| 11. |
- Holm, Hannes, et al.
(författare)
-
CySeMoL : A tool for cyber security analysis of enterprises
- 2013
-
Ingår i: CIRED. - : Institution of Engineering and Technology.
-
Konferensbidrag (refereegranskat)abstract
- The Cyber Security ModellingLanguage (CySeMoL) is a tool for quantitative cyber security analyses of enterprise architectures. This paper describes the CySeMoL and illustrates its use through an example scenario involving cyber attacks against protection and control assets located inan electrical substation.
|
|
| 12. |
- Holm, Hannes, et al.
(författare)
-
Effort estimates on web application vulnerability discovery
- 2013
-
Konferensbidrag (refereegranskat)abstract
- Web application vulnerabilities are widely considered a serious concern. However, there are as of yet scarce data comparing the effectiveness of different security countermeasures or detailing the magnitude of the security issues associated with web applications. This paper studies the effort that is required by a professional penetration tester to find an input validation vulnerability in an enterprise web application that has been developed in the presence or absence of four security measures: (i) developer web application security training, (ii) type-safe API’s, (iii) black box testing tools, or (iv) static code analyzers. The judgments of 21 experts are collected and combined using Cooke’s classical method. The results show that 53 hours is enough to find a vulnerability with a certainty of 95% even though all measures have been employed during development. If no measure is employed 7 hours is enough to find a vulnerability with 95% certainty.
|
|
| 13. |
- Holm, Hannes, et al.
(författare)
-
Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks
- 2012
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - 1545-5971 .- 1941-0018. ; 9:6, s. 825-837
-
Tidskriftsartikel (refereegranskat)abstract
- The Common Vulnerability Scoring System (CVSS) is a widely used and well-established standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities in the US National Vulnerability Database (NVD) are scored according to this method. As computer systems typically have multiple vulnerabilities, it is often desirable to aggregate the score of individual vulnerabilities to a system level. Several such metrics have been proposed, but their quality has not been studied. This paper presents a statistical analysis of how 18 security estimation metrics based on CVSS data correlate with the time-to-compromise of 34 successful attacks. The empirical data originates from an international cyber defense exercise involving over 100 participants and were collected by studying network traffic logs, attacker logs, observer logs, and network vulnerabilities. The results suggest that security modeling with CVSS data alone does not accurately portray the time-to-compromise of a system. However, results also show that metrics employing more CVSS data are more correlated with time-to-compromise. As a consequence, models that only use the weakest link (most severe vulnerability) to compose a metric are less promising than those that consider all vulnerabilities.
|
|
| 14. |
- Holm, Hannes, et al.
(författare)
-
Estimates on the effectiveness of web application firewalls against targeted attacks
- 2013
-
Ingår i: Information Management & Computer Security. - 0968-5227 .- 1758-5805. ; 21:4, s. 250-265
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose – The purpose of this paper is to estimate the effectiveness of web application firewalls (WAFs) at preventing injection attacks by professional penetration testers given presence or absence of four conditions: whether there is an experienced operator monitoring the WAF; whether an automated black box tool has been used when tuning the WAF; whether the individual tuning the WAF is an experienced professional; and whether significant effort has been spent tuning the WAF.Design/methodology/approach – Estimates on the effectiveness of WAFs are made for 16 operational scenarios utilizing judgments by 49 domain experts participating in a web survey. The judgments of these experts are pooled using Cooke's classical method.Findings – The results show that the median prevention rate of a WAF is 80 percent if all measures have been employed. If no measure is employed then its median prevention rate is 25 percent. Also, there are no strong dependencies between any of the studied measures.Research limitations/implications – The results are only valid for the attacker profile of a professional penetration tester who prepares one week for attacking a WA protected by a WAF.Practical implications – The competence of the individual(s) tuning a WAF, employment of an automated black box tool for tuning and the manual effort spent on tuning are of great importance for the effectiveness of a WAF. The presence of an operator monitoring it has minor positive influence on its effectiveness.Originality/value – WA vulnerabilities are widely considered a serious concern. To manage them in deployed software, many enterprises employ WAFs. However, the effectiveness of this type of countermeasure under different operational scenarios is largely unknown.
|
|
| 15. |
- Holm, Hannes, et al.
(författare)
-
Expert assessment on the probability of successful remote code execution attacks
- 2011
-
Ingår i: Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011. - 9789898425614 ; , s. 49-58
-
Konferensbidrag (refereegranskat)abstract
- This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.
|
|
| 16. |
- Holm, Hannes, et al.
