC" et les résultats expérimentaux, montrent le caractère résilient de l’approche, en particulier face à un certain nombre d’attaques spécifiques (ex. modification des règles ou de la topologie) avec un temps de traitement et une latence, limitésThis thesis is intended to explore security issues in the virtualized and software-defined world, and starts with two important hypotheses: (1) SDN and NFV offer plenty of opportunities for us to rethink security management in the new networking paradigms; (2) both legacy and new security threats and vulnerabilities in NFV/SDN enabled environments need to be sufficiently addressed in order to pave the way for their further development and deployment. To validate the hypotheses, we carry out an in-depth study on NFV/SDN from security perspective, including its architecture, management and orchestration (MANO) framework, and use cases, leading to two major contributions, (1) a security management and orchestration framework (called SecMANO) based on NFV MANO, which has the potential to manage a set of policy-driven security mechanisms, such as access control, IDS/IPS, network isolation, data protection; (2) a comprehensive threat analysis on five NFV use cases and the state-of-the-art security countermeasures, resulting in a NFV layer-specific threat taxonomy and a set of security recommendations on securing NFV based services.We believe that both of the two contributions lay down a foundation for security research in NFV/SDN domain. In particular, based on the two contributions, we further develop a security orchestrator as an extension of available NFV orchestrator, with an objective to enabling the basic security functions to be effectively orchestrated and provided as on-demand services to the customers, meanwhile allowing high-level security policies to be specified and enforced in a dynamic and flexible way. Specifically, a software-defined access control paradigm is implemented and prototyped with OpenStack and Tacker (a NFV orchestrator using TOSCA model), which allows the security administrators to dynamically customize the access control models and policies for different tenant domains, eventually achieving flexible and scalable protection across different layers and multiple cloud data centers. Both prototype of concept and real-life experiments on testbed have been carried out, clearly demonstrating the feasibility and effectiveness of our security orchestrator.In addition, as our NFV cross-layer threat taxonomy indicates, a large set of novel threats will be introduced, among which VNF (Virtualized Network Function) is a unique and important asset that deserves careful protection. The fourth contribution of this thesis is therefore devoted to achieving secure and dependable SFC (Service Function Chaining) in NFV and SDN environment. Specifically, an identity-based ordered multisignature scheme called SecSFC is designed and applied to ensure that, (1) each service function involved in a particular service chain is authenticated and legitimate; (2) all the service functions are chained in a consistent, optimal, and reliable way, meeting with the pre-defined high-level specifications like VNF Forwarding Graph. Both theoretical security analysis and experimental results demonstrate that our scheme can effectively defend against a large set of destructive attacks like rule modification and topology tempering, moving an important step towards secure and dependable SFC. Importantly, the signature construction and validation process is lightweight, generating compact and constant-size keys and signatures, thereby only incurring minimal computational overhead and latency
6
Thakur, Ritika. "Access control model to support orchestration of CRUD expressions." Master's thesis, Universidade de Aveiro, 2015. http://hdl.handle.net/10773/18452.
Full textAbstract:
Mestrado em Engenharia de Computadores e TelemáticaAccess Control is a sensitive and crucial aspect when it comes to securing the data present in the databases. In an application which is driven by Create, Read, Update and Delete (CRUD) expressions, users can execute a single CRUD expression or a sequence of CRUD expressions to achieve the desired results. In such type of applications, the Access Control is not just Iimited to authorizing the subject for accessing the object, but it also aims to authorize and validate the operations that a subject can perform on the data after the authorization. Current Access Control models are generally concerned with restricting the access to the resources. However, once the subject is authorized, there are no restrictions on the actions a subject can perform on the resources. In this work an Access Control Model has been presented which extends current Access Control model's features to provide an environment where a set of predefined policies are implemented as graphs of CRUD expressions. The design of the access control policies is based on the CRUD expressions that a user needs to execute to complete a task. These graphs of CRUD expressions are hence used for controlling and validating the actions that can be performed on authorized information. In order to reuse the policies, presented model allows the inter execution of the policies based on some predefined rules. The aim of the present thesis work is to provide a structure which allows the application users to only execute the authorized sequences of CRUD expressions in a predefined order and allows the security experts to design the policies in a flexible way through the graph data structure. As a proof of concept, Role based Access Control model (RBAC) has been taken as a reference access control model and the base for this work is chosen as Secured, Distributed and Dynamic RBAC (S-DRACA) which allowed the sequence of CRUD expressions to be executed in single direction.
O controlo de acesso é um aspecto sensível e crucial quando se fala de proteger dados presentes em base de dados. Em aplicações que assentam numa base de dados baseadas em expressões Creafe, Read, Update e Delefe (CRUD) , os utilizadores podem executar uma ou uma sequência de expressões CRUD para obter um dado resultado. Neste tipo de aplicações o controlo de acesso não é limitado apenas a autorizar o acesso a um objecto por um sujeito, mas também a autorizar e validar as operações que o sujeito pode fazer sobre os dados depois de obter autorização. Os modelos atuais de controlo de acesso geralmente focamse em restringir o acesso aos recursos CRUD a CRUD. No entanto, logo que o sujeito é autorizado, não há restrições sob as ações que este pode efetuar sobre esses recursos. Neste trabalho é apresentado um modelo de controlo de acesso que extende as funcionalidades dos modelos de controlo de acesso atuais para fornecer um ambiente onde um conjunto de politicas predefinidas são implementadas como grafos de expressões CRUD. Estes grafos de expressões CRUD são considerados como sequências que atuam como politicas guardadas e preconfiguradas. O design das sequências é baseado nas operações que o utilizador deseja efetuar para obter um dado resultado. Estas sequências de expressões CRUD são assim usadas para controlar e validar as ações que podem ser efetuadas sobre a informação armazenada. De forma a reusar estas políticas, o modelo apresentado define o uso de execuçao externa de políticas configuradas. O objetivo do trabalho nesta tese é fornecer uma estrutura que permite aos utilizadores de aplicações apenas executarem sequências autorizadas de expressões CRUD numa ordem predefinida e permitir aos administradores de sistema de desenharem politicas de uma forma flexível através de estruturas de grafos. Como prova de conceito, o modelo Role Based Access Control (RBAC) foi tido como referência para o modelo de controlo de acesso e para a base deste trabalho foi escolhido o S-DRACA que permite sequências de expressões CRUD de serem executadas por ordem.
7
Chollet, Stéphanie. "Orchestration de services hétérogènes et sécurisés." Grenoble 1, 2009. http://www.theses.fr/2009GRE10283.
Full textAbstract:
Récemment, l'approche à services est apparue en ayant pour but de construire des applications à partir d'entités logicielles, nommées services. Un service fournit un ensemble de fonctionnalités définies par une description de services. A partir de cette description, un consommateur de service peut rechercher un service qui corresponde à ses besoins, le sélectionner et l'invoquer. La construction d'applications par composition de services demeure néanmoins une activité complexe puisqu'il faut traiter conjointement les aspects métier et techniques ; la composition doit satisfaire aux exigences fonctionnelles et non-fonctionnelles ainsi que respecter les contraintes des technologies à services liées, notamment, à l'hétérogénéité des plates-formes. Par ailleurs, les points forts de l'architecture à services, qui sont la distribution et le déploiement des services sur des plateformes hétérogènes, ouvrent d'importantes failles de sécurité. Nous proposons une approche dirigée par les modèles pour simplifier la réalisation d'applications basées sur une orchestration de services hétérogènes en prenant en considération les aspects de sécurité dès l'étape de conception. Pour cela, nous avons défini deux méta-modèles : l'un pour l'orchestration de services et l'autre pour la sécurité, ainsi que des liens entre ces méta-modèles dans le but d'étendre l'orchestration avec des propriétés de sécurité. Ainsi, il est possible de réaliser des modèles d'orchestration de services hétérogènes et sécurisés conformes aux méta-modèles. A partir de ces modèles, nous générons le code nécessaire à l'exécution de l'orchestration. L'exécution se fait en fonction des modèles définis dans la phase de conception et des services disponibles qui répondent aux spécifications. Notre approche a été validée avec la plate-forme Secure FOCAS, qui a été réalisée dans le cadre du projet Européen ITEA SODAService-oriented Computing (SOC) has appeared recently as a new software engineering paradigm. The very purpose of this reuse-based approach is to build applications through the late composition of independent software elements, called services, which are made available at run-time by internal or external providers. SOC brings properties of major interest. First, it supports rapid application development. Using existing, already tested, services is likely to reduce the time needed to build up an application and the overall quality of this application. SOC also improves software flexibility through late binding. A service to be used by an application is chosen at the last moment, based on its actual availability and on its properties at that moment. The service orientation has also to face thorny problems, as in any reuse-based approach. In this work, we focus on two major issues: the integration of heterogeneous service-oriented technologies and the management of security aspects when invoking a service. Security is actually a major concern to SOC practitioners. SOC technologies have allowed companies to expose applications, internally and externally, and, for that reason are heavily used. However, in some distributed environments, software services and process engines can be alarmingly vulnerable. Service-based processes can expose organizations to a considerable amount of security risk and dependability degradation. We propose to use a model-driven approach for solving this problem. During system design, paradigms such as abstraction, separation of concerns and language definition are used to define a model of the service composition with security properties. This model is transformed into an execution model. We present a generative environment applying these principles for service composition. This environment has been built as part of the SODA European project and validated on several industrial use cases
8
Zerkane, Salaheddine. "Security Analysis and Access Control Enforcement through Software Defined Networks." Thesis, Brest, 2018. http://www.theses.fr/2018BRES0057/document.
Full textAbstract:
Les réseaux programmables (SDN) sont un paradigme émergent qui promet de résoudre les limitations de l'architecture du réseau conventionnel. Dans cette thèse, nous étudions et explorons deux aspects de la relation entre la cybersécurité et les réseaux programmables. D'une part, nous étudions la sécurité pour les réseaux programmables en effectuant une analyse de leurs vulnérabilités. Une telle analyse de sécurité est un processus crucial pour identifier les failles de sécurité des réseaux programmables et pour mesurer leurs impacts. D'autre part, nous explorons l'apport des réseaux programmables à la sécurité. La thèse conçoit et implémente un pare-feu programmable qui transforme la machine à états finis des protocoles réseaux, en une machine à états équivalente pour les réseaux programmables. En outre, la thèse évalue le pare-feu implémenté avec NetFilter dans les aspects de performances et de résistance aux attaques d’inondation par paquets de synchronisation. De plus, la thèse utilise l'orchestration apportée par les réseaux programmables pour renforcer la politique de sécurité dans le Cloud. Elle propose un Framework pour exprimer, évaluer, négocier et déployer les politiques de pare-feu dans le contexte des réseaux programmables sous forme de service dans le CloudSoftware Defined Networking (SDN) is an emerging paradigm that promises to resolve the limitations of the conventional network architecture.SDN and cyber security have a reciprocal relationship. In this thesis, we study and explore two aspects of this relationship. On the one hand, we study security for SDN by performing a vulnerability analysis of SDN. Such security analysis is a crucial process in identifying SDN security flaws and in measuring their impacts. It is necessary for improving SDN security and for understanding its weaknesses.On the other hand, we explore SDN for security. Such an aspect of the relationship between SDN and security focusses on the advantages that SDN brings into security.The thesis designs and implements an SDN stateful firewall that transforms the Finite State Machine of network protocols to an SDN Equivalent State Machine. Besides, the thesis evaluates SDN stateful firewall and NetFilter regarding their performance and their resistance to Syn Flooding attacks.Furthermore, the thesis uses SDN orchestration for policy enforcement. It proposes a firewall policy framework to express, assess, negotiate and deploy firewall policies in the context of SDN as a Service in the cloud
9
Gill, Khusvinder. "Enhancing the security of wireless sensor network based home automation systems." Thesis, Loughborough University, 2009. https://dspace.lboro.ac.uk/2134/5951.
