STACK OVERWRITING ATTACKS AND DEFENCES IN UNIX ENVIRONMENT

Työn tarkoituksena on tutkia pinon ylikirjoitukseen perustuvien hyökkäysten toimintaa ja osoittaa kokeellisesti nykyisten suojaustekniikoiden olevan riittämättömiä. Tutkimus suoritetaan testaamalla miten valitut tietoturvatuotteet toimivat eri testitilanteissa. Testatut tuotteet ovat Openwall, PaX, Libsafe 2.0 ja Immunix 6.2. Testaus suoritetaan pääasiassa RedHat 7.0 ympäristössä testiohjelman avulla. Testeissä mitataan sekä tuotteiden kyky havaita hyökkäyksiä että niiden nopeusvaikutukset. Myös erityyppisten hyökkäysten ja niitä vastaan kehitettyjen metodien toimintaperiaatteet esitellään seikkaperäisesti ja havainnollistetaan yksinkertaistetuilla esimerkeillä. Esitellyt tekniikat sisältävät puskurin ylivuodot, laittomat muotoiluparametrit, loppumerkittömät merkkijonot ja taulukoiden ylivuodot. Testit osoittavat, etteivät valitut tuotteet estä kaikkia hyökkäyksiä, joten lopuksi perehdytään myös vahinkojen minimointiin onnistuneiden hyökkäysten varalta.

Detection of denial of service attacks

This thesis studies techniques used for detection of distributed denial of service attacks which during last decade became one of the most serious network security threats. To evaluate different detection algorithms and further improve them we need to test their performance under conditions as close to real-life situations as possible. Currently the only feasible solution for large-scale tests is the simulated environment. The thesis describes implementation of recursive non-parametric CUSUM algorithm for detection of distributed denial of service attacks in ns-2 network simulator – a standard de-facto for network simulation.

Is All Fair in Law and War? The Ambiguous Principle of Proportionality of Collateral Damage and the CIA Drone Attacks in Pakistan

Tutkielma käsittelee Yhdysvaltain CIAn miehittämättömiä lennokki-iskuja Pakistanissa kansainvälisen humanitaarisen oikeuden suhteellisuusperiaatteen näkökulmasta. Suhteellisuusperiaatteen mukaan aseellisista iskuista saatavan sotilaallisen hyödyn tulee olla suhteellinen verrattuna siviileille aiheutuvaan haittaan. CIAn iskuja Pakistanissa on kritisoitu, että ne eivät täytä suhteellisuusperiaatteen asettamia vaatimuksia. Tutkielmassa perehdytään ensinnäkin selvittämään ne velvollisuudet, jotka suhteellisuusperiaate asettaa hyökkääjille. Sen jälkeen CIAn lennokki-iskuja tutkitaan näiden velvollisuuksien valossa. Tutkielmassa pyritään selvittämään antaako suhteellisuusperiaatteen luomat oikeudelliset velvollisuudet riittävää suojaa Pakistanin siviileille lennokki-iskujen tuhoja vastaan. Lisäksi pyritään selvittämään, onko lennokki-iskuissa viitteitä suhteellisuusperiaatteen vastaisista iskuista. Tutkimusmenetelmänä käytetään positivistista lainopin metodia, jonka avulla selvitetään voimassa olevaa kansainvälisen humanitaarisen tapaoikeuden suhteellisuusperiaatteen sisältöä. Oikeudellisina lähteinä käytetään pääasiassa humanitaarista tapaoikeutta, mutta tulkinnallisena apuna myös kansainvälisiä sopimuksia sekä oikeuden päätöksiä. Lisäksi oikeudellinen kirjallisuus on tutkimuksessa tärkeässä asemassa. Tutkimuksessa päädytään siihen, että suhteellisuusperiaatteen asettamat velvollisuudet hyökkääjälle ovat niin epämääräiset, että ne eivät anna riittävää suojaa siviileille. Ensinnäkin hyökkääjä voi määrittää sotilaallisen hyödyn omien päämääriensä mukaisesti suhteellisuusanalyysissä. Lisäksi kynnys sille, mikä katsotaan suhteellisuusperiaatteen vastaisuudeksi on hyvin epämääräinen ja korkea. Tämän vuoksi varotoimenpiteet iskujen suunnittelussa ovat hyvin tärkeässä asemassa myös suhteellisuusanalyysissä. Kuitenkin jos hyökkääjä edes jossain määrin osoittaa, että on tehnyt iskut hyvässä uskossa niiden laillisuudesta, iskujen katsotaan yleensä olevan suhteellisuusperiaatteen mukaisia. CIAn lennokki-iskuissa Pakistanissa on viitteitä suhteellisuusperiaatteen vastaisuudesta erityisesti ”tunnusmerkki-iskujen” osalta. ”Tunnusmerkki-iskut” johtavat yleensä vain vähäiseen sotilaalliseen hyötyyn aiheuttaen silti siviiliuhreja. Lisäksi erityisesti tunnusmerkki-iskuissa edellytetään korkeampaa tarkkuutta varotoimenpiteissä. Kuitenkin useat siviiliuhrit voivat merkitä sitä, että näitä varotoimenpiteitä ei ole noudatettu iskuissa.

