1,721,053 research outputs found

    Modelling and Analyzing Attack- Defense Scenarios for Cyber- Ranges

    Full text link
    Rome was not built in a day, but it was burnt to the ground in only six. Wood naturally catches fire, and without adequate engineering, fireproof houses and training for firefighters, destruction caused by fire is inevitable. In the 21st century, our modern world is built not on wood but on a digital infrastructure that was proposed in the 20th century with very little thought to security. This has resulted in a countless number of incidents in which that infrastructure has been compromised, from hospitals serving critically ill patients to gas pipelines providing necessary heating to people living in adverse climate conditions. The current state of affairs is unacceptable, and serious efforts are needed to design and build a secure digital world and train individuals to use and operate it securely. Engineers and scientists design road infrastructure with great safety measures, but traffic accidents still happen. Indeed, they remain one of the leading causes of death in the world, and most traffic accidents are caused by human error or negligence. Similarly, the digital infrastructure can be designed and deployed securely, but its overall security and safety depend upon the humans who are operating and using it. Therefore, there is a great need to train individuals to operate the digital infrastructure in a secure manner. Multiple efforts are being made to provide this training. These efforts include cybersecurity education and training based on different pedagogical methods involving classroom teaching, workshops, seminars, conferences and hands-on training. However, the effects of these efforts are not yet visible, as we experience ever-increasing damage caused by cyber-attacks. Traditionally, most cybersecurity awareness and training has been achieved through classrooms and workshops. Little focus has been on hands-on cybersecurity exercises. This is because designing and deploying infrastructure to deliver realistic hands-on exercises is a resource- intensive, complex and difficult task that requires considerable manual technical expertise. This makes the training very expensive and the process error-prone and difficult to standardize. In order to solve these issues, different researchers have tried to remove inefficiencies in cybersecurity exercises by automating different phases of the exercises with limited success. Some efforts yielded very specific testbed-related artifacts, which were only applicable to that specific testbed, while other efforts lacked the complexity required for realistic cybersecurity exercises. Moreover, there is a lack of consensus among the community on defining the training scenarios that can be used in such exercises. Therefore, standard specifications of scenarios that can be executed in a cybersecurity exercise environment are needed. In this work, I attempt to overcome and address these issues by enhancing efficiency, realism and standardization with a novel method of modeling and executing cybersecurity exercise scenarios in a cybersecurity exercise environment, or a cyber range. This is achieved through the development of a domain-specific language that is used to model and specify the technical requirements for cybersecurity exercises at an abstract level. The model of the exercise scenario is formalized and verified through logic programming, and then the technical requirements are translated into operational artifacts through an orchestrator. The operational artifacts contain an exercise infrastructure with vulnerabilities, traffic generators and attack/defense agents that can exploit or defend those vulnerabilities at an operational level in a cyber range. The proposed system goes beyond the state of the art by overcoming many inefficiencies in cybersecurity exercise scenario modeling and deployment, making their execution efficient, realistic and computationally repeatable. The proposed artifacts and solutions were tested in Norway’s national cybersecurity competitions, university classrooms and other cybersecurity exercises with positive results