Full textAbstract:
Home automation systems (HASs)seek to improve the quality of life for individuals through the automation of household devices. Recently, there has been a trend, in academia and industry, to research and develop low-cost Wireless Sensor Network (WSN) based HASs (Varchola et al. 2007). WSNs are designed to achieve a low-cost wireless networking solution, through the incorporation of limited processing, memory, and power resources. Consequently, providing secure and reliable remote access for resource limited WSNs, such as WSN based HASs, poses a significant challenge (Perrig et al. 2004). This thesis introduces the development of a hybrid communications approach to increase the resistance of WSN based HASs to remote DoS flooding attacks targeted against a third party. The approach is benchmarked against the dominant GHS remote access approach for WSN based HASs (Bergstrom et al. 2001), on a WSN based HAS test-bed, and shown to provide a minimum of a 58.28%, on average 59.85%, and a maximum of 61.45% increase in remote service availability during a DoS attack. Additionally, a virtual home incorporating a cryptographic based DoS detection algorithm, is developed to increase resistance to remote DoS flooding attacks targeted directly at WSN based HASs. The approach is benchmarked against D-WARD (Mirkovic 2003), the most effective DoS defence identified from the research, and shown to provide a minimum 84.70%, an average 91.13% and a maximum 95.6% reduction in packets loss on a WSN based HAS during a DoS flooding attack. Moreover, the approach is extended with the integration of a virtual home, hybrid communication approach, and a distributed denial of defence server to increase resistance to remote DoS attacks targeting the home gateway. The approach is again benchmarked against the D-WARD defence and shown to decrease the connection latency experienced by remote users by a minimum of 90.14%, an average 90.90%, and a maximum 91.88%.
10
Peacock, Matthew. "Anomaly Detection in BACnet/IP managed Building Automation Systems." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2019. https://ro.ecu.edu.au/theses/2178.
Full textAbstract:
Building Automation Systems (BAS) are a collection of devices and software which manage the operation of building services. The BAS market is expected to be a $19.25 billion USD industry by 2023, as a core feature of both the Internet of Things and Smart City technologies. However, securing these systems from cyber security threats is an emerging research area. Since initial deployment, BAS have evolved from isolated standalone networks to heterogeneous, interconnected networks allowing external connectivity through the Internet. The most prominent BAS protocol is BACnet/IP, which is estimated to hold 54.6% of world market share. BACnet/IP security features are often not implemented in BAS deployments, leaving systems unprotected against known network threats. This research investigated methods of detecting anomalous network traffic in BACnet/IP managed BAS in an effort to combat threats posed to these systems.
This research explored the threats facing BACnet/IP devices, through analysis of Internet accessible BACnet devices, vendor-defined device specifications, investigation of the BACnet specification, and known network attacks identified in the surrounding literature. The collected data were used to construct a threat matrix, which was applied to models of BACnet devices to evaluate potential exposure. Further, two potential unknown vulnerabilities were identified and explored using state modelling and device simulation.
A simulation environment and attack framework were constructed to generate both normal and malicious network traffic to explore the application of machine learning algorithms to identify both known and unknown network anomalies. To identify network patterns between the generated normal and malicious network traffic, unsupervised clustering, graph analysis with an unsupervised community detection algorithm, and time series analysis were used. The explored methods identified distinguishable network patterns for frequency-based known network attacks when compared to normal network traffic. However, as stand-alone methods for anomaly detection, these methods were found insufficient. Subsequently, Artificial Neural Networks and Hidden Markov Models were explored and found capable of detecting known network attacks. Further, Hidden Markov Models were also capable of detecting unknown network attacks in the generated datasets.
The classification accuracy of the Hidden Markov Models was evaluated using the Matthews Correlation Coefficient which accounts for imbalanced class sizes and assess both positive and negative classification ability for deriving its metric. The Hidden Markov Models were found capable of repeatedly detecting both known and unknown BACnet/IP attacks with True Positive Rates greater than 0.99 and Matthews Correlation Coefficients greater than 0.8 for five of six evaluated hosts.
This research identified and evaluated a range of methods capable of identifying anomalies in simulated BACnet/IP network traffic. Further, this research found that Hidden Markov Models were accurate at classifying both known and unknown attacks in the evaluated BACnet/IP managed BAS network.
11
Schnepf, Nicolas. "Orchestration et vérification de fonctions de sécurité pour des environnements intelligents." Thesis, Université de Lorraine, 2019. http://www.theses.fr/2019LORR0088/document.
Full textAbstract:
Les équipements intelligents, notamment les smartphones, sont la cible de nombreuses attaques de sécurité. Par ailleurs, la mise en œuvre de mécanismes de protection usuels est souvent inadaptée du fait de leurs ressources fortement contraintes. Dans ce contexte, nous proposons d'utiliser des chaînes de fonctions de sécurité qui sont composées de plusieurs services de sécurité, tels que des pare-feux ou des antivirus, automatiquement configurés et déployés dans le réseau. Cependant, ces chaînes sont connues pour être difficiles à valider. Cette difficulté est causée par la complexité de ces compositions qui impliquent des centaines, voire des milliers de règles de configuration. Dans cette thèse, nous proposons l'architecture d'un orchestrateur exploitant la programmabilité des réseaux pour automatiser la configuration et le déploiement de chaînes de fonctions de sécurité. Il est important que ces chaînes de sécurité soient correctes afin d’éviter l'introduction de failles de sécurité dans le réseau. Aussi, notre orchestrateur repose sur des méthodes automatiques de vérification et de synthèse, encore appelées méthodes formelles, pour assurer la correction des chaînes. Notre travail appréhende également l'optimisation du déploiement des chaînes dans le réseau, afin de préserver ses ressources et sa qualité de serviceSmart environments, in particular smartphones, are the target of multiple security attacks. Moreover, the deployment of traditional security mechanisms is often inadequate due to their highly constrained resources. In that context, we propose to use chains of security functions which are composed of several security services, such as firewalls or antivirus, automatically configured and deployed in the network. Chains of security functions are known as being error prone and hard to validate. This difficulty is caused by the complexity of these constructs that involve hundreds and even thousands of configuration rules. In this PhD thesis, we propose the architecture of an orchestrator, exploiting the programmability brought by software defined networking, for the automated configuration and deployment of chains of security functions. It is important to automatically insure that these security chains are correct, before their deployment in order to avoid the introduction of security breaches in the network. To do so, our orchestrator relies on methods of automated verification and synthesis, also known as formal methods, to ensure the correctness of the chains. Our work also consider the optimization of the deployment of chains of security functions in the network, in order to maintain its resources and quality of service
12
Habeeb, Richard. "Improving the Security of Building Automation Systems Through an seL4-based Communication Framework." Scholar Commons, 2018. http://scholarcommons.usf.edu/etd/7161.
Full textAbstract:
Existing Building Automation Systems (BASs) and Building Automation Networks (BANs) have been shown to have serious cybersecurity problems. Due to the safety-critical and interconnected nature of building subsystems, local and network access control needs to be finer grained, taking into consideration the varying criticality of applications running on heterogeneous devices. In this paper, we present a secure communication framework for BASs that 1) enforces rich access control policy for operating system services and objects, leveraging a microkernel-based architecture; 2) supports fine-grained network access control on a per-process basis; 3) unifies the security control of inter-device and intra-device communication using proxy processes; 4) tunnels legacy insecure communication protocols (e.g., BACnet) through a secure channel, such as SSL, in a manner transparent to legacy applications. We implemented the framework on seL4, a formally verified microkernel. We conducted extensive experiments and analysis to compare the performance and effectiveness of our communication systems against a traditional Linux-based implementation of the same control scenario. Our experiments show that the communication performance of our system is faster or comparable to the Linux-based architecture in embedded systems.
13
Jose, Arun Cyril. "Intelligent home automation security system based on novel logical sensing and behaviour prediction." Thesis, University of Pretoria, 2017. http://hdl.handle.net/2263/65012.
Full textAbstract:
The thesis, Intelligent Home Automation Security System Based on Novel Logical Sensing and Behavior Prediction, was designed to enhance authentication, authorization and security in smart home devices and services. The work proposes a three prong defensive strategy each of which are analyzed and evaluated separately to drastically improve security. The Device Fingerprinting techniques proposed, not only improves the existing approaches but also identifies the physical device accessing the home cybernetic and mechatronic systems using device specific and browser specific parameters. The Logical Sensing process analyses home inhabitant actions from a logical stand point and develops sophisticated and novel sensing techniques to identify intrusion attempts to a home’s physical and cyber space. Novel Behavior prediction methodology utilizes Bayesian networks to learn normal user behavior which is later compared to distinguish and identify suspicious user behaviors in the home in a timely manner. The logical sensing, behavior prediction and device fingerprinting techniques proposed were successfully tested, evaluated and verified in an actual home cyber physical system. The algorithms and techniques proposed in the thesis can be easily modified and adapted into many practical applications in Industrial Internet of Things, Industry 4.0 and cyber-physical systems.Thesis (PhD)--University of Pretoria, 2017.
Electrical, Electronic and Computer Engineering
PhD
Unrestricted
14
Costley, Austin D. "Platform Development and Path Following Controller Design for Full-Sized Vehicle Automation." DigitalCommons@USU, 2017. https://digitalcommons.usu.edu/etd/6429.
Full textAbstract:
The purpose of this thesis is to discuss the design and development of a platform used to automate a stock 2013 Ford Focus EV. The platform is low-cost and open-source to encourage collaboration and provide a starting point for fellow researchers to advance the work in the field of automated vehicle control. This thesis starts by discussing the process of obtaining control of the vehicle by taking advantage of internal communication protocols. The controller design process is detailed and a description of the components and software used to control the vehicle is provided. The automated system is tested and the results of fully autonomous driving are discussed.
15
Mekki, Mohamed-Anis. "Synthèse et compilation de services web sécurisés." Thesis, Nancy 1, 2011. http://www.theses.fr/2011NAN10123/document.
