1,721,058 research outputs found
A fuzzy model for IT security investments
No full textThis paper presents a fuzzy set based decision support model for taking uncertainty into account when making security investment decisions for distributed systems. The proposed model is complementary to probabilistic approaches and useful in situations where probabilistic information is either unavailable or not appropriate to reliably predict future conditions. We first present the specification of a formal security language that allows to specify under which conditions a distributed system is protected against security violations. We show that each term of the security language can be transformed into an equivalent propositional logic term. Then we use propositional logic terms to define a fuzzy set based decision model. This optimization model incorporates uncertainty with regard to the impact of investments on the achieved security levels of components of the distributed system. The model also accounts for budget and security constraints, in order to be applicable in practice
On security protocols for desktop sharing
No full textIn this paper we examine security protocols employed in a number of tools for desktop sharing. These tools allow one user to see and interact with the desktop of another user, i.e. transmitting the contents of one computer's logical display to another place, including user interaction. In contrast to remote sessions, with desktop sharing, the access to the machine is shared, e.g. for interactive user support or for supporting administrators by experts for certain tasks or application programs. A number of these tools use an external communication server as a relay to sidestep problems when both the user and the support agent are behind firewalls. In this paper we identify design flaws in the security protocols employed by a number of such tools, most notably a problem which allows the provider of the communication server to compromise the security of the communication. Further, we examine the certificates of security that some of these tools bear in the light of our findings. Ad- ditionally, we analyse the security requirements for a relayed communication protocol, which seems to be missing so far, and make high-level suggestions for an instantiation
A Fuzzy Model for IT Security Investments
Full text linkThis paper presents a fuzzy set based decision support model for taking uncertainty into account when making security investment decisions for distributed systems. The proposed model is complementary to robabilistic approaches and useful in situations where probabilistic information is either unavailable or not appropriate to reliably predict future conditions. We first present the specification of a formal security language that allows to specify under which conditions a distributed system is protected against security violations. We show that each term of the security language can be transformed into an equivalent propositional logic term. Then we use propositional logic terms to define a fuzzy set based decision model. This optimization model incorporates uncertainty with regard to the impact of investments on the achieved security levels of components of the distributed system. The model also accounts for budget and security constraints, in order to be applicable in practice
Selektion in der digitalen Forensik
Full text linkToday digital forensic investigation is a standard procedure in crime investigations of law enforcement agencies. While classic forensic sciences like dactyloscopy have become common and are based on standardized procedure and methods with profound theoretical knowledge on one hand and an evaluated practical approach on the other hand, digital forensic is in the early stage of development.
In the field of digital forensic academic research and practitioners seem to coexist instead of providing each other with their specific knowledge. A lot of theoretical considerations could not be implemented in practice while in some practical areas the work is done in a non-forensically sound matter because of the missing scientific fundament.
The thesis is focused on the preservation phase of a digital forensic investigation; mainly the selection of dedicated data objects for the preservation or the specific deletion of these objects.
This work examines the origin of forensical sciences from the field of criminalistics and discusses scientific and juridical fundamentals. The commonly used terms authenticity and integrity are explicitly defined and transferred from classical forensic sciences to digital forensic. Juridical requirements like the code of criminal procedure (StPO) and the ”Elfes-Urteil“ are adopted to the definition of appropriate (permitted and relevant) data sets for the investigation.
The main focus of this thesis is the theoretical definition of parameters for a forensically sound selective imaging and the examination of applicability in practice. For this purpose existing forensic standard tools where tested and evaluated against predefined criteria. Additional the complex of selective deletion is examined. Juridical claims are confronted with technical possibilities. On the basis of an implemented prototyp and an exisiting forensic tool the practical capability is demonstrated.Die IT-Forensik gehört zu den Standard-Ermittlungsbereichen und Standardansätzen der Strafverfolgungsbehörden weltweit. Während sich klassische Wissenschaften, wie die Daktyloskopie, längst anhand von standardisierten Vorgehensweisen und Modellen zu forensischen Wissenschaften mit fundierten theoretischen Überlegungen auf der einen Seite und dem praktischen Einsatz auf der anderen Seite entwickelt haben, zeigen sich in der IT-Forensik offensichtliche Defizite.
Grundlegende wissenschaftliche Forschung konkurriert mit pragmatischen technischen Ansätzen. In vielen Teilbereichen werden theoretische Überlegungen ”auf dem Reißbrett“ entworfen, die in die Praxis nicht umgesetzt werden können, während in anderen Bereichen praktisch ohne eine fundierte forensische Grundlage gearbeitet wird.
Die vorliegende Arbeit fokussiert den Teilbereich der Sicherungsphase IT-forensischer Untersuchungen in Hinblick auf gezielte Selektionen im Bereich der Sicherung und des Löschens dedizierter Datenobjekte.
Im theoretischen Bereich werden die Ursprünge der forensischen Wissenschaften aus der Kriminalistik sowie deren wissenschaftliche und juristische Grundlagen betrachtet. Aufbauend hierauf werden die allgemein verwendeten Begriffe der Authentizität und der Integrität für analoge und digitale Beweismittel übergreifend klar definiert, bevor diese auf das Spezialgebiet der digitalen Forensik übertragen werden. Juristische Rahmenbedingungen, wie die StPO oder das Elfes-Urteil, gehen hierbei in die theoretischen Überlegungen zur Definition in einem Ermittlungsprozess geeigneter (erlaubter und relevanter) Datenmengen ein.
