55 resultados para VULNERABILITIES
Resumo:
Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.
Resumo:
Monitoring Internet traffic is critical in order to acquire a good understanding of threats to computer and network security and in designing efficient computer security systems. Researchers and network administrators have applied several approaches to monitoring traffic for malicious content. These techniques include monitoring network components, aggregating IDS alerts, and monitoring unused IP address spaces. Another method for monitoring and analyzing malicious traffic, which has been widely tried and accepted, is the use of honeypots. Honeypots are very valuable security resources for gathering artefacts associated with a variety of Internet attack activities. As honeypots run no production services, any contact with them is considered potentially malicious or suspicious by definition. This unique characteristic of the honeypot reduces the amount of collected traffic and makes it a more valuable source of information than other existing techniques. Currently, there is insufficient research in the honeypot data analysis field. To date, most of the work on honeypots has been devoted to the design of new honeypots or optimizing the current ones. Approaches for analyzing data collected from honeypots, especially low-interaction honeypots, are presently immature, while analysis techniques are manual and focus mainly on identifying existing attacks. This research addresses the need for developing more advanced techniques for analyzing Internet traffic data collected from low-interaction honeypots. We believe that characterizing honeypot traffic will improve the security of networks and, if the honeypot data is handled in time, give early signs of new vulnerabilities or breakouts of new automated malicious codes, such as worms. The outcomes of this research include: • Identification of repeated use of attack tools and attack processes through grouping activities that exhibit similar packet inter-arrival time distributions using the cliquing algorithm; • Application of principal component analysis to detect the structure of attackers’ activities present in low-interaction honeypots and to visualize attackers’ behaviors; • Detection of new attacks in low-interaction honeypot traffic through the use of the principal component’s residual space and the square prediction error statistic; • Real-time detection of new attacks using recursive principal component analysis; • A proof of concept implementation for honeypot traffic analysis and real time monitoring.
Resumo:
The global financial crisis, global pandemics, global warming and peak oil are indicative of a world facing major environmental, social and economic problems. At the same time, world population continues to rise and global inequalities deepen. Children are the most vulnerable to the impacts of unsustainable living with specific harms arising because of their physical and cognitive vulnerabilities. Nevertheless, children do not have to be victims in the face of these challenges. Education, including early childhood education, has an important role to in building resilience and capabilities in children that equip them as active and informed citizens now and in the future and who are capable of contributing to healthy and sustainable ways of living. Drawing on educational change literature, action research, education for sustainability, health promotion and systems theory, this paper outlines three strategies that can help reorient early childhood education towards sustainability. One strategy is the adoption of whole centre approaches to sustainability and education for sustainability. This means working across the whole of a centre’s operations – curriculum and pedagogy, physical and social environments, its partnerships and community connections. The second strategy – applied in conjunction with the first – is the use of action research to investigate the early childhood setting and to create the desired changes. The third strategy is the adoption of systems thinking as a way of leveraging support and momentum for change so that education for sustainability goes beyond the initiatives of individual teachers and centres, and becomes a systems-wide imperative.
Resumo:
As the acceptance and popularity of wireless networking technologies has proliferated, the security of the IEEE 802.11 wireless local area network (WLAN) has advanced in leaps and bounds. From tenuous beginnings, where the only safe way to deploy a WLAN was to assume it was hostile and employ higherlayer information security controls, to the current state of the art, all manner of improvements have been conceived and many implemented. This work investigates some of the remaining issues surrounding IEEE 802.11 WLAN operation. While the inherent issues in WLAN deployments and the problems of the original Wired Equivalent Privacy (WEP) provisions are well known and widely documented, there still exist a number of unresolved security issues. These include the security of management and control frames and the data link layer protocols themselves. This research introduces a novel proposal to enhance security at the link layer of IEEE 802.11 WLANs and then conducts detailed theoretical and empirical investigation and analysis of the eects of such proposals. This thesis �rst de�nes the state of the art in WLAN technology and deployment, including an overview of the current and emerging standards, the various threats, numerous vulnerabilities and current exploits. The IEEE 802.11i MAC security enhancements are discussed in detail, along with the likely outcomes of the IEEE 802.11 Task Group W1, looking into protected management frames. The problems of the remaining unprotected management frames, the unprotected control frames and the unprotected link layer headers are reviewed and a solution is hypothesised, to encrypt the entire MAC Protocol Data Unit (MPDU), including the MAC headers, not just the MAC Service Data Unit (MSDU) commonly performed by existing protocols. The proposal is not just to encrypt a copy of the headers while still using cleartext addresses to deliver the frame, as used by some existing protocols to support the integrity and authenticity of the headers, but to pass the entire MPDU only as ciphertext to also support the con�dentiality of the frame header information. This necessitates the decryption of every received frame using every available key before a station can determine if it is the intended recipient. As such, this raises serious concerns as to the viability of any such proposal due to the likely impact on throughput and scalability. The bulk of the research investigates the impacts of such proposals on the current WLAN protocols. Some possible variations to the proposal are also provided to enhance both utility and speed. The viability this proposal with respect to the eect on network throughput is then tested using a well known and respected network simulation tool, along with a number of analysis tools developed speci�cally for the data generated here. The simulator's operation is �rst validated against recognised test outputs, before a comprehensive set of control data is established, and then the proposal is tested and and compared against the controls. This detailed analysis of the various simulations should be of bene�t to other researchers who need to validate simulation results. The analysis of these tests indicate areas of immediate improvement and so the protocols are adjusted and a further series of experiments conducted. These �nal results are again analysed in detail and �nal appraisals provided.