Full textAbstract:
La composition automatique de services web est une tâche difficile. De nombreux travaux ont considérés des modèles simplifiés d'automates qui font abstraction de la structure des messages échangés par les services. Pour le domaine des services sécurisés nous proposons une nouvelle approche pour automatiser la composition des services basée sur leurs politiques de sécurité. Étant donnés, une communauté de services et un service objectif, nous réduisons le problème de la synthèse de l'objectif à partir des services dans la communauté à un problème de sécurité, où un intrus que nous appelons médiateur doit intercepter et rediriger les messages depuis et vers la communauté de services et un service client jusqu'à atteindre un état satisfaisant pour le dernier. Nous avons implémenté notre algorithme dans la plateforme de validation du projet AVANTSSAR et nous avons testé l'outil correspondant sur plusieurs études de cas. Ensuite, nous présentons un outil qui compile les traces obtenues décrivant l'exécution d'un médiateur vers le code exécutable correspondant. Pour cela nous calculons d'abord une spécification exécutable aussi prudente que possible de son rôle dans l'orchestration. Cette spécification est exprimé en ASLan, un langage formel conçu pour la modélisation des services Web liés à des politiques de sécurité. Ensuite, nous pouvons vérifier avec des outils automatiques que la spécification ASLan obtenue vérifie certaines propriétés requises de sécurité telles que le secret et l'authentification. Si aucune faille n'est détectée, nous compilons la spécification ASLan vers une servlet Java qui peut être utilisé par le médiateur pour contrôler l'orchestrationAutomatic composition of web services is a challenging task. Many works have considered simplified automata models that abstract away from the structure of messages exchanged by the services. For the domain of secured services we propose a novel approach to automated composition of services based on their security policies. Given a community of services and a goal service, we reduce the problem of composing the goal from services in the community to a security problem where an intruder we call mediator should intercept and redirect messages from the service community and a client service till reaching a satisfying state. We have implemented the algorithm in AVANTSSAR Platform and applied the tool to several case studies. Then we present a tool that compiles the obtained trace describing the execution of a the mediator into its corresponding runnable code. For that we first compute an executable specification as prudent as possible of her role in the orchestration. This specification is expressed in ASLan language, a formal language designed for modeling Web Services tied with security policies. Then we can check with automatic tools that this ASLan specification verifies some required security properties such as secrecy and authentication. If no flaw is found, we compile the specification into a Java servlet that can be used by the mediatior to lead the orchestration
16
Janes, Ricardo. "Estudo sobre sistemas de segurança em instalações elétricas automatizadas." Universidade de São Paulo, 2009. http://www.teses.usp.br/teses/disponiveis/3/3143/tde-29062009-181507/.
Full textAbstract:
Este trabalho apresenta um estudo sobre os principais sistemas de segurança utilizados em instalações elétricas automatizadas, com enfoque no controle de acesso físico, utilizando tecnologias biométricas. São apresentadas neste trabalho as principais características dos sistemas de segurança aplicados à detecção e combate de incêndios, ao controle do acesso físico, ao controle interno e externo da segurança, como circuitos fechados de televisão e controle de segurança perimetral, e as tecnologias biométricas que podem ser usadas para o controle de acesso de pessoas. É apresentado o desenvolvimento de um protótipo de baixo custo, utilizando tecnologia biométrica para o controle de acesso físico, assim como as principais vantagens e desvantagens, algoritmos e relações custo-benefício para o uso de biometria em sistemas de segurança. O estudo mostra que o uso da biometria como ferramenta para a melhoria dos sistemas de segurança existentes é uma tendência mundial, no entanto, existe uma preocupação crescente sobre a confidencialidade das informações biométricas das pessoas.This work presents a study of the main security systems used in automatized electric installations, with approach in the physical access control, using biometric technologies. The main characteristics of the security systems applied to the detection and fire combat, to the physical access control, to the internal and external security control, as closed-circuits television and perimetral security control, and the biometric technologies are presented in this work that can be used for the people access control. The development of a low cost prototype is presented, using biometric technology for the physical access control, as well as the main advantages and disadvantages, algorithms and cost-benefit relations for the use of biometry in security systems. The study shows that the use of the biometry as tool for the existing security systems improvement is a world-wide trend, however, an increasing concern exists of the people biometric information confidentiality.
17
Allwood, Gary Andrew. "Intensity based interrogation of optical fibre sensors for industrial automation and intrusion detection systems." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2015. https://ro.ecu.edu.au/theses/1702.
Full textAbstract:
In this study, the use of optical fibre sensors for intrusion detection and industrial automation systems has been demonstrated, with a particular focus on low cost, intensity-based, interrogation techniques. The use of optical fibre sensors for intrusion detection systems to secure residential, commercial, and industrial premises against potential security breaches has been extensively reviewed in this thesis. Fibre Bragg grating (FBG) sensing is one form of optical fibre sensing that has been underutilised in applications such as in-ground, in-fence, and window and door monitoring, and addressing that opportunity has been a major goal of this thesis. Both security and industrial sensor systems must include some centralised intelligence (electronic controller) and ideally both automation and security sensor systems would be controlled and monitored by the same centralised system. Optical fibre sensor systems that could be used for either application have been designed, developed, and tested in this study, and optoelectronic interfaces for integrating these sensors with electronic controllers have been demonstrated. The versatility of FBG sensors means that they are also ideal for certain mainstream industrial applications.
Two novel transducers have been developed in this work; a highly sensitive low pressure FBG diaphragm transducer and a FBG load cell transducer. Both have been designed to allow interrogation of the optical signal could occur within the housing of the individual sensors themselves. This is achieved in a simple and low cost manner that enables the output of the transducers to be easily connected to standard electronic controllers, such as programmable logic controllers. Furthermore, some of the nonlinear characteristics of FBG sensors have been explored with the aim of developing transducers that are inherently decoupled from strain and temperature interference. One of the major advantages of optical fibre sensors is their ability to be both time division and wavelength division multiplexed. The intensity-based interrogation techniques used here complement this attribute and are a major consideration when developing the transducers and optoelectronic circuits. A time division multiplexing technique, using transmit-reflect detection and incorporating a dual bus, has also been developed. This system architecture enables all the different optical fibre transducers on the network to have the same Bragg wavelength and hence the number of spare replacement transducers required is minimal. Moreover, sensors can be replaced in an online control system without disrupting the network. In addition, by analysing both the transmitted and reflected signals, problems associated with optical power fluctuations are eliminated and the intensity of the sensor signals is increased through differential amplification.
Overall, the research addresses the limitations of conventional electrical sensors, such as susceptibility to corrosive damage in wet and corrosive environments, and risk of causing an explosion in hazardous environments, as well as the limitations of current stand-alone optical fibre sensor systems. This thesis supports more alert, reliable, affordable, and coordinated, control and monitoring systems in an on-line environment.
18
Jonnalagadda, Hari Krishna. "Secure Communication Scheme in Smart Home Environment." Scholar Commons, 2016. http://scholarcommons.usf.edu/etd/6270.
Full textAbstract:
Internet of Things, has started to mark its existence from past few years. Right from its inception with a coke machine at Carnegie Mellon University, it has come a long way, connecting billions of devices to internet. This journey is well supported by the advancements in networking, hardware miniaturization and sensing capabilities. Diverse nature of applications of Internet of Things, has cut the communication barriers between the varieties of fields ranging from manufacturing industry to health-care industry. Smart Home is one such application of Internet of Things. Connectivity of home appliances, to achieve automation in living, defines Smart Home. Out of welter of applications that are derived from Internet of Things, this thesis concentrates on Smart Home. Smart Home, in practical is expected to conserve lot of energy, by achieving automation of home appliances, on par with best living experience. Existing technologies such as Z-wave, One-Net, ZigBee, Insteon, had already occupied the Smart Home communication. However, these technologies face the problem of identifying the smart devices uniquely and also exhibit security vulnerabilities. Proposed scheme exploits accelerometer fingerprinting to identify the smart devices uniquely. Security vulnerabilities of existing protocols are addressed by encrypting the data on move with CCM mode of AES encryption.
19
Lee, Kum-Yu Enid. "Privacy and security of an intelligent office form." Thesis, Kansas State University, 1986. http://hdl.handle.net/2097/9930.
Full text
20
Erturk, Volkan. "A Framework Based On Continuous Security Monitoring." Master's thesis, METU, 2008. http://etd.lib.metu.edu.tr/upload/12610139/index.pdf.
Full textAbstract:
Continuous security monitoring is the process of following up the IT systems by collecting measurements, reporting and analysis of the results for comparing the security level of the organization on continuous time axis to see how organizational security is progressing in the course of time. In the related literature there is very limited work done to continuously monitor the security of the organizations. In this thesis, a continuous security monitoring framework based on security metrics is proposed. Moreover, to decrease the burden of implementation a software tool called SecMon is introduced. The implementation of the framework in a public organization shows that the proposed system is successful for building an organizational memory and giving insight to the security stakeholders about the IT security level in the organization.
21
Pan, Zhiwen, and Zhiwen Pan. "A Context Aware Anomaly Behavior Analysis Methodology for Building Automation Systems." Diss., The University of Arizona, 2017. http://hdl.handle.net/10150/625624.
Full textAbstract:
Advances in mobile and pervasive computing, electronics technology, and the exponential growth in Internet of Things (IoT) applications and services has led to Building Automation System (BAS) that enhanced the buildings we live by delivering more energy-saving, intelligent, comfortable, and better utilization. Through the use of integrated protocols, a BAS can interconnects a wide range of building assets so that the control and management of asset operations and their services can be performed in one protocol. Moreover, through the use of distributed computing and IP based communication, a BAS can implement remote monitor and control in adaptive and real-time manner. However, the use of IoT and distributed computing techniques in BAS are leading to challenges to secure and protect information and services due to the significant increase in the attack surface and the inherent vulnerabilities of BAS integrated protocols. Since there is no intrusion detection and prevention available for BAS network, proposing a reliable security mechanism which can monitor the behavior of BAS assets becomes a major design issue.
Anomaly Based Intrusion Detection is a security mechanism that uses baseline model to describe the normal behaviors of a system, so that malicious behaviors occurred in a system can be detected by comparing the observed behavior to the baseline model. With its ability of detecting novel and new attacks, Anomaly based Behavior Analysis (ABA) has been actively pursued by researchers for designing Intrusion Detection Systems. Since the information acquired from a BAS system can be from a variety of sources (e.g. sensors, network protocols, temporal and spatial information), the traditional ABA methodology which merely focuses on analyzing the behavior of communication protocols will not be effective in protecting BAS networks.
In this dissertation we aim at developing a general methodology named Context Aware Anomaly based Behavior Analysis (CAABA) which combines Context Awareness technique with Anomaly based Behavior Analysis in order to detect any type of anomaly behaviors occurred in Building Automation Systems. Context Awareness is a technique which is widely used in pervasive computing and it aims at gathering information about a system's environment so it can accurately characterize the current operational context of the BAS network and its services. The CAABA methodology can be used to protect a variety of BAS networks in a sustainable and reliable way. To handle the heterogeneous BAS information, we developed a novel Context Aware Data Structure to represent the information acquired from the sensors and resources during execution of the BAS system which can explicitly describe the system's behavior. By performing Anomaly based Behavior Analysis over the set of context arrays using either data mining algorithm or statistical functions, the BAS baseline models are generated. To validate our methodology, we have applied it to two different building application scenarios: a smart building system which is usually implemented in industrial and commercial office buildings and a smart home system which is implemented in residential buildings, where we have achieved good detection results with low detection errors.
22
Romandini, Nicolò. "Evaluation and implementation of reinforcement learning and pattern recognition algorithms for task automation on web interfaces." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2021.
Find full textAbstract:
Automated task execution in a web context is a major challenge today. One of the main fields in which this is needed is undoubtedly that of Information Security, where it is becoming increasingly necessary to find techniques that allow security tests to be carried out without human intervention. Not only to relieve programmers from performing repetitive tasks, but above all to be able to perform many more tests in the same amount of time. Although techniques already exist to automate the execution of actions on web interfaces, these solutions are often limited to running in the environment for which they were designed. It is, indeed, impossible for them to execute the learnt behaviour in different and unseen environments. The aim of this thesis project is to analyse different Machine Learning techniques in order to find an optimal solution to this problem. In other words, to obtain an agent capable of executing a task in all the environments in which it operates. The approaches analysed and implemented can be traced back to two areas of Machine Learning, Reinforcement Learning and Pattern Recognition. Each approach was tested using real web applications in order to measure their abilities in a context as close to reality as possible. Although Reinforcement Learning approaches were found to be the most automated, they failed to achieve satisfactory results. On the contrary, the Pattern Recognition approach was found to be the most capable of executing tasks, even complex ones, in different and unseen environments, requiring, however, a lot of preliminary work.
