| 1. |
- Aaro Jonsson, Catherine
(författare)
-
Long-term cognitive outcome of childhood traumatic brain injury
- 2010
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- There is limited knowledge of cognitive outcome extending beyond 5 years after childhood traumatic brain injury, CTBI. The main objectives of this thesis were to investigate cognitive outcome at 6-14 years after CTBI, and to evaluate if advancements in the neurosurgical care, starting 1992, did influence long-term outcome and early epidemiology. An additional aim was to study the relationship between early brain injury parameters and early functional outcome. Study 1 evaluated cognitive progress during 14 years after CTBI, over three neuropsychological assessments in 8 patients with serious CTBI. Study 2 used patient records to investigate early epidemiology, received rehabilitation and medical follow up in two clinical cohorts, n=82 and n=46, treated neurosurgically for CTBI before and after 1992. An exploratory cluster analysis was applied to analyse the relation between early brain injury severity parameters and early functional outcome. In Study 3, participants in the two cohorts, n=18 and n=23, treated neurosurgically for CTBI before and after 1992, were subject to an extensive neuropsychological assessment, 13 and 6 years after injury, respectively. Assessment results of the two cohorts were compared with each other and with controls. Data were analysed with multivariate analyses of variance. Results and discussion. There were significant long-term cognitive deficits of similar magnitude and character in the two cohorts with CTBI, treated before and after the advancements in neurosurgical care. At 6-14 years after injury, long-term deficits in verbal intellectual and executive functions were found, and were discussed in terms of their late maturation and a decreased executive control over verbal memory-functions after CTBI. Visuospatial functions had a slightly better long-term recovery. The amount of rehabilitation received was equally low in both cohorts. The length of time spent in intensive care and the duration of care in the respirator may have a stronger relationship to early outcome than does a single measure of level of consciousness at admission. Main conclusions are that cognitive deficits are apparent at long-term follow up, 6-13 years after neurosurgically treated CTBI, even after advancements in the neurosurgical care in Sweden. Measures of verbal IQ, verbal memory and executive functions were especially low while visuospatial intellectual functions appear to have a better long-term recovery.
|
|
| 2. |
- Almgren, Magnus, 1972, et al.
(författare)
-
A Comparison of Alternative Audit Sources for Web Server Attack Detection
- 2007
-
Ingår i: The 12th Nordic Workshop on Secure IT-systems.
-
Konferensbidrag (refereegranskat)abstract
- Most intrusion detection systems available today are usinga single audit source for detecting all attacks, eventhough attacks have distinct manifestations in differentparts of the system. In this paper we carry out a theoretical investigation of the role of the audit source for the detection capability of the intrusion detection system (IDS). Concentrating on web server attacks, we examine the attack manifestations available to intrusiondetection systems at different abstraction layers, includinga network-based IDS, an application-based IDS, andfinally a host-based IDS.Our findings include that attacks indeed have differentmanifestations depending on the audit source used. Someaudit sources may lack any manifestation for certain attacks, and, in other cases contain only events that are indirectly connected to the attack in question. This, in turn, affects the reliability of the attack detection if the intrusion detection system uses only a single audit source for collecting security-relevant events. Hence, we conclude that using a multisource detection model increases the probability of detecting a range of attacks directed toward the web server. We also note that this model should account for the detection quality of each attack / audit stream to be able to rank alerts.Keywords: intrusion detection, attack manifestations
|
|
| 3. |
- Almgren, Magnus, 1972, et al.
(författare)
-
A Multi-Sensor Model to Improve Automated Attack Detection
- 2008
-
Ingår i: 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Lecture Notes in Computer Science. - 9783540874027 ; 5230/2008, s. 291-310
-
Konferensbidrag (refereegranskat)abstract
- Most intrusion detection systems available today are using a single audit source for detection, even though attacks have distinct manifestations in different parts of the system. In this paper we investigate how to use the alerts from several audit sources to improve the accuracy of the intrusion detection system (IDS). Concentrating on web server attacks, we design a theoretical model to automatically reason about alerts from different sensors, thereby also giving security operators a better understanding of possible attacks against their systems. Our model takes sensor status and capability into account, and therefore enables reasoning about the absence of expected alerts. We require an explicit model for each sensor in the system, which allows us to reason about the quality of information from each particular sensor and to resolve apparent contradictions in a set of alerts.Our model, which is built using Bayesian networks, needs some initial parameter values that can be provided by the IDS operator. We apply this model in two different scenarios for web server security. The scenarios show the importance of having a model that dynamically can adapt to local transitional traffic conditions, such as encrypted requests, when using conflicting evidence from sensors to reason about attacks.
|
|
| 4. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Implications of IDS Classification on Attack Detection
- 2003
-
Ingår i: Nordic Workshop on Secure IT Systems (NordSec). - 8299398045 ; , s. 57--70-
-
Konferensbidrag (refereegranskat)abstract
- Accurate taxonomies are critical for the advancement of research fields. Taxonomies for intrusion detection systems (IDSs) are not fully agreed upon, and further lack convincing motivation of their categories. We survey and summarize previously made taxonomies for intrusion detection. Focusing on categories relevant for detection methods, we extract commonly used concepts and define three new attributes: the reference model type, the reference model generation process, and the reference model updating strategy. Using our framework, the range of previously used terms can easily be explained. We study the usefulness of these attributes with two empirical evaluations. Firstly, we use the taxonomy to create a survey of existing research IDSs, with a successful result, i.e. the IDSs are well scattered in the defined space. Secondly, we investigate whether we can reason about the detection capability based on detection method classes, as defined by our framework. We establish that different detection methods vary in their capability to detect specific attack types. The reference model type seems better suited than reference model generation process for such reasoning. However, our results are tentative and based on a relatively small number of attacks.
|
|
| 5. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Investigating the Benefits of Using Multiple Intrusion-Detection Sensors
- 2008
-
Ingår i: The 13th Nordic Workshop on Secure IT-systems. Published by the Technical University of Denmark.. - 1601-2321. ; , s. 13-26
-
Konferensbidrag (refereegranskat)abstract
- Most intrusion detection systems (IDSs) available today are using a single audit source for detection,even though attacks have distinct manifestations in different parts of the system. Previously,we have explored the benefits of combining several sensors monitoring different audit sources toimprove the detection of attacks. In this paper we go one step further and investigate possible synergeticeffects by actively sharing information between distinct intrusion detection sensors takingevents from isolated audit sources. We present four scenarios where we show how the function ofone IDS, measured as false alarm rate, performance in terms of used resources, or attack response,can be improved by having access to information collected and analyzed by another IDS. Based onthese four scenarios, we then generalize our findings and outline necessary properties of a sensorcommunication framework for multiple IDSs. Our focus is on cooperation between IDSs, but wealso touch on response techniques.
|
|
| 6. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Mapping Systems Security Research at Chalmers
- 2011
-
Ingår i: First SysSec Workshop (SysSec 2011). - 9780769545301 ; , s. 67-70
-
Konferensbidrag (refereegranskat)abstract
- The department of Computer Science and Engineering at Chalmers University has a long tradition of research in systems security, including security metrics, attack detection, and mitigation. We focus on security issues arising in four specific environments: (1) backbone links, (2) sensor networks, (3) the connected car, and (4) the smart grid. In this short summary we describe recent results as well as open research questions we are exploring.