Resumo:
Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.
Resumo:
Distributed Denial-of-Service (DDoS) attacks continue to be one of the most pernicious threats to the delivery of services over the Internet. Not only are DDoS attacks present in many guises, they are also continuously evolving as new vulnerabilities are exploited. Hence accurate detection of these attacks still remains a challenging problem and a necessity for ensuring high-end network security. An intrinsic challenge in addressing this problem is to effectively distinguish these Denial-of-Service attacks from similar looking Flash Events (FEs) created by legitimate clients. A considerable overlap between the general characteristics of FEs and DDoS attacks makes it difficult to precisely separate these two classes of Internet activity. In this paper we propose parameters which can be used to explicitly distinguish FEs from DDoS attacks and analyse two real-world publicly available datasets to validate our proposal. Our analysis shows that even though FEs appear very similar to DDoS attacks, there are several subtle dissimilarities which can be exploited to separate these two classes of events.
Resumo:
With the increase in international mobility, healthcare systems should no longer be ignoring language barriers. In addition to the benefit of reducing long‐term costs, immigrant‐friendly organizations should be concerned with mitigating the way language barriers increase individuals’ social vulnerabilities and inequities in health care and health status. This paper reports the findings of a qualitative, exploratory study of the health literacy of 28 Francophone families living in a linguistic‐minority situation in Canada. Analysis of interviews revealed that participants’ social vulnerability, mainly due to their limited social and informational networks, influenced the construction of family health literacy. Disparities in access to healthcare services could be decreased by having health professionals’ work in alliance with Francophone community groups and by hiring bilingual health professionals. Linguistic isolation and lack of knowledge about local cultural organizations among Francophone immigrants were two important findings of this study
Resumo:
Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.
Resumo:
Medical industries have brought Information Technology (IT) in their systems for both patients and medical staffs due to the numerous benefits of IT we experience at presently. Moreover, the Mobile healthcare (M-health) system has been developed as the first step of Ubiquitous Health Environment (UHE). With the mobility and multi-functions, M-health system will be able to provide more efficient and various services for both doctors and patients. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well implemented. In this paper, user authentication and authorization procedures will applied as a featured component at each level of M-health systems inthe hospital environment. Accordingly, M-health system in the hospital will meet the optimal requirements as a countermeasure to its vulnerabilities.
Resumo:
U-Healthcare means that it provides healthcare services "at anytime and anywhere" using wired, wireless and ubiquitous sensor network technologies. As a main field of U-healthcare, Telehealth has been developed as an enhancement of Telemedicine. This system includes two-way interactive web-video communications, sensor technology, and health informatics. With these components, it will assist patients to receive their first initial diagnosis. Futhermore, Telehealth will help doctors diagnose patient's diseases at early stages and recommend treatments to patients. However, this system has a few limitations such as privacy issues, interruption of real-time service and a wrong ordering from remote diagnosis. To deal with those flaws, security procedures such as authorised access should be applied to as an indispensible component in medical environment. As a consequence, Telehealth system with these protection procedures in clinical services will cope with anticipated vulnerabilities of U-Healthcare services and security issues involved.
Resumo:
Motorcycles are particularly vulnerable in right-angle crashes at signalized intersections. The objective of this study is to explore how variations in roadway characteristics, environmental factors, traffic factors, maneuver types, human factors as well as driver demographics influence the right-angle crash vulnerability of motorcycles at intersections. The problem is modeled using a mixed logit model with a binary choice category formulation to differentiate how an at-fault vehicle collides with a not-at-fault motorcycle in comparison to other collision types. The mixed logit formulation allows randomness in the parameters and hence takes into account the underlying heterogeneities potentially inherent in driver behavior, and other unobserved variables. A likelihood ratio test reveals that the mixed logit model is indeed better than the standard logit model. Night time riding shows a positive association with the vulnerability of motorcyclists. Moreover, motorcyclists are particularly vulnerable on single lane roads, on the curb and median lanes of multi-lane roads, and on one-way and two-way road type relative to divided-highway. Drivers who deliberately run red light as well as those who are careless towards motorcyclists especially when making turns at intersections increase the vulnerability of motorcyclists. Drivers appear more restrained when there is a passenger onboard and this has decreased the crash potential with motorcyclists. The presence of red light cameras also significantly decreases right-angle crash vulnerabilities of motorcyclists. The findings of this study would be helpful in developing more targeted countermeasures for traffic enforcement, driver/rider training and/or education, safety awareness programs to reduce the vulnerability of motorcyclists.