23
Wang, Xiaolong. "A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems." Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7589.
Full textAbstract:
Building Automation System (BAS) is a complex distributed control system that is widely deployed in commercial, residential, industrial buildings for monitoring and controlling mechanical/electrical equipment. Through increasing industrial and technological advances, the control components of BAS are becoming increasingly interconnected. Along with potential benefits, integration also introduces new attack vectors, which tremendous increases safety and security risks in the control system. Historically, BAS lacks security design and relies on physical isolation and "security through obscurity". These methods are unacceptable with the "smart building" technologies. The industry needs to reevaluate the safety and security of the current building automation system, and design a comprehensive solution to provide integrity, reliability, and confidentiality on both system and network levels.
This dissertation focuses on the system level in the effort to provide a reliable computing foundation for the devices and controllers. Leveraged on the preferred security features such as, robust modular design, small privilege code, and formal verifiability of microkernel architecture, this work describes a security enhanced operating system with built-in mandatory access control and a proxy-based communication framework for building automation controllers. This solution ensures policy-enforced communication and isolation between critical applications and non-critical applications in a potentially hostile cyber environment.
24
Aslam, Mudassar. "Bringing Visibility in the Clouds : using Security, Transparency and Assurance Services." Doctoral thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-25376.
Full textAbstract:
The evolution of cloud computing allows the provisioning of IT resources over the Internet and promises many benefits for both - the service users and providers. Despite various benefits offered by cloud based services, many users hesitate in moving their IT systems to the cloud mainly due to many new security problems introduced by cloud environments. In fact, the characteristics of cloud computing become basis of new problems, for example, support of third party hosting introduces loss of user control on the hardware; similarly, on-demand availability requires reliance on complex and possibly insecure API interfaces; seamless scalability relies on the use of sub-providers; global access over public Internet exposes to broader attack surface; and use of shared resources for better resource utilization introduces isolation problems in a multi-tenant environment. These new security issues in addition to existing security challenges (that exist in today's classic IT environments) become major reasons for the lack of user trust in cloud based services categorized in Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS). The focus of this thesis is on IaaS model which allows users to lease IT resources (e.g. computing power, memory, storage, etc.) from a public cloud to create Virtual Machine (VM) instances. The public cloud deployment model considered in this thesis exhibits most elasticity (i.e. degree of freedom to lease/release IT resources according to user demand) but is least secure as compared to private or hybrid models. As a result, public clouds are not trusted for many use cases which involve processing of security critical data such as health records, financial data, government data, etc. However, public IaaS clouds can also be made trustworthy and viable for these use cases by providing better transparency and security assurance services for the user. In this thesis, we consider such assurance services and identify security aspects which are important for making public clouds trustworthy. Based upon our findings, we propose solutions which promise to improve cloud transparency thereby realizing trustworthy clouds. The solutions presented in this thesis mainly deal with the secure life cycle management of the user VM which include protocols and their implementation for secure VM launch and migration. The VM launch and migration solutions ensure that the user VM is always hosted on correct cloud platforms which are setup according to a profile that fulfills the use case relevant security requirements. This is done by using an automated platform security audit and certification mechanism which uses trusted computing and security automation techniques in an integrated solution. In addition to provide the assurance about the cloud platforms, we also propose a solution which provides assurance about the placement of user data in correct and approved geographical locations which is critical from many legal aspects and usually an important requirement of the user. Finally, the assurance solutions provided in this thesis increase cloud transparency which is important for user trust and to realize trustworthy clouds.
25
Christiaens, Steven A. "Evaluating the Security of Smart Home Hubs." BYU ScholarsArchive, 2015. https://scholarsarchive.byu.edu/etd/5631.
Full textAbstract:
The goal of this research is to improve the security of smart home hubs by developing a standard against which hubs can be evaluated. This was done by first reviewing existing standards, guides, and collections of best practices. I determined that adapting or extending an existing standard was the best way to proceed. Potential candidates were selected, and after thorough comparison, I chose to extend the OWASP Application Security Verification Standard (ASVS). Extensions were composed of additional security requirements to address smart home hub functionality not covered by the existing requirements of the ASVS. These additional requirements were developed based upon existing best practices and are referred to as the Smart Home Extensions. Where a best practice or guidance did not yet exist for a particular hub functionality, guidance from related fields was adapted. The entire set of Smart Home Extensions were reviewed by industry experts, updated based on feedback, and then sent on for further peer review. Four smart home hubs – VeraLite, Wink, Connect, and SmartThings – were evaluated using the ASVS with the Smart Home Extensions. The evaluation uncovered security vulnerabilities in all four hubs, some previously disclosed by other researchers, and others new. Analysis of the evaluation data suggests that authentication is a common problem area, among others. Based on the performance of the hubs and the data collected, I suggest that the ASVS and Smart Home Extensions can be an effective tool to provide insight into the security posture of smart home hubs.
26
Sun, Luyi. "SCLEX-Lang : A Threat Modeling Language for Substation Automation Systems." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-286831.
Full textAbstract:
Power systems in the industry today are adopting automated substations because of a growing trend of digitization. Substation automation has greatly reduced intervention from human as well as operation and maintenance costs. Although it has brought benefits, new challenges arise regarding security vulnerabilities, which can be opportunities for attackers to damage whole systems and eavesdrop communication. To keep the automated substations secure and free from attackers, threat modeling is one of the alternative methods that can be used to do attack simulation and assess the security of systems. KTH has developed Meta Attack Language, a framework for constructing domain specific languages in which threat models can be produced, based on which attack graphs will be created and attacks can be simulated. It is a framework for developers that eases them to generate attack graphs with new languages. Meta Attack Language has been applied to various of domains by now, such as In-vehicle Network and Amazon Web Services. This thesis is carried out in ABB, extending the previous work of SCLLang and ABB’s existing security assessment tool, and doing threat modeling specifically for substation automation. The final threat model is used to assess the security of products in ABB, which will also serve as a basis for further extension for the company.Energisystemen i industrin i dag antar automatiserade transformatorstationer på grund av en växande tendens till digitalisering. Automatisering av transformatorstationer har väldigt minskat interventionen från såväl mänskliga som drifts-och underhållskostnader. Även om det har medfört fördelar uppstår nya utmaningar när det gäller säkerhetsmässiga sårbarheter, vilket kan ge möjligheter för angripare att fördärva hela system och tjuvlyssna kommunikation. För att hålla de automatiserade transformatorstationerna säkra och fria från angripare är hotmodell en av de alternativa metoder som kan användas för att utföra attacksimulering och bedöma systemens säkerhet. KTH har utvecklat Meta Attack Language, en ram för att konstruera domänspecifika språk där hotmodeller kan framställas, på grund av vilka attackgraf kommer att skapas och angrepp kan simuleras. Det är en ram för utvecklare som underlättar för dem att skapa attackgraf med nya språk. Meta Attack Language har tillämpats på olika dömäner vid det här laget, såsom fordons-IT och Amazon Web Services. Avhandlingen genomförs hos ABB, som utvidgar SCLLang och ABB:s tidigare arbete med det befintliga säkerhetsbedömningsverktyget, och gör hotmodeller särskilt för automatisering av transformatorstationer. Den sista hotmodellen används för att bedöma säkerheten av produkter hos ABB, som också kommer att tjäna som grund för ytterligare utvidgning av företaget.
27
Mitchell, Samuel A. "Ground Vehicle Platooning Control and Sensing in an Adversarial Environment." DigitalCommons@USU, 2016. https://digitalcommons.usu.edu/etd/5021.
Full textAbstract:
The highways of the world are growing more congested. People are inherently bad drivers from a safety and system reliability perspective. Self-driving cars are one solution to this problem, as automation can remove human error and react consistently to unexpected events. Automated vehicles have been touted as a potential solution to improving highway utilization and increasing the safety of people on the roads. Automated vehicles have proven to be capable of interacting safely with human drivers, but the technology is still new. This means that there are points of failure that have not been discovered yet.
The focus of this work is to provide a platform to evaluate the security and reliability of automated ground vehicles in an adversarial environment. An existing system was already in place, but it was limited to longitudinal control, relying on a steel cable to keep the vehicle on track. The upgraded platform was developed with computer vision to drive the vehicle around a track in order to facilitate an extended attack. Sensing and control methods for the platform are proposed to provide a baseline for the experimental platform.
Vehicle control depends on extensive sensor systems to determine the vehicle position relative to its surroundings. A potential attack on a vehicle could be performed by jamming the sensors necessary to reliably control the vehicle. A method to extend the sensing utility of a camera is proposed as a countermeasure against a sensor jamming attack. A monocular camera can be used to determine the bearing to a target, and this work extends the sensor capabilities to estimate the distance to the target. This provides a redundant sensor if the standard distance sensor of a vehicle is compromised by a malicious agent. For a 320×200 pixel camera, the distance estimation is accurate between 0.5 and 3 m.
One previously discovered vulnerability of automated highway systems is that vehicles can coordinate an attack to induce traffic jams and collisions. The effects of this attack on a vehicle system with mixed human and automated vehicles are analyzed. The insertion of human drivers into the system stabilizes the traffic jam at the cost of highway utilization.
28
Dutson, Jonathan William. "Managing Two-Factor Authentication Setup Through Password Managers." BYU ScholarsArchive, 2020. https://scholarsarchive.byu.edu/etd/8976.
Full textAbstract:
Two-factor authentication (2FA) provides online accounts with protection against remote account compromise. Despite the security benefits, adoption of 2FA has remained low, in part due to poor usability. We explore the possibility of improving the usability of the 2FA setup process by providing setup automation through password managers. We create a proof-of-concept KeePass (a popular password manager) extension that adds browser-based automation to the 2FA setup process and conduct a 30-participant within-subjects user study to measure user perceptions about the system. Our system is found to be significantly more usable than the current manual method of 2FA setup for multiple online accounts, with our system receiving an average SUS score of ‘A’ while the manual setup method received an average score of ‘D’. We conduct a meta-analysis of some of the most common methods of 2FA used by websites today and propose a web API that could increase the speed, ease, and scalability of 2FA setup automation. Our threat analysis suggests that using password managers for 2FA automation can be implemented without introducing significant security risks to the process. The promising results from our user study and analysis indicate that password managers have strong potential for improving the usability of 2FA setup.
29
Bardas, Alexandru Gavril. "Evaluating and quantifying the feasibility and effectiveness of whole IT system moving target defenses." Diss., Kansas State University, 2016. http://hdl.handle.net/2097/32570.