|
|
| 7. |
|
|
| 8. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Using Active Learning in Intrusion Detection
- 2004
-
Ingår i: Computer Security Foundations Workshop. - 076952169X ; , s. 88--98-
-
Konferensbidrag (refereegranskat)abstract
- Intrusion Detection Systems (IDSs) have become an important part of operational computer security. They are the last line of defense against malicious hackers and help detect ongoing attacks as well as mitigate their damage. However, intrusion detection systems are not turnkey solutions but are heavily dependent on expensive and scarce security experts for successful operation. By emphasizing self-learning algorithms, we can reduce dependence on the domain expert but instead require massive amounts of labeled training data, another scarce resource in intrusion detection. In this paper we investigate whether an active learning algorithm can perform on a par with a traditional self-learning algorithm in terms of detection accuracy but using significantly less labeled data. Our preliminary findings indicate that the active learning algorithm generally performs better than the traditional learning algorithm given the same amount of training data. Moreover, the reduction of labeled data needed can be as much as 80 times, shown by comparing an active learner with a traditional learner with similar detection accuracy. Thus, active learning algorithms seem promising in that they can reduce the dependence on security experts in the development of new detection rules by better leveraging the knowledge and time of the expert.
|
|
| 9. |
- ANGHOLT, JONAS, et al.
(författare)
-
A First Security Analysis of a Secure Intermodal Goods Transport System
- 2013
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The goods transport business involves a lot of money and is a big part of the infrastructure of any European country. There are often many different actors involved in each transport and the communication network is rather complex due to the point-topoint communication structure. It is easy to understand why there is a high demand for increased simplicity and effectiveness. With this in mind, the e-Freight project which is based on PEPPOL has moved towards a standardized solution by developing a communication system based on access points (APs). These APs act as the interface to the system and makes it easy to establish communication between any two connected actors.With PEPPOL and e-Freight as a foundation, VOLVO leads the SITS project in close cooperation with Stena Line and DSV. The goal is to develop a harmonized communication framework that promotes increased sharing of information between actors and enable new applications to increase effectiveness and security in the chain of transportation. This leads to simplified accessibility for actors to a set of services by being connected to an AP. At the same time service providers benefit from being able to easily set up cloud services available for all actors. In addition to the back-office communication between APs, external devices such as cellphones, in-vehicle computers and check-in terminals can communicate directly with each other over short distances. This type of communication is only partially specified and a mutual standard is yet to be decided upon.In this report we have analyzed the SITS project from an IT-security perspective. The back-end system derived from e-Freight is looked into and communication links, access points, protocols, certificate handling etc., are examined. Another concern in the SITS project is the short-range communication between trucks and terminals. Since RFID is a highly potential candidate for use in this area, we have studied the technology by categorizing a typical RFID system into three distinct layers and researched important security threats with the classic CIA approach. Based on the security issues found, countermeasures such as encryption, authentication and protection against man-in-themiddle attacks are reviewed.
|
|
| 10. |
- Bos, Herbert, et al.
(författare)
-
Anticipating Security Threats to a Future Internet
- 2009
-
Ingår i: EU/FP7 FORWARD.
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- One of the most critical problems on today’s Internet is the lack of security. This gives rise to aplethora of different ways in which the confidentiality, integrity, and availability of data is compromised,and it provides a fertile breeding ground for a thriving underground economy. Thus, when designing afuture Internet, it is clear that security must be a first-class design consideration.To be able to design security for a future Internet, it is first necessary to obtain a thorough understandingof the threats and adversaries that the system must defend against. As a first step toward thisunderstanding, we introduce a number of emerging security threats that need to be considered. Thesethreats were identified by the three working groups that are active in the context of the EU FP7 projectFORWARD, and they illuminate different aspects of the threat landscape.
|
|
| 11. |
- Bos, Herbert, et al.
(författare)
-
Future threats to future trust
- 2008
-
Ingår i: Future of Trust in Computing: Proceedings of the First International Conference Future of Trust in Computing 2008: With 58 Illustrations. - Wiesbaden : Vieweg+Teubner. - 9783834807946 ; , s. 49-54
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)abstract
- Only a few years ago, big worms roamed theplanet, spreading within hours, or even minutes, toevery nook and cranny of the Internet. The damagecaused by them was equally impressive; wormshave taken out alarm phone centers, train signallingsystems, thousands of cash machines, millions ofproduction PCs and servers, and, oh yes, SouthKorea1.No wonder academics and industry scrambledto counter the threat. Indeed, fast spreading flashworms were all the rage among security expertsand millions of euros were spent on projects tocounter them. Alliances were formed, researchgrants applied for, projects started, prototype solutionsdeveloped, refined, and discarded. Unfortunately,by the time we developed practical countermeasures, flash worms had all but disappeared.Instead, we now worry about stealth attacks, botnets,phishing sites, attacks on mobile phones, andwhatever new threats emerged in recent years. Theproblem is that we tend to work on solutions fortoday’s problems and have no time to worry aboutthe threats of the future. The problem is that weare often caught unawares.This need not be the case and there are examplesof threats that we saw coming before they hit us.A well-known example is RFID. An RFID tagis a small, extremely low-cost chip that can beused for purposes like identification and minimalprocessing. By adding RFID tags to everything,from pets to products, industry aims to use RFIDtechnology to create the “Internet of Things”. However,researchers have shown that tags can be usedto propagate malware, which in turn has led aconcerned industry to scrutinize security issues inRFID. All of this happened before any real attackstook place.For this reason the FORWARD initiative intendsto bring together experts to discuss future threatsand develop realistic threat scenarios. As a firststep in that direction, a workshop was organized1The country virtually dropped off the map as a result of theSlammer worm [2].in G¨oteborg, Sweden, in April 2008, to discussfuture threats [1]. The workshop consisted of broadplenary sessions interspersed with focused expertsmeetings. This paper summarizes the workshop’sfindings and their bearings on the future of trust.The remainder of this paper discusses the findingsof the targeted expert meetings on criticalinfrastructure and large scale systems (Section II),fraud (Section III), and malware (Section IV).Concluding remarks are in Section V.
|
|
| 12. |
- Brocklehurst, Sarah, et al.
(författare)
-
On measurement of operational security
- 1994
-
Ingår i: IEEE Aerospace and Electronic Systems Magazine. - : Institute of Electrical and Electronics Engineers (IEEE). - 0885-8985. ; 9:10, s. 7-16
-
Tidskriftsartikel (refereegranskat)abstract
- Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of "the ability of the system to resist attack." That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit "more secure behavior" in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behavior will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working toward measures of "operational security" similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches, or the probability that a specified "mission" can be accomplished without a security breach. This new approach is based on the analogy between system failure and security breach, but it raises several issues which invite empirical investigation. We briefly describe a pilot experiment that we have conducted to judge the feasibility of collecting data to examine these issues.
|
|
| 13. |
|
|
| 14. |
- Djambazova, Edita, et al.