    Opportunities of Insecurity Refactoring for Training and Software Development

    Full text link
    Teaching software security is complex and should involve practical exercises. Practical exercises require software artifacts and projects that contain vulnerabilities. The vulnerabilities can be exploited to understand their impact on how different sanitization methods can be bypassed and how they can be mitigated. A frequent challenge is the creation of realistic projects that contain such vulnerabilities. The projects can be created manually with a lot of effort and can only be used once because exploiting the same vulnerabilities repeatedly will not provide a learning effect. The goal of this thesis is to provide a solution to automatically create such learning examples that are realistic and provide permutations that can be used repeatedly for teaching. As a solution to create learning examples automatically, we invented Insecurity Refactoring. Insecurity Refactoring is a change to the internal structure of a software to inject a vulnerability without changing the observable behavior in a normal use case scenario. Creating realistic vulnerabilities requires characterizing realistic vulnerabilities and identifying how they look like. To solve this challenge, we have reviewed the source code from 150 vulnerabilities that occurred in open-source projects in the categories SQL Injection, Cross Site Scripting and Buffer Overflow. From these vulnerabilities, we have categorized source code patterns of sources, sanitization, context, sinks, and fixes. Those patterns characterize realistic vulnerabilities and are used for Insecurity Refactoring. Additionally, the types of errors from the developers resulting in a vulnerability have been reviewed. Those point out the issues that should be taught to developers and mitigated in the development phase. Another challenge is creating learning examples that are difficult to detect by static code analysis tools. Those learning examples can also be used to teach developers what source code patterns should be avoided. The previously reviewed vulnerabilities have been scanned with a set of selected commercial and open-source static code analysis tools to identify patterns that produce false positive and false negative results. This insight allows mitigating such difficult patterns in the development phase to improve the effect of static code analysis. Additionally, these difficult patterns are used in the Insecurity Refactoring approach to create learning examples that cannot be solved by static code analysis tools. Our method of Insecurity Refactoring has been formalized by using a new defined Adversary Controlled Input Dataflow tree. The formalization allows detecting Possible Injection Paths. Those paths can be transformed into vulnerabilities. All the previously identified source code patterns are used to inject different permutations of vulnerabilities. We developed a tool to realize the formalized method. The tool was tested on open-source projects to check if the approach can inject vulnerabilities. If an open-source project is injectable it does not imply that it is less secure, instead it implies that static code analysis approaches can analyze them to find injection possibilities. The results have indicated that our approach can use 8.1% of the open-source projects found on GitHub to create learning examples. Projects transformed by our approach have been used as learning examples in two experiments with different groups. The results have shown that the Insecurity Refactoring method does not change the behavior of the program, except when the vulnerability is exploited. Accordingly, the definition of Insecurity Refactoring was confirmed. A survey of the attendees of the experiments has revealed that the transformed projects can be used as learning examples and that the examples are realistic. Another aspect of this thesis is to improve static code analysis tools. All the identified patterns have been combined to create two static code analysis benchmark data sets. The data sets have been scanned by commercial static code analysis tools. By calculating established static code analysis metrics, the data sets can be used to identify problems of the tools like high false alarm rate, low precision, low recall, etc. Additionally, we have provided a solution to identify patterns that the tools do not cover. The generation process has been discussed in an interview with experts from Software Assurance Metrics And Tool Evaluation (SAMATE) at the National Institute of Standards and Technology (NIST). They have approved that the generation process is solid. The two generated data sets are being hosted as an official Software Assurance Reference Dataset (SARD). This allows all developers of static code analysis tools to test their tools and improve it based on our research

    Digital transformation of public security - developing tripleloop- learning artifacts to meet emerged information security incident response resilience and readiness challenges in public emergency organizations

    Full text link
    Studies have found that resilience and response capabilities in a cyber-attack are unfamiliar to organizations, and it is also found that not only the IT-personnel, but also the crisis management group and teams need socio-technical resilience and readiness to handle such attacks. To overcome this resilience and readiness gap in the society and shortage of trained personnel to handle information security incidents, this project was established to suggest effective and efficient methods and tools and artifacts to train and work with information- and cyber security incident management in all organizations in general and particularly in public emergency organizations. The Design Science Research in Information Security as a pragmatism philosophical perspective was chosen for this project to develop learning artifacts to close the resilience and readiness gap in public emergency organizations. The research was approached with a naive inductive approach, and the strategy has been to meet the challenges with multiple mixed methods, and several public emergency organizations have been invited to take part in the research. Mostly, the studies have been cross-sectional, but the student-exercise have been executed over a 3-year period (longitude). The collection of data was initially done explanatory and descriptive, but exploratory data collection was collected to discuss and validate the findings. To analyze the data, socio-technical root-cause-analysis, categorical analysis from descriptive data/results questionnaires and expected/not expected or yes/no questions (dichotomous descriptive data), and qualitative effect analysis from the variety of actions, were used. In this thesis summary, several key concepts from the research project that have been developed and published in conference proceedings and journals are presented, together with analyzes of data from case-studies, training and exercises executed in the period of the research. Two publications and one report (appendix) present the current level of resilience and readiness in public emergency organizations, five of the publications and the appendix presents learning knowledge and learning frameworks, and four of the publications presents frameworks to learn from exercises. The major findings of this project are that a preparation for exercises framework and how to build EXCON teams for full-scaled information- and cyber security exercises has received very little attentions in the research community, and also in regard to societal training for readiness and resilience experiencing a cyber-attack. It was also established that 1) triple-loop-learning and 2) scoping development of serious games for information- and information- and cyber security incident response, are both relevant and new approaches to information security management exercises. Fine-tuned coordinated learning activities to meet the timeline of a scenario, and triple-loop-learning activities for use in the exercises are of great importance, and a user-centric-approach is of importance to be able to implement the activities at the right level in the organization and to close the gap one step at the time. Finally, socio-technical learning activities have shown that 1) targeted exercise goals developed in the scenarios are met during the exercises, 2) socio-technical step-by-step improvement can be developed based on the level of escalation maturity, and 3) organizations can learn from training and exercises