Molukkiradikalismi ja terrori-iskut Alankomaissa

English summary: Moluccan radicalism and terrorist action in the Netherlands

Sikariukset ensimmäisen vuosisadan Palestiinassa: terroristiliikkeen prototyyppi?

Abstract: The Sicarii in the First Century (C.E.) Palestine: a prototype of a terrorist movement?

Terroristiryhmän rikosoikeudellinen sääntely

English summary: Criminal legislation and terrorist groups (s. 334-335)

Embedding, Extraction and Detection of Digital Watermark in Spectral Images

Tässä diplomityössä tutkitaan tekniikoita, joillavesileima lisätään spektrikuvaan, ja menetelmiä, joilla vesileimat tunnistetaanja havaitaan spektrikuvista. PCA (Principal Component Analysis) -algoritmia käyttäen alkuperäisten kuvien spektriulottuvuutta vähennettiin. Vesileiman lisääminen spektrikuvaan suoritettiin muunnosavaruudessa. Ehdotetun mallin mukaisesti muunnosavaruuden komponentti korvattiin vesileiman ja toisen muunnosavaruuden komponentin lineaarikombinaatiolla. Lisäyksessä käytettävää parametrijoukkoa tutkittiin. Vesileimattujen kuvien laatu mitattiin ja analysoitiin. Suositukset vesileiman lisäykseen esitettiin. Useita menetelmiä käytettiin vesileimojen tunnistamiseen ja tunnistamisen tulokset analysoitiin. Vesileimojen kyky sietää erilaisia hyökkäyksiä tarkistettiin. Diplomityössä suoritettiin joukko havaitsemis-kokeita ottamalla huomioon vesileiman lisäyksessä käytetyt parametrit. ICA (Independent Component Analysis) -menetelmää pidetään yhtenä mahdollisena vaihtoehtona vesileiman havaitsemisessa.

Software Security Design and Testing

Elektroninen kaupankäynti ja pankkipalvelut ovat herättäneet toiminnan jatkuvuuden kannalta erittäin kriittisen kysymyksen siitä, kuinka näitä palveluja pystytään suojaamaan järjestäytynyttä rikollisuutta ja erilaisia hyväksikäyttöjä vastaan.

”Kyllähän nyt pitäs olla jo semmonen aika, että pääsis niin kö keskustelemhan näistä asioista.” Tutkimus lappilaisten sotavankien, partisaanien uhrien ja huutolaisten elämänkulusta, voimavaroista, terveydestä ja sairauksista