(författare)
-
Indicators of expert judgement and their significance : An empirical investigation in the area of cyber security
- 2014
-
Ingår i: Expert systems (Print). - : Wiley. - 0266-4720 .- 1468-0394. ; 3:4, s. 299-318
-
Tidskriftsartikel (refereegranskat)abstract
- In situations when data collection through observations is difficult to perform, the use of expert judgement can be justified. A challenge with this approach is, however, to value the credibility of different experts. A natural and state-of-the art approach is to weight the experts' judgements according to their calibration, that is, on the basis of how well their estimates of a studied event agree with actual observations of that event. However, when data collection through observations is difficult to perform, it is often also difficult to estimate the calibration of experts. As a consequence, variables thought to indicate calibration are generally used as a substitute of it in practice. This study evaluates the value of three such indicative variables: consensus, experience and self-proclamation. The significances of these variables are analysed in four surveys covering different domains in cyber security, involving a total of 271 subjects. Results show that consensus is a reasonable indicator of calibration. The mean Pearson correlation between these two variables across the four studies was 0.407. No significant correlations were found between calibration and experience or calibration and self-proclamation. However, as a side result, it was discovered that a subject that perceives itself as more knowledgeable than others likely also is more experienced.
|
|
| 17. |
- Holm, Hannes, et al.
(författare)
-
Success Rate of Remote Code Execution Attacks : Expert Assessments and Observations
- 2012
-
Ingår i: Journal of universal computer science (Online). - : J.UCS consortium. - 0948-695X .- 0948-6968. ; 18:6, s. 732-749
-
Tidskriftsartikel (refereegranskat)abstract
- This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant. Estimates by the experts are compared to observations of actual attacks carried out during the cyber defense exercise. These comparisons show that experts' in general provide fairly inaccurate advice on an abstraction level such as in the present study. However, results also show a prediction model constructed through expert judgment likely is of better quality if the experts' estimates are weighted according to their expertise.
|
|
| 18. |
|
|
| 19. |
- Holm, Mathias, 1969, et al.
(författare)
-
Incidence and prevalence of chronic bronchitis: impact of smoking and welding. The RHINE study.
- 2012
-
Ingår i: The international journal of tuberculosis and lung disease : the official journal of the International Union against Tuberculosis and Lung Disease. - Paris, France : International Union Against Tuberculosis and Lung Disease. - 1815-7920 .- 1027-3719. ; 16:4, s. 553-7
-
Tidskriftsartikel (refereegranskat)abstract
- To investigate the prevalence and incidence rate of chronic bronchitis (CB) in relation to smoking habits and exposure to welding fumes in a general population sample.
|
|
| 20. |
- Holm, Mathias, 1969, et al.
(författare)
-
Respiratory health effects and exposure to superabsorbent polymer and paper dust - an epidemiological study.
- 2011
-
Ingår i: BMC public health. - : Springer Science and Business Media LLC. - 1471-2458. ; 11:1
-
Tidskriftsartikel (refereegranskat)abstract
- ABSTRACT: BACKGROUND: The primary aim of the present study was to investigate if exposure to dust from absorbent hygiene products containing superabsorbent polymer is related to symptoms from the airways and from the eyes. The secondary aim was to estimate the current exposure to superabsorbent polymer among production and maintenance workers in a plant producing hygiene products. METHODS: The cohort comprised 1043 workers of whom 689 were exposed to super absorbent polymer and 804 were exposed to paper dust (overlapping groups). There was 186 workers not exposed to either superabsorbent polymer or to paper dust They were investigated with a comprehensive questionnaire about exposure, asthma, rhinitis and symptoms from eyes and airways. The results were analyzed with logistic regression models adjusting for sex, age, atopy and smoking habits. An aerosol sampler equipped with a polytetrafluoroethylene filter with 1 um pore size was used for personal samplings in order to measure inhalable dust and superabsorbent polymer. RESULTS: The prevalence of nasal crusts (OR 1.4, 95% CI 1.01-2.0) and nose-bleeding (OR 1.7, 95% CI 1.2-2.4) was increased among the paper dust exposed workers (adjusted for superabsorbent polymer exposure). There were no significant effects associated with exposure to superabsorbent polymer (adjusted for paper dust exposure). The average exposure to inhalable levels of total dust (paper dust) varied between 0.40 and 1.37 mg/m3. For superabsorbent polymer dust the average exposure varied between 0.02 and 0.81 mg/m3. CONCLUSIONS: In conclusion, our study shows that workers manufacturing diapers in the hygiene industry have an increased prevalence of symptoms from the nose, especially nose-bleeding. There was no relation between exposure to superabsorbent polymer and symptoms from eyes, nose or respiratory tract, but exposure to paper dust was associated with nose-bleeding and nasal crusts. This group of workers had also a considerable exposure to superabsorbent polymer dust.
|
|