    Security Assurance of REST API based applications

    No full text
    Security assurance is the confidence that a system meets its security requirements, based on specific evidences that an assurance technique provide. In this thesis, I have proposed a quantification method which aims to develop security assurance profiles by measuring the level of security of a REST API. The notion of measuring security is complex and tricky, existing approaches are often based on manual review and time consuming tasks. In addition, there is little research work done on quantification of security assurance for REST APIs. A common perspective has been to focus on the vulnerabilities of a system while security testing. However, security requirements are not tend to get enough attention during a security test. The main approach of this thesis was to look at both requirements and vulnerabilities to accomplish a level of security assurance. Appropriate metrics were defined to reflect the \textit{requirement fulfillment} and the \textit{vulnerability presence}. The requirements were declared to be fulfilled if their associated security mechanisms were present. Vulnerabilities were on the other hand sorted into their relevant categories and assigned a risk score. The security assurance metric was defined as an equation where the vulnerability metric was subtracted from the requirement metric. The case studies were carried out at Statistics Norway, where the author is employed. Analyzes showed that the API with the most security mechanisms implemented got a slightly higher security assurance score. This was due to the fact that the vulnerabilities were considered more harmful in one of the cases as the security objectives diverged. The proposed quantification method can be re-used on any other domain, by altering the lists of requirements and vulnerabilities

    Security Assurance of REST API based applications

    Full text link
    Security assurance is the confidence that a system meets its security requirements, based on specific evidences that an assurance technique provide. In this thesis, I have proposed a quantification method which aims to develop security assurance profiles by measuring the level of security of a REST API. The notion of measuring security is complex and tricky, existing approaches are often based on manual review and time consuming tasks. In addition, there is little research work done on quantification of security assurance for REST APIs. A common perspective has been to focus on the vulnerabilities of a system while security testing. However, security requirements are not tend to get enough attention during a security test. The main approach of this thesis was to look at both requirements and vulnerabilities to accomplish a level of security assurance. Appropriate metrics were defined to reflect the \textit{requirement fulfillment} and the \textit{vulnerability presence}. The requirements were declared to be fulfilled if their associated security mechanisms were present. Vulnerabilities were on the other hand sorted into their relevant categories and assigned a risk score. The security assurance metric was defined as an equation where the vulnerability metric was subtracted from the requirement metric. The case studies were carried out at Statistics Norway, where the author is employed. Analyzes showed that the API with the most security mechanisms implemented got a slightly higher security assurance score. This was due to the fact that the vulnerabilities were considered more harmful in one of the cases as the security objectives diverged. The proposed quantification method can be re-used on any other domain, by altering the lists of requirements and vulnerabilities

    A SAML 2.0 Authentication Middleware for ASP.NET Core

    No full text
    The modern society is becoming more and more depended on information systems to run its critical services. Public infrastructure facilities, including the health services, commercial airlines and nuclear power plants depend on functional information systems to deliver secure and quality services to the society. One way of building information systems is the use of web-based Internet applications. Web applications are software programs that run on a web server, and are accessed through a web browser. They are accessible from any device or computer that is connected to the Internet. Considering the sensitivity and nature of personal information web applications store and give access to this days, they have to be built with security in mind. This includes, but not only limited to an effective authentication and authorization mechanism. Effective authentication in web applications can be achieved using web application authentication protocols such as SAML and others. Integrating a web application with a SAML identity provider is complex and time consuming for software developers. It requires a deep knowledge and understanding of XML, XML signatures and x509 certificates for encryption, decryption and signing of protocol messages. ASP.NET Core is the new framework developed by Microsoft for implementing web applications. At the moment, there are no free, open source SAML 2.0 libraries for ASP.NET Core. This thesis looks at how the SAML 2.0 authentication framework can be implemented in ASP.NET Core based web applications. It explores a way of making SAML 2.0 implementation friendly to software developers, by creating an open source, easy to configure, reusable, and flexible SAML 2.0 based authentication middleware for ASP.NET Core

    PKI and IoT Security: How to choose the most secure implementation?