Full textAbstract:
Doctor of PhilosophyComputing and Information Sciences
Scott A. DeLoach
Xinming (Simon) Ou
The Moving Target Defense (MTD) concept has been proposed as an approach to rebalance the security landscape by increasing uncertainty and apparent complexity for attackers, reducing their window of opportunity, and raising the costs of their reconnaissance and attack efforts. Intuitively, the idea of applying MTD techniques to a whole IT system should provide enhanced security; however, little research has been done to show that it is feasible or beneficial to the system’s security. This dissertation presents an MTD platform at the whole IT system level in which any component of the IT system can be automatically and reliably replaced with a fresh new one. A component is simply a virtual machine (VM) instance or a cluster of instances. There are a number of security benefits when leveraging such an MTD platform. Replacing a VM instance with a new one with the most up-to-date operating system and applications eliminates security problems caused by unpatched vulnerabilities and all the privileges the attacker has obtained on the old instance. Configuration parameters for the new instance, such as IP address, port numbers for services, and credentials, can be changed from the old ones, invalidating the knowledge the attackers already obtained and forcing them to redo the work to re-compromise the new instance. In spite of these obvious security benefits, building a system that supports live replacement with minimal to no disruption to the IT system’s normal operations is difficult. Modern enterprise IT systems have complex dependencies among services so that changing even a single instance will almost certainly disrupt the dependent services. Therefore, the replacement of instances must be carefully orchestrated with updating the settings of the dependent instances. This orchestration of changes is notoriously error-prone if done manually, however, limited tool support is available to automate this process. We designed and built a framework (ANCOR) that captures the requirements and needs of a whole IT system (in particular, dependencies among various services) and compiles them into a working IT system. ANCOR is at the core of the proposed MTD platform (ANCOR-MTD) and enables automated live instance replacements. In order to evaluate the platform’s practicality, this dissertation presents a series of experiments on multiple IT systems that show negligible (statistically non-significant) performance impacts. To evaluate the platform’s efficacy, this research analyzes costs versus security benefits by quantifying the outcome (sizes of potential attack windows) in terms of the number of adaptations, and demonstrates that an IT system deployed and managed using the proposed MTD platform will increase attack difficulty.
30
Жуковський, Андрій Віталійович. "Система автоматизації адміністрування сайту." Bachelor's thesis, КПІ ім. Ігоря Сікорського, 2020. https://ela.kpi.ua/handle/123456789/37533.
Full textAbstract:
Дипломна робота: 118 с., 40 рис., 10 табл., 3 додатки, 26 джерел.
Метою роботи є розробка системи автоматизації адміністрування сайту для надання спортивних послуг на ринку Укаїни.
В роботі проведено дослідження та аналіз ринку надання спортивних послуг, методи і методології для автоматизації адміністрування та виявлення функціона необхідних для вирішення проблематик адміністрування.
У ході дослідження було встановлено необхідні функції для зменшення затрат часу та ресурсів на проведення адміністративних операції, як зі сторони адміністрації та зі сторони користувачів.
Було реалізовано веб-сервіс для управління, обробки та внесення даних з необхідними функціями для автоматизації адміністрування, також було реалізовано веб-інтерфейс, який взаємодіє з веб-сервісом. Планується розвивати роботу у напрямку розростання функціоналу, також перехід на нативні додатки різних платформ.Diploma Thesis (Bachelor’s Thesis): 118 p., 40 fig., 10 tabl., 3 annexes, 26 sources. The purpose of the work is to develop a system of automation of site administration for the provision of sports services in the Ukrainian market. The research and analysis of the market of sports services, methods and methodologies for automation of administration and identification of functions necessary for solving administrative problems are carried out in the work. The study identified the necessary functions to reduce the time and resources spent on administrative operations, both on the part of the administration and on the part of users. A web service for managing, processing and entering data with the necessary functions for automation of administration was implemented, as well as a web interface that interacts with the web service. It is planned to develop work in the direction of growing functionality, as well as the transition to native applications of different platforms.
31
Giallorenzo, Saverio. "Workflow Patterns for Service Oriented Computing in JOLIE." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2012. http://amslaurea.unibo.it/3870/.
Full textAbstract:
Il presente lavoro di tesi ha come punto focale la descrizione, la verifica e la dimostrazione della realizzabilità dei Workflow Patterns di Gestione del Flusso(Control-Flow) e Risorse (Resource) definiti da parte della Workflow Pattern Initiative (WPI)in JOLIE, un innovativo linguaggio di programmazione orientato ai servizi nato nell'ambito del Service Oriented Computing.
Il Service Oriented Computing (SOC) è un nuovo modo di pensare la programmazione di applicazioni distribuite, i cui concetti fondamentali sono i servizi e la composizione. L’approccio SOC definisce la possibilità di costruire un’applicazione in funzione dei servizi che ne realizzano il comportamento tramite una loro composizione, definita secondo un particolare flusso di lavoro.
Allo scopo di fornire la necessaria conoscenza per capire la teoria, le meccaniche e i costrutti di JOLIE utilizzati per la realizzazione dei pattern, il seguente lavoro di tesi è stato diviso in quattro parti, corrispondenti ad altrettanti capitoli.
Nel primo capitolo viene riportata una descrizione generale del SOC e della Business Process Automation (BPA), che costituisce l’ambiente in cui il SOC è inserito.
Per questo viene fatta una disamina della storia informatica sui sistemi distribuiti, fino ad arrivare ai sistemi odierni, presentando in seguito il contesto del BPA e delle innovazioni derivanti dalle sue macro-componenti, di cui il SOC fa parte.
Continuando la descrizione dell’approccio Service Oriented, ne vengono presentati i requisiti (pre-condizioni) e si cerca di dare una definizione precisa del termine “servizio”, fino all'enunciazione dei principi SOC declinati nell’ottica delle Service Oriented Architectures, presentando in ultimo i metodi di composizione dei servizi, tramite orchestrazione e coreografia.
L’ultima sezione del capitolo prende in considerazione il SOC in un’ottica prettamente industriale e ne evidenzia i punti strategici.
Il secondo capitolo è incentrato sulla descrizione di JOLIE, gli aspetti fondamentali dell’approccio orientato ai servizi, che ne caratterizzano profondamente la definizione concettuale (SOCK), e la teoria della composizione dei servizi.
Il capitolo non si pone come una descrizione esaustiva di tutte le funzionalità del linguaggio, ma considera soprattutto i concetti teorici, le strutture di dati, gli operatori e i costrutti di JOLIE utilizzati per la dimostrazione della realizzabilità dei Workflow Pattern del capitolo successivo.
Il terzo capitolo, più lungo e centrale rispetto agli altri, riguarda la realizzazione dei workflow pattern in JOLIE. All'inizio del capitolo viene fornita una descrizione delle caratteristiche del WPI e dei Workflow Pattern in generale. In seguito, nelle due macro-sezioni relative ai Control-Flow e Resource pattern vengono esposte alcune nozioni riguardanti le metodologie di definizione dei pattern (e.g. la teoria sulla definizione delle Colored Petri Nets) e le convezioni adottate dal WPI, per passare in seguito al vero e proprio lavoro (sperimentale) di tesi riguardo la descrizione dei pattern, l’analisi sulla loro realizzabilità in JOLIE, insieme ad un codice di esempio che esemplifica quanto affermato dall'analisi.
Come sommario delle conclusioni raggiunte sui pattern, alla fine di ognuna delle due sezioni definite in precedenza, è presente una scheda di valutazione che, con lo stesso metodo utilizzato e definito dalla WPI, permette di avere una rappresentazione generale della realizzabilità dei pattern in JOLIE.
Il quarto capitolo riguarda gli esiti tratti dal lavoro di tesi, riportando un confronto tra le realizzazioni dei pattern in JOLIE e le valutazioni del WPI rispetto agli altri linguaggi da loro considerati e valutati. Sulla base di quanto ottenuto nel terzo capitolo vengono definite le conclusioni del lavoro portato avanti sui pattern e viene delineato un’eventuale scenario riguardante il proseguimento dell’opera concernente la validazione ed il completamento della studio.
In ultimo vengono tratte alcune conclusioni sia riguardo JOLIE, nel contesto evolutivo del linguaggio e soprattutto del progetto open-source che è alla sua base, sia sul SOC, considerato nell’ambito del BPA e del suo attuale ambito di sviluppo dinamico.
32
Šabart, Otto. "Testování Open vSwitch a DPDK." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2017. http://www.nusl.cz/ntk/nusl-363892.
Full textAbstract:
The project is about the virtual switch called Open vSwitch and its architecture. It deals with an acceleration of the switch mainly by using Data Plane Development Kit (DPDK). Furthermore, it describes the architecture of the DPDK kit and analyses the individual functional units. Furthermore, it describes the architecture of the DPDK kit, analyses the individual functional units and describes the possibilities of its configuration. Another part of the project describes the methodology chosen for a performance testing of virtual switches. Subsequently, this methodology was used to make a design and environment implementation for fully automatic Open vSwitch s DPDK performance testing with the use of automatic systems such as Koji, Jenkins, Beaker a VSperf. Simultaneously, the tools for automatic comparison of produced results were implemented. The created environment was then used for the performance measurement of several basic Open vSwitch configurations with and without the use of DPDK. The implemented measurements are discussed and evaluated in the project. The final project's stage provides a great amount of the enlargement and improvement of the implemented tests.
33
Viggiani, Fabio. "Design and implementation of a non-aggressive automated penetration testing tool : An approach to automated penetration testing focusing on stability and integrity for usage in production environments." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-122906.
Full textAbstract:
The focus of this Master’s thesis project is automated penetration testing. A penetration test is a practice used by security professionals to assess the security of a system. This process consists of attacking the system in order to reveal flaws. Automating the process of penetration testing brings some advantages, the main advantage being reduced costs in terms of time and human resources needed to perform the test. Although there exist a number of automated tools to perform the required procedures, many security professionals prefer manual testing. The main reason for this choice is that standard automated tools make use of techniques that might compromise the stability and integrity of the system under test. This is usually not acceptable since the majority of penetration tests are performed in an operating environment with high availability requirements. The goal of this thesis is to introduce a different approach to penetration testing automation that aims to achieve useful test results without the use of techniques that could damage the system under test. By investigating the procedures, challenges, and considerations that are part of the daily work of a professional penetration tester, a tool was designed and implemented to automate this new process of non-aggressive testing. The outcome of this thesis project reveals that this tool is able to provide the same results as standard automated penetration testing procedures. However, in order for the tool to completely avoid using unsafe techniques, (limited) initial access to the system under test is needed.Det här examensarbete fokuserar i automatiserade penetrationstester. Penetrationstester används av säkerhetsspecialister för att bedöma säkerheten i ett system. Processen av ett penetrationstest består av olika attacker mot ett system för att hitta säkerhetshål. Automatiserade penetrationstester har fördelar som faktumet att det kostar mindre i tid och i mänskliga resurser som krävs. Trots att det finns många olika automatiserade verktyg för penetrationstestning, väljer många säkerhetsspecialister att göra det manuellt. Den största anledningen till att det görs manuellt är för att automatiserade verktygen använder sig av tekniker som kan kompromissa systemets stabilitet samt integritet. Det tillåts ofta inte, eftersom majoriteten av penetrationstesterna utförs i produktionsmiljöer som kräver hög tillgänglighet. Målet för det här examensarbetet är att introducera ett nytt tillvägagångssätt för automatiserad penetrationstestning, som inriktar sig på att ta fram användbara resultat utan tekniker som kan störa system under drift. Genom att undersöka procedurerna, utmaningarna samt vad som en penetrationstestare tar hänsyn till kommer ett verktyg designas och implementeras för att automatisera flödet av ett icke-aggressivt test. Resultatet av examensarbetet visar på att verktyget utvecklat kan uppnå samma resultat som de standardiserade penetrations-procedurerna givet begränsad tillgång till systemet.