(författare)
-
Emerging and Future Cyber Threats to Critical Systems
- 2011
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Berlin, Heidelberg : Springer Berlin Heidelberg. - 1611-3349 .- 0302-9743. - 9783642192272 ; 6555, s. 29-46
-
Konferensbidrag (refereegranskat)abstract
- This paper discusses the emerging and future cyber threats to critical systems identifed during the EU/FP7 project ICT-FORWARD. Threats were identifed after extensive discussions with both domain experts and IT security professionals from academia, industry, and government organizations. The ultimate goal of the work was to identify the areas in which cyber threats could occur and cause serious and undesirable consequences, based on the characteristics of critical systems. A model of a critical system is suggested and used to distill a list of cyber threats specifc to such systems. The impact of the identifed threats is illustrated by an example scenario in order to stress the risks and consequences that the materialization of such threats could entail. Finally, we discuss possible solutions and security measures that could be developed and implemented to mitigate the situation.
|
|
| 15. |
- Edmark, Lennart, 1954-, et al.
(författare)
-
Pressure-controlled versus manual facemask ventilation for anaesthetic induction in adults : A randomised controlled non-inferiority trial
- 2023
-
Ingår i: Acta Anaesthesiologica Scandinavica. - : John Wiley & Sons. - 0001-5172 .- 1399-6576. ; 67:10, s. 1356-1362
-
Tidskriftsartikel (refereegranskat)abstract
- Background: Pressure-controlled face mask ventilation (PC-FMV) with positive end-expiratory pressure (PEEP) after apnoea following induction of general anaesthesia prolongs safe apnoea time and reduces atelectasis formation. However, depending on the set inspiratory pressure, a delayed confirmation of a patent airway might occur. We hypothesised that by lowering the peak inspiratory pressure (PIP) when using PC-FMV with PEEP, confirmation of a patent airway would not be delayed as studied by the first return of CO2, compared with manual face mask ventilation (Manual FMV).Methods: This was a single-centre, randomised controlled non-inferiority trial. Seventy adult patients scheduled for elective day-case surgery under general anaesthesia with body mass index between 18.5 and 29.9 kg m(-2), American Society of Anesthesiologists (ASA) classes I-III, and without anticipated difficult FMV, were included. Before the start of pre-oxygenation and induction of general anaesthesia, participants were randomly allocated to receive ventilation with either PC-FMV with PEEP, at a PIP of 11 and a PEEP of 6 cmH(2)O or Manual FMV, with the adjustable pressure-limiting valve set at 11 cmH(2)O. The primary outcome variable was the number of ventilatory attempts needed until confirmation of a patent airway, defined as the return of at least 1.3 kPa CO2.Results: The return of >= 1.3 kPa CO2 on the capnography curve was observed after mean +/- SD, 3.6 +/- 4.2 and 2.5 +/- 1.9 ventilatory attempts/breaths with PC-FMV with PEEP and Manual FMV, respectively. The difference in means (1.1 ventilatory attempts/breaths) had a 99% CI of similar to 1.0 to 3.1, within the accepted upper margin of four breaths for non-inferiority.Conclusion: Following induction of general anaesthesia, PC-FMV with PEEP was used without delaying a patent airway as confirmed with capnography, if moderate pressures were used.
|
|
| 16. |
- Gustafson, Ulf, et al.
(författare)
-
On the modelling of preventive security based on a PC network intrusion experiment
- 1996
-
Ingår i: ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy. - 3540619917 ; 1172, s. 242-252
-
Konferensbidrag (refereegranskat)abstract
- This paper describes a realistic intrusion experiment intended to investigate whether such experiments can yield data suitable for use in quantitative modelling of preventive security, which denotes the system's ability to protect itself from external intrusions. The target system was a network of Personal Computer clients connected to a server. A number of undergraduate students served as attackers and continuously reported relevant data with respect to their intrusion activities. This paper briefly describes the experiment and presents a compilation of all the types of data recorded. A first interpretation and classification of the data are made, and its possible use for modelling purposes is discussed. Summaries of breach parameters and a number of informtive diagrams and tables reflecting the intrusion process are presented.
|
|
| 17. |
- Gustafson, Ulf, 1967, et al.
(författare)
-
Security Evaluation of a PC Network based on Intrusion Experiments
- 1995
-
Ingår i: Proc. 14th Int'l Congress on Computer and Communications Security, SECURICOM '96, Paris, France. ; , s. 187-203
-
Konferensbidrag (refereegranskat)abstract
- This paper presents an intrusion experiment in which the target system was a Novell NetWare 3.12 server to which Personal Computer clients were connected. Undergraduate students with little security expertise and hardly any knowledge of the system served as attackers and were given the task of performing as many intrusions as possible. The objectives of the experiment were twofold: first, to learn more about how to gather and process data from intrusion experiments and to form a methodology applicable to a generic class of computer systems; and, second, to find out whether it is actually possible to create a secure system based on insecure PC workstations. This paper deals mainly with the latter objective, and investigates how and to what extent unevenly distributed security features, such as a “secure” file server with untrusted clients, affect overall system security. Furthermore, in experiments, as opposed to real life situations, it is possible to collect information about how the attacking process is carried out.Before the experiment, we anticipated that the attackers would create Trojan Horses on the clients to spoof other users during the login process, but we did not expect them to find as many serious vulnerabilities in the concept as they did. The experiment shows that untrusted PC clients have ample intrusion possibilities, and that the vulnerabilities can not be compensated by security features elsewhere in the system. Novell has undoubtedly spent more effort in securing the file server and its assets than in securing the clients in the system. This paper contains a summary of the security problems the attackers found, from which it is evident that several new security mechanisms must be added before a NetWare 3.12 system can be regarded as secure.
|
|
| 18. |
- Gustafson, Ulf, 1967, et al.
(författare)
-
Security Evaluation of a PC Network based on Intrusion Experiments
- 1996
-
Ingår i: SECURICOM 1996 - 14th Worldwide Congress on Computer and Communications Security Protection.
-
Tidskriftsartikel (refereegranskat)abstract
- This paper presents an intrusion experiment in which the target system was a Personal Computer network connected to a Novell NetWare 3.12 server. Undergraduate students with little security expertise and hardly any knowledge of the system served as attackers and were given the task of performing as many intrusions as possible. The objectives of the experiment were twofold: first, to learn more about how to gather and process data from intrusion experiments and to form a methodology applicable to a generic class of computer systems; and, second, to find out whether it is actually possible to create a secure system based on insecure PC workstations. This paper deals mainly with the latter objective, and investigates how and to what extent unevenly distributed security features, such as a “secure” file server with untrusted clients, affect overall system security. Furthermore, in experiments, as opposed to real life situations, it is possible to collect information about how the attacking process is carried out.Before the experiment, we anticipated that the attackers would create Trojan Horses on the clients to spoof other users during the login process, but we did not expect them to find as many serious vulnerabilities in the concept as they did. The experiment shows that untrusted PC clients have ample intrusion possibilities, and that the vulnerabilities can not be compensated by security features elsewhere in the system. Novell has undoubtedly spent more effort in securing the file server and its assets than in securing the clients in the system. This paper contains a summary of the security problems the attackers found, from which it is evident that several new security mechanisms must be added before a NetWare 3.12 system can be regarded as secure.
|
|
| 19. |
- Hedbom, Hans, et al.