Hauptaugenmerk dieser Arbeit ist die theoretische Definition von Rahmenbedingungen einer forensisch korrekten selektiven Sicherung und der Untersuchung der Anwendbarkeit einer solchen alternativen Sicherungsmethode in der Praxis. Hierfür wurden die aktuell zur Verfügung stehenden forensischen Standard-Tools anhand eines Testaufbaus untersucht und gegen aufgestellte Kriterien evaluiert. Ergänzend zur selektiven Sicherung wird der Themenkomplex des selektiven Löschens beleuchtet. Juristischen Forderungen werden technische Möglichkeiten gegenübergestellt. Anhand eines implementierten Prototypen und einer existierenden forensischen Software wird aufgezeigt, dass selektives Löschen in Theorie und Praxis möglich ist
Collusion-secure fingerprint watermarking for real world applications
No full textDigital transaction watermarking today is a widely accepted mechanism in multimedia security. One major threat on transaction watermarking are collusion attacks. Here multiple individualized copies of the work are mixed to produce a counterfeited or undetectable watermark. One common countermeasure is the usage of so-called fingerprints. Theoretical fingerprint approaches do not consider the inaccuracy of the detection process of watermarking algorithms. In this work we show how an existing fingerprint code can be optimized with respect to code length in order to collaborate with a watermarking algorithm to provide a maximum of reliability with a minimum of payload
Amun: automatic capturing of malicious software
No full textThis paper describes the low-interaction server honeypot Amun. Through the use of emulated vulnerabilities Amun aims at capturing malware in an automated fashion. The use of the scriping language Python, a modular design, and the possibility to write vulnerability modules in XML allow the honeypot to be easily maintained and extended to personal needs
Iterative präzisionsbewertende Signaturgenerierung
No full textDie Wirksamkeit signaturbasierter Intrusion Detection Systeme hängt entscheidend von der Präzision der verwendeten Signaturen ab. Die Ursachen unpräziser Signaturen sind hauptsächlich der Signaturableitung zuzuschreiben. Die Spezifikation einer Signatur ist aufwendig und fehleranfällig. Methoden für ein systematisches Vorgehen existieren bisher kaum. In diesem Papier stellen wir einen Ansatz zur systematischen Ableitung von Signaturen für Host-basierte IDS vor. Ausgehend vom Programmcode und der Verwundbarkeit werden ganze Signaturen oder Signaturfragmente generiert. Wir zeigen, dass durch den Einsatz von statischer Code-Analyse der Entwurfsprozess für Signaturen automatisiert und entscheidend verkürzt werden kann. Ferner ist eine Qualitätsabschätzung der abgeleiteten Signatur möglich
Session fixation – the forgotten vulnerability?
No full textThe term 'Session Fixation vulnerability' subsumes issues in Web applications that under certain circumstances enable the adversary to perform a session hijacking attack through controlling the victim's session identifier value. We explore this vulnerability pattern. First, we give an analysis of the root causes and document existing attack vectors. Then we take steps to assess the current attack surface of Session Fixation. Finally, we present a transparent server-side method for mitigating vulnerabilities
Quantitative model-based safety analysis: a case study
No full textThe rising complexity of many safety-critical systems necessitates new analysis methods. Model-based safety analysis approaches aim at finding critical failure combinations by analysis of models of the whole system (i.e. software, hardware, and failure modes). The big advantage of these methods compared to traditional approaches is that the results are of very high significance. Until now, model-based approaches have only to a limited extent been applied to answer quantitative questions in safety analysis. Model-based approaches in this context are often limited to analysis of specific failure propagation models. They do not include system dynamics and behavior. A consequence is, that the methods are very error-prone because of wrong assumptions. New achievements in the domain of (probabilistic) model-checking now allow for overcoming this problem. This paper illustrates how such an approach for quantitative model-based safety analysis is used to model and analyze a real-world case study from the railway domain
Real-time fault-tolerant routing in high-availability multicast-aware video networks
No full textLive-videostream networks based on multimedia switches are the most recent products used in television production and distribution facilities to transport the live signal from sources like cameras or microphones to dedicated sinks like video monitors, loudspeakers and transmission lines. To switch signals from a single source to several destinations multicasting or point-to-multipoint technology is considered. To compute multicast trees for multimedia communication, constrained shortest paths algorithms are needed. They are fundamental to important network functionality such as Quality of Service (QoS) routing or Multiprotocol label switching (MPLS) path selection and the problems they attempt to solve are known to be NP-complete. In previous work, we have introduced a heuristic called Multimedia Multicast algorithm (MulMic), which delivers nearly optimal multicast trees in a short time. Here, we propose the combination of MulMic and two models for fault-tolerant routing: disjoint paths and reservation of backup paths. Furthermore we introduce a realtime algorithm we call ZirkumFlex to handle one or even several simultaneous node or line failures in a multicast network by a local search to bypass the failed node or line. We also apply our algorithm to example graphs to demonstrate its feasibility
- …