34
Kahlström, Joakim, and Johan Hedlin. "Automating software installation for cyber security research and testing public exploits in CRATE." Thesis, Linköpings universitet, Databas och informationsteknik, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177401.
Full textAbstract:
As cyber attacks are an ever-increasing threat to many organizations, the need for controlled environments where cyber security defenses can be tested against real-world attacks is increasing. These environments, called cyber ranges, exist across the world for both military and academic purposes of various scales. As the function of a cyber range involves having a set of computers, virtual or physical, that can be configured to replicate a corporate network or an industrial control system, having an automated method of configuring these can streamline the process of performing different exercises. This thesis aims to provide a proof of concept of how the installation of software with known vulnerabilities can be performed and examines if the software is vulnerable directly after installation. The Cyber Range And Training Environment (CRATE) developed by the Swedish Defence Research Agency (FOI) is used as a testbed for the installations and FOI-provided tools are used for launching automated attacks against the installed software. The results show that installations can be performed without Internet access and with minimal network traffic being generated and that our solution can rewrite existing software packages from the package manager Chocolatey to work with an on-premises repository with an 85% success rate. It is also shown that very few publicly available exploits succeed without any manual configuration of either the exploit or the targeted software. Our work contributes to making it easier to set up environments where cyber security research and training can be conducted by simplifying the process of installing vulnerable applications.
35
Hrozek, Jakub. "Penetrační testování open-source software." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2010. http://www.nusl.cz/ntk/nusl-237145.
Full textAbstract:
This thesis discusses the design and implementation of integrated penetration testing system. In the first two chapters, the reader is introduced to the topic of penetration testing. The basic techniques and classification of tests are described as well as some of the most widely used methodologies. It also discusses the need to automate the testing process. The fifth and sixth chapter discuss specification and detailed design of integrated penetration testing tool. Its implementation and the problems that had arisen during the process are the theme of chapter seven. The last part of the thesis describes practical experiments done with the tool and gives the reader some advice on securing computer networks.
36
Avanesov, Tigran. "Résolution de contraintes de déductibilité : application à la composition de services Web sécurisés." Phd thesis, Université Henri Poincaré - Nancy I, 2011. http://tel.archives-ouvertes.fr/tel-00641237.
Full textAbstract:
Les contraintes de déductibilité ont été introduites pour vérifier les protocoles cryptographiques. Cette thèse présente une procédure de décision pour le problème de satisfaisabilité des systèmes généraux de contraintes de déductibilité. Deux cas sont envisagés: la théorie de Dolev-Yao standard et son extension par un opérateur associatif, commutatif, idempotent. Le résultat est utilisé pour résoudre le problème de l'orchestration automatique et distribué de services Web sécurisés. Comme seconde application nous proposons une procédure pour décider la sécurité d'un nombre fini de sessions de protocole en présence de plusieurs intrus qui ne communiquent pas. Nous montrons également comment il est possible de détecter certaines attaques par réécriture qui exploitent le format des messages en XML.
37
Kero, Chanelle. "A Literature Review of Connected and Automated Vehicles : Attack Vectors Due to Level of Automation." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-80322.
Full textAbstract:
The manufacturing of connected and automated vehicles (CAVs) is happening and they are aiming at providing an efficient, safe, and seamless driving experience. This is done by offering automated driving together with wireless communication to and from various objects in the surrounding environment. How automated the vehicle is can be classified from level 0 (no automation at all) to level 5 (fully automated). There is many potential attack vectors of CAVs for attackers to take advantage of and these attack vectors may change depending on what level of automation the vehicle have. There are some known vulnerabilities of CAVs where the security has been breached, but what is seemed to be lacking in the academia in the field of CAVs is a place where the majority of information regarding known attack vectors and cyber-attacks on those is collected. In addition to this the attack vectors may be analyzed for each level of automation the vehicles may have. This research is a systematic literature review (SLR) with three stages (planning, conducting, and report) based on literature review methodology presented by Kitchenham (2004). These stages aim at planning the review, finding articles, extracting information from the found articles, and finally analyzing the result of them. The literature review resulted in information regarding identified cyberattacks and attack vectors the attackers may use as a path to exploit vulnerabilities of a CAV. In total 24 types of attack vectors were identified. Some attack vectors like vehicle communication types, vehicle applications, CAN bus protocol, and broadcasted messages were highlighted the most by the authors. When the attack vectors were analyzed together with the standard of ‘Levels of Driving Automation’ it became clear that there are more vulnerabilities to consider the higher level of automation the vehicle have. The contributions of this research are hence (1) a broad summary of attack vectors of CAVs and (2) a summary of these attack vectors for every level of driving automation. This had not been done before and was found to be lacking in the academia.
38
Troják, Pavel. "Přístupové a zabezpečovací systémy v automatizaci budov." Master's thesis, Vysoké učení technické v Brně. Fakulta strojního inženýrství, 2009. http://www.nusl.cz/ntk/nusl-228599.
Full textAbstract:
This thesis deals with automation of buildings, provides the possibility of automation in today's intelligent buildings. The issue of building automation for security and access systems is solved in details. This thesis contains the basic rules of the systems and procedure in the implementation of access and security systems. The target of this thesis is the proposal of the access and security system for buildings. Part of the thesis is also creating a model, on which will be presented the access and security system. This model will be used by the company ELMONT GROUP as a basis for dealing with contracts.
39
Ottosson, Henrik, and Per Lindquist. "Penetration testing for the inexperienced ethical hacker : A baseline methodology for detecting and mitigating web application vulnerabilities." Thesis, Linköpings universitet, Databas och informationsteknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148581.
Full textAbstract:
Having a proper method of defense against attacks is crucial for web applications to ensure the safety of both the application itself and its users. Penetration testing (or ethical hacking) has long been one of the primary methods to detect vulnerabilities against such attacks, but is costly and requires considerable ability and knowledge. As this expertise remains largely individual and undocumented, the industry remains based on expertise. A lack of comprehensive methodologies at levels that are accessible to inexperienced ethical hackers is clearly observable. While attempts at automating the process have yielded some results, automated tools are often specific to certain types of flaws, and lack contextual flexibility. A clear, simple and comprehensive methodology using automatic vulnerability scanners complemented by manual methods is therefore necessary to get a basic level of security across the entirety of a web application. This master's thesis describes the construction of such a methodology. In order to define the requirements of the methodology, a literature study was performed to identify the types of vulnerabilities most critical to web applications, and the applicability of automated tools for each of them. These tools were tested against various existing applications, both intentionally vulnerable ones, and ones that were intended to be secure. The methodology was constructed as a four-step process: Manual Review, Testing, Risk Analysis, and Reporting. Further, the testing step was defined as an iterative process in three parts: Tool/Method Selection, Vulnerability Testing, and Verification. In order to verify the sufficiency of the methodology, it was subject to Peer-review and Field experiments.Att ha en gedigen metodologi för att försvara mot attacker är avgörande för att upprätthålla säkerheten i webbapplikationer, både vad gäller applikationen själv och dess användare. Penetrationstestning (eller etisk hacking) har länge varit en av de främsta metoderna för att upptäcka sårbarheter mot sådana attacker, men det är kostsamt och kräver stor personlig förmåga och kunskap. Eftersom denna expertis förblir i stor utsträckning individuell och odokumenterad, fortsätter industrin vara baserad på expertis. En brist på omfattande metodiker på nivåer som är tillgängliga för oerfarna etiska hackare är tydligt observerbar. Även om försök att automatisera processen har givit visst resultat är automatiserade verktyg ofta specifika för vissa typer av sårbarheter och lider av bristande flexibilitet. En tydlig, enkel och övergripande metodik som använder sig av automatiska sårbarhetsverktyg och kompletterande manuella metoder är därför nödvändig för att få till en grundläggande och heltäckande säkerhetsnivå. Denna masteruppsats beskriver konstruktionen av en sådan metodik. För att definiera metodologin genomfördes en litteraturstudie för att identifiera de typer av sårbarheter som är mest kritiska för webbapplikationer, samt tillämpligheten av automatiserade verktyg för var och en av dessa sårbarhetstyper. Verktygen i fråga testades mot olika befintliga applikationer, både mot avsiktligt sårbara, och sådana som var utvecklade med syfte att vara säkra. Metodiken konstruerades som en fyrstegsprocess: manuell granskning, sårbarhetstestning, riskanalys och rapportering. Vidare definierades sårbarhetstestningen som en iterativ process i tre delar: val av verkyg och metoder, sårbarhetsprovning och sårbarhetsverifiering. För att verifiera metodens tillräcklighet användes metoder såsom peer-review och fältexperiment.
40
Dušek, Daniel. "Automatizace penetračního testování webových aplikací." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2019. http://www.nusl.cz/ntk/nusl-403167.
Full textAbstract:
Tato práce má dva cíle - navrhnout obecně aplikovatelný přístup k penetračnímu testování webových aplikací, který bude využívat pouze nedestruktivních interakcí, a dále pak implementovat nástroj, který se tímto postupem bude řídit. Navrhovaný přístup má tři fáze - v první fázi tester posbírá požadavky pro testovací sezení (včetně požadavků na nedestruktivnost) a připraví si nástroje a postupy, kterých při testování využije, následně začne s průzkumem. V druhé fázi využije dodatečných nástrojů pro zpracování informací z předchozí fáze a pro ověření a odhalení zranitelností. Ve třetí fázi jsou všechny informace překovány ve zprávu o penetračním testování. Implementovaný nástroj je postavený na modulech, které jsou schopny odhalení reflektovaného XSS, serverových miskonfigurací, skrytých adresních parametrů a skrytých zajímavých souborů. V porovnání s komerčním nástrojem Acunetix je implementovaný nástroj srovnatelný v detekci reflektovaného XSS a lepší v detekci skrytých zajímavých souborů. Práce také originálně představuje nástroj pro sledování postranního kanálu Pastebin.com s cílem detekce utíkajících informací.
41
Valičková, Monika. "Řízení bezpečnosti inteligentní domácnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2018. http://www.nusl.cz/ntk/nusl-378362.
Full textAbstract:
This diploma thesis is focused on increasing Smart Home Control System security in terms of information, network and physical security. It is based on a risk analysis of the current state of applied security management and the needs of the house owner. Both security countermeasure and cost analysis are thoroughly discussed, and the thesis also contains methodology, which describes the management of smart home security and improvement of end-user security awareness.
42
Дудик, Василь Юрійович, and Vasyl Dudyk. "Розробка та дослідження автоматизованої системи безпеки офісного приміщення на базі ультразвукового та контактних давачів." Master's thesis, Тернопільський національний технічний університет ім. І. Пулюя, Факультет прикладних інформаційних технологій та електроінженерії, Кафедра автоматизації технологічних процесів і виробництв, 2020. http://elartu.tntu.edu.ua/handle/lib/33272.
Full textAbstract:
Робота виконана на кафедрі автоматизації технологічних процесів і виробництв факультету прикладних інформаційних технологій та електроінженерії Тернопільського національного технічного університету імені Івана Пулюя Міністерства освіти і науки України. Захист відбудеться «22» грудня 2020р. о 14.00год. на засіданні екзаменаційної комісії №22 у Тернопільському національному технічному університеті імені Івана ПулюяУ даній кваліфікаційній роботі розроблено складальні креслення автоматичних офісних дверей, систему управління дверима, яка включає також блок контролю доступу в приміщення. Крім того досліджено, що загальна ймовірність зондування покращується за рахунок використання декількох датчиків, що мають механізму збільшення сигналізування. Результатом є вища вартість завдяки використанню декількох датчиків, схем підсилювача та схеми сигналізації. Проте це дозволяє підвищувати надійність та значно зменшує кількість помилкових тривог із системи офісного спостереження.