(författare)
-
A Comparison of the Security of Windows NT and UNIX
- 1998
-
Konferensbidrag (refereegranskat)abstract
- This paper presents a brief comparison of two operating systems, Windows NT and UNIX. The comparison covers two different aspects. First, we compare the main security features of the two operating systems and then we make a comparison of a selection of vulnerabilities most of which we know have been used for making real intrusions. We found that Windows NT has slightly more rigorous security features than standard UNIX but the two systems display similar vulnerabilities. The conclusion is that there are no significant differences in the real level of security between these systems
|
|
| 20. |
- Hedbom, Hans, et al.
(författare)
-
A Preliminary Evaluation of the Security of a Non-Distributed Version of Windows NT
- 1997
-
Konferensbidrag (refereegranskat)abstract
- In this paper we present a preliminary evaluation of the security of a non-distributed version of Windows NT. The objectives of the work are twofold: first, to learn more about the security system; and, second, to find out how secure the system actually is. Thus the architecture and security mechanisms of Windows NT have been studied. Furthermore, the paper contains a few examples of successful intrusions on the target system, which was a standard personal computer with Windows NT Workstation 3.51 and one with NT Workstation 4.0, both working in a stand-alone mode. We have also found some evidence that other, more severe security flaws exist in the system
|
|
| 21. |
- Hedbom, Hans, et al.
(författare)
-
A Security Evaluation of a Non-Distributed Version of Windows NT
- 1997
-
Rapport (refereegranskat)abstract
- In this paper we present an evaluation of the security in Windows NT. The objectives of the work are twofold: first, to learn more about the security system; and, second, to find out how secure the system actually is. To investigate the latter, the authors, have adopted the role of attackers. This paper contains results from several attempts to violate the security of Windows NT. In some cases, the attempts were successful, meaning that we gained access to information or resources that should be protected. The target systems were standard personal computers with Windows NT Workstation 3.51 and Windows NT Workstation 4.0 respectively, both working in stand-alone mode
|
|
| 22. |
- Hedbom, Hans, et al.
(författare)
-
Analysis of the Security of Windows NT
- 1998
-
Rapport (refereegranskat)abstract
- This paper presents an analysis of the security in Windows NT 4.0, working in both stand-alone and networking mode. The objective of the work was to find out how secure this operating system actually is. A technical overview of the system, and in particular its security features is given. The system security was analyzed and practical intrusion attempts were made in order to verify vulnerabilities or to find new ones. All vulnerabilities are described in detail and classified according to a classification scheme. A comparison to commonly known UNIX weaknesses was made. It revealed generic similarities between the two systems to a surprisingly high degree. Finally a number of recommendations are given. The paper concludes that there are ample opportunities to improve the security of Windows NT. We have reason to believe that it is probably not higher than that of UNIX
|
|
| 23. |
- Hedbom, Hans, et al.
(författare)
-
Protecting Stateless Security Policies using One-Way Functions
- 2001
-
Rapport (refereegranskat)abstract
- This paper addresses the problem of protecting security-related information in security extensions, e.g. the detection policy in an Intrusion Detection System (IDS) or the filtering policy in a firewall. Knowledge of the security policy would potentially facilitate the penetrationof an intruder into the target system, the short-circuiting of a firewall or the circumvention of the IDSs detection mechanisms. To avoid this risk we suggest that thepolicy be protected using one-way functions and the paper suggests a scheme for protecting stateless policies. A stateless policy is a policy that takes only the current event into consideration when decisions are made and not the preceding chain of events. Thus, theprocess of comparing events towards the policy, i.e. making decisions, can be done in much the same way that passwords are hashed and compared in UNIX systems. However, one important distinction is that security policies contain a certain variability that must bemanaged, and a method for this is discussed. Finally, we discuss an automated tool for compiling a policy into a protected policy.
|
|
| 24. |
- Hedbom, Hans, et al.
(författare)
-
Risks and Dangers of Security Extensions
- 2001
-
Konferensbidrag (refereegranskat)abstract
- Securing computer systems is an increasing concern as more and more systems are connected together in large networks. Traditional operating system based protection mechanisms have failed to fully meet the demands of this new situation. To overcome some of the shortcomings of these mechanisms new types have been developed with the intention to stop or reduce the impact of the new threats. We would like to call these new mechanisms security extensions, since they are not usually part of the core operating system. However, security extensions often contain sensitive and vital information that also needs to be secured. Usually they are dependent on the security mechanisms of the operating system for their own protection, i.e., they are dependent on the security of a mechanism whose insecurity they are supposed to patch. This is clearly an undesirable situation. We thus argue that security extensions actually add risks and vulnerabilities to the system when the underlying system is insecure or when they are not capable of handling their own security by themselves. In this paper, we discuss and analyze possible vulnerabilities in three types of security extensions, i.e., anti-malware software, firewalls, and intrusion detection systems. We also introduce a crude classification scheme for the different types of risks that the security extensions discussed add to the system.
|
|
| 25. |
- Jonsson, Anthon, 1993-, et al.
(författare)
-
Test rig for submerged transmissions in wave energy converters as a development tool for dynamic sealing systems
- 2023
-
Ingår i: Proceedings of the 15th European Wave and Tidal Energy Conference (EWTEC 2023), Bilbao, 3-7 September, 2023.
-
Konferensbidrag (refereegranskat)abstract
- A submerged transmission, fitted with a dynamic sealing system, in a wave energy converter (WEC) serves the purpose of transmitting the force, absorbed by a wave activated body, to an encapsulated power take-off (PTO) system, while preventing seawater from entering the capsule. Dry generator operation is generally a prerequisite for attaining long technical service life. Little attention seems to be devoted in publications to the study of dynamic sealing systems in WECs, and to test rigs for experimental verification and/or evaluation of the ability/performance of existing dynamic sealing systems in a controlled laboratory environment. This paper begins by presenting some of our earlier research within the focus area of dynamic sealing systems, incl. design considerations and typical operating conditions. This part also presents the 1st laboratory test rig, used for verifying the sealing ability of the piston rod mechanical lead-through design in the 1st and 2nd full-scale experimental WEC prototype from Uppsala University. In 2021 project DynSSWE (Dynamic Sealing Systems for Wave Energy) was initiated. Drawing from experience, the project includes development of a new test rig, representing a tool for further development of dynamic sealing systems. This paper introduces steps in the design and development process of that new test rig, enabling accelerated long-term test runs with a setup of multiple piston rod specimens. The test specimens’ will be surface treated differently with the aim of improving the prospects of a long maintenance free service life. Since the new test rig is in the design stage, seal testing results are not yet reported. The presented work is funded by the Swedish energy agency with the aim of improving subsystem performance in wave energy devices.
|
|
| 26. |
- Jonsson, Erland, 1946, et al.