Research into the course of life, mental stamina and health status of wartime prisoners, victims of Soviet partisan attacks, and paupers in Finnish Lapland The basis of this research comprised the issues raised during the interviews conducted in my work as a general practitioner in Lapland, regarding factors that have possibly affected the life stories and health conditions of Lappish people who had lived through the war as war prisoners, victims of partisan attacks, or paupers. The purpose of the study was to describe how the different life phases and experiences emerged from the interviewees’ stories and to identify their mental stamina. Another goal was to make observations on their health status, in which the main emphasis became to address mental symptoms. The cohort consisted of elderly Finns who lived in Lapland during the war and experienced war imprisonment, pauperism, or became victims of partisan attacks. All three groups consisted of 12 interviewees. The interview transcripts were read several times and then investigated using the content analysis methods applicable to the material. The research methodology was based on building awareness and understanding. Thematic tagging and data coding were used as structured analysis tools. In all three groups most of the interviewees clearly identified their mental stamina, the most fundamental of which were home, family and work. The war prisoners’ injuries and nervous sensibility symptoms had been shown in earlier studies on war prisoners, and on this basis they had been granted disability pensions. However, many of them had suppressed their traumatic experiences and mental difficulties, and they could not talk about these issues until at the time of these interviews held at old age. Four of them still suffered from a post-traumatic stress disorder. The victims of Soviet partisans had had to carry their mental load alone for decades before the cruel ravages on civilians in remote areas of Lapland became publicly known. Most of them still had disturbing nervous sensibility symptoms. Four interviewees had a post-traumatic stress disorder, and in addition to these, the mental symptoms of one had developed into a post-traumatic stress disorder during old age. Many of the interviewees who had been left paupers remembered their childhood as filled with grief and feelings of inferiority, and had nightmares relating to their wartime experiences. Yet none of them suffered from post-traumatic stress disorder. The results showed that the exceptional suffering caused by the war, the wartime imprisonment and the devastating attacks by Soviet partisans had led especially to mental difficulties. These were left almost completely unnoticed in the post-war conditions, and the war victims were unable to seek help on their own. Based on the results, our health care for the elderly should focus on familiarization with the individual experiences and life stories of each elderly person. This can facilitate geriatric diagnostics and individual therapy planning. Empathic familiarization with the life experiences of the elderly may strengthen their mental stamina and improve the quality of successful aging.

Knapsack sets for cryptography

The basic goal of this study is to extend old and propose new ways to generate knapsack sets suitable for use in public key cryptography. The knapsack problem and its cryptographic use are reviewed in the introductory chapter. Terminology is based on common cryptographic vocabulary. For example, solving the knapsack problem (which is here a subset sum problem) is termed decipherment. Chapter 1 also reviews the most famous knapsack cryptosystem, the Merkle Hellman system. It is based on a superincreasing knapsack and uses modular multiplication as a trapdoor transformation. The insecurity caused by these two properties exemplifies the two general categories of attacks against knapsack systems. These categories provide the motivation for Chapters 2 and 4. Chapter 2 discusses the density of a knapsack and the dangers of having a low density. Chapter 3 interrupts for a while the more abstract treatment by showing examples of small injective knapsacks and extrapolating conjectures on some characteristics of knapsacks of larger size, especially their density and number. The most common trapdoor technique, modular multiplication, is likely to cause insecurity, but as argued in Chapter 4, it is difficult to find any other simple trapdoor techniques. This discussion also provides a basis for the introduction of various categories of non injectivity in Chapter 5. Besides general ideas of non injectivity of knapsack systems, Chapter 5 introduces and evaluates several ways to construct such systems, most notably the "exceptional blocks" in superincreasing knapsacks and the usage of "too small" a modulus in the modular multiplication as a trapdoor technique. The author believes that non injectivity is the most promising direction for development of knapsack cryptosystema. Chapter 6 modifies two well known knapsack schemes, the Merkle Hellman multiplicative trapdoor knapsack and the Graham Shamir knapsack. The main interest is in aspects other than non injectivity, although that is also exploited. In the end of the chapter, constructions proposed by Desmedt et. al. are presented to serve as a comparison for the developments of the subsequent three chapters. Chapter 7 provides a general framework for the iterative construction of injective knapsacks from smaller knapsacks, together with a simple example, the "three elements" system. In Chapters 8 and 9 the general framework is put into practice in two different ways. Modularly injective small knapsacks are used in Chapter 9 to construct a large knapsack, which is called the congruential knapsack. The addends of a subset sum can be found by decrementing the sum iteratively by using each of the small knapsacks and their moduli in turn. The construction is also generalized to the non injective case, which can lead to especially good results in the density, without complicating the deciphering process too much. Chapter 9 presents three related ways to realize the general framework of Chapter 7. The main idea is to join iteratively small knapsacks, each element of which would satisfy the superincreasing condition. As a whole, none of these systems need become superincreasing, though the development of density is not better than that. The new knapsack systems are injective but they can be deciphered with the same searching method as the non injective knapsacks with the "exceptional blocks" in Chapter 5. The final Chapter 10 first reviews the Chor Rivest knapsack system, which has withstood all cryptanalytic attacks. A couple of modifications to the use of this system are presented in order to further increase the security or make the construction easier. The latter goal is attempted by reducing the size of the Chor Rivest knapsack embedded in the modified system. '