In this qualification work, assembly drawings of automatic office doors, a door control system, which also includes a control unit for access to the premises. In addition, it was investigated that the overall probability of sounding is improved through the use of several sensors with a mechanism to increase the signaling. The result is a higher cost due to the use of multiple sensors, amplifier circuits and signaling circuits. However, this increases reliability and significantly reduces the number of false alarms from the office surveillance system.
ВCТYП 4 1 АНАЛІТИЧНА ЧАСТИНА 5 1.1 Аналіз відомих технічних рішень з питань автоматизації технологічного процесу 5 1.2 Обґрунтування актуальності автоматизації вибраного напрямку розробки 8 2 ТЕХНОЛОГІЧНА ЧАСТИНА 11 2.1 Аналіз вихідних даних на проектування і розробка технічного завдання на проектування 11 2.2. Опис структурної та кінематичної схем системи 12 2.3 Опис алгоритму роботи автоматичної системи 14 3. КОНСТРУКТОРСЬКА ЧАСТИНА 18 3.1 Розробка електричної принципової схеми системи керування електродвигунами 18 3.2 Алгоритми керуючої програми 27 3.3. Розробка керуючої програми 33 4 НAYКOВO-ДOCЛІДНA ЧACТИНA 37 4.1 Дослідження застосування механізму збільшення сигналізування ультразвукових давачів 37 4.1.1 Механізм сигналізування 38 4.1.1 Архітектура системи 40 5 CПЕЦІAЛЬНA ЧACТИНA 48 5.1 Модулювання вимірювання в приміщенні 48 6 OХOPOНA ПPAЦІ ТA БЕЗПЕКA В НAДЗВИЧAЙНИХ CИТYAЦІЯХ 54 6. Охорона праці та безпека в надзвичайних ситуаціях 54 6.1 Заходи з охорони праці 54 6.1.1 Характеристика пристрою та корекція його конструкції з точки зору охорони праці 54 6.1.2 Розрахунок захисного заземлення для пристрою управління автоматичними дверима 55 6.2 Заходи з безпеки в надзвичайних ситуаціях 58 6.2.1 Обгрунтування необхідності і доцільності підвищення стійкості роботи підприємств в умовах надзвичайних ситуацій 58 6.2.2 Оцінка стійкості підприємства до дії ударної хвилі ядерного вибуху. 59 ВИCНOВКИ (62)3 ПЕPЕЛІК ПOCИЛAНЬ (63)4 ДОДАТКИ (66)7
43
Horn, Christian [Verfasser], Jörg [Akademischer Betreuer] Krüger, Jean-Pierre [Akademischer Betreuer] Seifert, Jörg [Gutachter] Krüger, Jean-Pierre [Gutachter] Seifert, and Michael [Gutachter] Meier. "Information security for industrial applications : detection of anomalous values in industrial automation technology infrastructures / Christian Horn ; Gutachter: Jörg Krüger, Jean-Pierre Seifert, Michael Meier ; Jörg Krüger, Jean-Pierre Seifert." Berlin : Technische Universität Berlin, 2019. http://d-nb.info/1191256537/34.
Full text
44
Fältros, Jesper, Isak Alinger, and Bergen Axel von. "Safety risks with ZigBee smart devices : Identifying risks and countermeasures in ZigBee devices with an eavesdropping experiment." Thesis, Tekniska Högskolan, Jönköping University, JTH, Datateknik och informatik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-49630.
Full textAbstract:
With ZigBee being the world’s leading IoT protocol, users are vulnerable to attacks on the wireless communication between ZigBee devices and the information that can be gained from them. For users to protect themselves from potential attacks they need to be aware of what information can be extracted and how it can be countered. Through an eavesdropping experiment, done using three individual sensors from different vendors, various packets with potential for misuse have been identified within the area of building security. With the potential areas of misuse identified, there is also a need for countermeasures against these threats. Countermeasures were identified through a collection of literature that was summarized in order to provide a wide range of alternatives, suitable to different scenarios. The experiment was limited to the functions of the sensors used, as well as traffic using the ZigBee protocol. This study pinpoints a potential for misuse of the ZigBee traffic sent between devices and shows that the ZigBee protocol is fundamentally flawed from a security aspect. Whilst countermeasures exist, they are not applicable to every situation which is why the ZigBee protocol itself needs further development to be considered secure.
45
Carohl, Qvist Amanda. "IOT inom hemautomation : Jämförande av open-source kontrollers." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-18922.
Full textAbstract:
Internet Of Things (IoT) och hemautomation innebär möjligheten att koppla upp diverse enheter i ett hem gentemot internet, som därefter har som mål att underlätta och göra konsumenters vardag mer bekvämt. Hemautomation kan exempelvis handla om att låsa dörrar och tända lampor från en enda enhet (kontrollern), vilket underlättar då konsumenten inte behöver gå till vardera enhet för att utföra önskade aktiviteter. Kontrollers är den del av ett IoT-system inom hemautomation som agerar gränssnittet mellan konsumenten och enheterna.Open-source erbjuder konsumenter ett mer fritt nyttjande av produkter pga. dess öppna källkod. Många problem och frågor som uppstår i samband med dessa produkter härstammar inom området av säkerhet, samt vad som skiljer produkterna åt avseende säkerhet.Denna studie har samlat ihop sex open-source kontrollers och genomfört en jämförelse för att identifiera vilka kontrollers som uppnår säkerhet avseende konfidentialitet, integritet och tillgänglighet. Detta har utförts genom att identifiera vilka värden som förekommer i tidigare artiklar där säkerheten utvärderas för IoT och hemautomation, och för kontrollers.Studien kopplar ihop identifierade värden med CIA modellen, vilket står för confidentiality, integrity och availability (konfidentialitet, integritet och tillgänglighet). I samband med CIA modellen presenteras ett resultat där studiens aktuella kontrollers visar till vilken nivå de upprätthåller CIA modellen, baserat på det identifierade värden som fastställts. De kontrollers som förekommer i studien är Home Genie, OpenHAB, Home Assistant, Domoticz, Calaos och Pimatic.Studiens resultat erhålls via en litterär undersökning av 25 tidigare studier samt 12st tillkommande tekniska dokumentationer och forum för samtliga tillhörande kontrollers. Samtliga studier har blivit hämtade från databaserna Google Scholar, IEEE Xplore och ACM Digital Library och har därefter blivit analyserade och tematiskt kodade för vidare information. Totalt har studiens material genomgått urval i fem steg för att garantera relevant material som stämmer överens med studiens kriterier och mål för innehåll. Studiens resultat presenterar en ögonblicksbild som ger kunskap om jämförda kontrollers, specifikt i samband med CIA modellen, vilket belyser produkterna i samband för området av säkerhet avseende konfidentialitet, integritet och tillgänglighet.Internet of Things (IoT) and home automation means the opportunity to connect various devices in a home to the Internet, which has the goal of facilitating and making consumers’ everyday lives more comfortable. For example, home automation could be about locking doors and lighting lamps from a single device (the controller), which may make it easier for the consumer since the consumer does not have to go to each device to perform the desired activity. Controllers are the part of a home automation IoT-system that acts as an interface between the consumer and the devices.Open-source offers consumers a freer use of products, due to its open-source code. Many problems and issues that arise in connection with these products originate in the field of security, as well as what distinguishes the products in terms of security.This study has collected six open-source controllers and conducted a comparison to identify which controllers achieve security regarding confidentiality, integrity and availability. This has been done by identifying the values that appear in previous articles where security is evaluated for IoT and home automation, and controllers.This study links identified values with the CIA model, which stands for confidentiality, integrity, and availability. In accordance with the CIA model, a result is presented where the study’s current controllers show to what level they maintain the CIA model, based on the identifies values established. The controllers that appears in this study are Home Genie, OpenHAB, Home Assistant, Domoticz, Calaos, and Pimatic.This study’s results are obtained through a literary study of 25 studies, and 12 additional technical documentations and information through forums for all the associated controllers. All studies have been retrieved from the Google Scholar database, IEEE Xplore, and ACM Digital Library, and subsequently analyzed and thematically coded for further information. In total, the material of this study has been selected in five steps to ensure relevant material that meets this study’s criteria and objectives for content. This study’s results present an overview that provides knowledge about compared controllers, specifically in connection with the CIA model which highlights the products in the field of security, regarding confidentiality, integrity, and availability.
46
Pathan, Sakib, and Erik Stenström. "Säkerhetsfrågor beträffande Sakernas Internet med fokus på fastighetsinfrastruktur." Thesis, KTH, Data- och elektroteknik, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-168949.
Full textAbstract:
I detta examensarbete görs en analys av säkerheten hos några av de driftundercentraler som används i fastigheter som Riksbyggen förvaltar. Driftundercentralerna används för att kontrollera olika delar i en fastighet, exempelvis belysning och temperatur. I de flesta fall nås respektive driftundercentral via en egen publik IP-adress, medan vissa tillverkare har en molntjänst för sina driftundercentraler. Syftet med examensarbetet har varit att undersöka de olika driftundercentralernas säkerhet, upptäcka brister och ge förbättringsförslag till dessa. Därutöver ges också exempel på hur smarta hem kan byggas upp. Undersökningen har gjorts på flera sätt, dels med hjälp av kontrollerade attacker men även genom att samla information om driftundercentralerna och hur de fungerar. Utifrån de undersökningar som gjorts har ett antal brister kunnat konstateras, bl.a. när det gäller lösenordens styrka och kryptering av dessa. Generella förslag på förbättringar har getts för att minska sårbarheten för eventuella attacker som kan ske i framtiden.This project presents an analysis of the security regarding some of the controllers which are used in real estates managed by Riksbyggen. The controllers are used to control different parts of a property, such as lighting and temperature. In most cases, the controllers are reached via their own public IP address, while some manufacturers have a cloud service for their controllers. The purpose with this project has been to examine the different controllers’ security, discover weaknesses and provide suggestions for improvements to these. In addition, examples are also given on how smart homes can be built. The study has been made in several ways, partly with the help of controlled attacks but also by gathering information about the controllers and how they operate. Based on the studies that were made, a number of weaknesses have been observed, including passwords’ strength and encryption of these. General suggestions for improvements have been given to reduce the vulnerability for possible attacks that may occur in the future.
47
Fontana, Caio Fernando. "Metodologia para a implantação dos processos da cadeia logística segura." Universidade de São Paulo, 2009. http://www.teses.usp.br/teses/disponiveis/3/3143/tde-12082010-120918/.