(författare)
-
A Dependability Measure for Degradable Computing Systems
- 1992
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- This paper deals with the problem of finding a comprehensive dependabilitymeasure or figure of merit for computing systems. Dependability is a term usedfor a general description of a systems trustworthiness in non-quantitative terms. Itis commonly described by a number of aspects, like reliability, availability, safetyand security. Quantitative measures are conveniently used for e.g. reliability andavailability, but are rare for security.However, it is felt that a more general measure of a system’s dependability wouldbe of great interest and could be used for system evaluations, design trade-offs etc.In order to achieve this, we adopt a generalized view that facilitates a recompilationof the dependability aspects into fewer and more general qualities. Key issues forthe generalization are the concepts of degradability and service. A degraded serviceis the result of the discontinuation of one or several subservices, yielding a systemthat operates on a reduced service level.A vectorized measure based on Markov processes is suggested, and mathematicaldefinitions are given. The measure describes the expected time a system willbe operating at a certain service level, and also the probability that this level bereached. By means of applying the concept of reward rate to each service level, aneven more simplified figure of merit can be calculated.Normally, when making reliability calculations, an assumption of exponentialfailure rates for system components is made. Sometimes this assumption is notrealistic and we outline how phase-type distributions can be used to cope with thissituation.Finally, two different schemes for the calculation of the measure is given. First,a hierarchical procedure feasible for small systems and calculations by hand is presented.Second, a general procedure based on matrix calculus is given. This procedureis suitable for complicated systems. It is also general in the sense that it maybe used for measures extended to repairable systems.
|
|
| 27. |
- Jonsson, Erland, 1946, et al.
(författare)
-
A Framework for Security Metrics Based on Operational System Attributes
- 2011
-
Ingår i: International workshop on Security Measurements and Metrics - MetriSec2011, Banff, Alberta, Canada, 2011-09-21.. ; , s. 58-65
-
Konferensbidrag (refereegranskat)abstract
- There exists a large number of suggestions for how to measure security, and in many cases the goal is to find a single overall metric of security. Given that security is a complex and multi-faceted property, we believe that there are fundamental problems to find such an overall metric. Thus, we suggest a framework for security metrics that is based on a number of system attributes taken from the security and the dependability disciplines. We then regroup those attributes according to an existing conceptual system model and propose a metrication framework in accordance. We suggest that there should be metrics related to protective attributes, to behavioural attributes and possibly to system correctness. Thus, the main idea is that security metrication should be split up and related to a number of specific attributes, and that a composite security metric is hard to define.
|
|
| 28. |
- Jonsson, Erland, 1946, et al.
(författare)
-
A practical dependability measure for degradable computer systems with non-exponential degradation
- 1994
-
Ingår i: IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processe - SAFEPROCESS 1994. ; Vol. 1, s. 231-237
-
Tidskriftsartikel (refereegranskat)abstract
- This paper proposes a vectorized measure for a set of behavioural dependability attributes. The measure is based on Markov processes and is intended for practical dependability trade-offs. It describes the system performance on a number of service levels. Thus, it is possible to merge attributes such as reliability, safety and performability into one single quality. Whereas reliability describes the functional fulfillment of a system, performability reflects its ability of functional degradation. The safety attribute handles a class of failures with catastrophic consequences and can be accommodated by means of introducing two or more service levels for a failed system.Many systems exhibit time-dependent degradation rates and non–exponential lifetimes. This situation can be handled by means of applying phase–type assumptions and introducing some additional states to the system, which would allow us to remain within the universe of Markov modelling.
|
|
| 29. |
- Jonsson, Erland, 1946, et al.
(författare)
-
A practical dependability measure for embedded computer systems
- 1993
-
Ingår i: Proceedings of the IFAC 12th World Congress. ; Vol. 3, s. 267-272
-
Tidskriftsartikel (refereegranskat)abstract
- Dependability is commonly described by a number of attributes, such as reliability, availability, safety and security. Quantitative measures are found for eachseparate attribute e.g. reliability and availability, but are not defined for the totality of all attributes. This paper suggests a vectorized measure based on Markov processes.The measure covers reliability, safety and a modified version of the security attribute. It should be used for practical dependability trade-offs and is especially applicable to autonomous systems with embedded computers, such as aerospace vehicles andcontrol systems. Key issues are the concepts of degradability, subservice and servicelevel. The measure is based on the expected operating time on an operational servicelevel and the total operational time before failure for failed service levels.
|
|
| 30. |
- Jonsson, Erland, 1946
(författare)
-
A Quantitative Approach to Computer Security from a Dependability Perspective
- 1996
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Security and dependability represent two very important attributes of modern computer systems, especially in the light of the increasing complexity and criticality of these systems. These two disciplines have traditionally been treated separately, although lately some attempts have been made to integrate them. Still, a successful integration is necessary to create the conceptual framework required to understand and solve problems of impaired security and dependability. Therefore, this thesis suggests a system-related conceptual model, in which the various aspects of security and dependability are analyzed and regrouped into a new "input-output"-related concept. The input characteristics of this new concept are interpreted in preventive terms, whereas the output characteristics are interpreted in behavioural terms with respect to the user of the system. The logical consequence of this approach was that the measures we aim for could also be grouped as preventive measures and behavioural measures. The behavioural measures are measures that relate to the behaviour of the system as understood by the user of the system, or, put informally, are related to the "output" of the system. Behavioural measures deal with system failures, e.g., the probability for and the magnitude of such failures. They are intended to reflect attributes such as reliability, performability and safety, but also confidentiality, although this latter attribute deviates from the other three. Here apply such traditional reliability measures as Mean Time To Failure (MTTF) and probability of a successful mission, as well as traditional reliability methods, such as Markov modelling. One problem is that the assumption of exponential degradation in Markov models may not be valid, especially in software systems and systems in which security is a concern. It is outlined how this problem can be solved by introducing phase-type assumptions. The suggested measures are intended to be of the "benchmark" type aimed for practical design trade-offs, rather than a description of all behavioural aspects of the system. A preventive measure would describe the system's ability to avoid detrimental influence from the environment, in particular influence originating from security intrusions into the system. Thus, measures of such operational "intrusion security" would capture the intuitive notion of "the system's ability to resist attack". It has been suggested that the breach process could be modelled using effort expended by the attacker as a variable. The effort variable is believed to be rather complex. The assumption is that it would encompass factors such as the education, skill and experience of the attacker, resources used in the attacking process as well as various time parameters, e.g., CPU time, on-line time and the amount of man-hours used in the process. It is clear that empirical data would be useful deriving a plausible probabilistic approach to this type of security modelling. Thus, two experiments, which to our knowledge are the first of their kind, were performed. In these, a group of people were permitted to perform security attacks on a given system in a controlled way. The attack process was monitored and relevant data were recorded. We thereby demonstrated that it is possible to gather intrusion data by means of such experimentation. The results of the experiments indi- cate that the attacking process can be split into three phases. Most of the attacks performed can be referred to one of these phases, namely the standard attack phase. Furthermore, by means of statistical testing, we show that it is not improbable that the attacking behaviour can be modelled by an exponential distribution during this phase.
|
|
| 31. |
- Jonsson, Erland, 1946, et al.