Uusien uhkakuvien luominen: tapaus 'kiinalaiset kybersoturit' : lingvistinen uhka-analyysi kyberdiskurssista

Since his inauguration, President Barack Obama has emphasized the need for a new cybersecurity policy, pledging to make it a "national security priority". This is a significant change in security discourse after an eight-year war on terror – a term Obama announced to be no longer in use. After several white papers, reports and the release of the so-called 60-day Cybersecurity Review, Obama announced the creation of a "cyber czar" position and a new military cyber command to coordinate American cyber defence and warfare. China, as an alleged cyber rival, has played an important role in the discourse that introduced the need for the new office and the proposals for changes in legislation. Research conducted before this study suggest the dominance of state-centric enemy descriptions paused briefly after 9/11, but returned soon into threat discourse. The focus on China's cyber activities fits this trend. The aim of this study is to analyze the type of modern threat scenarios through a linguistic case study on the reporting on Chinese hackers. The methodology of this threat analysis is based on the systemic functional language theory, and realizes as an analysis of action and being descriptions (verbs) used by the American authorities. The main sources of data include the Cybersecurity Act 2009, Securing Cyberspace for the 44th Presidency, and 2008 Report to Congress of the U.S. - China Economic and Security Review Commission. Contrary to the prevailing and popularized terrorism discourse, the results show the comeback of Cold War rhetoric as well as the establishment of a state-centric threat perception in cyber discourse. Cyber adversaries are referred to with descriptions of capacity, technological superiority and untrustworthiness, whereas the ‘self’ is described as vulnerable and weak. The threat of cyber attacks is compared to physical attacks on critical military and civilian infrastructure. The authorities and the media form a cycle, in which both sides quote each other and foster each other’s distrust and rhetoric. The white papers present China's cyber army as an existential threat. This leads to cyber discourse turning into a school-book example of a securitization process. The need for security demands action descriptions, which makes new rules and regulations acceptable. Cyber discourse has motives and agendas that are separate from real security discourse: the arms race of the 21st century is about unmanned war.

Venäjän informaatio-psykologinen sodankäyntitapa terrorismin torjunnassa ja viiden päivän sodassa

This study examines Russia’s Pattern of Information-Psychologic Warfare in Counter-terrorism and in the Five Day War. The first case of this comparative case study research examines an internal national security crisis, namely two of the most notorious terrorist strikes that took place firstly in The Moscow Dubrovka Theater in October 2002 and two years later in Beslan School 2004 in September. In the second case an external national security crisis, the Five Day War conducted in August 2008 between the Russian Federation and the state of Georgia will be analyzed. At the centre of this research report lays an idea: a war of information by using information as the target and as a weapon. Based on a comparative case study setting this study tries to understand how Russian pattern of information warfare manifests itself in the light of these two internal / external national security crises. Three hypotheses that guide this research report are: Russian pattern of information warfare has a long tradition which can be traced back to the Cold War era; it is possible to discern specifically Russian, partially divergent information warfare pattern; and finally by exploring the two recent internal / external national security crises, it becomes possible to sketch specifically Russian systematics. In this research report the main focus of interest is on the information-psychological dimension of the overall information warfare concept as part of the military science tradition. After such theoretical review the two empirical cases will be contextualized and chronologically introduced. Analysis will be sharpened on the parties’ actions especially from the information-psychological perspective. This will be done with the help of the developed Russia’s six action fields-model which has been divided into two main dimensions: political and military with three levels: strategic informa-tion-psychological level, and two tactical levels, namely information-technical and information-PSYOP. This creates six possible actions fields. As the empirical analysis will reveal, many of these six action fields have been used by Russia in its internal / external national security crises, which proves the study’s hypotheses: Russia has its own pattern of information psychologic warfare that is based on its historical tradition and as such it creates a base for Russian systematics.