    No full text
    Denne oppgaven vil fokusere på kombinasjonen av teknologiene IoT og PKI og hvordan disse teknologiene kan brukes sammen for å lage sikre løsninger. Den enorme variasjonen av produkter og implementasjonsformer i spesielt IoT, kan føre til at det implementeres sårbarheter som kan føre til fatale konsekvenser hvis de blir utnyttet under et cyberangrep. Intensjonen med denne oppgaven er å presentere en oversikt og en evaluering av nåværende løsninger og dets sårbarheter. Oppgaven vil også inkludere praktiske implementasjoner av PKI med tilhørende sårbarhetsanalyser, samt en anbefaling av en eller flere PKI løsninger basert på egenskaper til IoT utstyret

    Studying vulnerability history in an open-source software package

    Full text link
    I løpet av de siste årene har vi sett et økt fokus på utvikling av sikker programvare med rammeverk og verktøy som Microsoft Security Development Life Cycle og OWASP Software Maturity Model, men fortsatt ser vi kjente og godt dokumenterte sårbarheter som injections, cross site scripting og buffer overflows i lister over de mest vanlige sårbarhetene. Det å skrive sikker kildekode kan derfor være en utfordring og studier rundt sårbarheter i kildekode kan derfor være til hjelp for å forstå og forbedre programvare sikkerhet. Mange slike studier setter søkelys på det kvantitative aspektet rundt programvaresikkerhet, som for eksempel levetiden til sårbarheter, effekten av kodegjennomgang på sårbarheter, eller målinger som størrelsen på kodeendringer i sårbar kode. Slike studier kan gi innsikt i generelle trender rundt programvaresårbarheter eller innsikt inn i hvordan sårbarheter kan måles i kildekode. På den andre siden gir slike studier liten forståelse for hvordan sårbarheter oppstår og utvikler seg, og dette spørsmålet er teamet for dette prosjektet. For å svare på spørsmålet om hvordan sårbarheter oppstår og utvikler seg i kildekode vill gi gjøre en studie av sårbarhetshistorikken i det åpne kildekode prosjektet Libarchive. Med en undersøkende og kvalitativ tilnærming analyserer vi artefakter rundt sårbarhetene i kildekoden, som kodeoppdateringer, sårbarhetsrapporter og diskusjoner. Ut ifra denne analysen vill vi identifisere mønstre og fenomener rundt sårbarhetene. I tillegg vil vi også gjøre en analyse av det SosioTekniske systemet rundt sårbarhetshåndtering i prosjektet. Basert på disse analysene presenter vi en sårbarhetsmodell som beskrive fenomenene rund kodesårbarheter og hvordan det Sosio-Tekniske systemet spiller inn i disse fenomenene. Vi presenterer også en taksonomi for minnerelaterte sårbarheter, med type feil, steder for feil og rettelser av feil for denne typen sårbarheter. Denen taksonomien bygger på en tidliger buffer overflow taksonomi av Schuckert et al. [1]. Sammen gir modellen og taksonomien økt forståelse for hvordan sårbarheter oppstår og utvikler seg i kildekode og kan benyttes som verktøy for å forbedre utviklingsprosessen og sikkerheten i kildekode.Resent years has seen an increased focus on creating secure software with tools and frameworks like Microsoft Security Development Life Cycle and OWASP Software Maturity Model, but still we see well known and well documented vulnerabilities like injections, cross site scripting and buffer overflow in lists over most common vulnerabilities. Writing secure software can therefore be a challenging task, and research into security vulnerabilities can help to understand and improve software security. Many of these studies focus on the quantitative aspect of the subject, like vulnerability lifespan, effect of code review coverage on vulnerabilities, and metrics like commit sizes in vulnerable code. Such studies can be helpful in gaining insight into general trends of vulnerability evolution or insight into measures and coring systems to identify vulnerable code. On the other hand, they give little insight into what causes the vulnerabilities to emerge and evolve and is the question we will try to answer in this thesis. To answer the question about how vulnerabilities emerge and evolve, we study the vulnerability history in the Libarchive Open-Source Software (OSS) package. With an exploratory qualitative approach, we analyse artefacts like code updates, vulnerability reports and discussions related to the vulnerabilities in the OSS package and identify patterns and phenomena behind the vulnerabilities. We also perform an analysis into the Socio-Technical System (STS) surrounding the vulnerability handling in the OSS package. Based on our analysis we present a Vulnerability Evolution model describing the phenomena behind the vulnerabilities and the influence of the STS into these phenomena. We also present memory safety taxonomy describing the types of errors, sinks, and fixes behind the vulnerabilities. This taxonomy builds on a previous buffer overflow vulnerability taxonomy by Schuckert et al. [1]. Together the model and the taxonomy serve as tools to understand how vulnerabilities emerge and evolve and can be used to improve development process to produce secure code