(författare)
-
A quantitative model of the security intrusion process based on attacker behavior
- 1997
-
Ingår i: IEEE Transactions on Software Engineering. - : Institute of Electrical and Electronics Engineers (IEEE). - 0098-5589 .- 1939-3520. ; 23:4, s. 235-245
-
Tidskriftsartikel (refereegranskat)abstract
- This paper is based on a conceptual framework in which security can be split into two generic types of characteristics, behavioral and preventive. Here, preventive security denotes the system's ability to protect itself from external attacks. One way to describe the preventive security of a system is in terms of its interaction with the alleged attacker, i.e., by describing the intrusion process. To our knowledge, very little is done to model this process in quantitative terms. Therefore, based on empirical data collected from intrusion experiments, we have worked out a hypothesis on typical attacker behavior. The hypothesis suggests that the attacking process can be split into three phases: the learning phase, the standard attack phase, and the innovative attack phase. The probability for successful attacks during the learning and innovative phases is expected to be small, although for different reasons. During the standard attack phase it is expected to be considerably higher. The collected data indicates that the breaches during the standard attack phase are statistically equivalent and that the times between breaches are exponentially distributed. This would actually imply that traditional methods for reliability modeling could be applicable.
|
|
| 32. |
- Jonsson, Erland, 1946, et al.
(författare)
-
An Attempt to Quantitative Modelling of Behavioural Security
- 1995
-
Ingår i: Proceedings of the 11th International Information Security Conference - IFIP/SEC 1995. ; addendum, s. 44-57
-
Tidskriftsartikel (refereegranskat)abstract
- This paper suggests a quantitative approach to security, and specifically to a security-concept, which is regarded as an attribute of dependability together with reliability, availability and safety. We note that security is a more complex attribute of dependability than are the other three, and that it can therefore be split into preventive and behavioural aspects. We show that, in addition to availability, confidentiality could be used to denote a new type of behavioural aspect of dependability. Integrity is interpreted in terms of fault prevention, and is not directly related to system behaviour. A practical measure for behavioural dependability attributes including confidentiality is defined. Due to the dependability viewpoint of security that we take, a measure could be derived using traditional reliability methods, such as Markov modelling. The measure is meant for practical trade-offs within a class of computer systems. The measure quantifies system performance on user-specified service levels, which may be operational or failed. Certain levels may be related to confidentiality degradations or confidentiality failures. A simple Reference Monitor example is given to illustrate the use of the measure. The calculation method is then extended to handle situations with non–exponential failure rates, which is the normal case in security applications, by means of using phase–type modelling. This is illustrated by introducing malicious software, such as a Trojan Horse into the Reference Monitor.
|
|
| 33. |
- Jonsson, Erland, 1946, et al.
(författare)
-
An Empirical Model of the Security Intrusion Process
- 1996
-
Ingår i: Proceedings of the Eleventh Annual Conference on Computer Assurance, 1996. COMPASS 1996.. ; , s. 176-186
-
Tidskriftsartikel (refereegranskat)abstract
- This paper describes a security model developed fromempirical data collected from a realistic intrusion experiment in which a number of undergraduate students wereinvited to attack a distributed computer system. Relevantdata with respect to their intrusion activities were recorded continuously. We have worked out a hypothesis on typical attacker behavior based on experiences from this and other similar experiments. The hypothesis suggests that the attacking process can be split into three phases: the learningphase, the standard attack phase and the innovativeattack phase. The probability for successful attacks duringthe learning phase is expected to be small and, if a breachoccurs, it is rather a result of pure luck than deliberateaction. During the standard attack phase, this probability is considerably highel; whereas it decreases again in the innovative attack phase. The collected data indicates that the breaches during the standard attack phase are statistically equivalent. Furthermore, the times between breaches seem to be exponentially distributed, which means that traditional methods for reliability modeling of component failures may be applicable
|
|
| 34. |
- Jonsson, Erland, 1946, et al.
(författare)
-
Identifying Suitable Attributes for Security and Dependability Metrication
- 2013
-
Ingår i: SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies - August 25 - 31, 2013 - Barcelona, Spain. - 2162-2116. - 9781612082981 ; , s. 1-7
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we suggest a framework for security and dependability metrics that is based on a number of non-functional system attributes. The attributes are the traditional security attributes (the “CIA”) and a set of dependability attributes. Based on a system model, we group those attributes into protective attributes and behavioural attributes and propose that metrication should be done in accordance. We also discuss the dependence between these two sets of attributes and how it affects the corresponding metrics.The metrics themselves are only defined to a limited degree. The concepts of security and dependability largely reflect the same basic system meta-property and are partly overlapping. We claim that the suggested approach will facilitate making quantitative assessment of the integrated concept of security and dependability as reflected by those attributes.
|
|
| 35. |
|
|
| 36. |
- Jonsson, Erland, et al.
(författare)
-
On the Functional Relation between Security and Dependability Impairments
- 1999
-
Konferensbidrag (refereegranskat)abstract
- Problems related to security and dependability/reliability are still treated separately in many contexts. It has been shown that there is a considerable conceptual overlap, however, and an integrated framework for the two disciplines has already been suggested. This paper shows that there is also a conceptual overlap of impairments from these areas and suggests an integrated approach that clarifies the functional relation between these, both from dependability and security viewpoints. The overall objective is to arrive at a general and clear-cut framework that would describe how trustable (dependable, secure) a system is, regardless of the reason for its not being totally trustable. For example, it should be possible to treat a system failure caused by an intentional intrusion or a hardware fault using the same methodology. A few examples from real-world situations are given to support the suggested approach
|
|
| 37. |
- Jonsson, Erland, 1946, et al.
(författare)
-
On the Integration of Security and Dependability in Computer Systems
- 1992
-
Ingår i: IASTED International Conference on Reliability, Quality Control and Risk Assessment Washington DC, USA, 1992, ISBN 0-88986-171-4. ; , s. 93-97
-
Konferensbidrag (refereegranskat)abstract
- Historically the trustworthiness of a computer system was characterized by its reliability and availability. Later on safety was integrated into what is now termed dependability. System security was originally a concept that described the protection of information from intentional and hostile interaction. It has now been suggested that security should be treated as a dependability attribute, parallel to reliability, availability and safety, but the implications of this integration has not yet been fully realized. This paper presents a novel approach to security, intended to facilitate and improve this integration. This is accomplished by taking a dependability viewpoint on traditional security and interpreting it in terms of system behaviour and fault prevention. A modified security concept, comprising only fault prevention characteristics and a new behaviouristic concept, privacy, are defined. The outcome of this interpretation will influence the integration of the other three dependability attributes.
|
|
| 38. |
- Jonsson, Erland, 1946, et al.
(författare)
-
Security Assessment Based on Attacker Behavior
- 1996
-
Ingår i: Nordic Workshop on Secure Computer Systems, NORDSEC '96.
-
Konferensbidrag (refereegranskat)abstract
- This paper is based on a conceptual framework in which security can be split into two generic types of characteristics, behavioral and preventive. Here, preventive security denotes the system’s ability to protect itself from external attacks. One way to describe the preventive security of a system is in terms of its interaction with the alleged attacker, i.e., by describing the intrusion process. To our knowledge, very little is done to model this process in quantitative terms. Therefore, based on empirical data collected from intrusion experiments, we have worked out a hypothesis on typical attacker behavior. The hypothesis suggests that the attacking process can be split into three phases: the learning phase, the standard attack phase and the innovative attack phase. The probability for successful attacks during the learning and innovative phases is expected to be small, although for different reasons. During the standard attack phase it is expected to be considerably higher. The collected data indicates that the breaches during the standard attack phase are statistically equivalent and that the times between breaches are exponentially distributed. This would actually imply that traditional methods for reliability modeling could be applicable.
|
|
| 39. |
- Jonsson, Erland, 1946, et al.