Resumo:
Background: Mass migration to Asian cities is a defining phenomenon of the present age, as hundreds of millions of people move from rural areas or between cities in search of economic prosperity. Although many do prosper, large numbers of people experience significant social disadvantage. This is especially the case among poorly educated, migrant unskilled unregistered male laborers who do much of the manual work throughout the cities. These men are at significant risk for many health problems, including HIV infection. However, to date there has been little research in developing countries to explain the determinants of this risk, and thereby to suggest feasible preventive strategies. Objectives and Methodology: Using combined qualitative and quantitative methods, the aim of this study was to explore the social contexts that affect health vulnerabilities and to develop conceptual models to predict risk behaviors for HIV [illicit drug use, unsafe sex, and non-testing for HIV] among male street laborers in Hanoi, Vietnam. Qualitative Research: Sixteen qualitative interviews revealed a complex variety of life experiences, beliefs and knowledge deficits that render these mostly poor and minimally educated men vulnerable to health problems including HIV infection. This study formed a conceptual model of numerous stressors related to migrants’ life experiences in urban space, including physical, financial and social factors. A wide range of coping strategies were adopted to deal with stressors – including problem-focused coping (PFC) and emotion-focused coping (EFC), pro-social and anti-social, active and passive. These men reported difficulty in coping with stressors because they had weak social networks and lacked support from formal systems. A second conceptual model emerged that highlighted equivalent influences of individual psychological factors, social integration, social barriers, and accessibility regarding drug use and sexual risk behavior. Psychological dimensions such as tedium, distress, fatalism and revenge, were important. There were strong effects of collective decision-making and fear of social isolation on shaping risk behaviors. These exploratory qualitative interviews helped to develop a culturally appropriate instrument for the quantitative survey and informed theoretical models of the factors that affect risk behaviors for HIV infection. Quantitative Research: The Information-Motivation-Behavioral Skills (IMB) model was adopted as the theoretical framework for a large-scale survey. It was modified to suit the contexts of these Vietnamese men. By doing a social mapping technique, 450 male street laborers were interviewed in Hanoi, Vietnam. The survey revealed that the risk of acquiring and transmitting HIV was high among these men. One in every 12 men reported homosexual or bisexual behavior. These men on average had 3 partners within the preceding year, and condom use was inconsistent. One third had had sex with commercial sex workers (CSW) and only 30% of them reported condom use; 17% used illicit drugs sometimes, with 66.7% of them frequently sharing injecting equipment with peers. Despite the risks, only 19.8% of men had been tested for HIV during the previous 12 months. These men have limited HIV knowledge and only moderate motivation and perceived behavioral skills for protective behavior. Although rural-to-urban migration was not associated with sexual risk behavior, three elements of the IMB model and depression associated with the process of mobility were significant determinants of sexual behavior. A modified model that incorporated IMB elements and psychosocial stress was found to be a better fit than the original IMB model alone in predicting protected sex behavior among the men. Men who were less psychologically and socially stressed, better informed and motivated for HIV prevention were more likely to demonstrate behavioral skills, and in turn were more likely to engage in safer sexual behavior. With regard to drug use, although the conventional model accounted for slightly less variance than the modified IMB model, data were of better fit for the conventional model. Multivariate analyses revealed that men who originated from urban areas, those who were homo- or bi-sexually identified and had better knowledge and skills for HIV prevention were more likely to access HIV testing, while men who had more sexual partners and those who did not use a condom for sex with CSW were least likely to take a test. The modified IMB model provided a better fit than the conventional model, as it explained a greater variance in HIV testing. Conclusions and Implications: This research helps to highlight a potential hidden HIV epidemic among street male, unskilled, unregistered laborers. This group has multiple vulnerabilities to HIV infection through both their partners and peers. However, most do not know their HIV status and have limited knowledge about preventing infection. This is the first application of a modified IMB model of risk behaviors for HIV such as drug use, condom use, and uptake of HIV testing to research with male street laborers in urban settings. The study demonstrated that while the extended IMB model had better fit than the conventional version in explaining the behaviors of safe sex and HIV testing, it was not so for drug use. The results provide interesting directions for future research and suggest ways to effectively design intervention strategies. The findings should shed light on culturally appropriate HIV preventive education and support programs for these men. As Vietnam has much in common with other developing countries in Southeast Asia, this research provides evidence for policy and practice that may be useful for public health systems in similar countries.
Resumo:
Due to increased complexity, scale, and functionality of information and telecommunication (IT) infrastructures, every day new exploits and vulnerabilities are discovered. These vulnerabilities are most of the time used by ma¬licious people to penetrate these IT infrastructures for mainly disrupting business or stealing intellectual pro¬perties. Current incidents prove that it is not sufficient anymore to perform manual security tests of the IT infra¬structure based on sporadic security audits. Instead net¬works should be continuously tested against possible attacks. In this paper we present current results and challenges towards realizing automated and scalable solutions to identify possible attack scenarios in an IT in¬frastructure. Namely, we define an extensible frame¬work which uses public vulnerability databases to identify pro¬bable multi-step attacks in an IT infrastructure, and pro¬vide recommendations in the form of patching strategies, topology changes, and configuration updates.
Resumo:
Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.