    Studying vulnerability history in an open-source software package

    No full text
    I løpet av de siste årene har vi sett et økt fokus på utvikling av sikker programvare med rammeverk og verktøy som Microsoft Security Development Life Cycle og OWASP Software Maturity Model, men fortsatt ser vi kjente og godt dokumenterte sårbarheter som injections, cross site scripting og buffer overflows i lister over de mest vanlige sårbarhetene. Det å skrive sikker kildekode kan derfor være en utfordring og studier rundt sårbarheter i kildekode kan derfor være til hjelp for å forstå og forbedre programvare sikkerhet. Mange slike studier setter søkelys på det kvantitative aspektet rundt programvaresikkerhet, som for eksempel levetiden til sårbarheter, effekten av kodegjennomgang på sårbarheter, eller målinger som størrelsen på kodeendringer i sårbar kode. Slike studier kan gi innsikt i generelle trender rundt programvaresårbarheter eller innsikt inn i hvordan sårbarheter kan måles i kildekode. På den andre siden gir slike studier liten forståelse for hvordan sårbarheter oppstår og utvikler seg, og dette spørsmålet er teamet for dette prosjektet. For å svare på spørsmålet om hvordan sårbarheter oppstår og utvikler seg i kildekode vill gi gjøre en studie av sårbarhetshistorikken i det åpne kildekode prosjektet Libarchive. Med en undersøkende og kvalitativ tilnærming analyserer vi artefakter rundt sårbarhetene i kildekoden, som kodeoppdateringer, sårbarhetsrapporter og diskusjoner. Ut ifra denne analysen vill vi identifisere mønstre og fenomener rundt sårbarhetene. I tillegg vil vi også gjøre en analyse av det SosioTekniske systemet rundt sårbarhetshåndtering i prosjektet. Basert på disse analysene presenter vi en sårbarhetsmodell som beskrive fenomenene rund kodesårbarheter og hvordan det Sosio-Tekniske systemet spiller inn i disse fenomenene. Vi presenterer også en taksonomi for minnerelaterte sårbarheter, med type feil, steder for feil og rettelser av feil for denne typen sårbarheter. Denen taksonomien bygger på en tidliger buffer overflow taksonomi av Schuckert et al. [1]. Sammen gir modellen og taksonomien økt forståelse for hvordan sårbarheter oppstår og utvikler seg i kildekode og kan benyttes som verktøy for å forbedre utviklingsprosessen og sikkerheten i kildekode

    PKI and IoT Security: How to choose the most secure implementation?

    Full text link
    Denne oppgaven vil fokusere på kombinasjonen av teknologiene IoT og PKI og hvordan disse teknologiene kan brukes sammen for å lage sikre løsninger. Den enorme variasjonen av produkter og implementasjonsformer i spesielt IoT, kan føre til at det implementeres sårbarheter som kan føre til fatale konsekvenser hvis de blir utnyttet under et cyberangrep. Intensjonen med denne oppgaven er å presentere en oversikt og en evaluering av nåværende løsninger og dets sårbarheter. Oppgaven vil også inkludere praktiske implementasjoner av PKI med tilhørende sårbarhetsanalyser, samt en anbefaling av en eller flere PKI løsninger basert på egenskaper til IoT utstyret.This thesis will look into the combination of the technologies IoT and PKI and how these technologies can be combined to create secure solutions. The enormous variation of products and implementation forms in especially IoT, introduces a risk of implementing vulnerabilities with potential catastrophic outcomes in the event of cyberattacks. The thesis will present an overview and an evaluation of the current solutions and its vulnerabilities. This will also involve practical implementations of PKI technology with associated vulnerability assessments. There will also be a recommendation of PKI solution based on certain criterias for the IoT equipment
    corecore