(författare)
-
Security in a Dependability Perspective
- 1994
-
Ingår i: Nordic Seminar on Dependable Computing Systems 1994 (NSDCS '94), Lyngby, Denmark. ; , s. 175-186
-
Konferensbidrag (refereegranskat)abstract
- Historically security has developed as a discipline, separate from the original dependability framework, which included reliability, availability and safety attributes. Therefore, the integration of security in this framework has not yet been fully accomplished. This paper presents a novel approach to security, intended to facilitate and improve this integration. This is achieved by taking a dependability viewpoint on traditional security and interpreting it in behavioural and preventive terms. A modified security concept, comprising only preventive characteristics is defined where confidentiality is suggested to be a behavioural dependability attribute. The outcome of this interpretation influences the integration of the other three dependability attributes. The overall objective of this approach is to arrive at a more general and clear-cut dependability framework that would describe how (un)dependable a system is, irrespective of the reason for the (un)dependability. For example, it should be possible to treat a system failure due to an intentional intrusion of due to a hardware fault using the same methods and in parallel. Finally, the problem of interpreting concepts and terminology for security impairments in dependability terms is addressed, based on a few examples from real security breaches. It is realized that this is an area where future work is necessary.
|
|
| 40. |
- Jonsson, Erland, 1946, et al.
(författare)
-
Security intrusion process: an empirical model
- 1997
-
Ingår i: IEEE Aerospace and Electronic Systems Magazine. - : Institute of Electrical and Electronics Engineers (IEEE). - 0885-8985. ; 12:4, s. 7-17
-
Tidskriftsartikel (refereegranskat)abstract
- This paper describes a security model developed from empirical data collected from a realistic intrusion experiment in which a number of undergraduate students were invited to attack a distributed computer system. Relevant data, with respect to their intrusion activities, were recorded continuously. We have worked out a hypothesis on typical attacker behavior based on experiences from this and other similar experiments. The hypothesis suggests that the attacking process can be split into three phases: the learningphase, the standard attack phase and the innovative attack phase. The probability for successful attacks during the learning phase is expected to be small and, if a breach occurs, it is rather a result of pure luck than deliberate action. During the standard attack phase, this probability is considerably higher, whereas it decreases again in the innovative attack phase. The collected data indicates that the breaches during the standard attack phase are statistically equivalent. Furthermore, the times between breaches seem to be exponentially distributed, which means that traditional methods for reliability modelling of component failures may be applicable.
|
|
| 41. |
- Jonsson, Erland, 1946
(författare)
-
Towards an Integrated Conceptual Model of Security and Dependability
- 2006
-
Ingår i: The First IEEE International Conference on Availability, Reliability and Security (ARES 2006). ; , s. 646-653
-
Konferensbidrag (refereegranskat)abstract
- It is now commonly accepted that security and dependability largely represent two different aspects of an overall meta-concept that reflects the trust that we put in a computer system. There exists a large number of models of security and dependability with various definitions and terminology. This position paper suggests a high-level conceptual model that is aimed to give a novel approach to the area. The model defines security and dependability characteristics in terms of a systems interaction with its environment via the system boundaries and attempts to clarify the relation between malicious environmental influence, e.g. attacks, and the service delivered by the system. The model is intended to help reasoning about security and dependability and to provide an overall means for finding and applying fundamental defence mechanisms. Since the model is high-level and conceptual it must be interpreted into each specific sub-area of security/dependability to be practically useful.
|
|
| 42. |
- Kleberger, Pierre, 1978, et al.
(författare)
-
A Framework for Assessing the Security of the Connected Car Infrastructure
- 2011
-
Ingår i: The Sixth International Conference on Systems and Networks Communications (ICSNC), Proceedings. Barcelona, 23-29 October 2011. IARIA.. - 9781612081663 ; , s. 236-241
-
Konferensbidrag (refereegranskat)abstract
- In this paper, a framework for assessing the security of the connected car infrastructure is presented. The framework includes a model of the infrastructure and a security assessment tree. The model consists of a managed infrastructure and the vehicle communication. The managed infrastructure is further divided into five parts; automotive company applications’ centre, third party applications’ centre, trusted network, untrusted network, and the Internet backbone. The model clarifies the different communication possibilities between the managed infrastructure and the vehicle. Furthermore, the assessment tree defines four categories that need to be addressed in securing vehicular services; the actors, Vehicle–to–X communication technologies, network paths, and the dependability and security attributes. Moreover, we demonstrate the benefit of the framework by means of two scenarios. In this way, the communication in these scenarios are mapped to the model, which makes it possible to analyse the security issues for the scenarios according to the assessment tree. The intention with such an analysis is to identify possible weaknesses of services in the connected car.
|
|
| 43. |
- Kleberger, Pierre, 1978, et al.
(författare)
-
An In-Depth Analysis of the Security of the Connected Repair Shop
- 2012
-
Ingår i: The Seventh International Conference on Systems and Networks Communications (ICSNC), Proceedings. Lisbon, 18-23 November, 2012. IARIA.. - 9781612082318 ; , s. 99-107
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we present a security analysis ofdelivering diagnostics services to the connected car in futureconnected repair shops. The repair shop will mainly providetwo services; vehicle diagnostics and software download. Weanalyse the security within the repair shop by applying a reducedversion of the threat, vulnerability, and risk analysis (TVRA)method defined by ETSI. First, a system description of therepair shop is given. Security objectives and assets are thenidentified, followed by the threat and vulnerability analysis.Possible countermeasures are derived and we outline and discussone possible approach for addressing the security in the repairshop. We find that many of the identified vulnerabilities candirectly be mitigated by countermeasures and, to our surprise,we find that the handling of authentication keys is critical andmay affect vehicles outside the repair shop as well. Furthermore,we conclude that the TVRA method was not easy to follow,but still useful in this analysis. Finally, we suggest that repairshop security should mainly be addressed at the link layer. Suchan approach may integrate network authentication mechanismsduring address allocation and also support encryption of datafor all upper layer protocols with minimal modifications.
|
|
| 44. |
- Kleberger, Pierre, 1978, et al.
(författare)
-
Security aspects of the in-vehicle network in the connected car
- 2011
-
Ingår i: IEEE Intelligent Vehicles Symposium, Proceedings. Baden-Baden, 5-9 June 2011. - 9781457708909 ; , s. 528-533
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we briefly survey the research with respect to the security of the connected car, and in particular its in-vehicle network. The aim is to highlight the current state of the research; which are the problems found, and what solutions have been suggested. We have structured our investigation by categorizing the research into the following five categories: problems in the in-vehicle network, architectural security features, intrusion detection systems, honeypots, and threats and attacks. We conclude that even though quite some effort has already been expended in the area, most of it has been directed towards problem definition and not so much towards security solutions. We also highlight a few areas that we believe are of immediate concern.
|
|
| 45. |
- Kruegel, Christoffer, et al.