Full textAbstract:
A formulação da Metodologia para a Implantação dos Processos da Cadeia Logística Segura visa estabelecer parâmetros e metodologia para aplicação dos diversos conceitos e programas de segurança para o comércio exterior visando o controle de carga que vêm sendo implementados por órgãos de governo e organismos internacionais. Estes programas têm como foco o controle sobre os processos de movimentação de carga, através da utilização de tecnologia aplicada à inspeção não intrusiva de carga, rastreamento e lacres eletrônicos, sistemas de troca eletrônica de informação e da integração sistêmica destes componentes. Desta forma, esta tese busca demonstrar como o modelo proposto impactará nos controles fiscais e aduaneiros bem como na otimização dos fluxos logísticos. O modelo proposto está ancorado nas diretrizes de segurança estabelecidas pela Organização Mundial das Aduanas (OMA) através do SAFE Framework of Standards, pela International Maritime Organization (IMO) através do Código Internacional de Segurança e Proteção a Navios e Instalações Portuárias (ISPS-Code), pelo Governo dos Estados Unidos da América através do Container Security Initiative (CSI) e do Safe Ports Act, pela Secretaria da Receita Federal Brasileira através do Plano Nacional de Segurança Aduaneira (PNSA) da Nota Fiscal Eletrônica (NFe) e Conhecimento de Trânsito Eletrônico (CTe) em conjunto com as Secretarias de Fazenda Estaduais, bem como pelo setor privado quem vêm implementado iniciativas voltadas ao controle e monitoramento de carga através de sistemas de Gerenciamento de Risco e os sistemas de Rastreamento e Lacres Eletrônicos aplicados à cargas e veículos. Para efeito de contextualização será apresentado o processo de importação e exportação, seus aspectos de transporte, armazenagem e manipulação de carga, bem como uma macro visão do fluxo documental e os intervenientes públicos e privados envolvido no processo. A seguir, serão apresentadas as propostas de normatização do processo de cadeia logística segura elaboradas pela Customs-Trade Partnership Against Terrorism (C-TPAT), Business Alliance for Secure Commerce (BASC) e da International Organization for Standardization (ISO) através da ISO 28000 e correlatas. Feitas estas análises e contextualização será formulado o modelo operacional que consiste na proposição de um controle logístico integrado. Esta abordagem tem por objetivo apresentar as diversas características dos fluxos de carga por modal e tipo, ou seja, granel, container e carga geral. Este modelo, se implementado, poderá proporcionar um aumento de produtividade do setor, pois a adoção de medidas de controle de carga exige que o planejamento das operações logísticas seja efetuado, acompanhado e corrigido sempre que necessário. Desta forma, o setor de logística poderá se valer desta ferramenta para o aumento de produtividade e conseqüente redução do Custo Brasil. O modelo de implementação será proposto apoiado em quatro diretrizes: normatização de processos, formulação de um modelo de avaliação contínua de nível de serviço das empresas e do processo, normatização de tecnologia, modelo de acreditação de processo e entidades por modal e/ou área de atuação. Neste trabalho serão detalhados o Modelo de Normatização de Processos e o Sistema de Avaliação de Nível de Serviço. A Normatização Tecnológica e o Modelo de Acreditação serão desenvolvidos em trabalhos futuros.The development of the Methodology for the Implantation of the Processes of the Safe Logistic Chain aims at to establish parameters and methodology for application of the diverse concepts and programs of security for the foreign commerce being aimed at the load control that come being implemented for agencies of government and international organisms. These programs have as focus the control on the processes of load movement, through the use of technology applied to the not intrusive inspection of load, electronic tracking and sealing waxes, systems of electronic exchange of information and the systemic integration of these components. In such a way, this thesis searchs to demonstrate as the considered model will impact in the fiscal and customs controls as well as in the improvement of the logistic flows. The considered model is anchored in the lines of direction of security established by the Organização Munidal das Aduanas (OMA) through the SAFE Frameworks of Standards through the International Maritime Organization (IMO), through the International Code of Security and Protection the Ships and Port Installations (ISPS-Code), for the Government of the United States of America through Container Security Initiative (CSI) and of Safe Ports Act, for the Secretariat of the Brazilian Federal Prescription through the Plano Nacional de Segurança Aduaneira (PNSA) of Nota Fiscal Eletrônica (NFe) and Conhecimento de Trânsito Eletrônico (CTe) in set with the Secretarias de Fazenda Estaduais, as well as for the private sector who they come implemented initiatives directed to the control and monitorial of load through systems of Management of Risk and the systems of Tracking and Electronic Sealing waxes applied to loads and vehicles. For context effect, it will be presented the process of importation and exportation, its aspects of transport, load storage and manipulation, as well as a macro vision of the documentary flow and the intervening private public and involved in the process. To follow the proposals of regularization of the logistic process of chain will be presented insurance elaborated by Customs-Trade Partnership Against Terrorism (C-TPAT), Business Alliance will be Secure Commerce (BASC) and of the International Organization for Standardization (ISO) through the ISO 28000 and correlates. The operational model that will be formulated consists of the proposal of an integrated logistic control. This boarding has for objective to present the diverse characteristics of the modal load flows and type, that is granary, container and general load. The implementation of this model will provide to an increase of productivity of the sector therefore the adoption of measures of load control demands that the planning of the logistic operations is effected, followed and corrected whenever necessary. In such a way the sector of logistic could use this tool for the increase of productivity and consequence reduction of what is called as Custo Brasil. The implementation model will be formulated supported in four pillars: regularization of processes, regularization of technology, formularization of a model of Acreditação of modal process and entities for and/or area of performance and the formularization of a model of continuous evaluation of level of service of the companies and the process.
48
Pedretti, Andrea. "Design of a thermographic device and of the rugged frame of a radio-frequency spectrum analyzer." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2021. http://amslaurea.unibo.it/24654/.
Full textAbstract:
This paper, divided into two parts, describes the projects carried out during my curricular internship.
The first part concerns the mechanical CAD design of the frame of a radiofrequency spectrum analyzer, satisfying the technical, ergonomic, aesthetic and economic specifications required.
The second part highlights the research carried out on the thermographic technology used, subsequently, for the realization of the dev-board necessary for the programming with C ++ language of the first beta of the software of a thermographic device, which ended with the design of the electrical diagram and the dedicated board.
49
Турчин, Святослав Іванович, and Sviatoslav Turchin. "Розробка та дослідження автоматизованої системи охорони приміщення з функцією віддаленого управління та моніторингу." Master's thesis, Тернопільський національний технічний університет ім. І. Пулюя, Факультет прикладних інформаційних технологій та електроінженерії, Кафедра автоматизації технологічних процесів і виробництв, 2021. http://elartu.tntu.edu.ua/handle/lib/36714.
Full textAbstract:
Робота виконана на кафедрі автоматизації технологічних процесів і виробництв факультету прикладних інформаційних технологій та електроінженерії Тернопільського національного технічного університету імені Івана Пулюя Міністерства освіти і науки України. Захист відбудеться «23» грудня 2021р. о 9.00год. на засіданні екзаменаційної комісії №22 у Тернопільському національному технічному університеті імені Івана Пулюя.Мета кваліфікаційної роботи – розробка та дослідження системи охорони приміщення на основі мікрокомп’ютера Raspberry Pi використовуючи протокол бездротової передачі даних Zigbee з функцією віддаленого управління та моніторингу. Розроблена система не має недоліків проаналізованих актуальних систем охорони приміщень. В роботі досліджено дальність сигналу протоколу Zigbee, проведено розрахунок шумів та втрати для лінії. Розроблено та програмно реалізовано алгоритм роботи системи охорони за допомогою мови програмування JavaScript та середовища потокового програмування Node-RED. Розроблена панелі візуалізації системних даних та даних, отриманих від давачів на основі платформи Grafana. Розроблена система розрахована для житлових та офісних приміщень та не підходить для виробничих приміщень, лабораторій, а також установ з пожежонебезпечними та вибухонебезпечними речовинами.
The purpose of the qualification work is to develop and research a security system based on the Raspberry Pi microcomputer using the Zigbee wireless data transmission protocol with remote control and monitoring. The developed system does not have the defects of the analyzed current security systems. The signal range of the Zigbee protocol is investigated, noise and loss for the line are calculated. An algorithm for the operation of the security system using the JavaScript programming language and the Node-RED streaming programming environment has been developed and implemented. Developed panels for visualization of system data and data received from sensors based on the Grafana platform. The developed system is designed for residential and office rooms and is not suitable for industrial rooms, laboratories, as well as institutions with flammable and explosive substances.
Анотація 4 ЗМІСТ 5 ВСТУП 7 1. АНАЛІТИЧНА ЧАСТИНА 9 1.1 Аналіз та класифікація охоронних систем 9 1.2 Аналіз актуальних систем охорони приміщення 12 1.3 Актуальність виконання роботи 17 1.4 Методи вирішення поставленої задачі 18 1.5 Висновки та постановка задач на кваліфікаційну роботу 19 2. ТЕХНОЛОГІЧНА ЧАСТИНА 20 2.1 Дротові технології передачі даних 20 2.2 Бездротові технології передачі даних 24 3. НАУКОВО-ДОСЛІДНА ЧАСТИНА 29 3.1 Розрахунок дальності передачі сигналу протоколу 29 3.2 Розрахунок шумів 35 3.3 Розрахунок втрат у лінії 37 3.4 Розрахунок тривалості роботи системи від джерела безперебійного живлення 39 4. КОНСТРУКТОРСЬКА ЧАСТИНА 40 4.1 Вибір технічного забезпечення 40 4.2 Вибір програмного забезпечення 51 4.3 Аналіз об’єкта охорони 62 4.4 Проектування архітектури програмного забезпечення 66 5. СПЕЦІАЛЬНА ЧАСТИНА 68 5.1 Розробка алгоритму роботи системи охорони 68 5.2 Налаштування мікрокомп’ютера 69 5.3 Налаштування віддаленого сервера 83 5.4 Програмна реалізація алгоритму роботи системи охорони приміщення 89 5.5 Розробка панелі візуалізації системи охорони приміщення 105 6. ОХОРОНА ПРАЦІ ТА БЕЗПЕКА В НАДЗВИЧАЙНИХ СИТУАЦІЯХ 109 6.1 Охорона праці 109 6.2 Правила безпеки при експлуатації обладнання, що проектується 110 6.3 Розрахунок природнього освітлення для проектованої дільниці. 113 6.4 Основні заходи захисту населення і територій 115 6.5 Евакуаційні заходи 117 6.6 Розрахунок евакуаційних шляхів із виробничих приміщень (дільниці) цеху що проектується 119 6.7 Інженерний захист 125 ВИСНОВКИ 128 СПИСОК ВИКОРИСТАНОЇ ЛІТЕРАТУРИ 129 ДОДАТКИ 130
50
Шушарина, Е. Е., and E. E. Shusharina. "Методика предотвращения угроз информационной безопасности на предприятии : магистерская диссертация." Master's thesis, б. и, 2020. http://hdl.handle.net/10995/93449.
Full textAbstract:
Актуальность темы исследования обусловлена отсутствием комплексного подхода к предотвращению угроз информационной безопасности федеральных органов исполнительной власти и непрерывным ростом объемов обрабатываемой информации в налоговых органах. Методика предотвращения угроз информационной безопасности целесообразна для эксплуатации на практике, и будет способствовать не только рациональному расходу рабочего времени, но и поддержанию состояния информационной безопасности на объекте информатизации. Реализация проекта направлена на усиления контроля информационной безопасности.The relevance of the research topic is due to the lack of an integrated approach to preventing threats to information security of federal executive authorities and the continuous growth of the volume of processed information in tax authorities. The methodology for preventing threats to information security is appropriate for operation in practice, and will contribute not only to the rational use of working time, but also to maintain the state of information security at the informatization facility. The implementation of the project is aimed at strengthening information security control.