The Global War on Terrorism in the Horn of Africa

Ever since Siad Barre’s regime was toppled in the beginning of the 1990’s Somalia has been without an effective central government. As a result Somalia has remained in an anarchic condition of state collapse for nearly two decades. This anarchy has often been put forward as a potential breeding ground for terrorism. As a response to this threat the United States has undertaken several policies, initiatives, and operations in the Horn of Africa generally and in Somalia specifically. In this descriptive study a twofold analysis has been undertaken. First, conditions in present day Somalia as well as Somali history have been analyzed to evaluate the potential Somalia holds as a terrorist base of operations or a recruiting- or staging area. Second, US strategies and actions have been analyzed to evaluate the adequacy of the US response to the threat Somalia poses in terms of terrorism. Material for the analyses have been derived from anthropological, political, and security studies dealing with Somalia. This material has been augmented by a wide range of news coverage, western and non-western. Certain different US policy documents from different levels have been chosen to represent US strategies for the Global War on Terrorism. Because Somali social institutions, such as the clan system, hold great weight in Somali society, Somalia is a difficult area of operations for terrorist networks. In addition the changing nature of Somali alliances and the tangled webs of conflict that characterize present day Somalia aggravate the difficulties that foreign terrorist networks would encounter in Somalia, would they choose to try to utilize it in any great extent. The US has taken potential terrorism threats in Africa and specifically Somalia very seriously. US actions in Somalia have mainly focused on apprehending or neutralizing terror suspects. Such policies, coupled with backing the Ethiopian invasion of Somalia may have actually turned out increasing Somalia’s terror potential.

Terroristiorganisaation strateginen johtaminen

Kirjallisuusarvostelu

BotCloud Detection System

Leveraging cloud services, companies and organizations can significantly improve their efficiency, as well as building novel business opportunities. Cloud computing offers various advantages to companies while having some risks for them too. Advantages offered by service providers are mostly about efficiency and reliability while risks of cloud computing are mostly about security problems. Problems with security of the cloud still demand significant attention in order to tackle the potential problems. Security problems in the cloud as security problems in any area of computing, can not be fully tackled. However creating novel and new solutions can be used by service providers to mitigate the potential threats to a large extent. Looking at the security problem from a very high perspective, there are two focus directions. Security problems that threaten service user’s security and privacy are at one side. On the other hand, security problems that threaten service provider’s security and privacy are on the other side. Both kinds of threats should mostly be detected and mitigated by service providers. Looking a bit closer to the problem, mitigating security problems that target providers can protect both service provider and the user. However, the focus of research community mostly is to provide solutions to protect cloud users. A significant research effort has been put in protecting cloud tenants against external attacks. However, attacks that are originated from elastic, on-demand and legitimate cloud resources should still be considered seriously. The cloud-based botnet or botcloud is one of the prevalent cases of cloud resource misuses. Unfortunately, some of the cloud’s essential characteristics enable criminals to form reliable and low cost botclouds in a short time. In this paper, we present a system that helps to detect distributed infected Virtual Machines (VMs) acting as elements of botclouds. Based on a set of botnet related system level symptoms, our system groups VMs. Grouping VMs helps to separate infected VMs from others and narrows down the target group under inspection. Our system takes advantages of Virtual Machine Introspection (VMI) and data mining techniques.