(författare)
-
FORWARD -- Second Workshop Report
- 2009
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- This deliverable summarizes the activity of the second FORWARDworkshop. Thisworkshop constituted the end of the second phase of the project. The aim of thissecond phase was to establish a number of working groups; each working grouphad to identify a number of emerging threats in their respective areas (malware andfraud, smart environments, and critical systems). These threats were summarizedin three threat reports (Deliverable D2.1.x), one per working group. The goal ofthe second workshop was to checkpoint and critically review the work that hasbeen done in the working groups, in particular, the threat reports. More precisely,each working group should present their threats to a larger audience comprisedof experts. In discussions and presentations, we wanted to make sure that thelists of threats are comprehensive – that is, each working group has identified allmajor threats in their respective areas. Moreover, we wanted to use the workshopto establish an initial ranking for the threats presented by each working group.Clearly, at one point, it is necessary to prioritize threats and focus the attention onthose that present the largest threat potential to ICT infrastructures and the societyat large. Of course, the assessment of the danger that each threat poses, as wellas an analysis of inter-dependencies among threats, is a focus of the third projectphase (which is to be completed by the end of the year). However, we attemptedto leverage the presence of a large amount of domain experts to obtain an initialranking that would combine and reflect the viewpoints of a large audience.For the second workshop, we decided to invite a number of selected speakersthat would give presentations at the beginning of the workshop on the first dayand later during the second day. The talks set a framework in which the detailedtechnical discussions about the individual threat reports could take place. For thesediscussions, the attendees would first break into working group sessions to performthe necessary review of the threats that each group had defined. Then, in a next step,the outcome of each discussion was presented to the audience at large. This twostepprocess served two purposes. First, in the actual discussion sessions, we hadless people involved. Thismade the discussion process manageable and interactive.In the second step, we presented our findings in a succinct fashion to the whole audience. This allowed everybody who participated in the first discussion round toensure that their opinions were correctly reflected. In addition, it allowed peoplethat were present in other working group discussions to see what other groups did,and to provide feedback.According to Annex 1, a total of 60 attendees was considered to be the thresholdfor a successful workshop. This threshold was significantly exceeded, witha total of 103 attendees. This clearly demonstrates the significant interest andparticipation to the FORWARD working groups and workshops. Moreover, nonacademicparticipation remains to be strong. 39 attendees (37.8% of the participants)came from industry or policy-making institutions.In this document, we first summarize the three working group discussions thatwere held during the two-day workshop. In addition to the discussion sessions, atotal of 11 talks were given in the form of plenary talks and keynotes. Moreover,we had 7 five-minute work-in-progress talks. These talks are summarized in thesubsequent chapter. Finally, we discuss the conclusions that the consortium hasdrawn from the workshop, and we briefly outline the future actions that we plan totake in the subsequent, third phase of the project.
|
|
| 46. |
- Kruegel, Christoffer, et al.
(författare)
-
FORWARD Threat Report
- 2009
-
Bok (övrigt vetenskapligt/konstnärligt)abstract
- This document is the compilation of the three threat reports that were producedindependently by the three FORWARD working groups during the second phaseof the project. These working groups were established after the first FORWARDworkshop that was held in Goteborg, Sweden in April 2008. They are briefly describedin the following paragraphs:The Malware and Fraud working group is concerned with the malware andfraud-related threats on the Internet. It covers topics that range from novel malwaredevelopments over botnets to cyber crime and Internet fraud.The Smart Environments working group is concerned with ordinary environmentsthat have been enhanced by interconnected computer equipment. There isgeneral expectation that a large number of small devices such as sensors and mobilephones will be interconnected. The group aims to identify emerging trendswith respect to security in this domain.The Critical Systems working group focuses on critical systems whose disruptionof operation can lead to significant material loss or threaten human life. Itattempts to identify emerging threats in this area.For our work, we introduce the following definition of threat:Threat - Definition : A threat is any indication, circumstance, or event with thepotential to cause harm to an ICT infrastructure and the assets that dependon this infrastructure.Our version is related to a variety of other definitions that exist in the literature,such as the ones provided by ISO/IEC and the EU Green Paper for Criticalinfrastructure protection, 2005 [20]. In both cases, a threat is described as a event,circumstance, or incident that has the potential to cause destruction or, more general,harm to the system or organization that is exposed to the threat. We adapt ourdefinition to explicitly refer to ICT infrastructures and assets, as this is the scope of the project. However, we observe that the definition is reasonably general toaccommodate a wide range of possible threats and scenarios. This is necessary toallow different working groups to identify interesting threats without being constrainedby an overly narrow, initial definition.Creating a list of emerging and future threats is a challenging endeavor. Thepast has witnessed many stunning scientific and technical advances, and these advanceshave transformed society and the way people use and rely on informationtechnology. Of course, also attackers are creative and constantly invent new waysof abusing technologies and applications for financial profit or simply because theyenjoy virtual vandalism. Thus, trying to imagine potential developments is alwaysat risk of failing to accurately predict the future. Nevertheless, it is important toactively think about the potential risks and threats that emerging technologies andtheir applications entail. Otherwise, one would simply concede to the adversariesand, at most, react to their new attacks.One way to think about emerging and future threats is to bring together a groupof domain experts and let them enter a dialogue in which they will (hopefully)come up with a set of possible threats. This is one possible way, and in part an approachthat FORWARD leverages through its working groups. However, it wouldbe desirable to introduce a more systematic methodology to think about emergingthreats. In FORWARD, we attempt to do this by introducing a number of “axes”along which developments can happen (or are currently unfolding). These axesserve as the main drivers of development in general, and allow us to set a frameworkin which each working group can systematically explore threats. [...]
|
|
| 47. |
|
|
| 48. |
- Kvarnström, Håkan, 1968, et al.
(författare)
-
A Protection Scheme For Security Policies In Ubiquitous Environments Using One-Way Functions
- 2002
-
Ingår i: UBICOMP2002 - Workshop on Security in Ubiquitous Computing, Göteborg, 29 September 2002.
-
Konferensbidrag (refereegranskat)abstract
- This paper addresses the problem of protecting security policies and other security-related information in security mechanisms and products, such as the detection policy in an Intrusion Detection System (IDS) or the filtering policy in a firewall. Unauthorized disclosure of the such information is particularly serious, since it might reveal the fundamental principles and methods for the security and protection of the whole system or network, which is much more far-reaching that the protection of the target system or security mechanism itself. This problem is especially noticeable in ubiquitous environments where a possible large number of nodes need knowledge about the security policy of their domain. In order to avoid this risk we suggest that security information should be protected using one-way functions and the paper suggests a basic scheme for protecting stateless policies. A stateless policy is a policy that only takes the current event into consideration when decisions are made and not the preceding chain of events. Thus, the process of comparing events towards the policy, i.e. making decisions, could be done in much the same way that passwords are hashed and compared in UNIX systems. However, one important distinction is that security policies contain a certain variability that must be handled and a method for this is discussed. The suggested scheme is very basic and has certain drawbacks as regards practical implementation, but does still clearly demonstrate the protection principle. We expect further research to result in extended methods that are more suitable for practical design.
|
|
| 49. |
|
|
| 50. |
|
|
